Skip to content

How to dump CDM key pair from AVD

Jump to bottom
FoxRefire edited this page May 21, 2024 · 8 revisions

Requirement

  • PC with Android Studio + Android SDK + Python 3 installed

Guide

  1. Create Android 13.0(Google APIs) AVD

    Do not select Google play

Screenshot_20240521_050024

Screenshot_20240521_050043

Screenshot_20240521_061941

Screenshot_20240521_064649

  1. Download latest frida server

    Frida

    There are many links, but select "frida-server-xx.x.x-android-x86_64.xz".

    Screenshot_20240521_123105

  2. Extract frida-server's archive

    Screenshot_20240521_123748

  3. Rename the file "frida-server-xx.x.x-android-x86_64" to "frida-server".

    Screenshot_20240521_124308

  4. Download or clone Keydive onto your PC.

    Keydive

  5. Run following commands on your terminal

    adb root
adb push frida-server /data/local/tmp
adb shell "chmod +x /data/local/tmp/frida-server"
adb shell "/data/local/tmp/frida-server -D &"
python keydive.py

    Screenshot_20240521_130858

  6. Play any Widevine-protected video on AVD

    *) It does not matter even if Chrome is black outed at this time. CDM will be dumped when either URL is typed in the URL bar.

  7. At device/xxxxxx/private_keys/xxxxxx/xxxxxxx directory, you will find dumped CDM key pair.

    Screenshot_20240521_132047

Clone this wiki locally