Dumping Your own L3 CDM with Android Studio

[Chopssuey]

Hello i'm having issues with dumper main action



Im using frida-server-17.2.4-android-x86_64 and phyton 3.12 from MS.

Thank your for the help.

[use a name]

Hello i'm having issues with dumper main action


[Attachment 87531 - Click to enlarge]

Im using frida-server-17.2.4-android-x86_64 and phyton 3.12 from MS.

Thank your for the help.

Read the whole thread. Many people have already had this problem.

Paste this in the global scope of Dumper's scripts.js. The bottom of the file is fine.

Code:

rpc.exports = {
inject: inject
};

Dumper hasn't been updated in over four years and these things tend to stop working. It's unclear if Dumper can even be used with current versions of Android Studio etc. You may have to experiment for yourself (only recommended if you have advanced knowledge of computing topics) or wait for someone to post a full tutorial on using KeyDive with Android Studio. We're lucky as many talented people care as much as they do, given that they're going tet-a-tet with some of the smartest engineers in the world (in theory).

[voice_]

Done this two years ago and wanted to try again.
And say many thanks, the original post still works.

Definitely good to read carefully and pay attention to which phone to select, Android, and especially frida version (and to make sure they match). It's all explained very easy here.

Cheers,

[use a name]

Done this two years ago and wanted to try again.
And say many thanks, the original post still works.

Definitely good to read carefully and pay attention to which phone to select, Android, and especially frida version (and to make sure they match). It's all explained very easy here.

Cheers,

You still managed to get the original instructions to work? Wow. What OS are you running and what version of Android Studio? How did you work around the fact that Android Studio won't (officially) let you use a Pixel 9 with API28 anymore? What AVD model did you use? Thanks and congrats!



By the way, little secondhand advice for anyone trying to use KeyDive instead: definitely don't try to mix it with the processes described in this thread like I did at first. Start from scratch, as I said in my much longer post. You'll still need Frida but you don't need to limit yourself to Pixel 3XL, 9.0, 28. In fact, you shouldn't do that. KeyDive was released after Pie and designed for more recent versions of Android. Don't fight that fact. It hints at what versions you should be using in its readme.

[vidblue]

Does anyone know how to download HD content using this method? Thanks

[ytdlhelp]

Does anyone know how to download HD content using this method? Thanks

Content downloading itself doesn't depend on the CDM, decryption is. And each website decides whether to have additional keys for HD content (some use a single key for everything including HD and 4K), and whether such keys are provided for the extracted CDM, however it seems for almost all free content, L3 CDM works, though some websites require physical device CDM. To attempt to get decryption keys, you need to use OpenWV or WidevineProxy2.

[robbie362]

Hi guys!

So, I've spent most of the time yesterday and then earlier today, only to end up on that dump Hook completed thing that doesn't do anything.

Long story short, what works is to use KeyDive.

I still followed the 2025 instructions here:

Pixel 4 XL (no google play) api 34 in Android Studio.

(also tried pixel 3 xl api 28 but doesn't seem to work).

- Use the latest Frida.
- Add ADB platform tools to environment path

then:
pip install keydive

and

keydive -kw -a player

then back in the android app, click that bottom right icon > Provision widevine.

DONE!


[Attachment 87648 - Click to enlarge]

I thank everyone in this forum and KeyDive, I finally have my own CDM. Ciao!

[use a name]

(also tried pixel 3 xl api 28 but doesn't seem to work).

I thought this might have become a problem. I'm going to remove it from my original post so as not to mislead anyone.

Pixel 3XL, 9.0, 28 is, it seems, the right option if you're still trying to use Dumper from the original instructions (or, preferably, find a version of Android Studio that still allows a Pixel 9 with Pie). If you're using KeyDive, it then becomes a hinderance. It may not even be possible. KeyDive was written after Pie/9.0.

Congrats and thanks for posting your experience/advice.


Note to all: FOR KEYDIVE, USE ANDROID 12+ WITH A 3x API AND A DEVICE DESIGNED FOR THAT PAIR. Trying to restrict yourself to API <= 28 and Pie is only necessary for Dumper, which is now outdated but can still work. KeyDive is seemingly the easier solution now. All options should be without Play Store (still an easily selectable image option in Android Studio).

[use a name]

Does anyone know how to download HD content using this method? Thanks

Content downloading itself doesn't depend on the CDM, decryption is. And each website decides whether to have additional keys for HD content (some use a single key for everything including HD and 4K), and whether such keys are provided for the extracted CDM, however it seems for almost all free content, L3 CDM works, though some websites require physical device CDM. To attempt to get decryption keys, you need to use OpenWV or WidevineProxy2.

Good answer and useful links.

HD/4K (i.e. content quality but, more than anything, value) only increases the chances of stronger or lower-level encryption and more browser-level obfuscation. They're not technically linked.

There's a hierarchy: L3 from an VM < L3 from a physical device < L2 (largely unused but can be treated as basically L1) < L1. Usually VM vs physical is undetermined (I'd be interested in an example of one that does make the distinction) due to the additional effort relative to the low number of L3 bypassers.

