add new js key

This commit is contained in:
hyugogirubato
2025-06-14 16:10:27 +02:00
parent 8ed3eccf01
commit 30677c0ab5
+35 -15
View File
@@ -12,12 +12,13 @@ This document explains the internal workings of KeyDive, including key concepts
| `private_key` | RSA private key used for DRM content decryption and authentication. |
| `keybox` | Device-specific key storage blob containing keys for DRM operations. |
| `certificate` | Device OEM certificate chain for verifying keys and trust. |
| `encryption_context` | Session-specific message context used to derive AES/CMAC keys for provisioning and media. |
## Script Execution Flow
The core extraction logic is implemented in a Frida hook script injected into Widevine CDM processes. The following sequence diagram illustrates the general flow, including options for player choice and output formats:
````
````text
+----------------+ +------------------+ +---------------------+ +------------------+
| Start Script | | Select Player | | Provisioning Method | | Extraction Steps |
+----------------+ +------------------+ +---------------------+ +------------------+
@@ -26,15 +27,15 @@ The core extraction logic is implemented in a Frida hook script injected into Wi
| | | |
|--(option: -a web)----->| Launch Bitmovin player | |
| | | |
| | |---Check provisioning_method-->|
| | |---Check provisioning_method-->|
| | | |
| | |<--Send challenge data---------|
| | |<--Send challenge data---------|
| | | |
| | |---Extract client_id---------->|
| | |---Extract private_key-------->|
| | |---Extract keybox (optional)-->|
| | |---Extract client_id---------->|
| | |---Extract private_key-------->|
| | |---Extract keybox (optional)-->|
| | | |
| | |---Export data to output dir-->|
| | |---Export data to output dir-->|
| | | |
| | | |
V V V V
@@ -60,26 +61,45 @@ These values are automatically detected at runtime to determine the correct extr
The `challenge` is a critical blob of data sent during provisioning or license acquisition. KeyDive can:
- Intercept it during DRM playback.
- Accept an external file via the `--challenge` argument.
* Intercept it during DRM playback.
* Accept an external file via the `--challenge` argument.
This challenge contains the encrypted request for keys or certificates and is essential for key extraction workflows.
### Encryption Context
The `encryption_context` is a byte sequence intercepted from CDM session messages, typically unique per provisioning
session.
It is used to derive:
* `enc` key: for AES-CBC decryption of RSA private keys or media keys
* `auth_1` and `auth_2` keys: for HMAC or CMAC authentication of messages
This context plays a central role in:
* Reconstructing derived AES keys during Keybox or OTA provisioning
* Verifying responses and signing requests
* Securely decrypting the RSA private key in post-provisioning stages
The context is usually extracted from specific intercepted Widevine function arguments and stored alongside other
credentials.
### Client ID & Private Key
Both the `client_id` and `private_key` are extracted from the intercepted CDM functions. They are:
- Required for device emulation or license response reconstruction.
- Automatically exported to formats like `client_id.bin`, `private_key.pem`, and `.wvd`.
* Required for device emulation or license response reconstruction.
* Automatically exported to formats like `client_id.bin`, `private_key.pem`, and `.wvd`.
## Advanced Options & Debugging
The advanced command-line options allow:
- Overriding automatic provisioning detection.
- Injecting Ghidra-extracted symbol maps via `--symbols`.
- Forcing use of unencrypted challenges (`--unencrypt`) for debugging or fallback workflows.
- Extracting optional blobs like the Widevine keybox or certificates.
* Overriding automatic provisioning detection.
* Injecting Ghidra-extracted symbol maps via `--symbols`.
* Forcing use of unencrypted challenges (`--unencrypt`) for debugging or fallback workflows.
* Extracting optional blobs like the Widevine keybox or certificates.
These are primarily useful for development, debugging, or supporting less common device models.