This is, unfortunately, explicitly made illegal by the DCMA Anti-Circumvention Provisions.

DMCA has interoperatibility exceptions.

IBM PC BIOS case as a previous basis.

and boy did IBM try to bring in the heavy lawyer guns on that case, didn't they.

Or literally use the header files for the widevine blobs freely available in the chromium sources to directly use the API exported by the .so...

... and then get sued for illegally calling a few exported methods on a shared library you freely downloaded from the internet (but without first obtaining a license from Google!).

And by the way, I wasn't kidding about the freely downloadable from the internet part, when you open Netflix in Firefox, the browser downloads and loads a shared library from a Google domain: https://dl.google.com/widevine-cdm/${WIDEVINE_VERSION}-linux...

As per https://gist.github.com/ruario/3c873d43eb20553d5014bd4d29fe3..., which is still used by certain browsers and unofficial clients like the inputstream kodi extension to play netflix videos. If you're on arm, an entire chrome OS image is downloaded instead, extracting the compiled widevine shared library.

Aside from being illegal, defeating the various layers of obfuscation and extracting the private keys requires a very particular set of skills, beyond the reach of most programmers. And then they'll just rotate the key and add more obfuscation, once they're done suing you out of existence.

Can you help convince me of this?

Also I'd encourage you to contact the owners of the repositories listed in Google's DMCA notice against the Widevine cryptographic key and help them file a counter-notice. https://github.com/github/dmca/blob/master/2020/11/2020-11-0...

And then get a DMCA request which takes down your Github repo.