client_id.bin and private_key.pem not being created
Closed this issue · 3 comments
After playing the DRM content the key gets printed to the terminal (RSA private key) but the files aren't being created at all.
It prints the key and [D] Script: Function getPrivateKey() at 0x74fa4d9f80 but client_id.bin and private_key.pem aren't created.
- Device: SM-A546E
- Android: SDK 34 (arm64-v8a).
- Vendor: CDM version: 18.0.0
- Vendor: OEM Crypto API: 18
- KeyDive: Process: 1132 (android.hardware.drm-service.widevine)
- Win10 x64
Edit: tested on other device (sdk 31, cdm 16.1.0) and it worked perfectly!
@NowDev
I have just published big improvements/corrections (version 1.0.4). Don't hesitate to retest using this version!
Note: I see that you are using Android 14, for this you absolutely must use a Ghidra XML functions file. An example is present in the documentation but I recommend that you extract them yourself because the binary can vary depending on its architecture/manufacturer.
To extract the library you must first copy it into the tmp folder accessible via adb (simple user):
cp /path/to/service/binary /data/local/tmp/widevine.so
adb pull /data/local/tmp/widevine.so widevine.soAll you have to do is follow the procedure provided for this purpose: FUNCTIONS
@hyugogirubato Hi, i've just tested providing ghydra functions.
Extracted and analysed /vendor/bin/hw/android.hardware.drm-service.widevine and got into a different issue this time (i guess it's an advance).
Ran the script providing the functions xml file (python .\keydive.py --functions .\functions.xml)
And then it throws:
[I] KeyDive: Version: 1.0.5
[I] Cdm: Device: SM A546E (REDACTED)
[I] Cdm: SDK API: 34
[I] Cdm: ABI CPU: arm64-v8a
[I] Cdm: Script loaded successfully
[D] Cdm: Analysing... (android.hardware.drm-service.widevine)
[D] Cdm: Analysing... (android.hardware.drm-service.widevine)
[D] Cdm: Analysing... (mediaserver)
[I] Vendor: CDM version: 18.0.0
[I] Vendor: OEM Crypto API: 18
[I] KeyDive: Process: 765 (android.hardware.drm-service.widevine)
[I] Cdm: Library: android.hardware.drm-service.widevine (/vendor/bin/hw/android.hardware.drm-service.widevine)
[E] Script: Insufficient functions hooked
[C] KeyDive: Failed to hook into the Widevine process
[I] KeyDive: Exiting
This script was successful for me since i've dumped the keys already, just trying to help another fella which doesn't have an older android device.
Edit: I don't know why this script reports the CDM version as 18.0.0 and the DRM INFO app reports 17.0.0
Obviously the problem comes from Frida, it cannot find the functions necessary for the hook (minimum 3 functions).
The second problem (related to the OME Crypto API version) is linked to the use of a static version list specific to each SDK version for technical reasons (backwards compatibility).