Widevine has been broken at least a few times, including by recovering the private key from its white-box implementation: https://github.com/tomer8007/widevine-l3-decryptor/wiki/Reve.... Note that the write-up says it was the "old" version, but that's relative to the date of the write-up. Google overhauled Widevine after he broke it.
I'm less familiar with shielding data like this, but historically things like VMProtect and Themida were the standard for shielding programs. These offer a degree of resistance to automation, but a determined human will eventually figure them out, and then automation usually follows anyway. Syntia did this for VMProtect and Themida: https://www.usenix.org/system/files/conference/usenixsecurit....
Edit: A quick search points to Widevine continuing to have issues. Two more recent write-ups:
I'm less familiar with shielding data like this, but historically things like VMProtect and Themida were the standard for shielding programs. These offer a degree of resistance to automation, but a determined human will eventually figure them out, and then automation usually follows anyway. Syntia did this for VMProtect and Themida: https://www.usenix.org/system/files/conference/usenixsecurit....
Edit: A quick search points to Widevine continuing to have issues. Two more recent write-ups:
1. https://i.blackhat.com/asia-21/Thursday-Handouts/as-21-Zhao-...
2. https://arxiv.org/pdf/2204.09298.pdf