Seems to issues with Transformers. Is there a new mkb?

C:\Program Files\aacskey>aacskeys.exe f
aacskeys v0.2.8


Could not find a Processing Key or Device Key resulting in the Media Key.

Aborting...

yea...I get the same issue with aacskeys and Transformers HD.
However, I think I got the Volume ID:

40000921200710300020202020200000


And DumpHD says the id for the disc is

9767A81F1194DD5AEFDE5E38595D011DF8C5F3CD

where can i find 0.2.2 and 0.2.4 aacskeys ,thanx

Issues with TRANSFORMERS hd with aacskeys

Issues with TRANSFORMERS hd with aacskeys

Yeah, just post your MKB v4 key and I think somebody will be able to fix it pretty quick for you.

Yeah, just post your MKB v4 key and I think somebody will be able to fix it pretty quick for you.

Are you an oracle?

Are you an oracle?

Me? No. I wish. I thought nmeli15 might be though since he's the one insinuating that the fault lies with aacskeys.

Anyway, I suppose I might as well try to actually contribute to the topic since I've broken my cone of silence. I've tweaked the last availble aacskeys source that I could find (0.2.6) to compile on my gentoo box for anyone with interest. The binary is compiled with gcc 4.1.2 and glibc 2.6.1 for those who would like to use it with dumphd. If there's more up to date source available, I would be very interested.

aacskeys-source-0.2.6 (http://www.sendspace.com/file/ujb3to)
aacskeys-bin-0.2.6 (http://www.sendspace.com/file/mzh0je)

aacskeys 0.2.9

Almost 2 months ago arnezami gave me his current aacskeys 0.2.9 source to test it with DumpHD and the permission to do with it what i want if he doesnt find the time to release it. Well, i think after 2 months now its time for a release ;).

I fixed some bugs, made it run under linux and now theres a library version that can be used with DumpHD. The download includes precompiled executables and libraries for windows and linux, full sourcecode is included. And before people start complaining its not working for them, there is no MKBv4 Processing Key or Host Certificate included, aacskeys still does not support MKBv4!

Download it here:
http://www.sendspace.com/file/n5nps8
http://rapidshare.com/files/70353380/aacskeys_0.2.9.zip.html

:rolleyes:

How do you use this program? I am trying to rip Cars Blu Ray to my hard drive and am having trouble.

How do you use this program? I am trying to rip Cars Blu Ray to my hard drive and am having trouble.

This is the 3th time I read about your problem please stick to your original post.

http://forum.doom9.org/showthread.php?p=1076164#post1076164 :)

ok, I have to admit I am getting VERY frustrated trying to get this program to work. I finally got DumpHD to find it in the directory, go all that sorted out, finally. Now when it calls aacskeys.so, it says that libcrypto.so.0.9.8 cannot be found.

Ok, so i made a symbolic link from libcrypto.so.0.9.8b to libcrypto.so.0.9.8, thinking it would pacify the issue. No such luck, now it complains about version information. WHAT THE HECK IS THE PROBLEM?! If someone could point me in the right direction, it would be greatly appreciated. I also tried to install openssl0.9.8, no dice there either.

I am not meaning to come off as an ass, but I am getting really frustrated.:(

I am also running Fedora Core 8 64 bit if that matters. I compiled my own aacskeys.so library, but don't even get me started on trying to compile he actual aacskeys program itself.:mad:

You are using a 64 bit Linux, maybe you have a problem with mixed 32 bit and 64 bit code. Ensure that all required programs are in the same bit depth, these are in particular Java, the OpenSSL library and the aacskeys library!

I finally got DumpHD to find it in the directory, go all that sorted out, finally.

Should be enough to execute DumpHD with the included script file, this sets the lookup path for the library.

I compiled my own aacskeys.so library, but don't even get me started on trying to compile he actual aacskeys program itself.:mad:

What's not working?

:rolleyes:

I can find the aacskeys library that I compiled in your wrapper, it is just the aacskeys program I am ahving problems with. I tried two things, using the precompiled, and compiling my own, thinking that might sort out the 64 bit problem. I have 64 bit Java, and 64 bit aacskeys library that i compiled, I believe it is the aacskeys program itself.

1) when i try to use the precompiled aacskeys:

./aacskeys: error while loading shared libraries: libcrypto.so.0.9.8: cannot open shared object file: No such file or directory

I have libcrypto.0.9.8b in /lib/libcrypto.so.9.8b and /lib64/libcrypto.so.9.8b, which is what I presume it is looking for.

Then I tried to create symbolic links named libcrypto.so.0.9.8 to solve the issue, but then I get:

./aacskeys: /lib/libcrypto.so.0.9.8: no version information available (required by ./aacskeys)

I also tried to install openssl .0.9.8 to see if that would install the correct libraries...but no such luck.

2) If I try to compile aacskeys from source, this is what I get:
g++ -O3 -Wall -o bin/linux/aacskeys src/ioctl.cpp src/mmc.cpp src/cmac.cpp src/cmac_aes.cpp src/aacs_aes.cpp src/aacs_ecdsa.cpp src/aacskeys.cpp -lcrypto
src/aacskeys.cpp: In function ‘void calculate_processing_key(unsigned char*, unsigned char*, long int, long int, long int, long int, long int, long int)’:
src/aacskeys.cpp:609: warning: ‘mask_check’ may be used uninitialized in this function
/tmp/ccbgdKq5.o: In function `calculate_title_key_file_hash(unsigned char*, unsigned long, unsigned char*)':
aacs_aes.cpp:(.text+0x22a): undefined reference to `EVP_ecdsa'
/tmp/ccI36gEa.o: In function `aacs_group()':
aacs_ecdsa.cpp:(.text+0x34d): undefined reference to `EC_GROUP_new_curve_GFp'
aacs_ecdsa.cpp:(.text+0x361): undefined reference to `EC_POINT_new'
aacs_ecdsa.cpp:(.text+0x3c9): undefined reference to `EC_GROUP_free'
aacs_ecdsa.cpp:(.text+0x3d1): undefined reference to `EC_POINT_free'
aacs_ecdsa.cpp:(.text+0x407): undefined reference to `EC_GROUP_free'
aacs_ecdsa.cpp:(.text+0x4f7): undefined reference to `EC_POINT_set_affine_coordinates_GF2m'
aacs_ecdsa.cpp:(.text+0x56f): undefined reference to `EC_GROUP_set_generator'
/tmp/ccI36gEa.o: In function `aacs_set_cert(ec_key_st*, unsigned char*)':
aacs_ecdsa.cpp:(.text+0x5b4): undefined reference to `EC_KEY_get0_group'
aacs_ecdsa.cpp:(.text+0x62b): undefined reference to `EC_POINT_new'
aacs_ecdsa.cpp:(.text+0x64c): undefined reference to `EC_POINT_set_affine_coordinates_GFp'
/tmp/ccI36gEa.o: In function `aacs_key()':
aacs_ecdsa.cpp:(.text+0x6a2): undefined reference to `EC_KEY_new'
aacs_ecdsa.cpp:(.text+0x6ba): undefined reference to `EC_KEY_set_group'
aacs_ecdsa.cpp:(.text+0x6cd): undefined reference to `EC_KEY_free'
/tmp/ccI36gEa.o: In function `aacs_sign(unsigned char*, char*, unsigned char*, unsigned char*, unsigned char*)':
aacs_ecdsa.cpp:(.text+0x725): undefined reference to `EC_KEY_new'
aacs_ecdsa.cpp:(.text+0x73d): undefined reference to `EC_KEY_set_group'
aacs_ecdsa.cpp:(.text+0x749): undefined reference to `EC_KEY_free'
aacs_ecdsa.cpp:(.text+0x7bc): undefined reference to `EC_KEY_set_private_key'
aacs_ecdsa.cpp:(.text+0x7d7): undefined reference to `EVP_ecdsa'
aacs_ecdsa.cpp:(.text+0x821): undefined reference to `ECDSA_do_sign'
aacs_ecdsa.cpp:(.text+0x843): undefined reference to `ECDSA_SIG_free'
/tmp/ccI36gEa.o: In function `aacs_calculate_bus_key(unsigned char*, unsigned char*, unsigned char*, unsigned char*)':
aacs_ecdsa.cpp:(.text+0x8b2): undefined reference to `EC_KEY_new'
aacs_ecdsa.cpp:(.text+0x8cf): undefined reference to `EC_KEY_set_group'
aacs_ecdsa.cpp:(.text+0x8db): undefined reference to `EC_KEY_free'
aacs_ecdsa.cpp:(.text+0x956): undefined reference to `EC_KEY_get0_group'
aacs_ecdsa.cpp:(.text+0x9b0): undefined reference to `EC_POINT_new'
aacs_ecdsa.cpp:(.text+0x9d5): undefined reference to `EC_POINT_set_affine_coordinates_GFp'
aacs_ecdsa.cpp:(.text+0x9ea): undefined reference to `EC_POINT_new'
aacs_ecdsa.cpp:(.text+0xa05): undefined reference to `EC_POINT_mul'
aacs_ecdsa.cpp:(.text+0xa27): undefined reference to `EC_POINT_point2bn'
/tmp/ccI36gEa.o: In function `aacs_verify(unsigned char*, unsigned char*, unsigned char*, unsigned char*)':
aacs_ecdsa.cpp:(.text+0xab8): undefined reference to `EC_KEY_new'
aacs_ecdsa.cpp:(.text+0xad0): undefined reference to `EC_KEY_set_group'
aacs_ecdsa.cpp:(.text+0xadc): undefined reference to `EC_KEY_free'
aacs_ecdsa.cpp:(.text+0xb41): undefined reference to `EVP_ecdsa'
aacs_ecdsa.cpp:(.text+0xb81): undefined reference to `ECDSA_SIG_new'
aacs_ecdsa.cpp:(.text+0xbcb): undefined reference to `ECDSA_do_verify'
aacs_ecdsa.cpp:(.text+0xbd6): undefined reference to `ECDSA_SIG_free'
/tmp/ccI36gEa.o: In function `aacs_set_cert(ec_key_st*, unsigned char*)':
aacs_ecdsa.cpp:(.text+0x690): undefined reference to `EC_KEY_set_public_key'
/tmp/cc8AZmav.o: In function `main':
aacskeys.cpp:(.text+0x1eaf): undefined reference to `calculate_title_key_file_mac(unsigned char*, unsigned long, unsigned char*, unsigned char*)'
collect2: ld returned 1 exit status
make: *** [all] Error 1

Hope this helps some...it had been pretty frustrating to say the least...

The wrapper library i made is obsolete now, the recent aacskeys 0.2.9 can be compiled as library itself.

I am a linux n00b, but i'm pretty sure the only problem why aacskeys doesn't work / can't be compiled is OpenSSL. Either your installed OpenSSL or your LD_SEARCH_PATH are messed up... or both :D. On my system i don't have a libcrypto.0.9.8b, only one without the b. But the linker / compiler doesn't look for this file directly, it looks for the file libcrypto.so, which is usually a symbolic link to a file containing the version number in its name.

So at first i would check if this link is broken. You said you already reinstalled OpenSSL, maybe there are still remainings of a old version which cause the problem? You could also try to set LD_SEARCH_PATH to contain the directory which contains the OpenSSL library at the beginning, maybe that helps.

But as i said, i don't know much about linux, your problem seems to be a general one, maybe you should ask in the linux section for help.

:rolleyes:

on fedora 8 x86_64 you have to rebuild openssl yourself, since the original distribution packages aren't compiled with EC support.

I tried to build it from source, but i still cant get it to compile, do I need to specify EC support? If so, how?

I tried to build it from source, but i still cant get it to compile, do I need to specify EC support? If so, how?

not really. but openssl will install into /usr/local/ssl if you don't specify another prefix. when building aacskeys you need to specify in the makefile:

-I/usr/local/ssl/inlude -L/usr/local/ssl/lib

anyways, there was a little problem with a datatype in a functions parameter list in aacskeys, which may result in a compiler error on 64 bit systems. i built a binary which should run on the fedora 8 x86_64 box, it's statically linked against openssl. i haven't tested it yet, so please let me know if the build works :)

linkage (http://copai.de/index.php?/archives/16-aacskeys-fedora-8-x86_64-static-build.html)

it seemed to open aacskeys now...but now i egt the following error in dumpHD:

Executing aacskeys: ./aacskeys "/dev/sr1" "/media/PLANET_EARTH_D1" v
aacskeys v0.2.9

Error opening Media Key File /dev/sr1/AACS/MKBROM.AACS


ERROR: LOADMKB errnr: -1

If I run the program w/o the /dev/sr1, i get this output:

./aacskeys /media/PLANET_EARTH_D1/ v
aacskeys v0.2.9

Current path: /home/benjamin/Desktop/dumphd_0.4
Processing key: 09F911029D74E35BD84156C5635688C0
Encrypted C-value: ABAB2D12C4B7B5DF9F9960E968B8600A
Corresponding uv: 00000001

Decrypted C-value: 6210D9B91D0AB2FDAF25F24C274F58B5
Media key: 6210D9B91D0AB2FDAF25F24C274F58B4

Encrypted verification data: EE05029424A17031044697728FC19919
Decr verif data should be: 0123456789ABCDEF
Decrypted verification data: 0123456789ABCDEFB1629F02FAFB84D3

Could not find the underlying device of the given drive mountpoint, aborting.


