mirror of
https://github.com/Satsuoni/widevine-l3-guesser
synced 2025-02-25 00:15:23 +01:00
Tried another approach, seems to work reliably enough
This commit is contained in:
parent
4aad5b94a0
commit
faf90be4aa
@ -1 +1 @@
|
||||
emcc wasm_src/allocate.cpp wasm_src/misc.cpp wasm_src/integer.cpp wasm_src/algebra.cpp wasm_src/codelift.cpp -Os -s TOTAL_MEMORY=18743296 -Wno-implicitly-unsigned-literal -I "./wasm_src" -s WASM=1 -s LLD_REPORT_UNDEFINED -s "MODULARIZE=1" -s "EXPORT_NAME='WasmDsp'" -s "BINARYEN_METHOD='native-wasm'" -s "EXPORTED_FUNCTIONS=['_guessInput','_freeStr','_getOutput','_getDeoaep']" -s "EXPORTED_RUNTIME_METHODS=['stringToUTF8','UTF8ToString','stackSave','writeArrayToMemory','stackAlloc','stackRestore']" -o wasm/wasm_gsr.js
|
||||
emcc wasm_src/allocate.cpp wasm_src/misc.cpp wasm_src/integer.cpp wasm_src/algebra.cpp wasm_src/codelift.cpp -Os -s TOTAL_MEMORY=18743296 -Wno-implicitly-unsigned-literal -I "./wasm_src" -s WASM=1 -s LLD_REPORT_UNDEFINED -s "MODULARIZE=1" -s "EXPORT_NAME='WasmDsp'" -s "BINARYEN_METHOD='native-wasm'" -s "EXPORTED_FUNCTIONS=['_freeStr','_tryUsingDecoder']" -s "EXPORTED_RUNTIME_METHODS=['stringToUTF8','UTF8ToString','stackSave','writeArrayToMemory','stackAlloc','stackRestore']" -o wasm/wasm_gsr.js
|
||||
|
@ -96,9 +96,8 @@ WidevineCrypto.swrap=function (ident, returnType, argTypes, opts) {
|
||||
return this.scall(ident, returnType, argTypes, arguments, opts);
|
||||
};
|
||||
}
|
||||
WidevineCrypto.guessInput = WidevineCrypto.swrap('guessInput', 'string', ['string']);
|
||||
WidevineCrypto.getOutput = WidevineCrypto.swrap('getOutput', 'string', ['string']);
|
||||
WidevineCrypto.getDeoaep = WidevineCrypto.swrap('getDeoaep', 'string', ['string']);
|
||||
WidevineCrypto.tryUsingDecoder = WidevineCrypto.swrap('tryUsingDecoder', 'string', ['string']);
|
||||
|
||||
|
||||
WidevineCrypto.chromeRSAPublicKey =
|
||||
`-----BEGIN PUBLIC KEY-----
|
||||
@ -123,77 +122,20 @@ WidevineCrypto.initializeKeys = async function()
|
||||
|
||||
this.keysInitialized = true;
|
||||
}
|
||||
WidevineCrypto.guessKey=async function(encKey)
|
||||
WidevineCrypto.tryDecodingKey=async function(encKey)
|
||||
{
|
||||
let buf=new Uint8Array(1026);
|
||||
for(let i = 0; i < 1026; i++)
|
||||
{buf[i]=0;}
|
||||
|
||||
let hex=bytesToHex(encKey);
|
||||
let res="";
|
||||
let res=this.tryUsingDecoder(hex);
|
||||
console.log(hex);
|
||||
let o=2;
|
||||
while(o<1026)
|
||||
{
|
||||
let bt = Math.floor((o-2)/4);
|
||||
let offs = (o-2)%4;
|
||||
let desired=(encKey[encKey.length-bt-1]>>(offs*2))&3;
|
||||
let destail=hex.substr(hex.length-bt*2,bt*2);
|
||||
let val="";
|
||||
let j=0;
|
||||
for( j= buf[o]; j < 8; j++)
|
||||
{
|
||||
buf[o]=j;
|
||||
let st=bytesToHex(buf);
|
||||
val=await this.guessInput(st);
|
||||
|
||||
let sub=parseInt(val.substr(val.length-bt*2-2,2),16);
|
||||
let got=(sub>>(offs*2))&3;
|
||||
let gtail=val.substr(hex.length-bt*2,bt*2);
|
||||
if (got===desired && gtail===destail)
|
||||
{
|
||||
if(o%16==2)
|
||||
console.log(val);
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (j == 8)
|
||||
{
|
||||
buf[o] = 0;
|
||||
o--;
|
||||
if (o < 2)
|
||||
{
|
||||
console.log("Could not match input");
|
||||
