While cracking the hardware is an interesting technical challenge, it is certainly not the only method. Security is only as good as the weakest link -- the human factor. Thus, piracy groups are able to use social engineering to crack Widevine without relying on advanced laboratories. See [1].

[1] https://news.ycombinator.com/item?id=29702110