ERROR: DRIVEDEVICE errnr: -2

i am not sure, but if aacskeys doesn't support udf >= 2.5 itself (like anydvd on win xp) you have to wait until the kernel supports it :).
there's a patch, but if you don't want to compile a kernel on your own, you have to wait a few weeks. the patch will be most likely merged into the 2.6.26 tree (maybe even in 2.6.25, but i am not sure with that).

linux udf patches (http://sourceforge.net/tracker/?atid=300295&group_id=295&func=browse)

I have applied the patch, it sees/mounts HDDVD's just fine

You are using DumpHD with my wrapper library and the executable version of aacskeys, this doesn't work, the wrapper assumes another cli interface than aacskeys has. Do not use my wrapper library, it's obsolete, aacskeys 0.2.9 can be compiled itself as library.

You need to compile aacskeys as library yourself because only a 32bit binary is included. For this you need the java 6 sdk, check the makefile of aacskeys and change the path to point to your jdk location, if necessary. Then a "make lib" should do it. Copy the resulting libaacskeys.so into the directory of DumpHD, the executable binary is not required anymore, but the ProcessingDeviceKeysSimple.txt is!


./aacskeys /media/PLANET_EARTH_D1/ v

Try it without the trailing "/", if its still not working show me the contents of your /proc/mounts.

:rolleyes:

ok, so I tried this with 2 discs using dump HD, and the first one I tried was the Bourne Identity.

I seem to have figured out the problem with the libaacskeys.so, as it tries to find the key...but I am getting no activity from the drive, and no key is found. Here is what I get, but when I go to close it it asks whether or not I want to close as an operation is running.

http://i11.photobucket.com/albums/a170/fenton06/Screenshot-DumpHD04.png

So I try the second disc, Plaent Earth Disc 1. This is found in the key database, but I already have it decrypted, I am just trying multiple discs to try and get DumpHD working. When I try to open this disc in dumpHD, it closes(crashes), and the command line shows:

java: symbol lookup error: ~/Desktop/dumphd_0.4/libaacskeys.so: undefined symbol: EVP_ecdsa

java: symbol lookup error: ~/Desktop/dumphd_0.4/libaacskeys.so: undefined symbol: EVP_ecdsa


I have the impression that your OpenSSL is still not running properly, this is a linker error. And are you sure this happens when the disc is found in the database?? Your screenshot still shows an error in the database behind line 190. When you try to decrypt Planet Earth, does the log say "Disc found in key database". Because, if there is no bug in DumpHD i missed, aacskeys gets NOT executed if the disc is found in the database. But maybe this crash happens because of your broken OpenSSL.

Have you tried to use the executable version of aacskeys with these discs? Does this work?

How did you get the aacskeys library to compile, have you used the posted precompiled OpenSSL library? I think something is really wrong with your OpenSSL stuff, you should try to remove ALL remainings of it, check if your distribution contains an OpenSSL package, remove it, make uninstall all tarballs you have tried and get a fresh one and do a new configure, make, make install run.

:rolleyes:

I get the error when I remove the keydb.cfg so I can see if the aacskeys is working, if it finds it we are home free.

I will try the executable version of aacskeys with the discs...

EDIT: When i run the executable on Bourne identity I get this:

./aacskeys /dev/sr1 /media/BOURNEIDENTITY v
aacskeys v0.2.9

Error opening Media Key File /dev/sr1/AACS/MKBROM.AACS


ERROR: LOADMKB errnr: -1

Different command for Bourne:

./aacskeys /media/BOURNEIDENTITY v
aacskeys v0.2.9

Current path: /home/benjamin/Desktop/aacskeys_0.2.9/bin/linux

Error opening Media Key File /media/BOURNEIDENTITY/AACS/MKBROM.AACS


ERROR: LOADMKB errnr: -1


Planet earth:

./aacskeys /dev/sr1 /media/PLANET_EARTH_D1/ v
aacskeys v0.2.9

Error opening Media Key File /dev/sr1/AACS/MKBROM.AACS


ERROR: LOADMKB errnr: -1


Planet Earth different command:

./aacskeys /media/PLANET_EARTH_D1/ v
aacskeys v0.2.9

Current path: /home/benjamin/Desktop/aacskeys_0.2.9/bin/linux

Processing key: 09F911029D74E35BD84156C5635688C0
Encrypted C-value: ABAB2D12C4B7B5DF9F9960E968B8600A
Corresponding uv: 00000001

Decrypted C-value: 6210D9B91D0AB2FDAF25F24C274F58B5
Media key: 6210D9B91D0AB2FDAF25F24C274F58B4

Encrypted verification data: EE05029424A17031044697728FC19919
Decr verif data should be: 0123456789ABCDEF
Decrypted verification data: 0123456789ABCDEFB1629F02FAFB84D3

Could not find the underlying device of the given drive mountpoint, aborting.


ERROR: DRIVEDEVICE errnr: -2

Do not use aacskeys with 2 path parameters, no /dev/sr1 stuff, only the mountpoint like /media/BOURNEIDENTITY, and that without a trailing "/". The 2 path stuff comes from the very first experimental linux versions, now aacskeys can get the device itself, but for this to work there must be no "/" at the end of the path.

Something i forgot, do you run aacskeys with root rights? On my machine i cannot access any file from the hd-dvd if i don't have root rights, please use sudo to run aacskeys. Strange enough, it looks like Planet Earth could be read without root rights (there was only the mistake with the trailing "/") while Bourne couldn't.

:rolleyes:

aha...I will try using sudo, thanks fro clearing everything up!

Trying to run aacskeys with sudo:

sudo ./aacskeys /media/BOURNEIDENTITY v
Password:
aacskeys v0.2.9

Current path: /home/benjamin/Desktop/aacskeys_0.2.9/bin/linux


This is what it says for a good while, my CPU is pegged at 100%, but nothing in the command line...is there any idea on how long it should take?

Hmmm...it works with both of my planet earth discs....seems to be a problem with Bourne Identity...

Hmm, this is really strange, there should be no CPU load after the output of the current directory, aacskeys just opens some files on the disc and reads them into memory. But maybe, for some reasons, it cannot read from the disc. Can you read files from Bourne Identity? Try to open the file AACS/MKBROM.AACS in a hex editor (or text editor if you have none), does this work?

:rolleyes:

oddly enough, I can't actually browse the directories of th disc. I can only mount the disc, but the programs can read the disc. I am not quite sure why, but thats what happens. I am not to concerned anymore, I found the key in the keydb thread. If i find any more problems I'll post them.

oddly enough, I can't actually browse the directories of th disc. I can only mount the disc, but the programs can read the disc. I am not quite sure why, but thats what happens. I am not to concerned anymore, I found the key in the keydb thread. If i find any more problems I'll post them.

mmhhhh, might be a bug in the current udf module for the kernel, or the disc is using udf 2.60 (dunno if this possible according to the HD-DVD and BD specs)

meh...they decrpyt so I don't mind

Hello,
I'm noob in AACS decryptions. Could anybody please tell me what to do for rip any Blue-Ray discs and watch movie or rip and burn disc step-by-step?
As I understand I need to use aacskeys.exe for get decryption key? What do next?

Thanks you very much!

nothink is happening when i run the aacskeys .

Can't help you. We need a lot more information. What exactly are you typing? What are you trying to decrypt? What drive are you using, etc.

This is my first time trying this approach at ripping a BD. I was able to retrieve the VID using DumpVid, do I then use this number with aacskeys to retrieve the CPS key? I'm using aacskeys v0.2.9

I enter; directory\aacskeys [drive letter] ["n", or, "s", or "v"] [Vol ID]

I then get this error;

Could not find a Processing Key or Device Key resulting in the Media Key.

Aborting...

ERROR: PROCESSMKB errnr: -2

Also, I'm not sure how to determine if the BD falls under the MKBv3 status as mentioned earlier in this thread.

Thanks.

I was able to retrieve the VID using DumpVid, do I then use this number with aacskeys to retrieve the CPS key?

Yes, if your drive has been upgraded to MKBv3 or later this is the way to do it.

Unfortunately your disc seems to be MKBv4 or newer, there is no known Processing Key for these discs so you are currently out of luck (with aacskeys).

To check the MKB version of the disc, open the file AACS\MKB_RO.inf in a hex editor and look at offset 0x08, the next 4 bytes are the version number.

:rolleyes:

Yes, if your drive has been upgraded to MKBv3 or later this is the way to do it.

Upgraded? Is this through firmware provided by the manufacturer or am I missing something? I just purchased my BD drive not too long ago so I'm fairly new at this... can you tell!

To check the MKB version of the disc, open the file AACS\MKB_RO.inf in a hex editor and look at offset 0x08, the next 4 bytes are the version number.

I've never used hex editor, could you reccommend one? Preferrably noob friendly if possible. Just point me in the right direction and I'll figure out thie rest

Thanks for your help KenD00,
O!

No, the revokation lists inside the BD drive get updated whenever a disc with a newer MKB version is authenticated by a software player (or aacskeys) to decrypt the disc, maybe already when the disc is inserted into the drive.

For a start about hex editors, maybe this can help http://en.wikipedia.org/wiki/Hex_editor.

Perhaps AnyDVD HD is the better solution for you, its also the only program which currently can decrypt MKBv4 or later discs :(.

:rolleyes:

No, the revokation lists inside the BD drive get updated whenever a disc with a newer MKB version is authenticated by a software player (or aacskeys) to decrypt the disc, maybe already when the disc is inserted into the drive.

For a start about hex editors, maybe this can help http://en.wikipedia.org/wiki/Hex_editor.

Perhaps AnyDVD HD is the better solution for you, its also the only program which currently can decrypt MKBv4 or later discs :(.

:rolleyes:

Yeah, I've since aquired AnyDVD HD... a fabulous proggy might I add. However, this sorta stuff interests me and I'd like to learn all about it eventually.

Thanks again,
O!

I have been reading several threads around here, trying to figure out a way to play blu-ray movies on my computer. I have an Intel core 2 quad Q9450 and i am running linux (Ubuntu 8.04 Hardy Heron, 64-bit version). I have a LG GGC-H20L blu-ray drive. The more i read, the more confused i get though.

I was able to apply the UDF 2.5 patch. I am able to get dumpHD running but i can't get the aacskeys library compiled for my 64-bit OS. (i think i am having a problem similar to fenton06 with my openssl installation) I was able to use a the precompiled binary version of aacskeys that sothis_ did. It only worked for one movie though. the other discs i tried did the same thing as fenton06 in his post #276 - it just sits there and doesn't do anything. i'm assuming that's a problem with the disc MKB version (and it probably updated the revocation list in my BD-ROM drive).

for the one disc i was able to decrypt and dump, i could watch all the special features (as separate .m2ts files) but i could NOT view the main feature (the actual movie). it started up and i could see and hear the MGM lion roar but then the picture stops moving (but the sound continues). i've read about other people having this problem also and read about some people having to mux the audio and video streams (http://forum.doom9.org/showthread.php?t=123282&highlight=dumphd&page=3) - is that necessary?

it's difficult to map the software landscape of all the tools that you guys have created. I have seen awhitehead's list of tools here:
http://forum.doom9.org/showthread.php?t=123282&highlight=dumphd
but it's tough (i think) for newer people like me to know how to use those tools together to just be able to watch a blu-ray movie on a (linux) computer.

i'd like to be able to watch blu-rays on my computer. but i'd also like to see a sort of "User's Guide to Watching Blu-ray Movies on a PC" available - a step by step guide to help new or experienced PC users get blu-ray going on their machines. I would love to write this guide myself, but first i need to know how to do it myself. I think what guys are doing (writing software tools and making them available to everyone) is awesome. i'd like to contribute in any way i can if possible.

@kkloster21

Hi!I have a LG GGC-H20L blu-ray drive.i'd like to be able to watch blu-rays on my computer.Is there some reason you can't play and watch your original Bluray discs on your system?

Maybe i should have said "i'd like to figure out how to watch blu-ray movies on my computer."

I've tried a few of these programs (DumpHD with aacskeys) and i haven't had much luck. i guess with the newest blu-ray discs, the MKB version is updated, rendering a lot of this software ineffective. (it seems this way from what i've read here - is that incorrect?)

Maybe i should have said "i'd like to figure out how to watch blu-ray movies on my computer."Sorry, perhaps I'm a bit slow today, but I still don't understand, if as you've stated, you have a Bluray drive as part of your system, why can't you simply play your original Bluray discs on your computer?

As i understand, retail blu-ray movie discs are encrypted with AACS encryption. I don't know of any linux compatible media players that can decrypt and play these movies on the fly. It's possible that such a program exists and i just don't know about it. does anyone here know of any linux media players that can playback blu-ray movies straight from the disc?

@setarip_old: He's running Linux. So it's not just plopping in the disc and starting PowerDVD.