If you're asking this kind of question, acquiring an L1 key pair is beyond your current ability. There are no public tutorials, AFAIK, on extracting a key because these are software-hardware interface exploits, rather than just sniffing. As soon as someone makes an L1 vulnerability public, it's fixed very quickly. And there's no public software for making use of L1 keys because you're not expected to have one. If you do, you're expected to be able to writer your own scraper/extractor for the content. These are the kind of things that scene groups develop to make their WEB-DLs and then guard jealously (and the quantity of WEBRip content proves how hard it can be for even the experts). These targets are your Amazons and Netflixes. Security is a lot better today than it was when I figured out how to download unlimited music from iTunes in the mid '00s and during the early days of Netflix et al. (Though still complete garbage when it comes to personal data, as evidenced by the obscene number of often unsalted MD5-hashed or even unencrypted database leaks. Tech companies don't seem to care about your data security, only those of their large corporate partners.)

Though if you don't feel capable of acquiring an L3 WV key and then running CLI scripts to make use of it, StreamFab Downloader (advertised on this forum) apparently does all the L3 stuff and potentially more. It advertises itself as having scene-level capabilities and with the pricetag to match. I have no idea how well it works as it's far outside my price range but I'd be fascinated to hear from someone who has tried it. MakeMKV looks like it should be crappy adware based on the website and claims made but it's actually excellent, so who knows? (Things might've moved on but last I heard, it was still the only effective free BD ripper.)

[ytdlhelp]

Good answer and useful links.

HD/4K (i.e. content quality but, more than anything, value) only increases the chances of stronger or lower-level encryption and more browser-level obfuscation. They're not technically linked.

There's a hierarchy: L3 from an VM < L3 from a physical device < L2 (largely unused but can be treated as basically L1) < L1. Usually VM vs physical is undetermined (I'd be interested in an example of one that does make the distinction) due to the additional effort relative to the low number of L3 bypassers.

If you're asking this kind of question, acquiring an L1 key pair is beyond your current ability. There are no public tutorials, AFAIK, on extracting a key because these are software-hardware interface exploits, rather than just sniffing. As soon as someone makes an L1 vulnerability public, it's fixed very quickly. And there's no public software for making use of L1 keys because you're not expected to have one. If you do, you're expected to be able to writer your own scraper/extractor for the content. These are the kind of things that scene groups develop to make their WEB-DLs and then guard jealously (and the quantity of WEBRip content proves how hard it can be for even the experts). These targets are your Amazons and Netflixes. Security is a lot better today than it was when I figured out how to download unlimited music from iTunes in the mid '00s and during the early days of Netflix et al. (Though still complete garbage when it comes to personal data, as evidenced by the obscene number of often unsalted MD5-hashed or even unencrypted database leaks. Tech companies don't seem to care about your data security, only those of their large corporate partners.)

Though if you don't feel capable of acquiring an L3 WV key and then running CLI scripts to make use of it, StreamFab Downloader (advertised on this forum) apparently does all the L3 stuff and potentially more. It advertises itself as having scene-level capabilities and with the pricetag to match. I have no idea how well it works as it's far outside my price range but I'd be fascinated to hear from someone who has tried it. MakeMKV looks like it should be crappy adware based on the website and claims made but it's actually excellent, so who knows? (Things might've moved on but last I heard, it was still the only effective free BD ripper.)

For some reason, I was unable to read the message before I clicked quote. Edit: turned out to be ad blocker issue.

On examples of websites which discriminate virtual CDMs, see Spotify, VdoCipher (these two don't provide keys at all) and YouTube Movies (restricts access to most movies to 480p, also discriminates ChromeCDM the same way, which is uncommon).

For making use of L1 keys, the same software would work (because there isn't anything special in license requests themselves), except maybe you also need to add extension code to make the browser accept higher robustness values in EME call, if some website only works with L1 and nothing else. The true concern is how to do it without getting the CDM blocked for suspicious activity.

As for release groups, it is said that these days they use PlayReady SL3000 instead. There are many leaked CDMs that aren't blocked as widely as on Widevine, and they also can be reprovisioned unlimited times. Can't check if they actually work on paid streaming services, as I am never going to fund these DRM supporters.

[Mallikarjun1995]

Dumping your own l3 cdm with android studio.

Is it still working now?

[1v0live]

Hello @cedric8528, thanks so much for this thread! I am new here and i have encountered some problems running adb.exe shell.

emu64xa:/ $ su
/system/bin/sh: su: inaccessible or not found
127|emu64xa:/ $ mv /sdcard/frida-server-17.2.11-android-x86 /data/local/tmp
emu64xa:/ $ chmod +x /data/local/tmp/frida-server-17.2.11-android-x86
emu64xa:/ $ /data/local/tmp/frida-server-17.2.11-android-x86
/system/bin/sh: /data/local/tmp/frida-server-17.2.11-android-x86: No such file or directory

I can't figure out what is the problem. First with the su command and then with the last command.
I have read almost the whole thread but couldn't find this specific info. My frida server version is the same version as the one installed.