89 lines
2.9 KiB
Python
89 lines
2.9 KiB
Python
import os
|
|
import logging
|
|
import base64
|
|
import frida
|
|
from Crypto.PublicKey import RSA
|
|
from Helpers.wv_proto2_pb2 import SignedLicenseRequest
|
|
|
|
|
|
class Device:
|
|
def __init__(self):
|
|
self.logger = logging.getLogger(__name__)
|
|
self.saved_keys = {}
|
|
self.frida_script = open(
|
|
'./Helpers/script.js',
|
|
'r',
|
|
encoding="utf_8"
|
|
).read()
|
|
self.widevine_libraries = [
|
|
'libwvhidl.so'
|
|
]
|
|
self.usb_device = frida.get_usb_device()
|
|
self.name = self.usb_device.name
|
|
|
|
def export_key(self, key, client_id):
|
|
save_dir = os.path.join(
|
|
'key_dumps',
|
|
f'{self.name}',
|
|
'private_keys',
|
|
f'{client_id.Token._DeviceCertificate.SystemId}',
|
|
f'{str(key.n)[:10]}'
|
|
)
|
|
|
|
if not os.path.exists(save_dir):
|
|
os.makedirs(save_dir)
|
|
|
|
with open(os.path.join(save_dir, 'client_id.bin'), 'wb+') as writer:
|
|
writer.write(client_id.SerializeToString())
|
|
|
|
with open(os.path.join(save_dir, 'private_key.pem'), 'wb+') as writer:
|
|
writer.write(key.exportKey('PEM'))
|
|
self.logger.info('Key pairs saved at %s', save_dir)
|
|
|
|
def on_message(self, msg, data):
|
|
if 'payload' in msg:
|
|
if msg['payload'] == 'private_key':
|
|
key = RSA.import_key(data)
|
|
if key.n not in self.saved_keys:
|
|
self.logger.debug(
|
|
'Retrieved key: \n\n%s\n',
|
|
key.export_key().decode("utf-8")
|
|
)
|
|
self.saved_keys[key.n] = key
|
|
elif msg['payload'] == 'device_info':
|
|
self.license_request_message(data)
|
|
elif msg['payload'] == 'message_info':
|
|
self.logger.info(data.decode())
|
|
|
|
def license_request_message(self, data):
|
|
self.logger.debug(
|
|
'Retrieved build info: \n\n%s\n',
|
|
base64.b64encode(data).decode('utf-8')
|
|
)
|
|
root = SignedLicenseRequest()
|
|
root.ParseFromString(data)
|
|
public_key = root.Msg.ClientId.Token._DeviceCertificate.PublicKey
|
|
key = RSA.importKey(public_key)
|
|
cur = self.saved_keys.get(key.n)
|
|
self.export_key(cur, root.Msg.ClientId)
|
|
|
|
def find_widevine_process(self, process_name):
|
|
process = self.usb_device.attach(process_name)
|
|
script = process.create_script(self.frida_script)
|
|
script.load()
|
|
loaded_modules = []
|
|
try:
|
|
for lib in self.widevine_libraries:
|
|
loaded_modules.append(script.exports.getmodulebyname(lib))
|
|
finally:
|
|
process.detach()
|
|
return loaded_modules
|
|
|
|
def hook_to_process(self, process, library):
|
|
session = self.usb_device.attach(process)
|
|
script = session.create_script(self.frida_script)
|
|
script.on('message', self.on_message)
|
|
script.load()
|
|
script.exports.hooklibfunctions(library)
|
|
return session
|