@kkloster21: Playing Blu-ray movies in Linux is not easy. A patched MPlayer and only a patched MPlayer can play the movie, if you can decrypt it. That's a big if though. You're basically limited to movies for which the VUK is available in this (http://forum.doom9.org/showthread.php?t=120988) thread. If no VUK is available, you're pretty much screwed unless you also have Windows on your machine.

Sorry, I missed the Linux-only limitation.

Be that as it may, these most recent posts are mystifying to me. Perhaps someone can explain why you would purchase a Bluray drive for a system on which you can't play Bluray discs?

Thanks Gusar. so a patched MPlayer is the only thing that can do it... I was able to watch some of the special features (after being dumped by DumpHD) in VLC though, as i said i wasn't able to watch the movie itself. VLC won't play decrypted movies?

@setarip_old: I just built the computer and i wanted to put in a blu-ray drive at time of build. I figured there would be a way to make it happen, even if it takes a few weeks or months and some work on my part. if its absolutely impossible to do on linux then i can always dual boot with windows but, i'd prefer not to have to do that.

@kkloster21

(I promise, this is the last question I'll ask you about this)

Thanks for taking the time to respond ;>} - But, yet again, although I know it's not important to you that I understand, perhaps you can explain what you mean by:if its absolutely impossible to do on linux then i can always dual boot with windows but, i'd prefer not to have to do that.If you have Windows available on your system, once again, you can certainly effortlessly play your original Bluray discs on your system...

@setarip_old: no worries about the questions! :) I don't have windows installed on my system now but if that's the only way to watch blu-rays on my computer then i'll setup a dual boot configuration.

@Gusar: any idea where i can find that mplayer patch? i looked around for it and couldn't find anything.

@setarip_old: no worries about the questions! :) I don't have windows installed on my system now but if that's the only way to watch blu-rays on my computer then i'll setup a dual boot configuration.

You can thank the studios and their paranoia about piracy for that. There are so many rules and restrictions with the HD discs, that an open environment like Linux could never be trusted with such precious material (even Macs are not good enough). Therefore, the only official players that you will see will be for Windows (because it's so darn secure and robust!! :rolleyes:). Eventually, I'm sure that open source projects like MPlayer will have the ability to playback complete HD disc structures, but it may not be for a year or two or more... They may even have the ability to decrypt on the fly by then! For now though, you will most likely need to either watch the disc in Windows, or do some processing to it in Windows (decrypting, transcoding, etc.) before it can be played in Linux.

Eventually, I'm sure that open source projects like MPlayer will have the ability to playback complete HD disc structures, but it may not be for a year or two or more...
I have like 20 hd-dvds/blue rays and they all playback nicely with mplayer (for months!). The parameters are sometimes a bit weird for linux noobs but it works.
Example for Spy Game with eac3 sound:
mplayer -demuxer lavf -ac ffeac3 -fps 24000/1001 -aid 5 FEATURE_1.EVO

my config:
cat .mplayer/config
# Write your default config options here!

lavdopts=fast=1:threads=2
vo=xv

Version: 1:1.0.rc2svn20080531-0.1

No patch or whatever is needed. Also you only need to specify those parameters if you encounter problems (like no sound/av sync/...)

---------

What i originally wanted to ask: Does anyone have a valid certificate/privkey for aacskeys? I can sniff the host_cert and host_nonce without any problems but don't have any corresponding host_key for the signature :/

mplayer -demuxer lavf -ac ffeac3 -fps 24000/1001 -aid 5 FEATURE_1.EVO

This was my point. You are not playing the disc structure, you are simply playing the main movie file, which I will agree should work just fine. You just don't have the menu system and probably not chapters either. I can open the VIDEO_TS.IFO file of a DVD with Media Player Classic, and it will play with menus and chapters. As far as I know, playback like this with HD discs is not possible with mplayer or Media Player Classic.

Could we please have a parameter for aacskeys which allows to skip authentication in the next version? I have patched my firmware of my PX-920SA (compatible with GGW-H20L). :)

@setarip_old: I just built the computer and i wanted to put in a blu-ray drive at time of build. I figured there would be a way to make it happen, even if it takes a few weeks or months and some work on my part. if its absolutely impossible to do on linux then i can always dual boot with windows but, i'd prefer not to have to do that.
I don't know how well some of the Windows DVD programs (like AnyDVD) will work since they are likely operate at a pretty low level, but you might give Wine a try (allows running Windows programs from within Linux).

Could we please have a parameter for aacskeys which allows to skip authentication in the next version?

Regarding what you have posted here (http://forum.doom9.org/showthread.php?p=1159131#post1159131) this isn't just skipping the authentication process but an own form of "authentication". Current aacskeys is some sort of intelligent and detects if the xbox drive is present and then uses the xbox hack rather the ACCS way, so this would be the preferred way. What firmware string does aacskeys report when using your custom firmware? Maybe i can find some time and integrate this new "hack" ;).

:rolleyes:

Regarding what you have posted here (http://forum.doom9.org/showthread.php?p=1159131#post1159131) this isn't just skipping the authentication process but an own form of "authentication".
I commented out the part between "agid = report_agid(h, bluray); + error handler" and "errnr = read_vid(h, agid, volume_id, mac, bluray);" as well as the following "calculate_volume_id_mac() + error handler". That works fine.

Current aacskeys is some sort of intelligent and detects if the xbox drive is present and then uses the xbox hack rather the ACCS way, so this would be the preferred way. What firmware string does aacskeys report when using your custom firmware?
I haven't changed the firmware string so it can't be distinguished from the original firmware looking at the return of inquiry. It only behaves differently when executing the cmdAD/80 handler.

Maybe i can find some time and integrate this new "hack" ;).
The easiest way to do it is just executing read_vid() right after "report_agid() + error handler" and see if it succeeds. Only if it doesn't perform the usual authentication.

Today i'm proud to present a new version of aacskeys. Along the usual bugfixes it has these new features:

Changed CLI, options are now passed the usual -option style
Given parameters are checked and errors are reported
You have the option to choose how the Volume ID should be retrieved
The XBox hack is used automatically for the Toshiba SD-H802A drive
Can use the recently discovered way to get the Volume ID from patched drives

The archive contains precompiled executables and libraries for Windows and Linux (32 bit and 64 bit) and the source code. The linux versions are now statically linked against OpenSSL, this hopefully solves the problems people had where OpenSSL couldn't be found.

Known issues: If you try to decrypt a MKBv4 or later disc it can happen that aacskeys seems to hang (in verbose mode it doesn't continue after it prints out the current directory) and produces 100% CPU load. I currently don't know excactly why this happens, it looks like that it comes from crypto code that fails because there is no processing key for this MKB version present. I remember people saying they would release a new processing key but want to keep the "community" one step behind Slysoft.. well, AFAIK Slysoft is at MKBv7...

Grab aacskeys 0.3.0 here (the zip and tar.gz have the same content):
aacskeys 0.3.0 (zip, Rapidshare) (http://rapidshare.com/files/132033106/aacskeys-0.3.0.zip.html)
aacskeys 0.3.0 (zip, Sendspace) (http://www.sendspace.com/file/n5c5ut)
aacskeys 0.3.0 (tar.gz, Rapidshare) (http://rapidshare.com/files/132033650/aacskeys-0.3.0.tar.gz.html)
aacskeys 0.3.0 (tar.gz, Sendspace) (http://www.sendspace.com/file/xcyyye)

:rolleyes:

Excelent work :)

I see that aacskeys still tries to load /AACS/VTKF000.AACS. That will fail for some discs that don't have the file and start their title file counting not with 000; eg. Pan's Labirinth (VTKF001.AACS is the first), Terminator 2[DE] (VTKF080.AACS).

Another thing, host_key_point can be calculated from host_key and G on EC using a function like aacs_calculate_bus_key (Figure 4-6, page 32 in AACS spec).
And it would be cool if (priv_key, host_cert) pair could be read from a file, just like device/processing keys. What do you say about this? :)

I thought about that numbering thing, DumpHD does it already but i haven't heard any complaints about aacskeys not doing it (until now ;)), so i haven't implemented that. The whole file I/O stuff is still quite messy and unsafe, i wanted to move that code to C++ too, especially because i really wanted to read the Host Cert / Priv Key from file too, but i still haven't found the time yet.

Yeah, i wondered why he doesn't calculate the host nonce and uses a precalculated one, then i looked into the spec and thought "oh shit, too much math *g*". The crypto code is also messy and i honestly don't understand much of it right now. The OpenSSL doc is also not very complete so i don't know if and when i will touch that part.

:rolleyes:

It seems to work. Well done!
Now we need more people working on the players to get new key material. They are using advanced rootkit techniques to corrupt the system. It's quite a challenge. Those people who have experiences with Themida should probably have a look at windvd :)

@fpga: I'm wondering if i could use AnyDVD or some other program in Windows (or even in Wine) to get the VUKs of the discs that i own and then populate the KEYDB.cfg database with those keys and just watch them in linux on mplayer (i know i can watch blu-rays in linux if i have the VUK or some key). Would this be possible? Or i guess the real question is: is there a program like aacskeys for windows that will actually show the decrypted keys for blu-ray discs up to MKBv7 (or whatever the latest is)? does AnyDVD actually output the keys?

AnyDVD doesn't output VUKs. And there's currently no other program that can handle MKBv4, MKBv6 or MKBv7 media. Not no mention BD+.

afaik AnyDVD contains a long list of those volume unique keys. Yes the vuk is enough for decryption. But you really should try to find them yourself because currently AnyDVD is like a single point of failure for the whole decryption network. If those open source decryption tools can't keep up and AnyDVD gets sued it would be a big blow for the linux blue ray playback support.
Anyway i am trying to get some new key material for aacskeys but this will take some time. So just wait or help.

@Oopho2ei: I'd love to help if i am able. I may not have the skill set but i can learn. What are some ways i could help or some things i could start learning to make myself useful? I have a little bit of experience with C.

Simply choose a player (hardware/software) and start to reverse engineer it. You need to know a lot but there are plenty of documents about this you can study. I don't think you really need to program anything unless you want to write a plugin or inject code in the address space of the process (hooks).

can you explain a little bit more what you mean by "choose a player (hardware/software) and start to reverse engineer it." ? Choose a hardware drive and a software player in windows? One or the other? Wouldn't reverse engineering any of that stuff involve looking at code or firmware of some kind? I do have an LG GGC-H20L combo drive that i can start trying things on. I just need to know what to do with it or where to find documentation on what to do. Would it be possible for you to post or PM a few links for some documents that i could study?

The GGC doesn't contain any device keys. The software player you use to playback your encrypted blue rays has them. Yes it involves looking at the disassembly *lol* among other things. If you are a developer of one of those software players you can use the source code of course. Anyway this is going off topic now. You need to educate yourself.

can you explain a little bit more what you mean by "choose a player (hardware/software) and start to reverse engineer it." ? Choose a hardware drive and a software player in windows? One or the other? Wouldn't reverse engineering any of that stuff involve looking at code or firmware of some kind? I do have an LG GGC-H20L combo drive that i can start trying things on. I just need to know what to do with it or where to find documentation on what to do. Would it be possible for you to post or PM a few links for some documents that i could study?


Look up and master Assembly language then PM him :)

Yes, if your drive has been upgraded to MKBv3 or later this is the way to do it.

Unfortunately your disc seems to be MKBv4 or newer, there is no known Processing Key for these discs so you are currently out of luck (with aacskeys).

To check the MKB version of the disc, open the file AACS\MKB_RO.inf in a hex editor and look at offset 0x08, the next 4 bytes are the version number.

:rolleyes:

Thanks KenD00 !
I appreciate your work on aacskeys.

I am using aacskeys in backupBDAVfor V1 and V3 042.

My question is \AACS\MKB_RW.inf in case of BD-RE,
MKB version is at offset 0x08, the next 4 bytes same as MKB_RO.inf ?

The other question:
If I try to read BD-RE with MKBv7 or v4 and with P-MKB v7 or v4 using a drive whose P-MKB is v1, will the drive is modified to P-MKB v7 or v4 ?

pjo

Beeing a lazy guy i opened a MKB_RW.inf i found on one of my Blu-Rays with my never released MKBView and it decoded it just fine, so yes, both MKBs have the same structure. And that MKB had also the same version than the MKB_RO.inf MKB on that disc. I also took a quick look at the specs and they don't define an extra MKB for the Recordable Book, there is only one common MKB type.

Your second question is a bit tricky but one thing i can say for sure: if an aacs authentication process is started (e.g. by aacskeys or a software player) the drive will be updated. However, the spec doesn't forbid to update the drive earlier, so i don't know if just putting the disc into the drive will already update it. This may be even different accross different drives.

pjo, i must thank you that you mentioned backupBDAV. This tool sounded unknown to me (good that i haven't checked my HDD, i already had an older version of it) so i googled for it and couldn't believe what i've found. On some sort of japanese website i found something that looked like MKBv4 and MKBv7 Processing Keys. So i gave aacskeys a try with 2 MKBv4 HD-DVDs and it decrypted them and said the VUK is valid?!?!? Next i ran DumpHD on my only MKBv7 Blu-Ray John Rambo and WinDVD played the rip fine!! I can't believe that, the keys are there for almost 5 days now, they are real and this hasn't made big news yet? Anyone knows something about that, theres no info on that site from whom these keys are.

