hyugogirubato / keydive Goto Github PK
View Code? Open in Web Editor NEWExtract Widevine L3 keys from Android devices effortlessly, spanning multiple Android versions for DRM research and education.
License: MIT License
Extract Widevine L3 keys from Android devices effortlessly, spanning multiple Android versions for DRM research and education.
License: MIT License
Android 12
It's on my phone.
31: (16, '16.0.1', '[email protected]', '[email protected]')
Newer versions don't work, older versions do
I have encountered a problem again, I'm a Xiaomi phone, the current software detection is L1, the use of the document provides a mask plug-in to disable L1, but the disable failed, The device is stuck on the startup screen, Fortunately, the brick saving plugin is installed, how to solve the problem?
Hi, I used the scripts from https://github.com/sim0n00ps/L3-Dumping and change few things for being automatic with a single batch file, what do you think? The setup is that same from the repository I shared. I'm not used to do this so it's the best I can do. It happens the script can block itself to the Frida Server starting, just restarting the script solve the issue.
@echo off
::Script source: https://github.com/sim0n00ps/L3-Dumping
echo.
echo.
echo ####################################################
echo # #
echo # KeyDive script #
echo # Widevine L3 Extractor for Android #
echo # #
echo # #
echo # PHONE MUST BE ROOTED TO WORK. #
echo # #
echo ####################################################
echo.
echo.
set /P c=Do you want to install requirements.txt[Y/N]?
if /I "%c%" EQU "Y" goto :install_python_requirements
if /I "%c%" EQU "N" goto :keydive
:install_python_requirements
echo.
echo #################################
echo # #
echo # Installing requirements.txt #
echo # #
echo #################################
echo.
echo A new window will open for requirements.txt in 5 sec. Once everything installs, you can close the window.
timeout /t 5 > nul
start cmd /k pip install -r requirements.txt
pause
:KeyDive
::Frida Server initialization
echo.
echo.
echo ###########################
echo # #
echo # Starting Frida Server #
echo # #
echo ###########################
echo.
echo.
set adb_path="YOUR PATH TO adb.exe HERE"
set frida_server_name=YOUR FRIDA SERVER VERSION HERE
cd /d "C:\platform-tools"
%adb_path% push %frida_server_name% /sdcard
echo su > commands.txt
echo mv /sdcard/%frida_server_name% /data/local/tmp >> commands.txt
echo chmod +x /data/local/tmp/%frida_server_name% >> commands.txt
echo /data/local/tmp/%frida_server_name% >> commands.txt
%adb_path% shell < commands.txt
del commands.txt
::KeyDive start
echo.
echo.
echo ####################
echo # #
echo # KeyDive #
echo # #
echo ####################
echo.
echo.
set "folder_path=YOUR PATH HERE"
set "python_script=keydive.py"
cd /d "%folder_path%"
python "%python_script%"
pause
endlocal
After playing the DRM content the key gets printed to the terminal (RSA private key) but the files aren't being created at all.
It prints the key and [D] Script: Function getPrivateKey() at 0x74fa4d9f80
but client_id.bin and private_key.pem aren't created.
Edit: tested on other device (sdk 31, cdm 16.1.0) and it worked perfectly!
2024-04-28 02:32:27 [I] KeyDive: Version: 1.0.5
2024-04-28 02:32:27 [I] Cdm: Device: Android Emulator 5554 (emulator-5554)
2024-04-28 02:32:28 [I] Cdm: SDK API: 34
2024-04-28 02:32:28 [I] Cdm: ABI CPU: x86_64
2024-04-28 02:32:29 [I] Cdm: Script loaded successfully
2024-04-28 02:32:30 [D] Cdm: Analysing... (android.hardware.drm-service.widevine)
2024-04-28 02:32:31 [D] Cdm: Analysing... (android.hardware.drm-service.widevine)
2024-04-28 02:32:31 [D] Cdm: Analysing... (mediaserver)
2024-04-28 02:32:32 [I] Vendor: CDM version: 18.0.0
2024-04-28 02:32:32 [I] Vendor: OEM Crypto API: 18
2024-04-28 02:32:34 [I] KeyDive: Process: 399 (android.hardware.drm-service.widevine)
2024-04-28 02:32:34 [I] Cdm: Library: android.hardware.drm-service.widevine (/apex/com.google.android.widevine/bin/hw/android.hardware.drm-service.widevine)
2024-04-28 02:32:34 [D] Script: Hooked (0x56dd4893ff60): wvcdm::Properties::UsePrivacyMode
2024-04-28 02:32:34 [D] Script: Hooked (0x56dd4897dc70): wvcdm::CdmLicense::PrepareKeyRequest
2024-04-28 02:32:34 [D] Script: Hooked (0x56dd48a06410): zgtjmxko
2024-04-28 02:32:34 [I] KeyDive: Successfully hooked. To test, play a DRM-protected video: https://bitmovin.com/demos/drm
2024-04-28 02:33:28 [D] Script: Function getPrivateKey() at 0x56dd48a06410
2024-04-28 02:33:29 [D] Cdm: Retrieved key:
2024-04-28 02:34:02 [I] Cdm: Dumped client ID: device\Android Emulator 5554\private_keys\28615\2912315519\client_id.bin
2024-04-28 02:34:02 [I] Cdm: Dumped private key: device\Android Emulator 5554\private_keys\28615\2912315519\private_key.pem
2024-04-28 02:34:03 [I] KeyDive: Exiting
i didnt get clear keys
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.