Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provisioning device certificate based on keybox #17

Open
phhusson opened this issue Oct 23, 2022 · 3 comments
Open

Provisioning device certificate based on keybox #17

phhusson opened this issue Oct 23, 2022 · 3 comments
Labels
enhancement New feature or request

Comments

@phhusson
Copy link

Android devices are provisioned in factory using keyboxes, not with certificates. See for instance https://github.com/zybpp/Python/blob/master/Python/keybox/widevine/Lenovo%20TB-X705-TAB510PLUS-04020003.bin.secure

As far as I understand, a device can not make requests to service providers with that keybox (even though this seems to be a valid ClientIdentification looking at license_protocol.proto?). If I understand correctly, a device first needs to call a provisioning endpoint (at least that's what the MediaDrm Android API make it look like). Checking a strings libwvhidl.so |grep provision I'm guessing the URL is https://www.googleapis.com/certificateprovisioning/v1/devicecertificates/create?key=AIzaSyB-5OLKTx2iU5mko18DfdwK5611JIjbUhE (but that can confirmed that by interception provisioning calls). I see in other reversed pb there is a ProvisioningRequest message (though that other source doesn't give the content of ProvisioningRequest)

Would it be possible for pywidevine to implement provisioning of device certificates based on keyboxes?

@phhusson phhusson added the enhancement New feature or request label Oct 23, 2022
@rlaphoenix
Copy link
Member

It would be very possible to implement this. I would need a valid Keybox to test with. Thankfully I do have a test keybox somewhere with the Device ID "TestKey01" so I could try with that.

I do already have a vague idea of how it's done from sniffs I've made already when working on this project. There's also a bit of research out there on the matter as well, like the chromecast-widevine-tools project's README.

I'm not sure if it would be a good idea to implement this at all though, as Google might not like that. However, it's not like any of this information is particularly private, and if they wanted to block such requests they could change the API URL or the Key. They also control the provisioning (Key Forging) and can just block provisioning requests for a keybox.

I'll think about it and look into it. If I manage to find out the key forge flow, I might add it. I will also have to asses any risk to the project.

@phhusson
Copy link
Author

Perfectly understandable. Thanks for considering it.

@mykaba
Copy link

mykaba commented May 11, 2024

I also understand the sensitivity. I have the valid KB for my device. But I don't understand exactly how to proceed. Is it possible to get support via PM or discord?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants