Posted by Amir Mazzarella on June 15, 2019
It seems the Widevine VMP vulnerability that I addressed in Part 2 of my Widevine series no longer works. Quite unfortunate. What happens now is that the license request generation promise fails after changing the modulus in memory. Widevine took the FAXS route and started verifying the modulus a second time before license request generation, which doesn't help my exploit. What could be done is finding the function in the library that checks the modulus, and just NOP it. I'll be sure to make an update if I do figure out another VMP exploit. Until then, stay tuned. Thanks for reading!