You don't have an Android Device or don't want to buy one to get the two magic files to decrypt your video with drm?
No problem! you can use Android Studio available for Windows, Linux and Mac.
It's totally free...You just need a computer with good processor and 12Go of ram.....
It's not impossible to run it with a little pc, but obviously, it will be more slow and you will have to take your time to launch your virtual Device and to use it.
[Attachment 68344 - Click to enlarge]
We Want to create a Virtual Android Device ....So click on "Create Device"
I have not tested with all Android Devices but the first three work fine
[Attachment 68345 - Click to enlarge]
Choose for example "Pixel 6" and click on "next"
[Attachment 68346 - Click to enlarge]
Here again I have not test all the Version of the OS but Android Pie works fine.
Download the Android Version you want for your virtual device, choose it and click on "next"
[Attachment 68347 - Click to enlarge]
Click On "Finish"
[Attachment 68348 - Click to enlarge]
Your phone is going to be created...It make takes a long time to be created and to boot...
[Attachment 68349 - Click to enlarge]
Your beautilful and free Phone is ready !
Let's play with the terminal....
Open a Command Prompt in Windows.
Code:pip install fridaCode:pip install frida-tools
[Attachment 68369 - Click to enlarge]
Now Go to https://github.com/frida/frida/releases
Download The Frida Server for Andro´d. and put it on C:\Users\yourname\AppData\Local\Android\Sdk\platfo rm-tools
Verify that the frida-server version you download is the same that the one you have install via pip.
you can show my frida-server file on the screenshot below...
[Attachment 68350 - Click to enlarge]
put yourself in the right directory and type
We can see that our virtual device is recongnized.Code:adb.exe devices
[Attachment 68351 - Click to enlarge]
Put the Frida-server file we have downloaded In our virtual phone
Code:adb.exe push frida-server-16.0.2-android-x86 /sdcard
[Attachment 68352 - Click to enlarge]
So let's communicate with our Virtual device
Put the Frida server in the good directory of our device
Give permission to execute the file
Code:adb.exe shell su mv /sdcard/frida-server_yourversion /data/local/tmp chmod +x /data/local/tmp/frida-server-yourversion /data/local/tmp/frida-server-16.0.2-android-x86
[Attachment 68356 - Click to enlarge]
Keep this Terminal Open !
Now Download Dumper-main on Github
Open a new command prompt
Place yourself in the Directory (cd /....) of dumper main and launch dump_keys
[Attachment 68354 - Click to enlarge]
[Attachment 68355 - Click to enlarge]
Keep this Terminal Open !
We have now 2 Commands prompt open.
Go back to our phone
Open Google Chrome and go to
https://bitmovin.com/demos/drm or another site using drm.
[Attachment 68357 - Click to enlarge]
As we can see, the video on Bitmovin is launch and dumper-main do his job.
Let's have a look in dumper-main directory.
You will find a directory (private-keys) containing the 2 files
[Attachment 68358 - Click to enlarge]
you just have to rename the 2 files respectively in :
If you want another couple of fresh L3 cdm, you just have to create a new device and do the same process.
Please questions and problems in this thread and not via PM...so as to help all people who comes from Google, Mars Planet or somewhere else to find what they search
Thank you to everyone on this forum who taught me so much
+ Reply to Thread
Results 1 to 30 of 432
Last edited by cedric8528; 27th Dec 2022 at 13:44.
Interesting. What type of build fingerprint does Android Studio use (and ends up in the device blob for the cdm)?
Is the buildtype user, userdebug, eng? release-keys or test-keys (at the end of the build fingerprint)?
I can confirm this is working very well. I recently spent a couple of Covid days spamming 20+ CDMs and they are all unique and confirmed to be working. I even experimented with changing the build info/fingerprints so they have the official builds when checked. I have no idea if that actually does anything, but boredom makes you do crazy things.
I never managed to dump anything above Android 9, though. I even went so far as to pull the libwvhidl to get the function names for 10, 11, 12, 13 and put them in the script, but couldn't get pass the "Hooks completed". Still, can't complain
wow cedric, really amazing thread
thanks you for share this great info
just a small contribution
Thank you my friend
It's good to have this in a comprehensive guide format.
'Magicians' posted a video of the process a while back in the 'Temple of Doom' thread, the video link may still work (the process definitely did): https://forum.videohelp.com/threads/404994-Decryption-and-the-Temple-of-Doom/page7#post2670982
Lots of people missed the Magicians post, so it's good to 'bring it out into the open'.
Last edited by bamboobali; 27th Dec 2022 at 08:53. Reason: Added: 'Lots of people...'
First of all, thank you for this tutorial.
I just tried it but I have a problem at the dumper step (see picture). Any idea how to solve this problem?
you have Frida 15.2.2....Have you downloaded the same version on Github...
Try to update frida-tools also
pip install --upgrade frida-tools
Thank for your answer.
Yes, it was a problem of version, I had just followed the tuto without taking care of that like the noob that I am ^^
It worked now.
I had not specified the taking into account of the different versions...
Thank you Pouki2
I have modify The tutorial
Wonderful job Cedric, thank you very much!
Has anyone managed to dump cdm key from apk files like amazon music?
Emulator works but if this trick trying apply on some old android devices (oneplusone/two) nothing happend. On one I open bitmovin page and nothing and Two just freez after load dump scirpt and after 2-3 sec. phone is restarted.
You need to add the cdm library name and functions that you will get from phone to the relevant lines.
Last edited by mrmyst; 28th Dec 2022 at 07:52.
Last edited by A_n_g_e_l_a; 29th Dec 2022 at 10:34.
Many thanks for the guide. But seem to be running into problems with the dumper step. I think I have verified my version of Frida server is the same as the one I downloaded via pip install. Any idea how to solve this?
C:\kidtopssh\dumper-main>Python dump_keys.py Traceback (most recent call last): File "C:\kidtopssh\dumper-main\dump_keys.py", line 6, in <module> from Helpers.Scanner import Scan File "C:\kidtopssh\dumper-main\Helpers\Scanner.py", line 3, in <module> from Crypto.PublicKey import RSA ModuleNotFoundError: No module named 'Crypto'
pip install pycryptodome
pip install pycryptodome==3.14.1
or maybe thisCode:
pip install pycryptodomex
C:\kidtopssh\dumper-main>pip install pycryptodomex Requirement already satisfied: pycryptodomex in c:\users\jojot\appdata\local\programs\python\python311\lib\site-packages (3.16.0) C:\kidtopssh\dumper-main>Python dump_keys.py Traceback (most recent call last): File "C:\kidtopssh\dumper-main\dump_keys.py", line 6, in <module> from Helpers.Scanner import Scan File "C:\kidtopssh\dumper-main\Helpers\Scanner.py", line 3, in <module> from Crypto.PublicKey import RSA ModuleNotFoundError: No module named 'Crypto'
Not sure if this will help but here is my pip list:
pycryptodome 3.15.0 pycryptodomex 3.15.0
pip uninstall pycryptodome pip install pycryptodome
C:\kidtopssh\dumper-main>pip uninstall pycryptodome Found existing installation: pycryptodome 3.16.0 Uninstalling pycryptodome-3.16.0: Would remove: c:\users\jojot\appdata\local\programs\python\python311\lib\site-packages\crypto\* c:\users\jojot\appdata\local\programs\python\python311\lib\site-packages\pycryptodome-3.16.0.dist-info\* Would not remove (might be manually added): c:\users\jojot\appdata\local\programs\python\python311\lib\site-packages\crypto\app.py c:\users\jojot\appdata\local\programs\python\python311\lib\site-packages\crypto\decryptoapp.py c:\users\jojot\appdata\local\programs\python\python311\lib\site-packages\crypto\library\__init__.py c:\users\jojot\appdata\local\programs\python\python311\lib\site-packages\crypto\library\cryptor.py c:\users\jojot\appdata\local\programs\python\python311\lib\site-packages\crypto\library\hash.py c:\users\jojot\appdata\local\programs\python\python311\lib\site-packages\crypto\library\package.py c:\users\jojot\appdata\local\programs\python\python311\lib\site-packages\crypto\settings.py Proceed (Y/n)? y Successfully uninstalled pycryptodome-3.16.0 C:\kidtopssh\dumper-main>pip install pycryptodome Collecting pycryptodome Using cached pycryptodome-3.16.0-cp35-abi3-win_amd64.whl (1.7 MB) Installing collected packages: pycryptodome Successfully installed pycryptodome-3.16.0 C:\kidtopssh\dumper-main>Python dump_keys.py Traceback (most recent call last): File "C:\kidtopssh\dumper-main\dump_keys.py", line 6, in <module> from Helpers.Scanner import Scan File "C:\kidtopssh\dumper-main\Helpers\Scanner.py", line 3, in <module> from Crypto.PublicKey import RSA ModuleNotFoundError: No module named 'Crypto'
Yes I don't know where is the problem ....So as mrmyst
says , downgrade your version of Python.