VideoHelp Forum

Closed Thread
Page 6 of 8
FirstFirst ... 4 5 6 7 8 LastLast
Results 151 to 180 of 227
Thread
  1. Originally Posted by codehound View Post
    Originally Posted by darkw4v3 View Post

    Android 10 with oemcrypto 15 works fine. At least it has for me, multiple times.
    Well done (multiple times)
    Oh, hello Mr Snark. Too proud to be corrected I see.

  2. Originally Posted by varwffoc View Post
    Do you know how to find the dynamic function?
    Yes.

  3. Hey guys, I'm elated to say I can get it to dump a license_request.bin, but still no client_id or private_key files. All I get in the terminal is the following:
    https://pastebin.com/qrcH1pPU
    I'm running Android 10.0 with OEMCrypto 15, which worked out much better than Android 7.0 with OEMCrypto 11 by virtue of getting past "Hooks Completed" at all, but I'm still stuck. Any ideas?
    Last edited by krsentai; 24th Jan 2022 at 01:05. Reason: Code box was egregiously long

  4. Originally Posted by krsentai View Post
    Hey guys, I'm elated to say I can get it to dump a license_request.bin, but still no client_id or private_key files. All I get in the terminal is the following:
    https://pastebin.com/qrcH1pPU
    I'm running Android 10.0 with OEMCrypto 15, which worked out much better than Android 7.0 with OEMCrypto 11 by virtue of getting past "Hooks Completed" at all, but I'm still stuck. Any ideas?
    Try with different python version (3.9) and install frida-server from play store.

    You can read above posts try with oemcrypto v13 or lower version.

  5. Originally Posted by laynoto View Post
    Try with different python version (3.9) and install frida-server from play store.

    You can read above posts try with oemcrypto v13 or lower version.
    I can't seem to get frida-server from the Play Store to work. I click "download server", but when I try to start it it just gives "Not yet installed. You need install server first".

  6. have you got magisk install on your phone? And have you got magisk frida install too? https://github.com/Magisk-Modules-Repo/magisk-frida not sure what the playstore app is, when I dumped keys I used the magisk module.

  7. Originally Posted by krsentai View Post
    Originally Posted by laynoto View Post
    Try with different python version (3.9) and install frida-server from play store.

    You can read above posts try with oemcrypto v13 or lower version.
    I can't seem to get frida-server from the Play Store to work. I click "download server", but when I try to start it it just gives "Not yet installed. You need install server first".
    Wait a few minutes it takes time to download. I tried with magisk module frida-server but not worked for me. So advised this methıd but other members succeeded with magisk module give a try to it.

  8. Originally Posted by [ss]vegeta View Post
    Originally Posted by varwffoc View Post
    Do you know how to find the dynamic function?
    Yes.
    Hi, can you help me? I only get the key_boxes.

  9. Originally Posted by DeesDaSilva View Post
    Hi, can you help me? I only get the key_boxes.
    Maybe.
    The file I need so I can help you should be somewhere on your phone.
    The usual name of the file is libwvhidl.so in rare cases, it could be something else. The size is almost always around 3.3 megabytes
    Use a root file explorer app and try to find libwvhidl.so on your phone.
    Or use this
    Code:
    adb shell
    su
    cp vendor/lib64/libwvhidl.so /data/local/tmp
    adb pull /data/local/tmp/libwvhidl.so
    or this
    Code:
    adb shell
    su
    cp vendor/lib/libwvhidl.so /data/local/tmp
    adb pull /data/local/tmp/libwvhidl.so
    and then find a way to send it to me.

    Or, whatever, it's time for all of you to try doing it urself.
    Basically, you open that file with Notepad and search for "oemcrypto_le".
    The 2nd find of "oemcrypto_le" should come to this
    Image
    [Attachment 63108 - Click to enlarge]

    The "gibberish" above oemcrypto_le
    Code:
    aubxesnu bscwumyx covmuybg cuxpfige eraviosd euoobbxy gunfzzhu hzfgrcal lqsrlehr meopfgvt mtylmzom oucdfqff pldrclfq psyprwmh pyxylqvw qxkjmvcw sxmfafok udanauth vajorhmx ycrdjvyl
    are the dynamic functions that should be replaced in the first line of script.js located in dumper/helpers folder.
    And then you try again and that's it.

