Off Topic [GUIDE] Extract your own L3 Widevine keys with Android Studio

[rvlnnb]

Hello folks,

In these trying times, CDRM is being blocked by Onlyfans and CDRM2 / KEYDB is down.

This thread will revisite the famous Dumping Your own L3 CDM with Android Studio, but updated for 2025.

This will be written from the perspective of a Linux user, but you can translate it easily for Windows.

Prerequisites

This assumes you have a PC with a x86_64 processor (AMD or Intel), either with Linux or Windows. It is possible to do it under ARM64 but I don't have such machine available.

Step 1: softwares needed

• Install adb-studio from https://developer.android.com/studio

It is available for Windows and Linux and will allow us to create a virtual android.

On Linux, you can use Flatpak:

flatpak install com.google.AndroidStudio

or Snap

sudo snap install android-tools

It is in the AUR for Arch users:

sudo pacman -S android-studio

• Install Android platform-tools

On linux, it's eitheir:

sudo dnf install android-tools

sudo apt install android-tools-adb

sudo pacman -S android-sdk-platform-tools

On Windows, grab it from https://developer.android.com/tools/releases/platform-tools and extract the zip to an easily accessible directory.

• Install python3

If you're on Linux, it is most likely already installed, if not I assume you know how to install it. On Windows, you can get it from https://www.python.org/downloads/windows/ or from a package manager like Chocolatey.

• Install frida

In a command line, type:

pip install frida frida-tools

Please note the version number of frida (currently it is 16.6.6).
On Windows, after installing Python, I think you can go to the Start menu, then Python, and launch a command line there to type that command.

• Download the frida-server corrresponding to your Frida version at https://github.com/frida/frida/releases
  • Click either "Show all assets" or "Assets" under the release corresponding to the version of Frida you have (usually the last one if you just installed Frida)
  • Search for frida-server-XX.X.X-android-x86_64.xz and download it. Please make sur to use the Android, x86_64 version.
  • Extract the file with your favorite archive extractor. On Windows, you can use 7zip.
  • Rename the extracted file to frida-server
• Download the utility to dump the keys

On linux, if you have git, you can git clone https://github.com/wvdumper/dumper in a directory easiy accessible.
On Windows or Linux, you can also just download the archive from https://github.com/wvdumper/dumper/archive/refs/heads/main.zip. In that case, just extract the zip afterward.

• Install Protobuf 3.20.0

In a command line, type:

pip install --force-reinstall -v "protobuf==3.20.0"

We use this specific version to use the dump keys utility.
On Windows, after installing Python, I think you can go to the Start menu, then Python, and launch a command line there to type that command.

Step 2: creating a virtual Android device

• Launch Android Studio
  
  On Linux, go to the extracted android-studio/bin/ and launch ./studio.sh
  
  If you have installed any other way, there is probably a shorcut somewhere to start it.
• We will then create the virtual device. First follow the first startup wizard:
  
  
  You must be registered for see images
  
  
  You must be registered for see images
  
  
  You must be registered for see images
  
  
  You must be registered for see images
  
  
• After everything is downloaded, just create a new project and select No activity:
  
  
  You must be registered for see images
  
  
• Select API28 ("Pie"; Android 9.0):
  
  
  You must be registered for see images
  
  
• After the project is created, click on the Device Manager icon on the right toolbar:
  
  
  You must be registered for see images
  
  
• Then click on the "+" button and Create Virtual Device:
  
  
  You must be registered for see images
  
  
• Select an Android device like Pixel 9 Pro XL for example:
  
  
  You must be registered for see images
  
  
• On the next window popping up, go to the second tab called x86 Images, then scroll down until you find Android Pie, API28, x86_64, Android Pie (Google APIs), and click the down arrow to download it:
  
  
  You must be registered for see images
  
  
  In any case, do not select any images more recent than Android Pie/API28 or we won't be able to root it.
  Select x86_64 if you have an AMD or Intel processor. If you are on ARM64, go to the 3rd tab to download the same image for ARM64.
  Do not download images where it says Google Play in the Target column.
• Wait for the image to download:
  
  
  You must be registered for see images
  
  
• After the download is finished, scroll down again to select Android Pie, API28, x86_64, Android Pie (Google APIs) that you've just downloaded and click Next:
  
  
  You must be registered for see images
  
  
• Click Finish on the following window:
  
  
  You must be registered for see images
  
  
• Then click the Start arrow to load the virtual Android device we've just created:
  
  
  You must be registered for see images
  
  
• Wait a bit, you should have soon a Android device ready like this:
  
  
  You must be registered for see images

Step 3: copy frida-server and start it

On Linux, type the following command in a terminal, in the directory where you have extracted frida-server:

adb root
adb push frida-server /data/local/tmp/
adb shell
chmod 755 /data/local/tmp/frida-server
/data/local/tmp/frida-server &

On Windows, open a command line (cmd) then go to the directory where you extracted adb.exe from the platform-tools, and do the same:

adb.exe root
adb.exe push /path/to/extracted/frida-server /data/local/tmp/
adb.exe shell
chmod 755 /data/local/tmp/frida-server
/data/local/tmp/frida-server &

Note, on both Windows and Linux, you can change directory with cd path/to/the/directory and go to the parent directory with cd ..

In any case, do not close that terminal window.

Step 4: start dump_keys.py

On Linux, open a new terminal, go to the directory where you extracted or cloned dumper, and launch

python dump_keys.py

On Windows, after installing Python, I think you can go to the Start menu, then Python, and launch a command line there. Then use the command cd path/to/the/dumper/directory to go to the correct directory, than launch

python dump_keys.py

The program is starting, when it is ready, you should see something like

2025-02-09 06:09:31 AM - root - 25 - INFO - Hooks completed

Step 5: load a webpage with DRM on the virtual device

Launch Chrome on the virtual phone (do not sign in). Then go to the following URL: https://bitmovin.com/demos/drm

Click Allow when prompted to play protected content:

You must be registered for see images

Then click Load and play the video:

You must be registered for see images

You must be registered for see images

Step 6: copy the keys

In the background, dump_keys should have been doing its work:

You must be registered for see images

In the directory where you have cloned or extracted dumper, you should have the following directories: key_dumps/Android Emulator XXXX/private_keys/XXXX/

In this directory, you can have one or more folder with a number, and inside them you will find two files:
- client_id.bin
- private_key.pem

(do not share them)

Copy or backup them to a safe place.

You can now stop the virtual device, quit Android studio, stop dump_keys.py (Ctrl+C) and close adb too.

Step 7: Profit!

Assuming you want to use the keys with ofscraper, open the ofscraper config file called config.json, then go to the cdm_options object:

    "cdm_options": {
        "private-key": "dumper/key_dumps/Android Emulator 5554/private_keys/4464/2516374905/private_key.pem",
        "client-id": "dumper/key_dumps/Android Emulator 5554/private_keys/4464/2516374905/client_id.bin",
        "key-mode-default": "manual",
        "keydb_api": ""
    },

key-mode-default should be manual, private-key should be the absolute path to private_key.pem and client-id should be the path to client_id.bin.

Once all of this is done, your ofscraper will be able to decode video decoded by L3 Widevine DRMs.

 

[cheekydelinq]

Is there an update for API 36, should I have tried to find an older version of android studio?