throw "Could not find proper input encoding";
|
||||
}
|
||||
buf[o]++;
|
||||
while (buf[o] == 8)
|
||||
{
|
||||
buf[o] = 0;
|
||||
o--;
|
||||
if (o < 2)
|
||||
{
|
||||
console.log("Could not match input");
|
||||
throw "Could not find proper input encoding";
|
||||
}
|
||||
buf[o]++;
|
||||
}
|
||||
|
||||
}
|
||||
else
|
||||
o++;
|
||||
|
||||
};
|
||||
|
||||
console.log("Output");
|
||||
let st=bytesToHex(buf);
|
||||
let outp=await this.getDeoaep(st);
|
||||
console.log(outp);
|
||||
if(outp.length<10)
|
||||
console.log(res);
|
||||
if(res.length<10)
|
||||
{
|
||||
throw "Could not remove padding, probably invalid key"
|
||||
throw "Could not remove padding, probably invalid key or decoding failure"
|
||||
}
|
||||
console.log(st);
|
||||
return new Uint8Array(hexToBytes(outp));
|
||||
return new Uint8Array(hexToBytes(res));
|
||||
}
|
||||
|
||||
WidevineCrypto.decryptContentKey = async function(licenseRequest, licenseResponse)
|
||||
@ -219,7 +161,7 @@ WidevineCrypto.decryptContentKey = async function(licenseRequest, licenseRespons
|
||||
console.log("Can't verify license request signature; either the platform is wrong or the key has changed!");
|
||||
return null;
|
||||
}
|
||||
var sessionKey=await this.guessKey(licenseResponse.session_key);
|
||||
var sessionKey=await this.tryDecodingKey(licenseResponse.session_key);
|
||||
// decrypt the session key
|
||||
// = await crypto.subtle.decrypt({name: "RSA-OAEP"}, this.privateKeyDecrypt, licenseResponse.session_key);
|
||||
|
||||
|
File diff suppressed because one or more lines are too long
Binary file not shown.
@ -1375,7 +1375,7 @@ void Crazery_18016c170(char* param_1, char* randomized, byte* param_3, byte* par
|
||||
*(short*)(local_7020 + 11216) = 1026;
|
||||
*(short*)(local_7020 + 3580) = 1026;
|
||||
*(short*)(local_7020 + 1488) = 1026;
|
||||
|
||||
*(short*)(local_7020 + 19940) = 1026;
|
||||
memset(local_7020 + 15058, 4, 1026);
|
||||
memset(local_7020 + 7530, 4, 1026);
|
||||
memset(local_7020 + 11218, 3, 1026);
|
||||
@ -1388,13 +1388,28 @@ void Crazery_18016c170(char* param_1, char* randomized, byte* param_3, byte* par
|
||||
hex2bin("040500070405060105060400000500050601010001060506050406020100020104000006040502060705030502040505050506050506040004030403060600030200050002040407060402000607070500000203070206000704030102060405060502050407010604000607040204010400010204000600060504040505050503000404000300030204040303030003000706050105040704050401000506050502050500000707020606030000050604070105030407030404010406030103000101010006010506060205050602050006000007020704010205060407010704040500040003020206000001000406020401070703040400030305000200050406000702060107040001040400040006060207060102070205060100000704000503060004000007000700030502030102030500060506040600050000030500070000020202010303040007010305060502010607000404060007000605050004010207060006050405000603060206000200040207000701000404020606070507060004030206040700020502070406020003050202070407050501050005010400000103050200030206030401020201020304030600070001020403060101010506000704060605050006040406010005070503040604040107030000070602000004040200060201050605010106050504030304060001000106060200050605060307000303050400040705030706000701020300040606050600