  10. Here's the file https://drive.google.com/file/d/1fx_lSYtxTLLmqyYTS6OKDcA0wS3VfXRp/view?usp=sharing

    I tried to do myself, here is what i tried, it didn't worked.

    const KNOWN_DYNAMIC_FUNC = ['ulns', 'cwkfcplc', 'dnvffnze', 'kgaitijd', 'polorucp','bmelqtyh', 'calloc', 'djoadccl', 'exit', 'fdisjieh','getpagesize','free','igrqajte','iwwfrw gy','jlifludb','kyshuvom','lfrcssmv','luosbvkw','m alloc','memcpy','memmove','memset','mmap','mojnbkt r','mprotect','mrfnyifb','munmap','nvbdvvpj','ozdw hvco','pjzsjcqb','qksprdjf','rcdtibgn','srvntsue', 'sscanf','syscall','time','uname','vvkwbdal','xkrc uagn','ypyxfjba','fread_unlocked','foxsiucw','zdud yati'];

  11. Originally Posted by DeesDaSilva View Post
    'memcpy','memmove','memset','mmap'
    From what I understand, this means your OEM Crypto API version is bigger than 13 in which this vulnerability is fixed.
    I had a guy once sending me a file like this, I tried removing these "proper sounding" functions but I think it didn't work, it's not that easy I guess. Or I didn't figure out which are the "proper" and "not proper" ones.

  12. Member
    Join Date
    Jan 2022
    Location
    mexico
    Search PM
    Hello I tried to dump my moto onevision is l3 cmd v15 I run frida and script I loaded the script but I just get a license_request.bin what I'm doing wrong since the rsa cert is not exported?

    Edit: Found the libwvhidl.so replaced the dynamics on scripts and still getting license_request.bin file only.

    Can someone help please.
    Last edited by giorey; 28th Jan 2022 at 19:00.

  13. Originally Posted by giorey View Post
    Hello I tried to dump my moto onevision is l3 cmd v15 I run frida and script I loaded the script but I just get a license_request.bin what I'm doing wrong since the rsa cert is not exported?

    Edit: Found the libwvhidl.so replaced the dynamics on scripts and still getting license_request.bin file only.

    Can someone help please.
    Read the post directly above yours? The vunrability is fixed in OEM Crypto API versions higher than 13. You need to downgrade to get you version =>13

  14. Originally Posted by darkw4v3 View Post
    Originally Posted by codehound View Post
    Originally Posted by darkw4v3 View Post

    Android 10 with oemcrypto 15 works fine. At least it has for me, multiple times.
    Well done (multiple times)
    Oh, hello Mr Snark. Too proud to be corrected I see.
    If you read advice from multiple people you will see the vulnerability has been patched in versions above 13.

    So again, well done to you for cracking oempcrypto v15. (Multiple times).
    Last edited by codehound; 29th Jan 2022 at 17:32.
    Discord codehound#0348

  15. Hello ,, please help for what wrong

    Code:
    AAAATHBzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAACwiJGI5ZjYwMjM4LTYyYzEtNTQ2OC04NDFlLTEzZjU1MTYxM2VjM0jj3JWbBg==
    Code:
    https://sg-sg-sg.astro.com.my:9443/vgemultidrm/v1/widevine/license
    Accept: */*
    Accept-Encoding: gzip, deflate, br
    accept-language: en
    authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2NDM0NjcwMTcsInN1Y iI6IjgwMDE1MDA4IiwiYXVkIjoiaXZwLnNlc3Npb25ndWFyZCI sImV4cCI6MTY0MzQ3NzgxNywic2Vzc2lvbl9kYXRhIjp7InNlc 3Npb24iOnsiY29tbXVuaXR5IjoiTWFsYXlzaWEgTGl2ZSIsImJ 1c1VuaXRJZCI6IkFTVFJPIiwic2NvcGUiOiJicm93c2UgcGxhe WJhY2siLCJ1cElkIjoiODAwMTUwMDhfMCIsImRldklkIjoiODA wMTUwMDguODVjODg4ZWYtYzU2Ni00NGI5LWI5NDYtZmExMWQ4Y zE2MDY2IiwicmVnaW9uIjoiUE9TVFBBSUQiLCJjbWRjUmVnaW9 uIjoiODAwMDAiLCJkZXZpY2VGZWF0dXJlcyI6WyJBQlIiLCJQR VJTT05BTC1DT01QVVRFUiIsIlVOTUFOQUdFRCIsIkRBU0giLCJ XVi1EUk0iLCJTZWNvbmRTY3JlZW4iXSwiY21kY0RldmljZVR5c GUiOiJQQyIsImRldmljZVR5cGUiOiJDT01QQU5JT04iLCJ0ZW5 hbnQiOiJrIiwic29sdXRpb25JZCI6ImsiLCJ0ZW5hbnRJZCI6I kFTVFJPIiwiZ3Vlc3RNb2RlIjpmYWxzZSwiaGhJZCI6IjgwMDE 1MDA4In0sImhoSGFzaCI6NDgsImNvbW11bml0eSI6Ik1hbGF5c 2lhIExpdmUifSwic2NvcGUiOiJicm93c2UgcGxheWJhY2siLCJ 0b2tlbl90eXBlIjoiYWNjZXNzX3Rva2VuIiwic3NhX2p0aSI6I mJyb3dzZXIiLCJjbGllbnRfaWQiOiJicm93c2VyIiwianRpIjo iNzFlMzcxMGItYmMwMy00Yjg2LTllZDAtNTkzYjlhZTA2YjYxI n0.ECaa03LkOOGp51gEju6Fc8ymz-2TV5XCt1S86AahigA
    cache-control: no-cache , no-store
    Connection: keep-alive
    Content-Length: 6056
    content-type: application/json
    Host: sg-sg-sg.astro.com.my:9443
    Origin: https://astrogo.astro.com.my
    Referer: https://astrogo.astro.com.my/
    sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"
    sec-ch-ua-mobile: ?0
    sec-ch-ua-platform: "Windows"
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-site
    User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
    cut the HEADERS to

