This might be a bit hacky, but given the URL in the .m3u8 file, it will download and decrypt the files that make up the stream:
#!/usr/bin/env bash curl "$1" -s | awk 'BEGIN {c=0} $0 ~ "EXT-X-KEY" {urlpos=index($0,"URI=")+5; ivpos=index($0,"IV="); keyurl=substr($0, urlpos, ivpos-urlpos-2); iv=substr($0, ivpos+5); print "key=`curl -s '\''"keyurl"'\'' | hexdump -C | head -1 | sed \"s/00000000//;s/|.*//;s/ //g\"`"; print "iv="iv} $0 !~ "-KEY" && $0 ~ "http" {printf("curl -s '\''"$0"'\'' | openssl aes-128-cbc -K $key -iv $iv -d >seg%05i.ts\n", c++)}' | bash
This script creates a second script that extracts the keys and initialization vectors and uses them to decrypt at boot. This requires curls, awk, hexdump, sed and openssl. It will probably suffocate in an unencrypted stream or in a stream that uses something other than AES-128 (is any other encryption supported?).
You will get a bunch of files: seg00000.ts, seg00001.ts, etc. Use tsMuxeR ( https://www.videohelp.com/software/tsMuxeR ) to merge them into one file (simple concatenation did not work for me ... this is what I tried first):
(echo "MUXOPT --no-pcr-on-video-pid --new-audio-pes --vbr --vbv-len=500"; (echo -n "V_MPEG4/ISO/AVC, "; for i in seg*.ts; do echo -n "\"$i\"+"; done; echo ", fps=30, insertSEI, contSPS, track=258") | sed "s/+,/,/"; (echo -n "A_AAC, "; for i in seg*.ts; do echo -n "\"$i\"+"; done; echo ", track=257") | sed "s/+,/,/") >video.meta tsMuxeR video.meta video.ts
(Track identifiers and frame rate may need to be set up ... get the values ββto be used by transferring one of the downloaded files to tsMuxeR.)
Then use ffmpeg to remux for something more widely understood:
ffmpeg -i video.ts -vcodec copy -acodec copy video.m4v