050206060100010404060504050403060100030507060005060505070305030606060504070300040602070501020602050407060006000500000305070401050302070703020206020304060507050403020703050600050105050204040200000506010507050504030102010306020004030404050404070504050200030604070200060207040003070004020603070100040302060600060207010200060105040203040107050100030504050602000500030306010402070507030504020503030604050204000401060205000100050103000204000207000202050602040204050107070405060101040300020205030400060206050106050501070500060103000006030500020505000404070003040505050606060400010507040100010703050405070600010404020604070406040601010603070500000203010204020305000103000602030605030203050504000002000001060407010403060303040605020205070007060701020000060600050302030302070705030501050200050200060600010004040000010304030606070003070403070605070307020700000104040405040202070605000202060705060004000007020306040406070602040406010403060406050101070200030105000606020605050605", (char*)(local_7020 + 1490));
|
||||
int ioffs = 0x3191 % 1026;
|
||||
int joffs = 0x3191 % 1026;
|
||||
byte* cinput = local_7020 + 11218;
|
||||
coffset += (1 * 16);
|
||||
cjump = 0x60f;
|
||||
byte* cinput = local_7020 + 19942;
|
||||
byte* dinput = local_7020 + 15058;
|
||||
byte bcarry=0;
|
||||
byte gcarry = 0;
|
||||
byte err[1026];
|
||||
err[0] = 0;
|
||||
err[1] = 0;
|
||||
for (int i = 0; i < 1024; i++)
|
||||
{
|
||||
err[i+2] = __metaSafetable[i];
|
||||
}
|
||||
for (int i = 0; i < 1026; i++)
|
||||
{
|
||||
dinput[ioffs] = __metaSafetable[i];
|
||||
if(i>2)
|
||||
cinput[(ioffs + 2*0x81df) % 1026] = __metaSafetable[i];
|
||||
uint uVar1 = (uint)(byte)(DAT_1809cde30)[trythis[i ] << 0xb | (err[i ] << 8) | bcarry | err[i ]];
|
||||
bcarry = uVar1 & 0xf8;
|
||||
dinput[ioffs] = uVar1 & 7;
|
||||
int vl = 0;
|
||||
uint uVar2 = (uint)(byte)(DAT_1809cde30)[trythat[i] << 0xb | (vl << 8) | gcarry | vl];
|
||||
gcarry = uVar2 & 0xf8;
|
||||
cinput[ioffs] =uVar2 & 7;
|
||||
ioffs = (ioffs + 0x81df) % 1026;
|
||||
}
|
||||
while (true)
|
||||
@ -10330,4 +10345,30 @@ const char* getDeoaep(const char* input)
|
||||
byte out[0x200];
|
||||
Longstringproc(out);
|
||||
return deoaep(out,256);
|
||||
}
|
||||
|
||||
const char* tryUsingDecoder(const char* input)
|
||||
{
|
||||
std::string k(input);
|
||||
for (int i = 0; i < 1024; i++)
|
||||
{
|
||||
if(i/2>=k.length())
|
||||
__metaSafetable[i] = 0;
|
||||
else
|
||||
{
|
||||
int pos = char2int(k[k.length() - (i / 2) - 1]);
|
||||
if (i % 2)
|
||||
{
|
||||
pos >>= 2;
|
||||
}
|
||||
else
|
||||
{
|
||||
pos &= 3;
|
||||
}
|
||||
__metaSafetable[i] = pos;
|
||||
}
|
||||
}
|
||||
byte out[0x200];
|
||||
Longstringproc(out);
|
||||
return deoaep(out,256);
|
||||
}
|
@ -1,8 +1,6 @@
|
||||
#include <stdint.h>
|
||||
#include <emscripten/emscripten.h>
|
||||
extern "C" {
|
||||
EMSCRIPTEN_KEEPALIVE const char* guessInput(const char* input);
|
||||
EMSCRIPTEN_KEEPALIVE const char* getOutput(const char* input);
|
||||
EMSCRIPTEN_KEEPALIVE const char* getDeoaep(const char* input);
|
||||
EMSCRIPTEN_KEEPALIVE const char* tryUsingDecoder(const char* input);
|
||||
EMSCRIPTEN_KEEPALIVE void freeStr(void* str);
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user