:rolleyes:

Beeing a lazy guy i opened a MKB_RW.inf i found on one of my Blu-Rays with my never released MKBView and it decoded it just fine, so yes, both MKBs have the same structure. And that MKB had also the same version than the MKB_RO.inf MKB on that disc. I also took a quick look at the specs and they don't define an extra MKB for the Recordable Book, there is only one common MKB type.

Your second question is a bit tricky but one thing i can say for sure: if an aacs authentication process is started (e.g. by aacskeys or a software player) the drive will be updated. However, the spec doesn't forbid to update the drive earlier, so i don't know if just putting the disc into the drive will already update it. This may be even different accross different drives.

pjo, i must thank you that you mentioned backupBDAV. This tool sounded unknown to me (good that i haven't checked my HDD, i already had an older version of it) so i googled for it and couldn't believe what i've found. On some sort of japanese website i found something that looked like MKBv4 and MKBv7 Processing Keys. So i gave aacskeys a try with 2 MKBv4 HD-DVDs and it decrypted them and said the VUK is valid?!?!? Next i ran DumpHD on my only MKBv7 Blu-Ray John Rambo and WinDVD played the rip fine!! I can't believe that, the keys are there for almost 5 days now, they are real and this hasn't made big news yet? Anyone knows something about that, theres no info on that site from whom these keys are.

:rolleyes:

Thnaks for your reply.

I mounted MKBv7 BD-RE onto a Panasonic Blueray harddisk recorder which was MKBv1 for sure. now the recorder is V7 !

But I can run BackupBdav 042 which is available on this site.
http://forum.doom9.org/showthread.php?t=125592&highlight=BDAV
with v7 processing key.

It looks like v7 has been on the internet for a few weeks already. I found it in one of a blog(in Japanese language), but it was just a hint, not direct v7.:)

I could not find v4. Pls send personal message on this if it is ok for you.

KenD00 and pjo :)

Thanks for all the hints !

I have the movie Daylight on HD-DVD and it plays fine (SAP and PC) when I load AnyDVD-HD. It wasn't untill today that I noticed it was MKBv4.

"label DAYLIGHT
AACS!
HD type: 0
MKB version 4"

So I tried aacskeys h:

Could not find a Processing Key or Device Key resulting in the Media Key.
Possible key tried: 09F911029D74E35BD84156C5635688C0
Possible key tried: 455FE10422CA29C4933F95052B792AB2

Now I replace my file with the new "ProcessingDeviceKeysSimple.txt" I found thanks to you !

Volume Unique Key: D02FFAE3253D6D41861F3D11643DBE30
TKF Hash (DiscID): 9880EC369B4C8C26C9B7188204D3E5246B8EDCE4

Seems to work great ! So indeed this is BIG news !!! This means all free tools start to work again. Please correct me if I'm wrong.

I think we are looking at the same source because all you find is files and no further info.

Greets

Awesome! Why don't you post the keys here? Has anyone started working on the virtual machine used in BD+?

KenD00 and pjo :)

Thanks for all the hints !

I have the movie Daylight on HD-DVD and it plays fine (SAP and PC) when I load AnyDVD-HD. It wasn't untill today that I noticed it was MKBv4.

"label DAYLIGHT
AACS!
HD type: 0
MKB version 4"

So I tried aacskeys h:

Could not find a Processing Key or Device Key resulting in the Media Key.
Possible key tried: 09F911029D74E35BD84156C5635688C0
Possible key tried: 455FE10422CA29C4933F95052B792AB2

Now I replace my file with the new "ProcessingDeviceKeysSimple.txt" I found thanks to you !

Volume Unique Key: D02FFAE3253D6D41861F3D11643DBE30
TKF Hash (DiscID): 9880EC369B4C8C26C9B7188204D3E5246B8EDCE4

Seems to work great ! So indeed this is BIG news !!! This means all free tools start to work again. Please correct me if I'm wrong.

I think we are looking at the same source because all you find is files and no further info.

Greets

SvT, Congratulations ! You found it.

pjo

Awesome! Why don't you post the keys here? Has anyone started working on the virtual machine used in BD+?

I heard that several people were copying BD+ ok. But I cannot test it because I do not have BD+ disk.
pjo

I heard that several people were copying BD+ ok. But I cannot test it because I do not have BD+ disk.
pjo
Nice. Where can i find the source code of those programs?

Nice. Where can i find the source code of those programs?

I do not think the source for this is available.
It looks like it is SlySoft AnyDVD.

Could we please get some experimental device key support for aacskeys? A seperate plaintext file with a simple format like "KEYDB.cfg" would be sufficient. Also maybe you could include some features of MKBView in verbose mode.

Aacskeys should already be able to process Device Keys, just put them in the ProcessingDeviceKeysSimple.txt file. And maybe check the source code to see if that crypto stuff makes sense, i currently don't understand it :D.

I wanted at least show the MKB version of the disc, but currently i can't code anything, my main computer broke 2 days ago, seems to be the mainboard. If thats the case, i need to change my whole water cooling for the new one, that will take some time (hopefully not as much as last time :().

:rolleyes:

aacskeys already handles devices keys. It always did.

How does aacskeys determine the position of the device key in the tree? According to the spec (3.2.3) there is a path number associated with each device key which determines the path from the root to the position of the node. Without the position i wouldn't know which device key to choose and how to proceed from that node to the processing key. You see my point: that path number isn't stored in the ProcessingDeviceKeysSimple.txt file. I was aware of the fact that the source code already allows the use of device keys but there is just no way to store them other than hacking them into the source code. All keys should generally be stored in a separate file.

It doesn't - it tries all positions (encrypted c-values).

It doesn't - it tries all positions (encrypted c-values).
You can try all the c-values if you have a list of processing keys which isn't the case here. One has to select the correct device key of a node which is the root of the subtree which contains the node i need the processing key of. A device key is not a processing key.. maybe that is what you are thinking. Using the device key and the specified hash function (AES-G3) you can calculate the left and right subsidiary device key to go further down in the tree and the processing key for the current node. You never directly use a device key to decrypt a c-value.

You can try all the c-values if you have a list of processing keys which isn't the case here. One has to select the correct device key of a node which is the root of the subtree which contains the node i need the processing key of. A device key is not a processing key.. maybe that is what you are thinking. Using the device key and the specified hash function (AES-G3) you can calculate the left and right subsidiary device key to go further down in the tree and the processing key for the current node. You never directly use a device key to decrypt a c-value.

You simply use all keys you have, not knowing if it is a device or processing key. First you take the first encrypted c-value and assume your key is a processing key. Check it by decrypting the corresponding verification data. If it's different you go to the corresponding subtree lowest node, go one level up assume your key is now a device key, calc down the tree and verify again. If it still isn't you continue that by going and enumerating all levels up until you are at the top of the subtree. Then you continue with all other c-values and corresponding verification data. And after that you can't use your key and take another one. And do that same procedure again. That's the way aacskey is doing it.

There seems to be a bug in the linux/amd64 version of aacskeys-0.3. I have added the new keys to the ProcessingDeviceKeysSimple.txt and run from that directory the following commands:
./bin/linux32/aacskeys -v /media/cdrom
This is working and gives the correct result.
./bin/linux64/aacskeys -v /media/cdrom
This doesn't work and it is just looping giving no ouput but the "Current path:" line. There is only one ProcessingDeviceKeysSimple.txt in the directory i am calling these commands from. I have been using the linux/amd64 version with a mkb v1 generation disk without any problems but it fails when i try to get the keys from a mkb v4 generation disc.

mkb: http://uploaded.to/?id=yurqxj

gioowe: ok, i will try it. But it would be strange that the specification demands storing redundant data. Maybe that "brute force" search implemented in aacskeys as you described it cannot be realized easily in licensed players.

Licensed players know their device keys position and corresponding subtrees (UV mask). We do not. All publicly available keys are processing keys. Only one device key is known (53BD...) to date and that one lead to PK of MKBv1 (09F9...)

53BD... was actually a subdevice key, the true device key is 86D2...

@Oopho2ei
This endless loop in the x64 version happens when aacskeys cannot find a processing key. But since the x32 version works with the same ProcessingDeviceKeysSimple.txt the code is more broken than i thought. I will look into this as soon as i have a working machine again.

That "brute force" approach will take longer the more revocations happen, maybe because of that the devices know their uv.

:rolleyes:

Thanks for aacskeys v0.26(BDAV v0.50) new version works for dummy drive !

Using two MKBv7 and P-MKB v7 drives, no need to
run PowerDVD or no need to run USB Inspector.

I am wondering how dummy drive works. Please explain how it works if you would.

pjo

That version you are talking about is not from me, i even haven't seen that one so i can't help you. Just beeing curious, whats that dummy drive thing doing?

:rolleyes:

That version you are talking about is not from me, i even haven't seen that one so i can't help you. Just beeing curious, whats that dummy drive thing doing?

:rolleyes:

That aacskeys is included in BackupBDAV 050 found in this forum.

I do not know the detail on how dummy drive works but I assume that by using an extra dummy drive (physical BD-R drive) some kind of key is found so that there is no need to run PowerDVD for hammering.

pjo

edit
You can put any disk in the dummy drive. Even blank disk is fine.
This suggests that some kind of key in the dummy drive hardware is read and used in this version of aacskeys.

I need the following patch to compile aacskeys on my my linux distribution (debian/lenny) with gcc (version 4.3.1):

diff -rupN aacskeys-0.3.0/src/aacs_ecdsa.cpp aacskeys-0.3.0_fixed/src/aacs_ecdsa.cpp
--- aacskeys-0.3.0/src/aacs_ecdsa.cpp 2008-07-24 07:06:58.000000000 +0200
+++ aacskeys-0.3.0_fixed/src/aacs_ecdsa.cpp 2008-08-17 16:09:28.000000000 +0200
@@ -2,6 +2,7 @@

#include <cstdio>
#include <string>
+#include <cstring>

#include <openssl/bn.h>
#include <openssl/evp.h>
diff -rupN aacskeys-0.3.0/src/aacskeys.cpp aacskeys-0.3.0_fixed/src/aacskeys.cpp
--- aacskeys-0.3.0/src/aacskeys.cpp 2008-07-24 08:31:29.000000000 +0200
+++ aacskeys-0.3.0_fixed/src/aacskeys.cpp 2008-08-17 16:10:36.000000000 +0200
@@ -35,6 +35,7 @@
// general
#include <cstdio>
#include <string>
+#include <cstring>
//#include <malloc.h>

/* *** KenD00 start: Added include for variable argument list processing *** */
diff -rupN aacskeys-0.3.0/src/ioctl.cpp aacskeys-0.3.0_fixed/src/ioctl.cpp
--- aacskeys-0.3.0/src/ioctl.cpp 2008-07-24 07:06:58.000000000 +0200
+++ aacskeys-0.3.0_fixed/src/ioctl.cpp 2008-08-17 16:11:42.000000000 +0200
@@ -2,6 +2,7 @@

#include <cstdio>
#include <sstream>
+#include <cstring>
#include <iomanip>


diff -rupN aacskeys-0.3.0/src/mmc.cpp aacskeys-0.3.0_fixed/src/mmc.cpp
--- aacskeys-0.3.0/src/mmc.cpp 2008-07-24 07:06:58.000000000 +0200
+++ aacskeys-0.3.0_fixed/src/mmc.cpp 2008-08-17 16:12:21.000000000 +0200
@@ -1,6 +1,7 @@
#include "mmc.h"

#include <string>
+#include <cstring>
#include <cstdio>

#define CDB_SIZE 16


Otherwise i get errors like: aacs_ecdsa.cpp
src/aacs_ecdsa.cpp: In function ‘int aacs_calculate_bus_key(unsigned char*, unsigned char*, unsigned char*, unsigned char*)’:
src/aacs_ecdsa.cpp:330: error: ‘memcpy’ was not declared in this scope

copy the file in the root directory of aacskeys and use patch -p1 < patchname.diff

Maybe you can fix this in the upcomping new release too :thanks:

Licensed players know their device keys position and corresponding subtrees (UV mask). We do not.

Why don't we know the UV mask? Doesn't each PK have a corresponding UV number? Doesn't each C-Value correspond to a single UV number? Once you find a PK that decrypts a C-Value, you know the matching UV. Or am I missing something?

Why don't we know the UV mask? Doesn't each PK have a corresponding UV number? Doesn't each C-Value correspond to a single UV number? Once you find a PK that decrypts a C-Value, you know the matching UV. Or am I missing something?

No, you're not.

Why don't we know the UV mask? Doesn't each PK have a corresponding UV number? Doesn't each C-Value correspond to a single UV number? Once you find a PK that decrypts a C-Value, you know the matching UV. Or am I missing something?
I think that is correct but we were actually talking about device keys and not processing keys. But because the processing key is derived from exactly one device key and that "path" is known you would get this position as well. If more people would help reverse engineering we wouldn't even have to bother about this and could instead use the stored values.

we were actually talking about device keys and not processing keys. But because the processing key is derived from exactly one device key and that "path" is known you would get this position as well.

