Currently I am on stock OOS with a locked bootloader and I heard that when you unlock the bootloader the DRM gets downgraded to L3.
Is this correct and does it go back to L1 if you relock the bootloader?
Also, is there a hack of some sort that allows the device to continue using L1 DRM with an unlocked bootloader?
L1 not working
I unlocked bootloader and then relocked it again but it is still showing L3 what should i do
Hey check this -> https://forums.oneplus.com/threads/closed-widevine-drm-on-op6.815683/page-2#post-18476836
You can try to flash magisk to pass the saftynet and hide netflix/amazon prime video to try HD content
edit:
My OnePlus 6 with unlocked bootloader and I have DRM lvl 3
Pundy said:
Hey check this -> https://forums.oneplus.com/threads/closed-widevine-drm-on-op6.815683/page-2#post-18476836
You can try to flash magisk to pass the saftynet and hide netflix/amazon prime video to try HD content
edit:
My OnePlus 6 with unlocked bootloader and I have DRM lvl 3
Click to expand...
Click to collapse
Ok so it is reversible
But there is no way to get L1 with an unlocked bootloader?
ThePiGuy said:
Ok so it is reversible
But there is no way to get L1 with an unlocked bootloader?
Click to expand...
Click to collapse
What I've seen by now, no it's not possible.
Pundy said:
What I've seen by now, no it's not possible.
Click to expand...
Click to collapse
Ah ok that's unfortunate
I'll probably stay with official OOS for the moment anyway, but thanks for the info
So, has anyone tried OOS 5.1.6 and the fastboot locked bootloader bug to backup and restore the DRM keys while locked or to use Magisk root while on 5.1.6 locked bootloader and see if L1 keys are retained?
driverdis said:
So, has anyone tried OOS 5.1.6 and the fastboot locked bootloader bug to backup and restore the DRM keys while locked or to use Magisk root while on 5.1.6 locked bootloader and see if L1 keys are retained?
Click to expand...
Click to collapse
There's another thread in this forum that poses that exact question. No one to date has succeeded and I'm not sure it's even possible using the 5.6 boot exploit because Widevine calls home every time it proxies protected content.
I suggested chipping in on a bounty that would go to whomever can find a way to get L1 on a OP6 with its' bootloader unlocked using a method that would be successful with ROMs based on OOS, LOS and AOSP. I figured a little financial incentive could provide some motivation, but nobody else seemed willing to contribute. ?
TuxRuffian said:
There's another thread in this forum that poses that exact question. No one to date has succeeded and I'm not sure it's even possible using the 5.6 boot exploit because Widevine calls home every time it proxies protected content.
I suggested chipping in on a bounty that would go to whomever can find a way to get L1 on a OP6 with its' bootloader unlocked using a method that would be successful with ROMs based on OOS, LOS and AOSP. I figured a little financial incentive could provide some motivation, but nobody else seemed willing to contribute.
Click to expand...
Click to collapse
Since I need L1 on an unlocked bootloader, I ended up getting a Moto Z3 Play despite it being slower since Widevine L1 stays regardless of bootloader state or Magisk being installed.
There is some sort of weird magic where unlocking the bootloader instantly breaks Widevine but locking it again fixes it.
How does that even work? How is it possible that NOBODY has figured out how to fix Widevine with an unlocked bootloader? You can emulate anything in software, right? Surely the information must be retained on the device somewhere if relocking the bootloader brings it back?
Is there still no solution to this? (please provide a more detailed answer than "it's not possible")
There is no way to hide a unlocked bootloader and because of that, it's not possible to have widevine l1 with an unlocked bootloader.
matze19999 said:
There is no way to hide a unlocked bootloader and because of that, it's not possible to have widevine l1 with an unlocked bootloader.
Click to expand...
Click to collapse
What do you mean there's no way to hide it? I don't think OnePlus uses like hardware secure environment stuff, especially because the 7 Pro doesn't have hardware backed SafetyNet...
@LoganDark Only OnePlus can fix it, at first 8 series didn't had Widevine L1 while having unlocked bootloader, OnePlus patched it in 10.5.11 (8) & 10.5.13 (8Pro) specifically, so ya the answer is Only OnePlus fix/patch it & they should do it for 7 Series as well IMO!
aaryan45 said:
@LoganDark Only OnePlus can fix it, at first 8 series didn't had Widevine L1 while having unlocked bootloader, OnePlus patched it in 10.5.11 (8) & 10.5.13 (8Pro) specifically, so ya the answer is Only OnePlus fix/patch it & they should do it for 7 Series as well IMO!
Click to expand...
Click to collapse
I mean, OnePlus can do it but that doesn't necessarily mean that nobody else can, right? I'm curious to know where these claims came from, that it's completely impossible to fake a locked bootloader...
My best guess is that the unlocked state of the bootloader prevents it from sharing the widevine keys with Android (something like that), but it should be possible to extract those keys if they are stored in such a way that relocking the bootloader restores L1 functionality. That is, of course, only possible if they aren't locked away with TrustZone or similar.
