Dump-Tools
/
KeyDive
mirror of https://github.com/hyugogirubato/KeyDive.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

backward compatibility file read func

This commit is contained in:
hyugogirubato 2024-11-01 21:13:28 +01:00
parent e2660a33dd
commit a5e7528842
2 changed files with 16 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
keydive/constants.py
View File

@ -128,8 +128,8 @@ CDM_FUNCTION_API = {
'lcc07', 'lcc07',
'oecc07', 'oecc07',
'Read', 'Read',
'runningcrc', 'x1c36',
'GetSystemId' 'runningcrc'
} }
# https://github.com/kaltura/kaltura-device-info-android # https://github.com/kaltura/kaltura-device-info-android

45
keydive/keydive.js
View File

@ -317,7 +317,7 @@ const FileSystemRead = (address) => {
}); });
} }
const FileRead = (address) => { const FileRead = (address, name) => {
/* /*
wvcdm::File::Read wvcdm::File::Read
@ -326,20 +326,28 @@ const FileRead = (address) => {
args[1]: char * args[1]: char *
args[2]: uint args[2]: uint
*/ */
/*
_x1c36
Args:
args[0]: char *filename
args[1]: void *ptr
args[2]: size_t n
*/
Interceptor.attach(address, { Interceptor.attach(address, {
onEnter: function (args) { onEnter: function (args) {
// print(Level.DEBUG, '[+] onEnter: FileRead'); // print(Level.DEBUG, `[+] onEnter: FileRead: ${name}`);
const size = args[2].toInt32(); const size = args[2].toInt32();
const data = Memory.readByteArray(args[1], size); const data = Memory.readByteArray(args[1], size);
// Check if the size matches known keybox sizes (128 or 132 bytes) // Check if the size matches known keybox sizes (128 or 132 bytes)
if ([128, 132].includes(size) && data) { if ([128, 132].includes(size) && data) {
print(Level.DEBUG, '[*] FileRead'); print(Level.DEBUG, `[*] FileRead: ${name}`);
send('keybox', data); send('keybox', data);
} }
}, },
onLeave: function (retval) { onLeave: function (retval) {
// print(Level.DEBUG, '[-] onLeave: FileRead'); // print(Level.DEBUG, `[-] onLeave: FileRead: ${name}`);
} }
}); });
} }
@ -371,29 +379,6 @@ const RunningCRC = (address) => {
}); });
} }
const GetSystemId = (address) => {
/*
wvcdm::CryptoSession::GetSystemId
Args:
args[0]: wvcdm::CryptoSession *this
args[1]: uint *
*/
Interceptor.attach(address, {
onEnter: function (args) {
// print(Level.DEBUG, '[+] onEnter: GetSystemId');
// read registry memory (__readgsdword(0x14u))
const data = Memory.readByteArray(args[2], 128);
print(Level.DEBUG, '[*] GetSystemId');
send('keybox', data);
},
onLeave: function (retval) {
// print(Level.DEBUG, '[-] onLeave: GetSystemId');
}
});
}
// @Hooks // @Hooks
const hookLibrary = (name) => { const hookLibrary = (name) => {
@ -439,13 +424,11 @@ const hookLibrary = (name) => {
GetDeviceId(funcAddr, funcName); GetDeviceId(funcAddr, funcName);
} else if (['FileSystem', 'Read'].every(n => funcName.includes(n))) { } else if (['FileSystem', 'Read'].every(n => funcName.includes(n))) {
FileSystemRead(funcAddr); FileSystemRead(funcAddr);
} else if (['File', 'Read'].every(n => funcName.includes(n))) { } else if (['File', 'Read'].every(n => funcName.includes(n)) || funcName.includes('x1c36')) {
FileRead(funcAddr); FileRead(funcAddr, funcName);
} else if (funcName.includes('runningcrc')) { } else if (funcName.includes('runningcrc')) {
// https://github.com/Avalonswanderer/widevinel3_Android_PoC/blob/main/PoCs/recover_l3keybox.py#L50 // https://github.com/Avalonswanderer/widevinel3_Android_PoC/blob/main/PoCs/recover_l3keybox.py#L50
RunningCRC(funcAddr); RunningCRC(funcAddr);
} else if (['CryptoSession', 'GetSystemId'].every(n => funcName.includes(n))) {
GetSystemId(funcAddr); // Deprecated
} else { } else {
return; return;
} }