Agreed. The reason I asked, was that I had assumed that each time a PK (or DK ) was identified that its matching uv number would be associated with it and stored somewhere. Then the correct c-value could be identified using the same basic procedures described in the AACS docs. You'd just find a c-value with a matching u number for your PK and a v-number that is not below the PK's v-number. (Clearly, you can start with either the list of c-values or the list of known PKs.)

If more people would help reverse engineering we wouldn't even have to bother about this and could instead use the stored values.

I miss the excitement of the early days of discovery (not that I did anything other than watch and try to follow the technical details). With a smile, I have to blame Peer in part. He's really too good. I suspect the payoff for discovery is a lot less when Peer's in the lead.

I miss the excitement of the early days of discovery (not that I did anything other than watch and try to follow the technical details). With a smile, I have to blame Peer in part. He's really too good. I suspect the payoff for discovery is a lot less when Peer's in the lead.

*blush* :)

This new release is mainly a bugfix, i hope it fixes all the problems of the previous one. Beeing to lazy to write it a second time, i copy the changelog from the README:

- Fixed to run correctly under 64 bit
- Detects if the given mountpoint is a symlink and handles it correctly (Linux)
- Accepts mountpoints with a trailing "/" (Linux)
- Uses the Title Key file with the lowest number if VTKF000.AACS isn't present
(HD-DVD Advanced Content)
- Displays version of MKB
- New option --no-preinval to disable invalidation of all AGIDs before
requesting a new one
- Added missing includes to avoid compilation errors on some machines
(thanks Oopho2ei)
- Lots of small fixes to avoid buffer overruns and null pointers


As usual, the archive contains precompiled binaries / libraries for linux (32 bit and 64 bit), windows and the source code, the zip and tar.gz have the same content.

Get them here:
aacskeys 0.3.1 (RapidShare, zip) (http://rapidshare.com/files/141253835/aacskeys-0.3.1.zip.html)
aacskeys 0.3.1 (SendSpace, zip) (http://www.sendspace.com/file/bps0f4)
aacskeys 0.3.1 (RapidShare, tar.gz) (http://rapidshare.com/files/141255292/aacskeys-0.3.1.tar.gz.html)
aacskeys 0.3.1 (SendSpace, tar.gz) (http://www.sendspace.com/file/5acnol)

:rolleyes:

Thanks a lot for the corrections. :)

This new release has one big new feature: Blu-Ray Recordable support (BDMV and BDAV type) :).
From the changelog:

0.3.5: 2008-09-20
- Experimental Blu-Ray Recordable support (BDMV and BDAV)
- New option --pa-lba (currently this must be used with Blu-Ray Recordables if the Binding Nonce is not given on the command line)
- The Host Private Key and Host Certificate is now loaded from the external file HostKeyCertificate.txt
- Diplays more information about the drive and inserted disc
- Fixed an endianess problem

The whole recordable stuff isn't tested because i don't have any AACS protected recordings, so please test this feature and report back if something isn't working. The processing of recordables isn't fully automatic as for the other disc types because aacskeys hasn't an UDF parser integrated. This will maybe change in a later release if i find a suitable parser or have written an own one.

As usual, the archive contains precompiled binaries / libraries for linux (32 bit and 64 bit), windows and the source code, the zip and tar.gz have the same content.

Get them here:
aacskeys 0.3.5 (RapidShare, zip) (http://rapidshare.com/files/146916519/aacskeys-0.3.5.zip.html)
aacskeys 0.3.5 (RapidShare, tar.gz) (http://rapidshare.com/files/146917858/aacskeys-0.3.5.tar.gz.html)
aacskeys 0.3.5 (SendSpace, zip) (http://www.sendspace.com/file/6frubx)
aacskeys 0.3.5 (SendSpace, tar.gz) (http://www.sendspace.com/file/gmkix8)


If none of the automatic modes to retrieve the Volume ID / Binding Nonce works for you, try the following utilities to sniff them from the bus (works only under Windows and requires a licensed software player):

For Volume ID: DumpVID Package 0.31
DumpVID Package 0.31 (RapidShare) (http://rapidshare.com/files/100373276/dumpvidpkg_0.31.zip.html)
DumpVID Package 0.31 (SendSpace) (http://www.sendspace.com/file/n6wely)

For Binding Nonce: DumpBN 0.31 (from BackupBDAV 0.50)
DumpBN 0.31 (RapidShare) (http://rapidshare.com/files/147507385/dumpbn-0.31.zip.html)
DumpBN 0.31 (SendSpace) (http://www.sendspace.com/file/9kznpr)

:rolleyes:

Dude, you are awesome!! Always know that your work is appreciated!! Quick question, what MKB version are we up to now?

Thanks :).

The situation is still unchanged, MKB up to version 7, Volume Id / Binding Nonce retrieval up to version 1 :(. Oh, if you can't get the Binding Nonce, google for dumpbn, this is based on DumpVID and does the same but for Binding Nonces.

:rolleyes:

This post contains a link which will always point to the latest aacskeys version.

Current version: 0.4.0c, released: 2009-08-30

Download links (http://forum.doom9.org/showthread.php?p=1320065#post1320065)

:rolleyes:

The situation is still unchanged, MKB up to version 7, Volume Id / Binding Nonce retrieval up to version 1

May I ask which are the latest versions that can be found on BD nowadays?

BTW, I could not find anything about dumpbn.

In the Slysoft forum there are reports about MKBv10.

You are right, google doesn't give anything useful about DumpBN, it's included in BackupBDAV, i have added download links for it (and DumpVID) in the upper release post.

:rolleyes:

[...]
If none of the automatic modes to retrieve the Volume ID / Binding Nonce works for you, try the following utilities to sniff them from the bus (works only under Windows and requires a licensed software player):


I'm sorry to tell you that but you're almost wrong KenD00. You can use DumpVID under linux with wine and it works. OK, it's not a native way under linux but it's the trick.
What i do is launching dumpVID.exe with wine, access the BRD with aackeys and the VID appears on the dumpVID console. Then you can re-use aacskey program or DumpHD...

Cheers

PS : thx a lot for your crazy work...

Well, partially you are right, i have never tried to run it under wine, so that does work, thanks for the info.

But you are using a patched drive, so you can retrieve the Volume ID in a "not official" way, but this isn't the purpose of DumpVID. DumpVID is for the case where you can't get the Volume ID, this is for all drives which are > MKBv1 and are not patched. In that case you need a licensed software player, and, correct me if im wrong, i don't know of any licensed software player that runs under linux (native or under wine).

:rolleyes:

Hi, here's a compile fix for Gentoo:

in libaacskeys.make, there needs to be a substitution.

/usr/lib/jvm/java-6-sun/include/
must be replaced with
/etc/java-config-2/current-system-vm/include/ , and

/usr/lib/jvm/java-6-sun/include/linux/
must be replaced with
/etc/java-config-2/current-system-vm/include/linux/ as well

The best way to check if the host distribution is Gentoo is by checking for the file:
/etc/gentoo-release

But you are using a patched drive, so you can retrieve the Volume ID in a "not official" way, but this isn't the purpose of DumpVID. DumpVID is for the case where you can't get the Volume ID, this is for all drives which are > MKBv1 and are not patched. In that case you need a licensed software player, and, correct me if im wrong, i don't know of any licensed software player that runs under linux (native or under wine).

:rolleyes:

You're right... and you're wrong :p
You're right whent you say i don't need dumpVID as my drive is patched. But you're wrong when you say you need a commercial software. Here is the way to retrieve the VUK :

- you lanch dumpVID.exe with wine, something like that :

# wine dumpVID.exe d:

- in another console, you launch aacskeys

# aacskeys -v /media/bluray

- immediately, dumpVID will give you the VID
- then, you launch again aacskeys with the VID to get the VUK :

# aacskeys -v /media/bluray <VID>

and aacskeys will now give you the VUK !

'Z

That's correct but aacskeys displays the volume id. So why would you need to run dumpVID.exe in the background?

If your drive is not "firmware patched" i think aacskeys doesn't display the vid, am i wrong ?
I'm not at home at the moment but i'll check all of that this evening. All i can remember is before patching my drive i had to use dumpVID to get the VUK with aacskeys.

i'm trying your approach of running dumpVID in the background and when i try to access the disc with aacskeys, nothing comes out of dumpVID. no VID or anything. it still just says: "Hammering drive..." I tried several different delay times (like 50, 120, 130, 150, 200). aacskeys is not outputting VID either.

this is without patching my drive.

any advice on what to try?

thanks!

I'll check that this evening and give you a feedback.

So... I've tried and dumpvid give me the VID when i launch aacskeys. OK, as my LG drive is patched, it's not necessary but the test is ok.

The test is done with BRD Ratatouille, french version.

I launch dumpvid with wine, press ENTER to start hammering. Then i execute aacskeys from another console

vdr@vdrbox:~/DumpHD/aacskeys-0.3.1$ ./bin/linux64/aacskeys -v /media/cdrom0

and :


vdr@vdrbox:~/DumpHD$ wine dumpvid.exe d
DumpVID 0.3 by KenD00 (adapted for bluray testing)

Drive type is recognised as CDROM/DVD.

Sending SPC1 Test Unit CDB6 command..done.
Returned good status.

Press ENTER to start hammering

Hammering drive...
vid: 525F758BFA0C85E8CA4B1E9C9EBD6BF3
Hammering finished.


then :


vdr@vdrbox:~/DumpHD/aacskeys-0.3.1$ ./bin/linux64/aacskeys -v /media/cdrom0 525F758BFA0C85E8CA4B1E9C9EBD6BF3
aacskeys 0.3.1

Current path: /home/vdr/DumpHD/aacskeys-0.3.1

MKBv: 4
Processing key: F190A1E8178D80643494394F8031D9C8
Encrypted C-value: 788A172D47C66A408D7D33F90D2D8521
Corresponding uv: 000000A0

Decrypted C-value: A775A8BD00D800A996560EF6274A5F6C
Media key: A775A8BD00D800A996560EF6274A5FCC

Encrypted verification data: BB25974BA81A2AF7644FAB5FB4668DEC
Decr verif data should be: 0123456789ABCDEF
Decrypted verification data: 0123456789ABCDEF16548E579D21D229

Volume ID (EXTERNAL): 525F758BFA0C85E8CA4B1E9C9EBD6BF3
Volume Unique Key: 67E82C738B3634E52AB8A0A7210F8524
Unit Key File Hash (DiscID): 1348C907340CA8E669F6163CFA7FF795A3DEAB4A
Encrypted Unit Key 1: 998617393B37479AA6F72F1E789732DB

Decrypted Unit Key 1: FC5DFA6B3813352E64ADB703549FB7E9


Just add a line to the KEYDB.cfg (dumpHD) :


1348C907340CA8E669F6163CFA7FF795A3DEAB4A = Ratatouille PAL fr | D | 2007-11-09 | V | 67E82C738B3634E52AB8A0A7210F8524



This should work for you.

But don't remember, if you can patch the firmware of your drive, it's a better solution !

@XAvAX:
Thanks for the info. However, i don't know how to write a sophisticated configure script to detect everything that aacskeys needs to build properly so i can't do anything about it. For that reason i defined some variables at the beginning of the PreMake script so that everyone can make the necessary adjustments easily.

and you're wrong :p

No, i'm not. DumpVID does nothing more than sending Volume ID requests to the drive, because your drive is patched it will answer them and give you the Volume ID. This even works without running aacskeys, just start DumpVID and after a couple of seconds it will give you the Volume ID (the delay is there because DumpVID doesn't "initialize" the crypto stuff inside the drive)!

i'm trying your approach of running dumpVID in the background and when i try to access the disc with aacskeys, nothing comes out of dumpVID.

If there is no patch for your drive you currently can't do anything else than using a certified (windows) software player with DumpVID to get the Volume ID.

:rolleyes:

@KenD00:

there is a patch for my drive, i just can't get it to work on linux. but TomZ did so i'm hoping i can make it work.

@TomZ:

I can't get dumpVID to spit out the VID, i think because my host cert has been revoked on my drive. i think the only thing (or maybe just the best thing) i can do now is to patch the drive. is it a problem (for the patch) that i'm running 64-bit linux? it seems like it shouldn't matter...

I can't get dumpVID to spit out the VID, i think because my host cert has been revoked on my drive.

That's not the reason you cannot get the VID. Just as KenD000 told you, dumpVID is not sending a certificate nor it does the auth necessary to get the VID in the official way. You need the drive to be patched or a windows player.

otoh, aacskeys does the auth with an old certificate. If that does not work, it is indeed because that certificate was revoked by your drive with the help of some new movies you played ;) Just remember, new movies revoke old certificates.

