Would you please create a writeup as to what you had to defeat in order to get chromeRSAPrivateKey?
gregvish opened this issue Β· 11 comments
// Extracted by applying some mathematical tricks to Arxan's white-box algorithm
That's not a good enough explanation for a lot of us :)
For those of us who don't have the time to reverse the DLL ourselves, a writeup describing what obfuscation was actually used in the most popular DRM module is quite interesting.
Since you were generous enough to create this repo, perhaps you'll be kind enough to create this writeup as well :)
I am considering to write such a write up in the future, not promising though.
But basically, after deobfuscating the control flow and translating the algorithm to python, I begun substituting complex operations with simpler but mathematically equivalent operations, eliminating redundant tables and numbers along the way.
In the end I had an algorithm that was similar enough to the usual square-and-multiply RSA implementation, from which I could conclude the secret exponent.
@tomer8007 can't do a write up because he didn't reverse this, I did.
The original Python implementation of the whiteboxed RSA attached.
ChromeKey.zip
Rename zip to py
All he has done is steal my work and dumb it down further to the original exponent, which is a pointless exercise anyway.
He got technical details wrong the binary is not "very heavily obfuscated" and Arxan is only used for the anti-debugging portion.
This whitebox is produced in-house by Google, and variants of it have been used on other Widevine libraries.
Of course they know anything like this will be reversed, it's not meant to be secure that is why Chrome can only do 720p or SD at places.
All making this public has done is:
A) Force Widevine to revoke the current key
B) Make Widevine change the whitebox implementation
C) Probably? Make Widevine rotate the private key more regularly
D) Enable more people to make a dollar selling this
E) Hurt real users
F) Force more streaming services to downgrade Chrome to SD or 720p only
G) Hurt real users???
"Here's a thing, it wont work long term, I can't explain how I did it and it's just here to prove something everybody already knew." - tomer8007
Great work friend!
Did this for fun... Had known what my work would become. Would have ever done it.
Well, it is at least true that I wasn't sure that Arxan really made the whitebox RSA algorithm.
@therealchrome join our discord server
@therealchrome is it possible to speak with you regarding this work? ΠΡ ΡΡΡΡΠΊΠΈΠΉ??
@tomer8007 π΄π²π π²π π½πΌππ²π± π½πΆπ²π°π² πΌπ³ ππ΅πΆπ
He's far from a piece of shit. Bright dude. We have no idea who actually designed this code. Neither do you.
πππ , ππππππ-π π ππππ ππππππ ππππ πππ ππ π ππππππ ππππ ππ πππ ππ πππππππ
@tomer8007 can't do a write up because he didn't reverse this, I did.
The original Python implementation of the whiteboxed RSA attached.
ChromeKey.zip
Rename zip to pyAll he has done is steal my work and dumb it down further to the original exponent, which is a pointless exercise anyway.
He got technical details wrong the binary is not "very heavily obfuscated" and Arxan is only used for the anti-debugging portion.This whitebox is produced in-house by Google, and variants of it have been used on other Widevine libraries.
Of course they know anything like this will be reversed, it's not meant to be secure that is why Chrome can only do 720p or SD at places.
All making this public has done is:
A) Force Widevine to revoke the current key
B) Make Widevine change the whitebox implementation
C) Probably? Make Widevine rotate the private key more regularly
D) Enable more people to make a dollar selling this
E) Hurt real users
F) Force more streaming services to downgrade Chrome to SD or 720p only
G) Hurt real users???"Here's a thing, it wont work long term, I can't explain how I did it and it's just here to prove something everybody already knew." - tomer8007
Great work friend!Did this for fun... Had known what my work would become. Would have ever done it.
I completely agree, this kind of thing should not be made public.
@tomer8007 can't do a write up because he didn't reverse this, I did.
The original Python implementation of the whiteboxed RSA attached.
ChromeKey.zip
Rename zip to pyAll he has done is steal my work and dumb it down further to the original exponent, which is a pointless exercise anyway.
He got technical details wrong the binary is not "very heavily obfuscated" and Arxan is only used for the anti-debugging portion.This whitebox is produced in-house by Google, and variants of it have been used on other Widevine libraries.
Of course they know anything like this will be reversed, it's not meant to be secure that is why Chrome can only do 720p or SD at places.
All making this public has done is:
A) Force Widevine to revoke the current key
B) Make Widevine change the whitebox implementation
C) Probably? Make Widevine rotate the private key more regularly
D) Enable more people to make a dollar selling this
E) Hurt real users
F) Force more streaming services to downgrade Chrome to SD or 720p only
G) Hurt real users???"Here's a thing, it wont work long term, I can't explain how I did it and it's just here to prove something everybody already knew." - tomer8007
Great work friend!Did this for fun... Had known what my work would become. Would have ever done it.
@therealchrome
hello please can you contact me
dahlioussama@gmail.com
i need you to work with us in some company with benefit good thank you
@tomer8007 can you share the "m" value?
or
@therealchrome can you share the "ct" value?
Thanks a lot already!