diff --git a/README.md b/README.md index 9eca25f..4e235d7 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,134 @@ -# L1 +# Widevine L1 – Extracting Keybox from eMMC Dump (MSTAR Devices) + +This guide explains how to identify and extract a **Widevine L1 keybox** from an **eMMC dump**, commonly found on **MSTAR-based TVs and set-top boxes**. + +--- + +## πŸ“¦ What You Need + +- An **eMMC dump** (usually the largest file) +- **Windows / Linux / macOS** +- Hex editor or CLI tools: + - `strings` + - `grep` + - `xxd` +- **Provisioning script** (can be used with VT) +- Basic understanding of **DRM / Widevine flows** + +--- + +## 2️⃣ Identifying the Correct eMMC Dump + +### βœ” File Size + +- Usually **4–8 GB** +- Sometimes **15 GB+** (TV models) + +➑️ **Always pick the largest dump file** + +--- + +### βœ” Detecting MSTAR Devices + +Open the dump and check the beginning. + +If it starts with: MBOOT + +➑️ The device is using an **MSTAR SoC** +(common for TVs and set-top boxes) + +--- + +## 3️⃣ Locating the Widevine Keybox + +### ❌ What Is NOT the Keybox + +Ignore files or blocks like: + +- `bgroupcert.dat` +- `zgpriv.dat` +- Dumps containing **many** `MSTAR_SECURE` blocks + +➑️ Most of these are **garbage / unrelated** + +--- + +### βœ… How to Spot the Real Widevine Keybox + +Search inside the dump for: MSTAR_SECURE + +#### πŸ”‘ Key Insight: **LENGTH MATTERS** + +A real Widevine keybox usually contains: + +- **~6 lines of HEX data immediately after `MSTAR_SECURE`** + +##### Examples + + +3–4 lines ❌ Not a keybox +Very large data ❌ Not a keybox +~6 lines βœ… Likely the real keybox + +This is how experienced people recognize it instantly. + +--- + +## 4️⃣ build.prop β€” Why It’s Needed + +`build.prop` is used to generate: + +device_client_id_blob +Search in the dump for: ro.build.fingerprint= + +### πŸ“‹ Required Properties Mapping +device_client_id field +build.prop property +company_name +ro.product.manufacturer +model_name +ro.product.model +architecture_name +ro.product.cpu.abi +device_name +ro.product.device +product_name +ro.product.name +build_info +ro.build.fingerprint + +--- + +### ⚠️ If build.prop Is Missing + +- **L1 will still work** +- Metadata will be **generic** +- **Lifetime remains unchanged** (β‰ˆ 5 hours) + +--- + +## πŸ” MSTAR AES KEY +0007FF4154534D92FC55AA0FFF0110E0 + +--- + +## πŸ’¬ Support & Discussion + +Questions, suggestions, fixes, or issues: + +πŸ‘‰ **DRMLab Discord Server** +https://discord.gg/bexEz5KypW + +--- + +## πŸ›  Tools & Scripts + +πŸ”— https://git.drmlab.io + +--- + +## ⚠️ Disclaimer + +This information is provided for **educational and research purposes only**. +You are responsible for how you use it. -Widevine L1 \ No newline at end of file