I have problem compiling aacskeys-0.3.5 on Gentoo Linux for amd64.
$ make
==== Building aacskeys ====
aacs_aes.cpp
aacs_ecdsa.cpp
aacskeys.cpp
cmac.cpp
cmac_aes.cpp
ioctl.cpp
src/ioctl.cpp: In constructor ‘Drive::Drive()’:
src/ioctl.cpp:12: warning: converting to non-pointer type ‘int’ from NULL
mmc.cpp
Linking aacskeys
==== Building libaacskeys ====
aacs_aes.cpp
aacs_ecdsa.cpp
aacskeys.cpp
In file included from src/aacskeys.cpp:33:
src/aacskeys.h:8:17: warning: jni.h: No such file or directory
src/aacskeys.h:19: error: ‘JNIEXPORT’ does not name a type
src/aacskeys.h:27: error: expected constructor, destructor, or type conversion before ‘void’
src/aacskeys.cpp:197: error: expected constructor, destructor, or type conversion before ‘*’ token
src/aacskeys.cpp:198: error: expected constructor, destructor, or type conversion before ‘*’ token
src/aacskeys.cpp:199: error: expected constructor, destructor, or type conversion before ‘*’ token
src/aacskeys.cpp:200: error: expected constructor, destructor, or type conversion before ‘*’ token
src/aacskeys.cpp:201: error: expected constructor, destructor, or type conversion before ‘*’ token
src/aacskeys.cpp:202: error: expected constructor, destructor, or type conversion before ‘*’ token
src/aacskeys.cpp: In function ‘int main(int, char**)’:
src/aacskeys.cpp:1722: error: ‘globalSetVuk’ was not declared in this scope
src/aacskeys.cpp:1724: error: ‘jbyteArray’ was not declared in this scope
src/aacskeys.cpp:1724: error: expected `;' before ‘jvuk’
src/aacskeys.cpp:1725: error: ‘jvuk’ was not declared in this scope
src/aacskeys.cpp:1730: error: ‘globalEnv’ was not declared in this scope
src/aacskeys.cpp:1730: error: expected type-specifier before ‘jbyte’
src/aacskeys.cpp:1730: error: expected `>' before ‘jbyte’
src/aacskeys.cpp:1730: error: expected `(' before ‘jbyte’
src/aacskeys.cpp:1730: error: ‘jbyte’ was not declared in this scope
src/aacskeys.cpp:1730: error: expected primary-expression before ‘>’ token
src/aacskeys.cpp:1733: error: ‘globalKeyData’ was not declared in this scope
src/aacskeys.cpp:1878: error: ‘globalEnv’ was not declared in this scope
src/aacskeys.cpp:1878: error: ‘globalAacsException’ was not declared in this scope
src/aacskeys.cpp: In function ‘int printfj(const char*, ...)’:
src/aacskeys.cpp:1910: error: ‘globalEnv’ was not declared in this scope
src/aacskeys.cpp:1910: error: ‘globalMessagePrinter’ was not declared in this scope
src/aacskeys.cpp:1910: error: ‘globalPrint’ was not declared in this scope
src/aacskeys.cpp: At global scope:
src/aacskeys.cpp:1919: error: ‘JNIEXPORT’ does not name a type
src/aacskeys.cpp:1930: error: expected constructor, destructor, or type conversion before ‘void’
make[1]: *** [obj/linux/ReleaseLib/aacskeys.o] Error 1
make: *** [libaacskeys] Error 2
I know there's a binary included with the package, but I couldn't get that to work either.
./bin/linux64/aacskeys: /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/libstdc++.so.6: version `GLIBCXX_3.4.9' not found (required by ./bin/linux64/aacskeys)
Any ideas how to resolve that problem?

Those are the debian packages which provide "jni.h"
# apt-file search jni.h
classpath-common: /usr/include/classpath/jni.h
iceape-dev: /usr/include/iceape/java/jni.h
iceape-dev: /usr/include/iceape/jni.h
icedove-dev: /usr/include/icedove/java/jni.h
icedove-dev: /usr/include/icedove/jni.h
iceowl-dev: /usr/include/iceowl/java/jni.h
iceowl-dev: /usr/include/iceowl/jni.h
java-gcj-compat-dev: /usr/lib/jvm/java-1.4.2-gcj-4.1-1.4.2.0/include/jni.h
java-gcj-compat-dev: /usr/lib/jvm/java-1.5.0-gcj-4.3-1.5.0.0/include/jni.h
kaffe-dev: /usr/lib/kaffe/include/jni.h
kaffe-dev: /usr/lib/kaffe/include/kaffe_jni.h
libgcj7-dev: /usr/lib/gcc/x86_64-linux-gnu/4.1.2/include/jni.h
libgcj8-dev: /usr/lib/gcc/x86_64-linux-gnu/4.2/include/jni.h
libgcj9-dev: /usr/lib/gcc/x86_64-linux-gnu/4.3/include/jni.h
libsablevm-classlib1-java: /usr/include/jni.h
libsablevm-native1: /usr/include/jni.h
libsablevm1-dev: /usr/include/sablevm/jni.h
libxul-dev: /usr/include/xulrunner/java/jni.h
libxul-dev: /usr/include/xulrunner/jni.h
libxul-dev: /usr/lib/xulrunner/sdk/include/jni.h
sun-java5-jdk: /usr/lib/jvm/java-1.5.0-sun-1.5.0.14/include/jni.h
sun-java6-jdk: /usr/lib/jvm/java-6-sun-1.6.0.06/include/jni.h
As you can see they are all java related. So try some java (development) packages of you distribution. The other library is in package "libstdc++6". I hope the package names are somewhat similar to those in gentoo.

Ritman:
Please see http://forum.doom9.org/showthread.php?p=1189555#post1189555

Also, the GLIBCXX error is caused (I believe) by a GCC downgrade from 4.2.X or 4.3.X, which was used to build it, to 4.1.2, which you have

XAvAX: Thanks a ton, that work! I could compile it :-)!

I just need some clarification on how this works. I am able to get from a disc the;
-VID with DumpVid
-VUK with aacskeys, also the Disc ID

No what do I do with these numbers? I used Blu ray disc ripper, using the VUK as the CPS Key (are they the same?)... which did not work. The only think I can think as to why is the source was an unencrypted BD rip on my HDD. Does the source have to be the actual disc in the BD drive, or can it be hard drive files, or an image mounted to a virtual drive.

Also, my drive has had it's firmware patched, and no media player software was used during this whole process.

Thanks.

I just need some clarification on how this works. I am able to get from a disc the;
-VID with DumpVid
-VUK with aacskeys, also the Disc ID

No what do I do with these numbers? I used Blu ray disc ripper, using the VUK as the CPS Key (are they the same?)... which did not work. The only think I can think as to why is the source was an unencrypted BD rip on my HDD. Does the source have to be the actual disc in the BD drive, or can it be hard drive files, or an image mounted to a virtual drive.

Also, my drive has had it's firmware patched, and no media player software was used during this whole process.

Thanks.

no, VUK is not CPS
CPS is called "Decrypted Unit Key 1" in aacskeys output

no, VUK is not CPS
CPS is called "Decrypted Unit Key 1" in aacskeys output


Many thanks. :)

The only think I can think as to why is the source was an unencrypted BD rip on my HDD.

Uhh, if your source is already decrypted, why do you want to decrypt it again :confused:. I don't know what Blu-Ray Disc Ripper does in that case, but DumpHD shouldn't decrypt the files a second time.


Does the source have to be the actual disc in the BD drive, or can it be hard drive files, or an image mounted to a virtual drive.

Again i can only speak for DumpHD, if you have the VUK of that disc in the database it works all these times if you have all files from the disc present (including the AACS stuff). If you don't have the VUK, you need the original disc because the VID needs to be retrieved which isn't stored in the filesystem.


Also, my drive has had it's firmware patched

Then you don't need DumpVID because aacskeys can do all the work for you.

:rolleyes:

Then you don't need DumpVID because aacskeys can do all the work for you.

:rolleyes:

Right on, I did not know that... obviously.


Thanks, O.

Right on, I did not know that... obviously.

One other thing. Is there a way to decrypt an encrypted file that is in either .iso, or BD structure on my PC's HDD?

At the time of ripping I was unsure of this whole process... and my rental was due back. :p
Guys, don't answer this as it is a rule 6 violation.

Guys, don't answer this as it is a rule 6 violation.

Sorry 'bout that.

Here is what happens event with dumpvid hammering :

aacskeys 0.3.5 by arnezami, KenD00

Current path: /home/guilo/dumphd-0.46

MKBv: 4
Processing key: F190A1E8178D80643494394F8031D9C8
Encrypted C-value: 788D0BF2BAA6BCF88D545D6DE2E32FDC
Corresponding uv: 000000A0

Decrypted C-value: 8DC7B0E517FE1F513758C9E11D3E9AEC
Media key: 8DC7B0E517FE1F513758C9E11D3E9A4C

Encrypted verification data: 9AA5318EC0A587729C080AC0525235D4
Decr verif data should be: 0123456789ABCDEF
Decrypted verification data: 0123456789ABCDEF571A4CF3666E53C3

Drive FW info: 1.79 Oct24,2007
AACS Version: 01
Number of concurrent AGIDs: 4
Supports BN generation: YES
BN Block Count: 1
Inserted medium AACS protected: YES

AGID: 00

Host Private Key (Hpriv): 4737676058D7029452514F0AB186DC4CCA8C578F
Host certificate (Hcert): 0200005CFFFF0000000C00006E3DEB679B9A16AD
FAA8E30878767BA6EB2A9B415385AD1181B4446C
31E9A5DD2AB808B364FF15885BAC490964318C9B
F8029FCF76F688A54FBDA03F6D9332EF04E5A613
12DA85880A4D9CBB79D8602E
Host Nonce (Hn): 2923BE84E16CD6AE529049F1F1BBE9EBB3A6DB3C

AGID: 00

The given Host Certficate / Private Key has been revoked by your drive.


ERROR: SENDHOSTCHAL: SK: 0x1, ASC: 0x00, ASCQ: 0x00, errnr: -2


I am using aackeys 0.3.5 on linux64.

you need to patch your BD-ROM drive firmware. Oopho2ei and some other authors have written a drive patch for a few different drives and have posted it here:

http://forum.doom9.org/showthread.php?t=139522

you will need to have wine installed to apply this patch. take all precautions advised by Oopho2ei such as making sure your drive has a safe mode. it is possible to damage your drive if the firmware upgrade is not done properly. don't worry too much though as plenty of people have applied the patch with no problems.

i have searched the forum but cannot figure out how to use the program....i have my external bluray rom on my l drive....how do i use the command prompt for it to get the keys? thanks iam looking for the incrediable hulk keys...

@raymond:

we need a little more info. what operating system are you using? linux i assume? if you're using windows then i would check out AnyDVD as Oopho2ei has previously told you. it sounds like you are saying that you're using an external blu-ray drive, is that right? are you able to run aacskeys at all? does it give you an error? can you post the console output?

if you are getting an error then its most likely that your host certificate has been revoked which means that you need to apply the firmware patch (to your blu-ray drive) created by Oopho2ei and company. This firmware patch can damage your blu-ray drive if not done properly so it is important that you take all precautions advised by Oopho2ei in his thread here (this is also where the programs for applying the patches are located):

http://forum.doom9.org/showthread.php?t=139522

if your drive is not on this list, then you might need to wait until the keys are posted for the discs you want to decrypt.

post more info and hopefully someone will be able to help you! :)

sorry iam using windows...i just do not know how to use the program...how do i use it in command prompt? my bluray drive is l drive..thanks

open a command window and change to the directory where you have the aacskeys.exe file. if your blu-ray drive is d then you should be able to type

C:\>aacskeys d

at the prompt (when you have the blu-ray disc in the drive) and it should give you a bunch of info including the Volume Unique Key (VUK). if not then just type "aacskeys" and it should bring up the help description. i'm pretty sure that you can just put the drive letter in there but i'm not a windows user, sorry. it never hurts to try things out though :)

well i tried that and it says

c:\ is not recognized as an intrnal or external command,operable program or batch file

i did install the aacs file to my c location? thaks

c:\> is the command prompt, it should be already there, you don't type this. Just type something like
aacskeys -v l
but i think it won't help you because i bet your drive is already >MKBv1 and won't return the keys. And i'm not sure if there is a patch for your drive. Regarding your experience with the command shell i suggest to use AnyDVD HD, its currently the easiest solution to decrypt HD-DVD's/BD's :(.

:rolleyes:

c:\> is the command prompt, it should be already there, you don't type this. Just type something like
aacskeys -v l
but i think it won't help you because i bet your drive is already >MKBv1 and won't return the keys. And i'm not sure if there is a patch for your drive. Regarding your experience with the command shell i suggest to use AnyDVD HD, its currently the easiest solution to decrypt HD-DVD's/BD's :(.

:rolleyes:
well thanks but still no luck this is how i open a command prompt.. i go to start-all programs-accessories-command prompt...then it says c:\documents and settings\owner not c:\>aacskeys

i have the trial version if anydvd but it will not give me the keys for the incredible hulk so i then can use it on blu ray disc ripper 1.2...
would you happen to have the keys?:thanks:
thanks

Slysoft just released the AnyDVD 6.4.7.8 BETA Update which 'MAY' have the key you need added to it, though I have not tested this yet as I do not have that BD Movie yet.

You will find a link to download it in their forums. Worth a shot.

thanks i did get anydvd to work but for the future when they do not update and do not want to wait i thought this way would be cool....

thanks i did get anydvd to work but for the future when they do not update and do not want to wait i thought this way would be cool....