    Accept-Encoding: gzip, deflate, br
    accept-language: en
    cache-control: no-cache , no-store
    Connection: keep-alive
    Content-Length: "6056"
    content-type: application/json
    Origin: https://astrogo.astro.com.my
    Referer: https://astrogo.astro.com.my/
    User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

    and try on https://getwvkeys....


    Error 404: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Error Page</title> <style> h1 { width: 100%; text-align: center; } </style> </head> <body> <h1> 401 Unauthorized </h1> <hr> </body> </html>

    thank you
    Last edited by supersport; 29th Jan 2022 at 09:00.

  16. Originally Posted by supersport View Post
    Hello ,, please help for what wrong

    authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2NDM0NjcwMTcsInN1Y iI6IjgwMDE1MDA4IiwiYXVkIjoiaXZwLnNlc3Npb25ndWFyZCI sImV4cCI6MTY0MzQ3NzgxNywic2Vzc2lvbl9kYXRhIjp7InNlc 3Npb24iOnsiY29tbXVuaXR5IjoiTWFsYXlzaWEgTGl2ZSIsImJ 1c1VuaXRJZCI6IkFTVFJPIiwic2NvcGUiOiJicm93c2UgcGxhe WJhY2siLCJ1cElkIjoiODAwMTUwMDhfMCIsImRldklkIjoiODA wMTUwMDguODVjODg4ZWYtYzU2Ni00NGI5LWI5NDYtZmExMWQ4Y zE2MDY2IiwicmVnaW9uIjoiUE9TVFBBSUQiLCJjbWRjUmVnaW9 uIjoiODAwMDAiLCJkZXZpY2VGZWF0dXJlcyI6WyJBQlIiLCJQR VJTT05BTC1DT01QVVRFUiIsIlVOTUFOQUdFRCIsIkRBU0giLCJ XVi1EUk0iLCJTZWNvbmRTY3JlZW4iXSwiY21kY0RldmljZVR5c GUiOiJQQyIsImRldmljZVR5cGUiOiJDT01QQU5JT04iLCJ0ZW5 hbnQiOiJrIiwic29sdXRpb25JZCI6ImsiLCJ0ZW5hbnRJZCI6I kFTVFJPIiwiZ3Vlc3RNb2RlIjpmYWxzZSwiaGhJZCI6IjgwMDE 1MDA4In0sImhoSGFzaCI6NDgsImNvbW11bml0eSI6Ik1hbGF5c 2lhIExpdmUifSwic2NvcGUiOiJicm93c2UgcGxheWJhY2siLCJ 0b2tlbl90eXBlIjoiYWNjZXNzX3Rva2VuIiwic3NhX2p0aSI6I mJyb3dzZXIiLCJjbGllbnRfaWQiOiJicm93c2VyIiwianRpIjo iNzFlMzcxMGItYmMwMy00Yjg2LTllZDAtNTkzYjlhZTA2YjYxI n0.ECaa03LkOOGp51gEju6Fc8ymz-2TV5XCt1S86AahigA
    Error 404: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Error Page</title> <style> h1 { width: 100%; text-align: center; } </style> </head> <body> <h1> 401 Unauthorized </h1> <hr> </body> </html>

    thank you
    You get a 401 Unauthorized status code which well, probably means you are not authorized to do the request. I see you cut the headers such that you don't include that authorization token which probably is the issue. So try it again with the authorization header included. (This probably even is the only header actually required for it to work).

