I am considering to write such a write up in the future, not promising though.

But basically, after deobfuscating the control flow and translating the algorithm to python, I began substituting complex operations with simpler but mathematically equivalent operations, eliminating redundant tables and numbers along the way.
In the end I had an algorithm that was similar enough to the usual square-and-multiply RSA implementation, from which I could conclude the secret exponent.

@tomer8007 can't do a write up because he didn't reverse this, I did.

The original Python implementation of the whiteboxed RSA attached.
ChromeKey.zip
Rename zip to py

All he has done is steal my work and dumb it down further to the original exponent, which is a pointless exercise anyway.
He got technical details wrong the binary is not "very heavily obfuscated" and Arxan is only used for the anti-debugging portion.

This whitebox is produced in-house by Google, and variants of it have been used on other Widevine libraries.

Of course they know anything like this will be reversed, it's not meant to be secure that is why Chrome can only do 720p or SD at places.

All making this public has done is:
A) Force Widevine to revoke the current key
B) Make Widevine change the whitebox implementation
C) Probably? Make Widevine rotate the private key more regularly
D) Enable more people to make a dollar selling this
E) Hurt real users
F) Force more streaming services to downgrade Chrome to SD or 720p only
G) Hurt real users???

"Here's a thing, it wont work long term, I can't explain how I did it and it's just here to prove something everybody already knew." - tomer8007
Great work friend!

Did this for fun... Had known what my work would become. Would have ever done it.

Well, it is at least true that I wasn't sure that Arxan really made the whitebox RSA algorithm.

@therealchrome join our discord server

@therealchrome is it possible to speak with you regarding this work? Вы русский??

@tomer8007 𝗴𝗲𝘁 𝗲𝘅𝗽𝗼𝘀𝗲𝗱 𝗽𝗶𝗲𝗰𝗲 𝗼𝗳 𝘀𝗵𝗶𝘁

He's far from a piece of shit. Bright dude. We have no idea who actually designed this code. Neither do you.

𝒚𝒆𝒔 , 𝒔𝒖𝒏𝒏𝒙𝒕-𝒅𝒍 𝒑𝒍𝒛𝒛 𝒄𝒓𝒆𝒂𝒕𝒆 𝒕𝒐𝒐𝒍 𝒇𝒐𝒓 𝒎𝒆 𝒅𝒐𝒘𝒍𝒐𝒂𝒅 𝒉𝒆𝒓𝒆 𝒊𝒏 𝒊𝒏𝒅𝒊𝒂 𝒃𝒂𝒏𝒈𝒂𝒍𝒊

@tomer8007 can't do a write up because he didn't reverse this, I did.

The original Python implementation of the whiteboxed RSA attached.
ChromeKey.zip
Rename zip to py

All he has done is steal my work and dumb it down further to the original exponent, which is a pointless exercise anyway.
He got technical details wrong the binary is not "very heavily obfuscated" and Arxan is only used for the anti-debugging portion.

This whitebox is produced in-house by Google, and variants of it have been used on other Widevine libraries.

Of course they know anything like this will be reversed, it's not meant to be secure that is why Chrome can only do 720p or SD at places.

All making this public has done is:
A) Force Widevine to revoke the current key
B) Make Widevine change the whitebox implementation
C) Probably? Make Widevine rotate the private key more regularly
D) Enable more people to make a dollar selling this
E) Hurt real users
F) Force more streaming services to downgrade Chrome to SD or 720p only
G) Hurt real users???

"Here's a thing, it wont work long term, I can't explain how I did it and it's just here to prove something everybody already knew." - tomer8007
Great work friend!

Did this for fun... Had known what my work would become. Would have ever done it.

I completely agree, this kind of thing should not be made public.