Well, if you'd be using it in the future, you'd have to buy it anyway - and then you would not have to wait for it to update but just have it calculate the key you need.
No waiting involved.

thanks i did get anydvd to work but for the future when they do not update and do not want to wait i thought this way would be cool....

If you want to be ready for the future of decrypting Blu Rays, your best bet will be AnyDVD HD. Once you buy it, you'll be hard pressed to find discs that it doesn't work with. As a commercial company, they have the resources to keep up with all the AACS/BD+ updates. As nice as it is to see open source tools for this too, there's only so much free time that people can put into this stuff. Those interested in the fast and easy route, should just buy AnyDVD HD and be done with it. That's what I did almost 1 year ago, and I look back on it as one of the best purchases I have ever made. Now that you've seen it work, I hope you don't have any more doubts about it.

hi guys when i run a command prompt with aacskeys i get this could not open file c:\\processing device keys simple .txt any ideas? thanks

@raymond

when you downloaded the aacskeys archive and unzipped it, in that directory there is a file called "ProcessingDeviceKeysSimple.txt" it needs to be in whatever directory you are running aacskeys from.

@raymond

when you downloaded the aacskeys archive and unzipped it, in that directory there is a file called "ProcessingDeviceKeysSimple.txt" it needs to be in whatever directory you are running aacskeys from.

thanks iam a bit closer it now says this when i run it
.now i get could not find processing key or device key resulting in the media key
possible key tried xxxxxxxxxxxxxxxxxxxx

it give me 3 possible key tried then error: processmkb, errnr: -3


thanks... btw i have a liteon external blu ray rom....

What MKBv does it display?

:rolleyes:

From the changelog:

- Decrypts ACA content of HD-DVD's with both content types by default now
- New option --prefer-sca to decrypt SCA content of HD-DVD's with both content
types
- The library now returns all retrieved keys (MEK, VID, VUK, TUK's)

As usual, the archive contains precompiled binaries / libraries for linux (32 bit and 64 bit), windows and the source code, the zip and tar.gz have the same content.

Download links:
aacskeys 0.3.6 (zip) (http://rapidshare.com/files/172836358/aacskeys-0.3.6.zip)
aacskeys 0.3.6 (tar.gz) (http://rapidshare.com/files/172837437/aacskeys-0.3.6.tar.gz)

:rolleyes:

With the Dark Knight. Any hint of what I should do ^^;?

aacskeys 0.3.6 by arnezami, KenD00

Current path: C:\Users\Esurnir\Downloads\aacskeys-0.3.
6\aacskeys-0.3.6\bin\win32

MKBv: 9
Could not find a Processing Key or Device Key resulting in the Media Key.
Possible key tried: 09F911029D74E35BD84156C5635688C0
Possible key tried: 455FE10422CA29C4933F95052B792AB2
Possible key tried: F190A1E8178D80643494394F8031D9C8
Possible key tried: 7A5F8A09F833F7221BD41FA64C9C7933


ERROR: PROCESSMKB, errnr: -3

With the Dark Knight. Any hint of what I should do ^^;?

MKBv: 9

Wait for someone to release a MKBv9 Processing Key.

yukiyuki please check your PM's.

:rolleyes:

Could AACSkeys output the volume id before processing the MKB? Sometimes i only need the volume id (e.g. for BD+) and aacskeys exits before it's output if it can't decrypt the media key.

I have added a command line switch that allows you to output the Volume ID only. The implementation is ugly but fits the purpose :D. I will make a new release this week, so this is your last chance for small wishes ;).

I am thinking about to transform aacskeys into a more general purpose library, but much time will pass until this will be finished.

:rolleyes:

A bit later than announced, but here it comes, a new aacskeys release. It has a great new feature, its running under Mac OS X now.

First a big thank you to yukiyuki for sending me his initial Mac OS X patch, without his work i probably would never have taken the time to port aacskeys to Mac OS X.

Due to the nature how Mac OS X handles low level I/O operations there are some remarks and open issues. aacskeys can use 2.5 paths to communicate with the drive. First it can use exclusive access to send commands to the drive, this has some drawbacks however so this needs to be enabled explicit by using the command line switch --exclusive-io. You can't get exclusive access easily because Finder will grab the drive when a disc gets inserted, to overcome this problem aacskeys unmounts the disc, this requires root rights currently. This has the side effect that as soon as aacskeys releases the drive Finder grabs it again and autorun gets started. This access path provides the same features as aacskeys has under windows and linux, the only benefit of using it is that only this path allows the usage of the XBox hack, there are no other advantages currently.

The non-exclusive path does not have these problems and is used by default. The 0.5 path results from a technical problem. I have tested aacskeys with two drives, a XBox drive and a LG-GGW-H20L. To get exclusive access and to query the drives firmware version and AACS features aacskeys needs to create a driver plugin (CFPlugIn) to communicate with the drive. For some unknown reason it cannot create one for the XBox drive, but everything else works so aacskeys emulates the commands and returns fake data. You can see if this path is used if the reported firmware version is F0BA and the AACS version is 0. I don't know if this happens only because my Mac is virtual, if anyone knows how to solve this problem im open for suggestions.

The archive contains quad universal binaries for Mac OS X, however only the two intel flavors were tested, i don't have access to a non-intel Mac. They should work but i would appreciate it if someone could test them on a non-intel Mac.

Along some smaller bugfixes there are two other new features. On linux full path resolval is implemented, aacskeys now accepts paths with ./, ../, multiple symlinks and relative paths as mountpath. And there is the new command line switch --dump-vid, when this is specified only the Volume ID / Binding Nonce gets retrieved. Useful if aacskeys can't decrypt the MKB but can retrieve the Volume ID / Binding Nonce to display it.


The archive contains precompiled binaries / libraries for Windows, Linux (32 bit and 64 bit), Mac OS X (quad universal) and the source code, the zip and tar.gz have the same content.

Download links:
aacskeys 0.4.0 (zip) (http://rapidshare.com/files/187908491/aacskeys-0.4.0.zip)
aacskeys 0.4.0 (tar.gz) (http://rapidshare.com/files/187914704/aacskeys-0.4.0.tar.gz)

:rolleyes:

Hi
I am a new user of dumpHD tool.
After a bit of struggle I managed to do my first attempt to dump
a BD disc (die another day).
I get the following error


I have attached the txt file here.
Please help. What am I missing.
I created a file called HostCertificateKey.txt in the dir where I run the dumHD.jar command. In that file, I cut and pasted the Host key valu that I got by running aacskeys.exe command.
THanks for your help.

looks to me like somebody didn't read the guides.. without a drive + firmware that supports aacs bypass you need to go down the dumpvid route to get the volume id.

@usr139
There is no need (and its no appreciated) to send me your post you made one day ago as PM. And if you don't understand what Doom9 has written, why do you ask me but not him?

Besides obviously not having read the tutorials linked from the first page of the DumpHD thread you have damaged your aacskeys installation, nowhere was written you should create the HostKeyCertificate.txt file, it is already present in the release! To enable direct key retrieval in DumpHD all you need to do is to copy the files HostKeyCertificate.txt, ProcessingDeviceKeysSimple.txt and the library appropriate to your OS, in your case Windows so aacskeys.dll, into the DumpHD folder.

But as Doom9 already pointed out, the used Certificate has been revoked so aacskeys won't work without additional help. You are in the lucky situation that there is a patched firmware for your drive (can be found in this forum), flash your drive with that one and you are ready to go as long as your discs are < MKBv9.

:rolleyes:

Sorry for the PM.
Thanks for explaining.
I will try again based on your suggestions.
thanks.

Sorry for the PM.
Thanks for explaining.
I will try again based on your suggestions.
thanks.

KenD00 & Doom9:
Thanks for the tutorial(s).
I got it to work!!!

I'm trying to back a disc with MKBv12, is this possible yet... it's been a while since I've used aacskeys. My drive is patched.

aacskeys -v f:

EDIT: Nevermind... I read a bit back... nothing beyond MKBv9.

I am looking for MKB files of v9 and higher. Can anybody provide these? Thanks in advance!

@evdberg:

what files are you looking for? I have plenty of discs that are MKBv9 or above.

The MKB_RO.inf file.

@Odin24

Hi!I'm trying to back a disc with MKBv12, is this possible yet...(Presently FREEWARE) "MakeMKV" is claimed to be able to rip/decrypt (and convert to MKV) BluRay discs with MKBv12.

Perhaps you can try it and report back?

What is the title?

I have about 10 of them for you evdberg. check PM.

Kend00, please review the attached patch. It adds the ability to place aacs key material in a global location. It will also search for the keys in $PWD, but this patch is really needed for widespread adoption.

It might be a good idea to wrap some Windows detection code in somehow, too, and define GLOBAL_KEY_LOC to e.g. C:\bluray\aacs.

**EDIT**

Another WTF! moment... it appears that the JNI implementation in aacskeys actually calls main() -- in the shared library. Hmmmm.

Another WTF! moment... it appears that the JNI implementation in aacskeys actually calls main() -- in the shared library. Hmmmm.

Yes, the library actually calls main, it starts aacskeys as you would yourself by running the executable, it only enables some additional code that actually populates the object that the java code receives.

When i coded this aacskeys was still developed by arnezami, i needed a way to use his code without "disturbing" his work so that he doesn't need to take care of my needs. Because aacskeys was (and is) a noninteractive command line application with all its functionality basically put into the main method this was the best way. During the time i realized that using aacskeys as library requires a structural redesign to better fit the purpose but i still haven't found the time to do it (and i'm not sure how to do it exactly).

The dependency of the two text files is another problem, especially for the library. I still don't know how to properly realize that in a way that works well for all 3 supported OS. Thanks for your input, but i think hardcoding the paths into the binaries is a not so good solution. While this may work for the *nix variants this is not so nice for the windows version. I'm open for suggestions :).

:rolleyes:

I think hardcoding is in fact the way to go. This can be done on Windows too, at build time. Set a define to a supported path based on the compiler environment in some global header. This also offers the advantage of a configuration file at some point in the future to fine-tune how libaacs works at runtime.

In addition, this does not remove the ability for the user to have the key file in the corrent directory. It simply adds an additional path to search rather than breaking the old behavior. These two reasons are enough to add in support. The patch I uploaded is a good start but does not implement Windows compatibility. This would, however, be trivial to add.

As far as a structural redesign for main(), on a high level it is simple:
*wrap main() in an ifdef and exclude it when the code should be linked as a shared library (detection can be trivially implemented in the build system)
*only parse command-line arguments in main(), and move the rest of the code into startup_aacs()

If there is simply too much data that must be transmitted from main to aacs_startup, define a structure to hold it all and pass that in.

My next bit of work is to reimplement trap_Sha in libbluray so that it (1) uses Gladman's SHA code and (2) handles interleaved calls. After I complete that I'll have another crack at this patch.

@drfix - please stop cross posting this request. Read rule 8.

Regards

Hi
I am a new user of dump vid and aackeys
anybody can me how to use this tool.

This is a repack of aacskeys 0.4.0 which now contains the latest Processing Keys (MKBv9 and MKBv10), nothing else has been changed. If you have already aacskeys 0.4.0 and the MKBv9 and MKBv10 Processing Keys there is no need to download this release.

The archive contains precompiled binaries / libraries for Windows, Linux (32 bit and 64 bit), Mac OS X (quad universal) and the source code, the zip and tar.gz have the same content.

Download links:
aacskeys 0.4.0a (zip) (http://rapidshare.com/files/220830187/aacskeys-0.4.0a.zip)
aacskeys 0.4.0a (tar.gz) (http://rapidshare.com/files/220832866/aacskeys-0.4.0a.tar.gz)

:rolleyes:

Kend00:

This is an updated version of the aacskeys global configuration patch that handles both Windows and Linux. HostKeyCertificate.txt and ProcessingDeviceKeysSimple.txt are searched for in the following order:

If your platform is Windows, look in C:\bluray\aacs
If your platform is Linux, look in /etc/bluray/aacs
If the files are not located in a global location, read them from the current directory.

One things that consistently annoys me about the aacskeys software is the lack of a way to install the software system-wide. This patch does not break current behavior, it only supplements existing functionality. Now I can install libaacs in /usr/lib and aacskeys in /usr/bin and have it work regardless of the content of $PWD. Kend00, please accept and commit the attached patch.

BTW, congrats on the v9 and v10 processing keys! I just tested them on "The X-Files: Fight the Future" and they work perfectly.

@Kend00:

I'm working on aacskeys this week as I find time. My current focus is on moving the command-line parsing routine out of main, into a new main() then renaming main() to aacs_main(). I've also defined a structure that will hold all user-supplied runtime information, which will be passed to aacs_main(). It isn't ready to see the light yet, but it is coming along nicely. Do you have any suggestions as to how to deal with nonfatal errors and status messages? If it is to function as a library these must go away. Maybe I can redirect them to a log file...

If your platform is Linux, look in /etc/bluray/aacs

Ok, you convinced me that this is necessary, but regarding the unix directory structure i would propose another location, either /etc/aacskeys or, because these files aren't configuration files but more some kind of data files, /usr(/local)/share/aacskeys.


