Danacus
/
cdm-tools-how-to
mirror of https://CDM-Project.com/cdm-tools/how-to.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

V 0.03 

Some more.
This commit is contained in:
TPD94 2022-08-29 21:00:21 -04:00
parent 8abb1d2d87
commit c0fd7344a0
1 changed files with 66 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
README.md
View File

@ -8,10 +8,12 @@ I used all the mentioned tools on windows 10 x64, please install all of the
[Golang](https://go.dev/dl/:// "Golang")
[Python 3.10.2](https://www.python.org/downloads/release/python-3102/ "Python 3.10.2")
[Python 3.10.2](https://www.python.org/downloads/release/python-3102/ "Python 3.10.2") *Make sure to check "add to path" option when installing.*
[YT-DLP](https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp.exe "YT-DLP")
[ADB Minimal Install](https://www.droidmirror.com/download/minimal-adb-fastboot-v1-4-3-zip "ADB Minimal Install")
A (preferably non samsung) Android 7-9 (possibly Android 10) device that is able to be rooted and bonus points for bootloader unlocked
#### What I used
@ -22,6 +24,67 @@ I'ts pre-rooted, and I know I could dump the keys from it from previous users su
You can find the installation instructions for magisk [here](https://topjohnwu.github.io/Magisk/install.html "here") and the frida module [here](https://github.com/ViRb3/magisk-frida "here").
# Step 1: Extracting CDM
# Step 1: Preparing CDM
Connect to your android device via ADB, on the T95 this is enable by default over wifi. Other devices may vary.
**To enable ADB / USB Debugging follow these steps**
1. Open your device's Settings and tap About phone or About tablet.
2. Tap Build number repeatedly until you see a notification that reads "You are now a developer."
3. Go back to the main System menu, then tap Developer options.
4. Tap the toggle switch in the top-right corner to enable developer options (if it's not already enabled).
5. Tap OK to confirm.
6. Tap the USB debugging toggle switch.
7. Tap OK to confirm.
8. The next time you plug your device into a computer, you'll receive a prompt asking if you want to authorize USB debugging for that computer. Tap OK to confirm.
You may now connect to your device
`adb connect <box-ip-address>`
or if using USB just use
`adb devices`
On your device you should receive a notificatoin to accept the adb connection, checkmark trust this device and then click allow.
**IF YOU HAVE MAGISK-FRIDA MODULE INSTALLED YOU MAY SKIP TO THE NEXT STEP**
Let's go ahead and push frida-server to the Android device, for the T95 S1 I used [Frida-Server 15.1.17](https://github.com/frida/frida/releases/download/15.1.17/frida-server-15.1.17-android-arm.xz "Frida-Server 15.1.17") for android. Unnzip the xz file and extract Frida-Server file.
Change directory to where you extracted the file and enter the command`adb push frida-server-15.1.17-android-arm /sdcard/`
Once it has been pushed open up a shell with `adb shell`
Move the server so it can be run ` mv /sdcard/fridaserver-15.1.17-android-arm /data/local/tmp/`
You may get an error about chwon permission, this is negligible
Login as super user and clear any user environment variables active by including a hyphen after su `su -`
Give execute privileges to frida-server `chmod +x /data/local/tmp/fridaserver-15.1.17-android-arm`
Start the server ` /data/local/tmp/fridaserver-15.1.17-android-arm`
**When you start the server command prompt will hang, this is normal and means the program is running, do not close out and continue to step 2**
# Step 2: Extracting the CDM
*If you would like to check if frida-server is running connect via adb to your device in new command prompt like in step one, then use `adb shell` and then `su` and then ` ps | grep frida` this should show you the process running, if it does not something went wrong*
Download and extract [Dumper](https://cdm-project.com/cdm-tools/l3-dumper/-/archive/main/l3-dumper-main.zip "Dumper")
Open a new command prompt as administrator and change directories to the newly extracted folder and run `pip3 install -r requirements.txt` and once that's finished, start the program with ` python dump_keys.py`
Now play some widevine encrpyed content. I suggest using [https://bitmovin.com/demos/drm](https://bitmovin.com/demos/drm "https://bitmovin.com/demos/drm") playing over google chrome.
*Side note: on the T95 S1 I had to stop and start dumper a few times and rebooted the device a few times, sometimes it does take some effort for it to dump the keys*
Once you have played the content your keys should be dumped in the dumper folder under `/key-dumps/your-device-keys/xxxx/xxxxxxxx/` and should be named `client_id.bin` and `private_key.pem`
Make a copy of these for safekeeping wherever you like but DO NOT LOSE THEM
Make sure to have file extensions visible on windows, this can be turned on by searching "show file extensions" in the windows search bar.
Now we will rename these files, `clent_id.bin` to `device_client_id_blob.` and rename `private_key.pem` to `device_private_key.` **The periods on the end is intentional as windows likes to keep file extentions, please make sure to have this exact or it will cause errors with downey! Only rename with windows, using a program such as text editor and saving under all files will still corrupt the data!**
# Step 3: Obtaining decryption keys
Connect to your android device via ADB, on the T95 this is enable by default over wifi. Other devices may vary.