mirror of https://github.com/Diazole/dumper.git
Hook all a-z functions
This commit is contained in:
Diazole
parent
6f2a34ad01
commit
e410803617
|
|
@ -22,10 +22,12 @@ class Device:
|
||||||
self.name = self.usb_device.name
|
self.name = self.usb_device.name
|
||||||
|
|
||||||
def export_key(self, key, client_id):
|
def export_key(self, key, client_id):
|
||||||
system_id = client_id.Token._DeviceCertificate.SystemId
|
|
||||||
save_dir = os.path.join(
|
save_dir = os.path.join(
|
||||||
'key_dumps',
|
'key_dumps',
|
||||||
f'{self.name}/private_keys/{system_id}/{str(key.n)[:10]}'
|
f'{self.name}',
|
||||||
|
'private_keys',
|
||||||
|
f'{client_id.Token._DeviceCertificate.SystemId}',
|
||||||
|
f'{str(key.n)[:10]}'
|
||||||
)
|
)
|
||||||
|
|
||||||
if not os.path.exists(save_dir):
|
if not os.path.exists(save_dir):
|
||||||
|
|
@ -39,25 +41,28 @@ class Device:
|
||||||
self.logger.info('Key pairs saved at %s', save_dir)
|
self.logger.info('Key pairs saved at %s', save_dir)
|
||||||
|
|
||||||
def on_message(self, msg, data):
|
def on_message(self, msg, data):
|
||||||
if msg['payload'] == 'private_key':
|
if 'payload' in msg:
|
||||||
key = RSA.import_key(data)
|
if msg['payload'] == 'private_key':
|
||||||
if key.n not in self.saved_keys:
|
key = RSA.import_key(data)
|
||||||
encoded_key = base64.b64encode(data).decode('utf-8')
|
if key.n not in self.saved_keys:
|
||||||
self.logger.debug('Retrieved key: %s', encoded_key)
|
self.logger.debug(
|
||||||
self.saved_keys[key.n] = key
|
'Retrieved key: \n\n%s\n',
|
||||||
elif msg['payload'] == 'device_info':
|
key.export_key().decode("utf-8")
|
||||||
self.license_request_message(data)
|
)
|
||||||
elif msg['payload'] == 'message_info':
|
self.saved_keys[key.n] = key
|
||||||
self.logger.info(data.decode())
|
elif msg['payload'] == 'device_info':
|
||||||
|
self.license_request_message(data)
|
||||||
|
elif msg['payload'] == 'message_info':
|
||||||
|
self.logger.info(data.decode())
|
||||||
|
|
||||||
def license_request_message(self, data):
|
def license_request_message(self, data):
|
||||||
|
self.logger.debug(
|
||||||
|
'Retrieved build info: \n\n%s\n',
|
||||||
|
base64.b64encode(data).decode('utf-8')
|
||||||
|
)
|
||||||
root = SignedLicenseRequest()
|
root = SignedLicenseRequest()
|
||||||
root.ParseFromString(data)
|
root.ParseFromString(data)
|
||||||
public_key = root.Msg.ClientId.Token._DeviceCertificate.PublicKey
|
public_key = root.Msg.ClientId.Token._DeviceCertificate.PublicKey
|
||||||
self.logger.debug(
|
|
||||||
'Retrieved key: %s',
|
|
||||||
base64.b64encode(public_key).decode('utf-8')
|
|
||||||
)
|
|
||||||
key = RSA.importKey(public_key)
|
key = RSA.importKey(public_key)
|
||||||
cur = self.saved_keys.get(key.n)
|
cur = self.saved_keys.get(key.n)
|
||||||
self.export_key(cur, root.Msg.ClientId)
|
self.export_key(cur, root.Msg.ClientId)
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,4 @@
|
||||||
const DYNAMIC_FUNCTION_NAME = 'CHANGE_ME'
|
const CDM_VERSION = ''
|
||||||
const CDM_VERSION = 'CHANGE_ME'
|
|
||||||
|
|
||||||
// The TextEncoder/Decoder API isn't supported so it has to be polyfilled.
|
// The TextEncoder/Decoder API isn't supported so it has to be polyfilled.
|
||||||
// Taken from https://gist.github.com/Yaffle/5458286#file-textencodertextdecoder-js
|
// Taken from https://gist.github.com/Yaffle/5458286#file-textencodertextdecoder-js
|
||||||
|
|
@ -48,10 +47,14 @@ function getPrivateKey(address) {
|
||||||
const bytes = new Uint8Array(buf);
|
const bytes = new Uint8Array(buf);
|
||||||
// The first two bytes of the DER encoding are 0x30 and 0x82 (MII).
|
// The first two bytes of the DER encoding are 0x30 and 0x82 (MII).
|
||||||
if (bytes[0] === 0x30 && bytes[1] === 0x82) {
|
if (bytes[0] === 0x30 && bytes[1] === 0x82) {
|
||||||
const binaryString = a2bs(bytes)
|
try {
|
||||||
const keyLength = getKeyLength(binaryString);
|
const binaryString = a2bs(bytes)
|
||||||
const key = bytes.slice(0, keyLength);
|
const keyLength = getKeyLength(binaryString);
|
||||||
send('private_key', key);
|
const key = bytes.slice(0, keyLength);
|
||||||
|
send('private_key', key);
|
||||||
|
} catch (error) {
|
||||||
|
console.log(error)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -73,6 +76,7 @@ function prepareKeyRequest(address) {
|
||||||
Interceptor.attach(ptr(address), {
|
Interceptor.attach(ptr(address), {
|
||||||
onEnter: function (args) {
|
onEnter: function (args) {
|
||||||
switch (CDM_VERSION) {
|
switch (CDM_VERSION) {
|
||||||
|
case '14.0.0':
|
||||||
case '15.0.0':
|
case '15.0.0':
|
||||||
case '16.0.0':
|
case '16.0.0':
|
||||||
this.ret = args[4];
|
this.ret = args[4];
|
||||||
|
|
@ -103,19 +107,17 @@ function hookLibFunctions(lib) {
|
||||||
send('message_info', new TextEncoder().encode(message))
|
send('message_info', new TextEncoder().encode(message))
|
||||||
|
|
||||||
Module.enumerateExportsSync(name).forEach(function (module) {
|
Module.enumerateExportsSync(name).forEach(function (module) {
|
||||||
const privacy_mode = 'UsePrivacyMode'
|
|
||||||
const prepare_key_request = 'PrepareKeyRequest'
|
|
||||||
try {
|
try {
|
||||||
let hookedModule;
|
let hookedModule;
|
||||||
if (module.name.includes(DYNAMIC_FUNCTION_NAME)) {
|
if (module.name.includes('UsePrivacyMode')) {
|
||||||
getPrivateKey(module.address);
|
|
||||||
hookedModule = DYNAMIC_FUNCTION_NAME
|
|
||||||
} else if (module.name.includes(privacy_mode)) {
|
|
||||||
disablePrivacyMode(module.address);
|
disablePrivacyMode(module.address);
|
||||||
hookedModule = privacy_mode
|
hookedModule = module.name
|
||||||
} else if (module.name.includes(prepare_key_request)) {
|
} else if (module.name.includes('PrepareKeyRequest')) {
|
||||||
prepareKeyRequest(module.address);
|
prepareKeyRequest(module.address);
|
||||||
hookedModule = prepare_key_request
|
hookedModule = module.name
|
||||||
|
} else if (module.name.match(/^[a-z]+$/)) {
|
||||||
|
getPrivateKey(module.address);
|
||||||
|
hookedModule = module.name
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hookedModule) {
|
if (hookedModule) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue