Closed RevealedSoulEven closed 3 months ago
RevealedSoulEven
commented
3 months ago In addition, I guess we can use it by frida-gadget method using python in termux, by doing so, it won't trigger frida-server checks by apps and also frida injection, we will directly hit the lib responsible for drm and not the main application, and it may work. Can you please guide if whether it's possible or not? And if so, how🥲
RevealedSoulEven
commented
3 months ago Fixed it, hardcoded the source code and changed keydive to use frida on my port instead of usb and then changed port of frida-server to bypass checks. The app was using frida default port for checking frida status. Also need to set abi/sdk and few details regarding the phone manually coz frida couldn't get much of device status on network instead of usb.
So somehow, it worked. Will make a PR to use custom port on frida instead of default port to bypass such checks.
hyugogirubato
commented
3 months ago I am currently upgrading the application Axinom DRM Sample Player where adding frida-gadget could have been possible , but as I expected the shared DRM lib of the device (and possibly liboemcrypto.so) are not loaded by the application itself but by the subprocess android.hardware.drm@1.x.so which does not allow you to interact with it. At best it will be possible to recover the client ID but that's all.
The script is designed to use the device detected by ADB. So if your device is correctly connected via tcpip it should work correctly, just use the device name displayed by ADB when commanding adb devices.
However, as you mentioned the script does not support the use of a custom port for the ADB deamon or Frida. However, the use case is VERY rare.
However, don't hesitate to contribute to the project. I will see if adding a custom port is a relevant addition.
RevealedSoulEven
commented
3 months ago Yes sure. Thanks for your reply.
At first I thought I should make an xposed module but the liboemcrypto.so was being loaded by android.hardware.drm@1.x.so and I was not sure how to use libraries in xposed. I mean which package name to use, maybe android or something but then I thought how can the app detect frida server even if it's not touching the app files.
Like okay during frida injection, it injects code, but how frida server. Then looking on google I came to know they check default frida port. So I though to change it, but needed to use frida-ps -H <ip>:port in terminal and also it was not being treated as usb even if the usb was connected, I was quite lazy to think too much and started hard-coding the source code. Setting the android sdk and other variables manually coz tcpip can't get those like usb. Then your script was also using adb shell to list the running processes, so I modified it to use frida-ps and blindly I kept on doung everything which gave an error and finally when it dumped, I was like, huh? Only this?
But thanks a lot for this great project.
For now I'm confused what shall I add in it, maybe you can just add an option for users to use their own ports coz many DRM apps use securities and RASPs to keep these things apart.
I want to use it internally in android somehow because the app detects frida and usb debugging. It's very intensely obfuscated and I tried to play video somehow by turning on dev options in the middle of the video but no luck. It would be better if an xposed module would be created to look the android framework directly or any other executable for Android itself. Or isn't it possible?