Closed Fxzzi closed 5 days ago
got a bit further by running keydive with drm video running, and then refreshing. here are the verbose logs:
keydive -d 32091FDH200459 -w --functions $HOME/android.hardware.drm-service.widevine.xml -v
2024-10-14 19:08:11 [I] KeyDive: Version: 2.0.9
2024-10-14 19:08:11 [I] Core: Device: Pixel 7 (32091FDH200459)
2024-10-14 19:08:11 [I] Core: SDK API: 34
2024-10-14 19:08:11 [I] Core: ABI CPU: arm64-v8a
2024-10-14 19:08:11 [I] Core: Script loaded successfully
2024-10-14 19:08:11 [I] KeyDive: Watcher delay: 1s
2024-10-14 19:08:11 [D] KeyDive: Analysing...
2024-10-14 19:08:11 [W] Core: Library not found: libwvaidl.so
2024-10-14 19:08:11 [I] Core: Library: android.hardware.drm-service.widevine (/apex/com.google.android.widevine/bin/hw/android.hardware.drm-service.widevine)
2024-10-14 19:08:11 [D] Script: Hooked (0x5ecbd936e8): wvcdm::Properties::UsePrivacyMode
2024-10-14 19:08:11 [D] Script: Hooked (0x5ecbdcca84): wvcdm::CdmLicense::PrepareKeyRequest
2024-10-14 19:08:11 [D] Script: Hooked (0x5ecbe58cbc): ehmduqyt
2024-10-14 19:08:11 [I] Script: Library liboemcrypto.so was not found
2024-10-14 19:08:11 [I] KeyDive: Process: 831 (android.hardware.drm-service.widevine)
2024-10-14 19:08:11 [I] KeyDive: Successfully hooked
2024-10-14 19:08:17 [D] Script: [+] onEnter: UsePrivacyMode
2024-10-14 19:08:17 [D] Script: [-] onLeave: UsePrivacyMode
2024-10-14 19:08:17 [D] Script: [+] onEnter: UsePrivacyMode
2024-10-14 19:08:17 [D] Script: [-] onLeave: UsePrivacyMode
2024-10-14 19:08:17 [D] Script: [+] onEnter: PrepareKeyRequest
2024-10-14 19:08:17 [D] Script: [+] onEnter: UsePrivacyMode
2024-10-14 19:08:17 [D] Script: [-] onLeave: UsePrivacyMode
2024-10-14 19:08:17 [D] Script: [-] onLeave: PrepareKeyRequest
2024-10-14 19:08:17 [D] Cdm: Failed to set challenge data: Error parsing message
2024-10-14 19:08:17 [D] Cdm: Receive client id:
{
"application_name": "com.android.chrome",
"origin": "73AFE289899F92630A7FEC75D2D53007",
"package_certificate_hash_bytes": "8P1sW0EPJcslw7UzRsiXL64w+O50Ed+RBICtay1g24M=",
"company_name": "Google",
"model_name": "Pixel 7",
"architecture_name": "arm64-v8a",
"device_name": "panther",
"product_name": "panther",
"build_info": "google/panther/panther:14/AP2A.240905.003/12231197:user/release-keys",
"widevine_cdm_version": "18.0.0@341113000",
"oem_crypto_security_patch_level": "0",
"oem_crypto_build_information": "{\"soc_vendor\":\"L3_28613\",\"soc_model\":\"ARM 64 bit\",\"ta_ver\":\"18.1.0+May 1 2023_06:32:58_\",\"uses_opk\":false,\"tee_os\":\"none\",\"tee_os_ver\":\"0.0.0\",\"form_factor\":\"L3\",\"implementer\":\"Widevine\",\"fused\":false}"
}
As we were able to discuss on discord, your problem was linked to a bad private saved function. With your help I was able to identify the problem and correct this bad function. However, to prevent this type of problem from occurring again in other use cases I added a new option -s
or --skip
which allows this automatic detection and hook to be passed "like ci" function had not yet been registered.
I've attempted to use my own extracted widevine functions xml, as well as one provided for my device here: https://forum.videohelp.com/threads/414789-KeyDive-Beyond-Android-SDK-33
MagiskFrida running, server running, tested with
pidof frida-server
which successfully returned pid. L1 was also reverted back to L3 with liboemcrypto disabler.Playing widevine video, whether through chrome, firefox, bitmovin, disney+, nothing seems to start the extraction. Here I can provide the XML I extracted from my device: android.hardware.drm-service.widevine.xml.zip