VideoHelp Forum
Closed Thread
Page 1 of 2
1 2 LastLast
Results 1 to 30 of 46
Thread
  1. I have forked the wvdumper/dumper script and updated it to support L3 extraction on Android 9, 10, 11 and 12 and have successfully extracted the key from these android versions, but have so far only tested CDM versions 14, 15, 16 and 16.1.

    https://github.com/Diazole/dumper

    p.s. once the functions have been hooked, you just need to load the Bitmovin player and click load to dump the keys - https://bitmovin.com/demos/drm

    Update:

    Thank you to dark125 for the suggestion of looping through the function names (even though you sent me a different file to the one you were dumping). The script no longer requires you to provide the function name yourself and instead hooks to every a-z function essentially brute-forcing.

    I have also successfully dumped Android 9 CDM 14.
    Last edited by Diazole; 7th Oct 2022 at 08:28.

  2. Member k2000's Avatar
    Join Date
    Jan 2022
    Location
    Canada
    Search PM
    thank you it can be useful

  3. Member
    Join Date
    Dec 2020
    Location
    Croatia
    Search PM
    this is great, so now android 7-12 is covered by dumpers, good job

  4. Member
    Join Date
    Feb 2022
    Location
    Search the forum first!
    Search PM
    Great stuff. Well done!

  5. Tested and working on Android 10 Thanks again for your contribution

  6. Android 11 with oemcrypto 16 works fine. Thanks.

  7. What is That ?

  8. Thank you <3
    Worked for me

  9. Does anyone know how to dump or extract Chrome CDM?

  10. Hi Thanks for your job!!"
    Last edited by marktwain; 31st Oct 2022 at 06:25.

  11. Thank you. I will try it for Android 9 CDM 14.0 as soon as possible.

    For a Nokia phone with a half-dead battery.

  12. What might it mean if this updated script only displays rsakey in console, and does nothing after that?

    only the output following 'Retrieved key' is displayed (rsakey) in console;
    self.logger.debug(
    'Retrieved key: \n\n%s\n',

    android 12, oemcdm 16
    Last edited by DrNumands; 20th Dec 2022 at 15:02.

  13. Installed drminfo app, cdm version is 16.1.0, not 16. Tried the command line argument to set to 16.1.0.

    The updated script has less debug reporting than the original script. Would it be possible to update the original script while keeping its original structure (including scanner.py), in order to support cdm 16.1.0? Using the minimum of edits to the original, what would it take?
    Last edited by DrNumands; 21st Dec 2022 at 08:25.

  14. Yes, my fork has less debug reporting because I removed the irrelevant debug logs, you can add them back yourself if you think they will help you (I highly doubt they will).

    Are you providing a function name/does the output state what your function name might be?

  15. Thanks for the reply. Changing to a different version of chrome allowed your fork to work. The video was playing fine with the other version of chrome, but I guess the browser version is important for use with the script.

  16. Member
    Join Date
    Dec 2022
    Location
    Bangladesh
    Search Comp PM
    Originally Posted by Diazole View Post
    I have forked the wvdumper/dumper script and updated it to support L3 extraction on Android 9, 10, 11 and 12 and have successfully extracted the key from these android versions, but have so far only tested CDM versions 14, 15, 16 and 16.1.

    https://github.com/Diazole/dumper

    p.s. once the functions have been hooked, you just need to load the Bitmovin player and click load to dump the keys - https://bitmovin.com/demos/drm

    Update:

    Thank you to dark125 for the suggestion of looping through the function names (even though you sent me a different file to the one you were dumping). The script no longer requires you to provide the function name yourself and instead hooks to every a-z function essentially brute-forcing.

    I have also successfully dumped Android 9 CDM 14.

    Image
    [Attachment 68317 - Click to enlarge]


    Stuck here on android 10,11

  17. Originally Posted by Diazole View Post
    I have forked the wvdumper/dumper script and updated it to support L3 extraction on Android 9, 10, 11 and 12 and have successfully extracted the key from these android versions, but have so far only tested CDM versions 14, 15, 16 and 16.1.

    https://github.com/Diazole/dumper

    p.s. once the functions have been hooked, you just need to load the Bitmovin player and click load to dump the keys - https://bitmovin.com/demos/drm

    Update:

    Thank you to dark125 for the suggestion of looping through the function names (even though you sent me a different file to the one you were dumping). The script no longer requires you to provide the function name yourself and instead hooks to every a-z function essentially brute-forcing.

    I have also successfully dumped Android 9 CDM 14.
    Hey, do you have any script for dumping valid keyboxes?

    It seems like, the keybox that wvdumper script dumps is not valid and can not be provisioned by google.

  18. Originally Posted by Beluga View Post
    Image
    [Attachment 68317 - Click to enlarge]

    Stuck here on android 10,11
    Send me your libwvhidl.so file, you can use this post to retrieve it - https://forum.videohelp.com/threads/404219-How-To-Dump-L3-CDM-From-Android-Device-s-(O...e6#post2646150
    Last edited by Diazole; 26th Dec 2022 at 17:15.