  17. Originally Posted by TonyChocolonely View Post
    (This probably even is the only header actually required for it to work).
    That is not right because i know that site requires json headers. So the script need editing and doesnt works at notaghost website. The server request need inspection to know how the server make the request.

  18. Member
    Join Date
    Jan 2022
    Location
    mexico
    Search PM
    Originally Posted by T33V33 View Post
    Originally Posted by giorey View Post
    Hello I tried to dump my moto onevision is l3 cmd v15 I run frida and script I loaded the script but I just get a license_request.bin what I'm doing wrong since the rsa cert is not exported?

    Edit: Found the libwvhidl.so replaced the dynamics on scripts and still getting license_request.bin file only.

    Can someone help please.
    Read the post directly above yours? The vunrability is fixed in OEM Crypto API versions higher than 13. You need to downgrade to get you version =>13
    Oh I see thanks, sorry thought it was possible to do it on v15, well will see if I have another device with v13

  19. any guide for dumped on an android vmware or virtualbox machine?

  20. Originally Posted by codehound View Post
    Originally Posted by darkw4v3 View Post
    Originally Posted by codehound View Post
    Originally Posted by darkw4v3 View Post

    Android 10 with oemcrypto 15 works fine. At least it has for me, multiple times.
    Well done (multiple times)
    Oh, hello Mr Snark. Too proud to be corrected I see.
    If you read advice from multiple people you will see the vulnerability has been patched in versions above 13.

    So again, well done to you for cracking oempcrypto v15. (Multiple times).
    Its not fixed, its possible to crack up to oemcrypto version 15. You just need to find the right function (one function, not all of them like [ss]vegeta said). I have dumped from Android 11 with oemcrypto version 15 using this method.
    Last edited by varwffoc; 31st Jan 2022 at 13:11.

  21. Originally Posted by varwffoc View Post
    (one function, not all of them like [ss]vegeta said)
    Shame on him, he has no idea what he is talking about.

  22. Originally Posted by varwffoc View Post

    Its not fixed, its possible to crack up to oemcrypto version 16. You just need to find the right function (one function, not all of them like [ss]vegeta said). I have dumped from Android 11 with oemcrypto version 16 using this method.
    ...
    Discord codehound#0348

  23. psaframe
    Join Date
    Mar 2021
    Location
    Algeria
    Search PM
    Its not fixed, its possible to crack up to oemcrypto version 16. You just need to find the right function (one function, not all of them like [ss]vegeta said). I have dumped from Android 11 with oemcrypto version 16 using this method.[/QUOTE]

    More stupid shit are comes.
    waiting for smart ass to dump from android v12 oem 17

  24. Addendum, I have been sent 'proof' which I am now examining that oemcrypto v15 is possible.

    I will post back findings.
    Discord codehound#0348

  25. I haven't tested Android 11 because I don't have one I want to test with. But about 10-15 days ago it worked fine with Android 10 with OEMCryto v15 after locating the right function, about 1-2 other user I've assisted with the L3 build version or system id 22585 which is often found on Android 10, have been able to do it as well. I doubt a change of this library which is usually written into a read-only section of the phone system file would take place without some OTA update, then again I am not an expect with how OTA updates are deployed. If anything, it may be happening on a OEM basis, some vendor had released updates that patch it and some haven't. But overall Android 6-10 seems to be functional in my trials after identifying the function.

    Other cases can also be user's error. The user in question keep saying they don't get the private keys. But what does the log says?

  26. Android 10 with oem15 for sure can be extracted. I have extract it although the system id is an older one.

  27. Member k2000's Avatar
    Join Date
    Jan 2022
    Location
    Canada
    Search PM
    I already extracted my L3 key wondering where you see the oemcrypto version?.

  28. Member
    Join Date
    Jan 2019
    Location
    hawaii
    Search PM
    if you have already extract on your pc see info with CDM-Device-Checker

    if you want see info from your phone use DRM Info app for android

  29. Member k2000's Avatar
    Join Date
    Jan 2022
    Location
    Canada
    Search PM
    Originally Posted by lomero View Post
    if you have already extract on your pc see info with CDM-Device-Checker

    if you want see info from your phone use DRM Info app for android
    Thanks

  30. Hi,

    My L3 is now dumped. I want to use it to get decryption keys from channel 4 (all4) and channel 5 (my5). How do I get keys from channel 4 and how do I get 1080p encrypted videos from channel 5? I can get channel 5 keys, but not the 1080p encrypted videos to decrypt. You can inbox or respond here, kindly.




Similar Threads