Skip to content

How to dump CDM key pair from AVD

Jump to bottom
FoxRefire edited this page May 25, 2024 · 8 revisions

Requirement

  • PC with Android Studio + Android SDK + Python 3 installed

Guide

  1. Create Android 13.0(Google APIs) AVD

    Do not select Google play, Do not select AOSP

    Select Google APIs only!

    Screenshot_20240521_050024

    Screenshot_20240521_050043

    Screenshot_20240521_061941

    Screenshot_20240521_064649

    Screenshot_20240521_064739

    Screenshot_20240521_133537

  2. Download latest frida server

    Frida

    There are many links, but select "frida-server-xx.x.x-android-x86_64.xz".

    Screenshot_20240521_123105

  3. Extract frida-server's archive

    Screenshot_20240521_123748

  4. Rename the file "frida-server-xx.x.x-android-x86_64" to "frida-server".

    Screenshot_20240521_124308

  5. Download or clone Keydive onto your PC.

    Keydive

  6. Open AVD

    Screenshot_20240521_133824

  7. Run following commands on your terminal

    adb root
adb push frida-server /data/local/tmp
adb shell "chmod +x /data/local/tmp/frida-server"
adb shell "/data/local/tmp/frida-server -D &"
python keydive.py -aw

    Screenshot_20240521_130858

  8. At device/xxxxxx/private_keys/xxxxxx/xxxxxxx directory, you will find dumped CDM key pair.

    Screenshot_20240521_132047

Clone this wiki locally