Already know this can be done, but I am curious what the methodology that the contributors of [this GitHub project](https://github.com/ytdl-org/youtube-dl) used to reverse engineer Youtube’s encryption algorithm for the “sig” HTTP GET parameters value, used to request videos from the [googlevideo.com](https://googlevideo.com) domain. The base.js file responsible for decrypting the “signatureCipher” found on many video watch pages is highly obfuscated.
I feel the Chrome dev-tools debugger is key to stepping through, but there are so many lines of codes, with changing variable names/values, which makes it harder to make use of watch expressions. I setup a breakpoint to be hit when an xhr request is sent to the [googlevideo.com](https://googlevideo.com) domain. At this point the decryption had occurred, and I tried to backtrack through the call stack, that has a limited history of like 10 previous function calls, and didn’t seem like those contained what I was looking for.