update CHANGELOG.md

CHANGELOG.md

@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.2.1] - 2025-03-01
+
+### Added
+
+- Added private key function.
+
+### Fixed
+
+- Error extracting functions (symbols) for old libraries.
+
 ## [2.2.0] - 2025-01-19
 
 ### Added
@@ -436,6 +446,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 - Initial release of the project, laying the foundation for future enhancements and features.
 
+[2.2.1]: https://github.com/hyugogirubato/KeyDive/releases/tag/v2.2.1
 [2.2.0]: https://github.com/hyugogirubato/KeyDive/releases/tag/v2.2.0
 [2.1.5]: https://github.com/hyugogirubato/KeyDive/releases/tag/v2.1.5
 [2.1.4]: https://github.com/hyugogirubato/KeyDive/releases/tag/v2.1.4

keydive/__init__.py

@@ -4,4 +4,4 @@ from .cdm import Cdm
 from .vendor import Vendor
 from .keybox import Keybox
 
-__version__ = "2.2.0"
+__version__ = "2.2.1"

keydive/constants.py

@@ -86,7 +86,7 @@ OEM_CRYPTO_API = {
     "rnmsglvj", "polorucp", "kqzqahjq", "pldrclfq", "kgaitijd", "cwkfcplc", "crhqcdet", "ulns", "dnvffnze", "ygjiljer",
     "qbjxtubz", "qkfrcjtw", "rbhjspoh", "zgtjmxko", "igrqajte", "ofskesua", "qllcoacg", "pukctkiv", "ehdqmfmd",
     "xftzvkwx", "gndskkuk", "wcggmnnx", "kaatohcz", "ktmgdchz", "jkcwonus", "ehmduqyt", "vewtuecx", "mxrbzntq",
-    "isyowgmp", "flzfkhbc", "rtgejgqb"
+    "isyowgmp", "flzfkhbc", "rtgejgqb", "sxxprljw", "ebxjbtxl", "pcmtpkrj"
     # Add more as needed for different versions.
 }
 

keydive/core.py

@@ -215,7 +215,9 @@ class Core:
             elif not minimum and vendor.oem > 17 and not self.functions:
                 self.logger.warning("For OEM API > 17, specifying '--functions' is required. Refer to https://github.com/hyugogirubato/KeyDive/blob/main/docs/FUNCTIONS.md")
 
-            return script.exports_sync.hooklibrary(library["name"])
+            # Enable dynamic analysis (symbols) only when necessary
+            dynamic = minimum and vendor.oem > 17 and not self.functions
+            return script.exports_sync.hooklibrary(library["name"], dynamic)
 
         # Unload the script if the target library is not found.
         script.unload()

keydive/keydive.js

@@ -1,5 +1,5 @@
 /**
- * Date: 2025-01-18
+ * Date: 2025-03-01
  * Description: DRM key extraction for research and educational purposes.
  * Source: https://github.com/hyugogirubato/KeyDive
  */
@@ -69,30 +69,29 @@ const getVersion = () => Frida.version;
 
 
 // @Utils
-const getLibraries = (name) => {
+const getLibraries = () => {
     // https://github.com/hyugogirubato/KeyDive/issues/14#issuecomment-2146788792
     try {
-        const libraries = Process.enumerateModules();
-        return name ? libraries.filter(l => l.name.includes(name)) : libraries;
+        return Process.enumerateModules();
     } catch (e) {
         print(Level.CRITICAL, e.message);
         return [];
     }
-};
+}
 
 const getLibrary = (name) => {
-    const libraries = getLibraries(name);
+    const libraries = getLibraries().filter(l => l.name === name);
     return libraries.length === 1 ? libraries[0] : undefined;
 }
 
-const getFunctions = (library) => {
+const getFunctions = (library, dynamic) => {
     try {
         // https://frida.re/news/2025/01/09/frida-16-6-0-released/
-        const functions = library.enumerateSymbols().map(item => ({
+        const functions = dynamic ? library.enumerateSymbols().map(item => ({
             type: item.type,
             name: item.name,
             address: item.address
-        }));
+        })) : [];
 
         library.enumerateExports().forEach(item => {
             if (!functions.includes(item)) {
@@ -112,7 +111,7 @@ const disableLibrary = (name) => {
     const library = getLibrary(name);
     if (library) {
         // https://github.com/hyugogirubato/KeyDive/issues/23#issuecomment-2230374415
-        const functions = getFunctions(library);
+        const functions = getFunctions(library, false);
         const disabled = [];
 
         functions.forEach(func => {
@@ -396,7 +395,7 @@ const RunningCRC = (address) => {
 
 
 // @Hooks
-const hookLibrary = (name) => {
+const hookLibrary = (name, dynamic) => {
     // https://github.com/poxyran/misc/blob/master/frida-enumerate-imports.py
     let library = getLibrary(name);
     if (!library) return false;
@@ -410,7 +409,8 @@ const hookLibrary = (name) => {
             address: library.base.add(s.address)
         }));
     } else {
-        functions = getFunctions(library);
+        // https://github.com/hyugogirubato/KeyDive/issues/50
+        functions = getFunctions(library, dynamic);
     }
 
     functions = functions.filter(f => !NATIVE_C_API.includes(f.name));

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "poetry.core.masonry.api"
 
 [tool.poetry]
 name = "keydive"
-version = "2.2.0"
+version = "2.2.1"
 description = "Extract Widevine L3 keys from Android devices effortlessly, spanning multiple Android versions for DRM research and education."
 license = "MIT"
 authors = ["hyugogirubato <65763543+hyugogirubato@users.noreply.github.com>"]