I took a deep look at it just some 4 months ago. Unless something radical has happened after that, the camera part of the GPU was not opened. With Raspberry, it's very difficult to know what's actually available and what's not, since they have, since the beginning, marketed using the "bait-and-switch" tactic and playing with the impressions instead of being open about what you actually get. I wasn't able to find any simple 1-byte/1-bit crack either, but wasn't looking for that exactly because we can't base our product design on criminal activity (no matter how much we think the law sucks.) So I was looking for legal options, and didn't find anything.
I think IIRC there was some option to get out totally raw bitstream with raw bayer data in an inefficient manner, but I didn't look at it too far. Too much hassle, too much risk.
I would take the legal side seriously at the company level if you are producing more than just a few one-offs, if it has the risk of catching the attention.
I wouldn't be surprised the slightest if they decided to make it a legal case with a Western player.
Reverse-engineering for interoperability is/was allowed as per international copyright agreements, that's exactly why DRM technologies were developed, and because DRM can always be circumvented, catch-all laws making that criminal were needed and lobbied. So at least here, changing that one bit or byte is clearly and explicitly illegal; even for personal use. For business, it's a recipe for disaster.
I'm not a lawyer, and I would crack the Raspberry camera DRM happily if I really needed to, for personal projects, for one-offs, and maybe for small, low-volume products with low visibility and selected customers, but I wouldn't give an advice to do that on a public forum!
Maybe I have missed something, but that was the case anyway why we didn't produce our own Raspberry Pi connected sensor module like we originally planned to do.