I hope the 7 series continues to receive updates and attention because it's the only good phone on the market right now with no notch or screen cutout. Nothing else compares... But since OnePlus is already starting to leave it out of OxygenOS beta tests, I feel EOL is not too far away. :/
I doubt they will add any new features or fix any functionality like Widevine support... They will just backport code they write for newer devices, until the update window is over.
LoganDark said:
I mean, OnePlus can do it but that doesn't necessarily mean that nobody else can, right? I'm curious to know where these claims came from, that it's completely impossible to fake a locked bootloader...
My best guess is that the unlocked state of the bootloader prevents it from sharing the widevine keys with Android (something like that), but it should be possible to extract those keys if they are stored in such a way that relocking the bootloader restores L1 functionality. That is, of course, only possible if they aren't locked away with TrustZone or similar.
I hope the 7 series continues to receive updates and attention because it's the only good phone on the market right now with no notch or screen cutout. Nothing else compares... But since OnePlus is already starting to leave it out of OxygenOS beta tests, I feel EOL is not too far away. :/
I doubt they will add any new features or fix any functionality like Widevine support... They will just backport code they write for newer devices, until the update window is over.
Click to expand...
Click to collapse
I did some research on widevine L1 on unlocked bootloader and if I'm not wrong,
liboemcrypto.so is the file which needs to be patched!
aaryan45 said:
I did some research on widevine L1 on unlocked bootloader and if I'm not wrong,
liboemcrypto.so is the file which needs to be patched!
Click to expand...
Click to collapse
Yeah, that might be the case, but the hard part is figuring out what patch to apply.
Possible sure, but this isn't really something you can just spoof or emulate through software.
This is very complicated things, both of a software and hardware level. Really the only people who discovers exploits of this are responsible security researchers who disclose this to Qualcomm and Google. Which I don't blame them for, they get a pretty juicy bounty.
I guess you can hope OnePlus messes up like they did for OP8/Pro and accidentally(?) enable L1 for unlocked bootloaders, but I am pretty sure they just implemented TEE differently to actually do that.
If you're curious, here;
https://googleprojectzero.blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html?m=1
https://research.checkpoint.com/2019/the-road-to-qualcomm-trustzone-apps-fuzzing/
Lossyx said:
Possible sure, but this isn't really something you can just spoof or emulate through software.
This is very complicated things, both of a software and hardware level. Really the only people who discovers exploits of this are responsible security researchers who disclose this to Qualcomm and Google. Which I don't blame them for, they get a pretty juicy bounty.
I guess you can hope OnePlus messes up like they did for OP8/Pro and accidentally(?) enable L1 for unlocked bootloaders, but I am pretty sure they just implemented TEE differently to actually do that.
If you're curious, here;
https://googleprojectzero.blogspot.com/2017/07/trust-issues-exploiting-trustzone-tees.html?m=1
https://research.checkpoint.com/2019/the-road-to-qualcomm-trustzone-apps-fuzzing/
Click to expand...
Click to collapse
So it is implemented with complicated hardware stuff?
Okay, well, the only way to get L1 back is to lock the bootloader again. I know that now. All L1 stuff is handled in hardware. I'm working on a solution for custom ROMs and rooted OOS though, stay tuned
LoganDark said:
Okay, well, the only way to get L1 back is to lock the bootloader again. I know that now. All L1 stuff is handled in hardware. I'm working on a solution for custom ROMs and rooted OOS though, stay tuned
Click to expand...
Click to collapse
That sounds interesting. Can I help you with that?
sToRm1nG said:
That sounds interesting. Any way I could help you with that?
Click to expand...
Click to collapse
Yes, you can definitely help - the main blocker for me is that this is my daily driver so I haven't done anything in months, but if you're willing to be my "guinea pig" for a while, that would be a huge help.
LoganDark said:
Yes, you can definitely help - the main blocker for me is that this is my daily driver so I haven't done anything in months, but if you're willing to be my "guinea pig" for a while, that would be a huge help.
Click to expand...
Click to collapse
I'll be switching from my OP7Pro to my new OP8Pro shortly. So I'll be able to test what ever you need.
Do you think this research will also be applicable to the OP8Pro?
sToRm1nG said:
I'll be switching from my OP7Pro to my new OP8Pro shortly. So I'll be able to test what ever you need.
Click to expand...
Click to collapse
Niiiice~ Contact me on Discord: LoganDark#4357
sToRm1nG said:
Do you think this research will also be applicable to the OP8Pro?
Click to expand...
Click to collapse
Honestly I'm not sure. I haven't even confirmed if L1 will come back on the OP7Pro. It's just a rumor, after all, and I think OnePlus spent literally all of their benevolence on the 7.
Edit: It looks like OP might have made it so that the OP8 still has L1 even with an unlocked bootloader. Major oof
LoganDark said:
Niiiice~ Contact me on Discord: LoganDark#4357
Honestly I'm not sure. I haven't even confirmed if L1 will come back on the OP7Pro. It's just a rumor, after all, and I think OnePlus spent literally all of their benevolence on the 7.
Edit: It looks like OP might have made it so that the OP8 still has L1 even with an unlocked bootloader. Major oof
Click to expand...