  19. Originally Posted by Diazole View Post
    Send me your libwvhidl.so file, you can use this post to retrieve it - https://forum.videohelp.com/threads/404219-How-To-Dump-L3-CDM-From-Android-Device-s-(O...e6#post2646150
    Can I PM that file to you?

  20. Originally Posted by JerryDevis View Post
    Hey, do you have any script for dumping valid keyboxes?

    It seems like, the keybox that wvdumper script dumps is not valid and can not be provisioned by google.
    What do you mean?
    Last edited by Diazole; 26th Dec 2022 at 17:16.

  21. Originally Posted by Diazole View Post
    does the output state what your function name might be?
    Although the script works, the output does not state what the function name might be. I see others have posted logs where such output (of the likely function name) is shown.

    How might I determine which is the working function name? If I provide a function name on the command line, does the script no longer attach to all of the functions and brute force them all? It only checks the one function name specified?

    If so, I could go through all of the function names, specifying them one at a time on the command line, and the one that works is the actual function name?

  22. Originally Posted by DrNumands View Post
    How might I determine which is the working function name? If I provide a function name on the command line, does the script no longer attach to all of the functions and brute force them all? It only checks the one function name specified?
    Correct.

    You can find your unique function name by reverse engineering the libwvhidl.so file.

    Originally Posted by DrNumands View Post
    If so, I could go through all of the function names, specifying them one at a time on the command line, and the one that works is the actual function name?
    You can certainly do that but that would be rather time consuming or you can send me the file and i'll provide you with the function name. I thought you had already dumped your keys?

  23. da820PmcEXBMWNDoveRRdcR9y0BB+3hwCAmii6eZpBmc2AUQVd wL4w==
    -----END RSA PRIVATE KEY-----

    2022-12-31 05:52:33 PM - Helpers.Device - 48 - DEBUG - Retrieved key:

    -----BEGIN RSA PRIVATE KEY-----

    YltEcnu3m4qMxHPoCrX0/96MSKcFcNE6rI9P1Fw4F0iZM7q0rJ0WEXOtolBNVayZ

    on Android 12

    dump_keys.py --cdm-version '16.0.0' shows above keys and stuck...

    dump_keys.py --cdm-version '16.0.1' just shows functions and stuck .... main - 24 - INFO - Functions Hooked, load the DRM stream test on Bitmovin!

  24. Originally Posted by hasmevask View Post
    dump_keys.py --cdm-version '16.0.0' shows above keys and stuck...

    dump_keys.py --cdm-version '16.0.1' just shows functions and stuck .... main - 24 - INFO - Functions Hooked, load the DRM stream test on Bitmovin!
    PM me your libwvhidl.so

  25. Originally Posted by Diazole View Post
    Originally Posted by hasmevask View Post
    dump_keys.py --cdm-version '16.0.0' shows above keys and stuck...

    dump_keys.py --cdm-version '16.0.1' just shows functions and stuck .... main - 24 - INFO - Functions Hooked, load the DRM stream test on Bitmovin!
    PM me your libwvhidl.so
    sent check pm

  26. Does not work for me. I have a rooted Pixel 3 with Android 12.

    I am running frida-server-16.0.8-android-arm64 as root.

    This is all I see when running your script:

    Code:
    > python dump_keys.py --cdm-version 16.1.0
    
    2022-12-31 01:49:29 PM - main - 25 - INFO - Connected to Pixel 3
    2022-12-31 01:49:29 PM - main - 26 - INFO - Scanning all processes
    android.hardware.drm@1.0-service
    android.hardware.drm@1.3-service.widevine
    android.hardware.drm@1.4-service.clearkey
    drmserver
    2022-12-31 01:49:31 PM - main - 34 - INFO - Functions Hooked, load the DRM stream test on Bitmovin!

    Opening https://bitmovin.com/demos/drm in Chrome, then loading and playing the video does not provoke additional output. The EME section on the demo page confirms widevine is supported on my device.

  27. Originally Posted by hasmevask View Post

    sent check pm
    Your function name is 'crhqcdet'.

    Code:
    dump_keys.py --function-name 'crhqcdet'
    Let me know how you get on

  28. Originally Posted by Diazole View Post
    Originally Posted by hasmevask View Post

    sent check pm
    Your function name is 'crhqcdet'.

    Code:
    dump_keys.py --function-name 'crhqcdet'
    Let me know how you get on
    function name is correct. thanks it stuck there also

    Code:
    Helpers.Device - 56 - INFO - Hooked crhqcdet at 0xf6a42a09
    main - 24 - INFO - Functions Hooked, load the DRM stream test on Bitmovin
    but job done by your dumper only

    thanks again for your hard work and valuable work and time share

  29. Force quit chrome and restart your device, then try again




Similar Threads

Visit our sponsor! Try DVDFab and backup Blu-rays!