Skip to content
/ dumper Public
forked from Diazole/dumper

Dump L3 CDM from any Android device

0 stars 245 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tkirkland/dumper

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
Helpers
Helpers
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
dump_keys.py
dump_keys.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Dumper

Dumper is a Frida script to dump L3 CDMs from any Android device.

** IMPORTANT **

You MUST update DYNAMIC_FUNCTION_NAME and CDM_VERSION in script.js to the relevant values for your device.

  • CDM_VERSION can be retrieved using a DRM Info app.
  • DYNAMIC_FUNCTION_NAME value is unique to your device and can be found in the file libwvhidl.so on your device.

If you've managed to get as far as updating DYNAMIC_FUNCTION_NAME but can't find your function name, create an issue and provide me with your libwvhidl.so file and I will give you the function name you need.

Requirements

Use pip to install the dependencies:

pip3 install -r requirements.txt

Usage

  • Enable USB debugging
  • Start frida-server on the device
  • Execute dump_keys.py
  • Start streaming some DRM-protected content

Known Working Versions

  • Android 10
    • CDM 15.0.0
  • Android 11
    • CDM 16.0.0
  • Android 12
    • CDM 16.1.0

Temporary disabling L1 to use L3 instead

A few phone brands let us use the L1 keybox even after unlocking the bootloader (like Xiaomi). In this case, installation of a Magisk module called liboemcrypto-disabler is necessary.

Credits

Thanks to the original author of the code.

About

Dump L3 CDM from any Android device

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 57.6%
  • Python 42.4%