If your platform is Windows, look in C:\bluray\aacs

This is not the windows way and i really hate applications which install themselves on c: ;). Either take the files from the application directory (which is a little tricky when using the library, how can it figure out the directory it is executed from?) or use the Application Data directory under Documents and Settings. I currently don't know how to query these locations but i will look into this later.


My current focus is on moving the command-line parsing routine out of main, into a new main() then renaming main() to aacs_main().

I always wanted to convert the code more to c++ but never found the time for this. The main logic is still all in main(), its a first step to move this to another location and make main() "dumb" and let it only initialize the program.


I've also defined a structure that will hold all user-supplied runtime information, which will be passed to aacs_main().

This is a c approach and i don't encourage this, i prefer c++, the code isn't c conform already and i already started with that (see ioctl files).


Do you have any suggestions as to how to deal with nonfatal errors and status messages? If it is to function as a library these must go away. Maybe I can redirect them to a log file...
Well, i would/want to split the code into multiple smaller function units that can be called externally, like getting the VID, decrypting the MKB and so on and use error codes or exceptions that the caller needs to evaluate. However, this way the caller needs to know what to do, maybe it's still possible to use one method that does it all and use a big list of error codes so that you can still figure out in detail what failed.

A library doesn't need to output status messages itself, if you want that information (e.g. MKB version, etc) provide methods for this and the caller has to query that information and display it. The current "library" just executes the program, this is the main problem and should be changed. But i'm still not sure how to do this without writing double code just to do the same things one time in the main program and the second time in the library. Oh well, i could put #ifdef's around every printf :D.

I'm currently not working on aacskeys because i'm spending my time on the BDVM/BD-J connection so a new aacskeys release will take some time.

:rolleyes:

i agree with KenD00. writing stuff on C:\ is horrible
Appdata is better.
usually you can just type %appdata% on the run command that will take you to the appdata folder.
or you can read registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

This might help
http://www.velocityreviews.com/forums/t346548-how-to-find-windows-quotapplication-dataquot-directory.html


hope it help.
but you could also ask the user where he want to install.

Here is the sum of my current work thus far. I am posting it because I don't think I will have time to work on aacskeys in the near future and I don't want work duplicated. The changes currently suffer from the following drawbacks:

1) I'm not a Windows programmer, and hope I will never be. As a result, the Windows compatibility code is probably horribly wrong and may not even compile. I don't have any way to test it, and am relying on MSDN's online documentation.

2) Braindead Windows doesn't have getopt(). Go figure. Some drop-in replacement will have to be found. A quick google search reveals a couple of implementations, but their licenses are incompatible with aacskeys. I hear GNU has a portable getopt, but I haven't invested the time to find it.

3) The code isn't necessarily all that clean or correct. I put it together as a test, so please don't bash me on coding practices. Its pre-pre-pre alpha quality, and only meant as a starting point for the real implementation.

4) get_appdata_dir() does introduce a memory leak. It is easy to fix, but I've run out of time for at least this week.

5) Currently aacs_main() copies values from the passed structure into internal variables. This isn't the correct way to do it; the correct way would be to write bit test macros and replace all occurrences throughout the code. Again, I'm short on time.

6) probably lot of others....

The code changes compile and run on my machine, which runs 64-bit Linux. They appear to work perfectly, but the only thing I'm willing to commit to right now is that they work fine on my own personal desktop.

The license for this patch is GPL2 or any later version, at your discretion.

EDIT:
I forgot that C++ enforces typecasting so strictly. Line 1245 of aacskeys.cpp must be changed to this:
char *path = (char *)malloc(_MAX_PATH);
from this:
char *path = malloc(_MAX_PATH);

EDIT2:
I suggest that aacs_main() be split out into component functions. the real main(), the one that is for compilation as a standalone application, should parse the config options and call all of these component functions. All error printouts should be moved into main(). Compilation of main() can be conditional, depending on whether it is built as a library or application. Application developers should read the documentation and handle invalid return values gracefully in their software.

I get an error when running it. Using Vista x64

error: could not open file: (directory)\ProcessingDeviceKeysSimple.txt

download and an zip the files in the same folder.
that file is in the zip.
later

works fine.

In reply to building on OSX Leopard:

the binary file with .40 works in CLI mode. The library does not work with DUmpHD, it crashes the JVM.
Now, saying this I have the following installed:

openSSL .98k via MacPorts[only way I have gotten this to install correctly]

When I try and compile libaacskeys I run into the same error that everyone else does with EACS?? extensions to openSSL. I'm cluless where to begin to fix it.

I can use the commandline up to MKV10. 12, as we know is still in the works.

Correct me if I'm wrong, but isnt the MKBV info inside the same file as the version header? Obviously its stored on disc somewhere near the AACS files.How difficult is it to use the discs auth against itself? Thats how we managed to break CSS, and usually that's how crypto stuff is cracked.

I'm hardly an expert in drive auth,but the ceasar cypher was broken by the number of occurances [uses per letter]of the english alphabet.Also,once you bust a hash, anything that uses that hash is now cracked. [xb-360 forums]

I hear someone says that only Volume/disc/title keys are in this file, but the MVKB has to be close to these or the set-top boxes couldn't decode the disc.
Maybe we need to start looking at firmwares and set-top firmwares.....

openSSL .98k via MacPorts[only way I have gotten this to install correctly]

When I try and compile libaacskeys I run into the same error that everyone else does with EACS?? extensions to openSSL. I'm cluless where to begin to fix it.

The macports version of openssl contains everything that the original tarball does, at least the version i have installed (don't remember which), including ECDSA. That was the reason i used this version, because the OSX included one wasn't complete. Post the error message the compiler spits out, maybe i can help.


Correct me if I'm wrong, but isnt the MKBV info inside the same file as the version header? Obviously its stored on disc somewhere near the AACS files.How difficult is it to use the discs auth against itself? Thats how we managed to break CSS, and usually that's how crypto stuff is cracked.

I'm hardly an expert in drive auth,but the ceasar cypher was broken by the number of occurances [uses per letter]of the english alphabet.Also,once you bust a hash, anything that uses that hash is now cracked. [xb-360 forums]

I hear someone says that only Volume/disc/title keys are in this file, but the MVKB has to be close to these or the set-top boxes couldn't decode the disc.
Maybe we need to start looking at firmwares and set-top firmwares.....


Honestly, i don't understand what you are saying here. Of course, the MKB file on the disc contains the version number, thats what aacskeys reads and displays. However, this information is only informative for us, it doesn't add anything to the decryption process. Inside the MKB there are the encrypted Media Keys, one of these has to be decrypted with a Processing Key. Every new version of the MKB encrypts the Media Keys with new keys so that we can't decrypt them with our known Processing Keys. So there is no other way then finding new Processing Keys to decrypt new MKBv's.

Second problem is the revokation of certificates, there the version number is important because the drive reads this out to decide if it has to update its revokation lists or not. But this does the drive itself, there is nothing we can do about it.

:rolleyes:

This is again a (slightly more than only a) repack of aacskeys 0.4.0, this release adds a precompiled executable and library version for windows 64 bit. While compiling the the new windows target i have also updated the 32 bit windows build to link against OpenSSL 0.9.8k (all other builds are still linked against OpenSSL 0.9.8i).

@Rupan: sorry, i haven't found the time yet to work further on aacskeys

The archive contains precompiled binaries / libraries for Windows (32 bit and 64 bit), Linux (32 bit and 64 bit), Mac OS X (quad universal) and the source code, the zip and tar.gz have the same content.

Download links:
aacskeys 0.4.0b (zip) (http://rapidshare.com/files/255993578/aacskeys-0.4.0b.zip)
aacskeys 0.4.0b (tar.gz) (http://rapidshare.com/files/256152839/aacskeys-0.4.0b.tar.gz)

:rolleyes:

And again another repack because i still haven't found the time to work on this but forum member pynux has made a great discovery which hasn't made big news yet as it should.

He has found the Host Certificate/Private Key used by MakeMKV in one of its binaries. I don't know the exact details on how he did it but it doesn't look like Mike Chen has protected it in any way so i've taken the freedom to use it for aacskeys as well. It works for at least MKBv12, i don't know how recent the version was that pynux used so maybe it even works for current MKBv14 titles.

So what do we get from this new Certificate? While we have known Processing Keys for up to MKBv10 we had a Certificate only for MKBv1. With this new Certificate users who don't have a patched drive can finally use aacskeys again without going the painful dumpvid route and everything works automatically again as it should.

The archive contains precompiled binaries / libraries for Windows (32 bit and 64 bit), Linux (32 bit and 64 bit), Mac OS X (quad universal, NOTE: There are reports that the dylib does not work on MacOSX >= 10.5.7, i can't do anything about it right now because i have only MacOSX 10.5.4 running here) and the source code, the zip and tar.gz have the same content.

Download links:
aacskeys 0.4.0c (zip) (http://rapidshare.com/files/273471735/aacskeys-0.4.0c.zip)
aacskeys 0.4.0c (tar.gz) (http://rapidshare.com/files/273476005/aacskeys-0.4.0c.tar.gz)

:rolleyes:

Hi!
I tried the new version, 0.4.0c to get the key for the top gun bd, and I get the Error:
Could not find a Processing Key or Device Key resulting in the Media Key.

That means that the disc is too new; it uses MKB version 11 or later.

Hi!

The keys for the U.S. version of "Top Gun" are already in the "KeyDB.cfg" file for the BluRay version of "DumpHD".

Also, as noted above by "KenD00", aacskeys 0.4.0c definitely works with MKB 12 and likely MKB 13 and MKB 14, as well...

Ok, once i again i should get some things straight here.

Basically there are two types of information we need to decrypt a disc, its Media Key and its Volume ID to calculate the Volume Unique Key. To get these two entities we need two different cryptographic elements.

First a non revoked Host Certificate and its Private Key to get the Volume ID. The recently found one (thanks Mike Chen and pynux) works for (i'm pretty sure) up to MKBv14, so with this one we can get the Volume ID of discs from MKBv1 up to MKBv14. If some day this one gets revoked (which will happen, i'm pretty sure about this) we can't get the Volume ID from ANY of these discs (this is a form of active revokation) until a new Certificate is found (or we use other ways to get it ;))!

Second we need a Processing Key to decrypt the Media Key. Currently we have Processing Keys for MKBv1 up to MKBv10. If they "revoke" a Processing Key it simply cannot decrypt new MKB versions but it still can decrypt the old ones (so this is a form of passive revokation). But if we can't get the Volume ID of a disc all our Processing Keys are worthless (see above).

To sum things up the current situation is Volume ID for MKBv14, Media Key for MKBv10, the common denominator is MKBv10, so this is the maximum MKB version we can handle now.

:rolleyes:

Is it possible to find out what MKBv is used on a certain disc?

AACSKeys will tell you.

Current path: C:\Documents and Settings\Administrator\
Desktop\aacskeys-0.4.0c

MKBv: 12
Could not find a Processing Key or Device Key resulting in the Media Key.

Ah yes, my Top Gun BD (German Version) has MKBv 12.

aacskeys 0.4.0c (tar.gz)[/URL]I noticed that hddump with aacskeys 0.4.0c would not try to use AACSAUTH even if the "-a" option was specified, as it fell through a "goto exit;" when finding that none of the keys in the db were fitting, before even trying to do the "conventional" AACSAUTH method.

A one-line patch (sorry, not at hand at the computer I'm writing from) to not take that "goto exit" code path fixed it for me, I wonder whether I was the only one to stumble upon this.

A one-line patch (sorry, not at hand at the computer I'm writing from) to not take that "goto exit" code path fixed it for me


No, you haven't fixed anything, instead you have broken something that was working fine. There is no need to do AACSAUTH or any other process to get the Volume ID from the drive because you couldn't decrypt the Media Key with any of the Processing Keys. Your "patch" just let it continue to calculate the VUK with whatever crap was left behind in the array for the Media Key after testing the Processing Keys (or you could have gotten a VERIFYDATA error, depending on which goto you are talking about, you haven't given quite detailed information)!

You could have figured this out by yourself by actually trying the VUK or CPS Unit Keys, DumpHD would have told you that it couldn't find a key for any of the M2TS files!

If you really want to get the VID even if you can't decrypt the Media Key use the --dump-vid switch, then you will get the VID of the disc if one of the retrieval methods worked, nothing more.

:rolleyes:

There is no need to do AACSAUTH or any other process to get the Volume ID from the drive because you couldn't decrypt the Media Key with any of the Processing Keys.Ah, ok, so I was just misled by the error messages. They aren't too obvious, after all... :)

If you really want to get the VID even if you can't decrypt the Media Key use the --dump-vid switch, then you will get the VID of the disc if one of the retrieval methods worked, nothing more.Yes, that works as described.

I've been trying to get this program to run, but can't get past error message: "Could not open file c:\\ProcessingDeviceKeysSimple.txt Error: Process MKB, error: -1
when I attempt to run from the command function.

My aacskeys folder is under my C: directory and the above mentioned txt file is directly under the aacskeys folder, not under a sub folder. Based on what I've seen in the forum archives, that is correct. