rlaphoenix
commented
1 year ago It would be very possible to implement this. I would need a valid Keybox to test with. Thankfully I do have a test keybox somewhere with the Device ID "TestKey01" so I could try with that.
I do already have a vague idea of how it's done from sniffs I've made already when working on this project. There's also a bit of research out there on the matter as well, like the chromecast-widevine-tools project's README.
I'm not sure if it would be a good idea to implement this at all though, as Google might not like that. However, it's not like any of this information is particularly private, and if they wanted to block such requests they could change the API URL or the Key. They also control the provisioning (Key Forging) and can just block provisioning requests for a keybox.
I'll think about it and look into it. If I manage to find out the key forge flow, I might add it. I will also have to asses any risk to the project.
phhusson
mykaba
Android devices are provisioned in factory using keyboxes, not with certificates. See for instance https://github.com/zybpp/Python/blob/master/Python/keybox/widevine/Lenovo%20TB-X705-TAB510PLUS-04020003.bin.secure
As far as I understand, a device can not make requests to service providers with that keybox (even though this seems to be a valid ClientIdentification looking at license_protocol.proto?). If I understand correctly, a device first needs to call a provisioning endpoint (at least that's what the MediaDrm Android API make it look like). Checking a
strings libwvhidl.so |grep provisionI'm guessing the URL is https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2iU5mko18DfdwK5611JIjbUhE (but that can confirmed that by interception provisioning calls). I see in other reversed pb there is a ProvisioningRequest message (though that other source doesn't give the content of ProvisioningRequest)Would it be possible for pywidevine to implement provisioning of device certificates based on keyboxes?