Click to collapse
Yeah there is still a chance to get L1 with an unlocked bootloader on the OP8Pro though I'm not part of the lucky ones.
I'll contact you ASAP.
This is big for me, I was just watching Prime and saw 1080p HD on the overlay.
I checked DRM info to find I am on L1.
I am rooted obviously with an unlocked bootloader.
7T 256gB
OP7T_O2_BETA_3.
Amazing.
Tagtag123 said:
This is big for me, I was just watching Prime and saw 1080p HD on the overlay.
I checked DRM info to find I am on L1.
I am rooted obviously with an unlocked bootloader.
7T 256gB
OP7T_O2_BETA_3.
Amazing.
Click to expand...
Click to collapse
Did you unlock boot loader freshly after you updated to beta 3 or u were unlocked before that?
antonyben006 said:
Did you unlock boot loader freshly after you updated to beta 3 or u were unlocked before that?
Click to expand...
Click to collapse
Was unlocked from day 1 of using the device. Installed OB3 and noticed prime play 1080p. Checked DRM Info to see I have got L1, checked Netflix(it still showed L3, so I cleared cache and then it showed L1).
I've seen people managed to have l1 certification with unlocked bootloader with the oos 11 ob 3 or newer than that even with custom rom. It seemed so simple that I've tried it myself
but then when I was in oos 11 with bootloader unlocked, the widevine was still l3.
I even went as far as installing fresh oos 10 with msm tool, unlock the bootloader and then immediately install twrp, flash oos 11 ob4/stable 11.0.0.0/stable 11.0.0.2 + dfe + magisk, turned on magisk hide but unfortunately it was still in l3, and whenever I locked the bootloader it always successfully went back to l1..
Can someone please tell me the step by step instruction to gain l1 on unlocked bootloader ?
I got the oneplus 7 pro 1910 chinese version 128/6
Griffiths_Anna said:
I've seen people managed to have l1 certification with unlocked bootloader with the oos 11 ob 3 or newer than that even with custom rom. It seemed so simple that I've tried it myself
but then when I was in oos 11 with bootloader unlocked, the widevine was still l3.
I even went as far as installing fresh oos 10 with msm tool, unlock the bootloader and then immediately install twrp, flash oos 11 ob4/stable 11.0.0.0/stable 11.0.0.2 + dfe + magisk, turned on magisk hide but unfortunately it was still in l3, and whenever I locked the bootloader it always successfully went back to l1..
Can someone please tell me the step by step instruction to gain l1 on unlocked bootloader ?
I got the oneplus 7 pro 1910 chinese version 128/6
Click to expand...
Click to collapse
Got L1 on OOS 11 rooted
Hello,
I received a P11 Pro 2021 with global rom and open boot loader, I was able to change to CN rom, update and close bootloader but I am not able to reach L1 in widevine.
Now I am in last rom with android 12, with bootloader locked and still widevine L3, is there any method to download or flash again the keys to reach L1?
It is a pity to have this hardware and have to watch streaming platforms in SD.
Is it posible to contact Xiaoxin to receive widevine keys again? some brands like Xiaomi have this option in the system.
Thanks for your support,
Mee too facing same problem. Mine used to have L1 but after an update downgraded to L3
As I can see, nobody has been able to upgrade from L3 to L1. I had hope on last update but with no luck.
Torettini said:
As I can see, nobody has been able to upgrade from L3 to L1. I had hope on last update but with no luck.
Click to expand...
Click to collapse
I read somewhere, that if you relock bootloader with anything else flashed on your device other than original manufacturer FW, you are pretty much risking hard brick ... so consider yourself lucky, that the only consequence of relocking bootloader is degraded Widevine security level...
If you feel that you must have L1 on your device, you can try to flash your device back to original manufacturer FW and then relock your bootloader again, theoretically you should have L1 security level back (I may be wrong, because I have not tested this personally)...
I have tried to lock and unlock in almost every possibility and I have almost bricked several times.
But, isn't suppossed to work out of the box with widevine L1 and stream in HD?
Not sure if you did factory reset after either reflash, but if you didn't, it's worth the try, of course at your own risk ...
And if you didn't already - read this thread, may be an inspiration for something untested on your side...
If you received original tablet (not secondhand, or tampered by the seller), I'm 99% sure that if you flash FW, which put manufacturer on it when it was produced, you will get L1 security level back.
If you have secondhand device or from AliExpress, or from China and seller flashed Google Play Store for you, etc., AFAIK then unless you'll find out what FW exactly was flashed on your tablet in the factory, you may not get L1 back...
But, I'm not expert at all, and I do hope somebody else will provide better solution for you...
Torettini said:
I have tried to lock and unlock in almost every possibility and I have almost bricked several times.
But, isn't suppossed to work out of the box with widevine L1 and stream in HD?
Click to expand...
Click to collapse
If you have root and magisk, you can try to install safetynet pass, shamiko and then try to spoof your device with some module from cyberelon on GitHub. I didn't try it yet on P11 Plus, but I am using instantnoodle module on my M10 FHD Plus and Netflix is running with L1.