Skip to content

Releases: hyugogirubato/KeyDive

v3.0.5

09 Jul 20:58
@hyugogirubato hyugogirubato
v3.0.5
ea4d7aa
Compare
Choose a tag to compare
v3.0.5 Latest
Latest

Added

  • New private function reference.
Assets 4
Loading

v3.0.4

05 Jul 16:19
@hyugogirubato hyugogirubato
v3.0.4
2fcf4e4
Compare
Choose a tag to compare
v3.0.4

Added

  • New private function reference.

Fixed

  • Detecting system Id for devices that do not have the oem_crypto_build_information field.
Loading

v3.0.3

21 Jun 14:36
@hyugogirubato hyugogirubato
v3.0.3
112d31d
Compare
Choose a tag to compare
v3.0.3

Added

  • Added an alert when the hook for SDK 33 and above failed and symbols are not used.

Changed

  • Revised dynamic analysis rules to support manufacturer delays in library updates.

Fixed

  • Stop the script when the frida server is not compatible with the major version.
Loading

v3.0.2

14 Jun 17:04
@hyugogirubato hyugogirubato
v3.0.2
e08c98d
Compare
Choose a tag to compare
v3.0.2

Added

  • Research on extracting private key from OEM device certificate.

Changed

  • The Cdm package is now split into modules to improve the project structure.

Fixed

  • Fixed AES decryption during provisioning.
  • Fixed vector reading size via frida.
  • Fixed system id keybox resolver (related to security level).
Loading

v3.0.1

09 Jun 17:39
@hyugogirubato hyugogirubato
v3.0.1
9caaf8a
Compare
Choose a tag to compare
v3.0.1

Fixed

  • Downgrade cryptography version to support python 3.9.0 and later.
Loading

v3.0.0

09 Jun 16:17
@hyugogirubato hyugogirubato
v3.0.0
82d6a90
Compare
Choose a tag to compare
v3.0.0

Added

  • Support for OTA provisioning.
  • Dumping of OEM Device Certificate to allow manual L3 provisioning without a keybox.
  • Dynamic keybox generation.
  • Detection of keybox token during provisioning (including L1 support when device_aes_key is provided).
  • New challenge interception function (TODO: may reduce dump failures?).
  • Option --no-stop to keep capture running after requirement is met.
  • Debug display of DRM player PID.
  • Debug detection and display of default browser PID (supports Google Chrome, Samsung Internet, Mozilla Firefox).
  • Display of client capabilities in debug mode.
  • Full JSON-formatted output for client information.
  • New private function hooks.
  • Support and backward compatibility for Frida API 17+.

Changed

  • All C API functions are now filtered.
  • Standardized JS hook functions.
  • The keybox is now handled as an object rather than a separate process.
  • DRM information parsing (keybox, device ID, challenge, token, etc.) is now centralized in a single class.
  • Constants are now split per module instead of being centralized in a single file.
  • Widevine license protobuf updated to 2020 version (partially compatible with CDM 19+).
  • cryptography is now used instead of pycryptodomex.
  • CDM is now resolved with improved accuracy (security level, system ID).
  • Keybox level is now validated against the SDK.
  • Standardized Frida JS script file reading functions.
  • Clearer output for -a player or -a web options.
  • Deprecated script message is now shown only once, at the first hook.
  • Data export now occurs after every relevant event (optimization).
  • CDM search is performed in descending version order.
  • Index for extracting client_id argument has been adjusted.
  • File names in generated tree are now normalized using unidecode.

Fixed

  • Process name resolution for Widevine DRM process.
  • Missing hook on file read function.
  • Vendor model updated to support library checking via regex and fix rendering.
  • Updated function allowlist for Ghidra-based function analysis.
  • ADB process listing fix (handles multiple entries with same name but different PIDs).
  • dumpsys check for application package verification.
  • DRM player app is no longer relaunched if already running (even in background).
  • Frida server version is retrieved and displayed only once.
  • Keybox is fully parsed only when decrypted data is available.
  • CRC32 check added for keybox validation.
  • Improved display when encrypted keybox is received (no more invalid output).
  • Regex fix in process analysis.
  • Proper handling of getprop output to conform with expected format.
  • Removed dependency on pywidevine and unnecessary associated libraries.
  • Option to force plaintext challenge added (disabled by default; encrypted interception now works).
  • Better resolution of CDM level and security parameters.

New Contributors

Loading

v2.2.1

01 Mar 14:38
@hyugogirubato hyugogirubato
v2.2.1
d68dedc
Compare
Choose a tag to compare
v2.2.1

Added

  • Added private key function.

Fixed

  • Error extracting functions (symbols) for old libraries.
Loading

v2.2.0

19 Jan 18:25
@hyugogirubato hyugogirubato
v2.2.0
fb8ae9d
Compare
Choose a tag to compare
v2.2.0

Added

  • Added support for dynamic interception without the need for Ghidra (available only for Frida server versions greater than 16.6.0).
  • Support for Android 16 developer version Backlava (SDK 36).

Changed

  • Added additional comments to help understand the script.
  • Optimized file path management in parameters.
  • Refactored the code globally.
  • Added glossary documentation for DRM/Widevine.
  • Restructured the documentation.

Fixed

  • Fixed inconsistency in logging messages for certain functions.
  • Fixed server-generated curl command issues.
Loading

v2.1.5

12 Jan 09:23
@hyugogirubato hyugogirubato
v2.1.5
f0cff80
Compare
Choose a tag to compare
v2.1.5

Added

  • Added private key function.

Changed

  • Searching for the library via pattern rather than by name.
Loading

v2.1.4

19 Nov 17:15
@hyugogirubato hyugogirubato
v2.1.4
9f6ae60
Compare
Choose a tag to compare
v2.1.4

Changed

  • Library disabler error messages are now displayed in DEBUG mode for improved verbosity.

Fixed

  • Fixed errors in ADB shell messages.
  • Resolved issues with executing shell commands via subprocess.
Loading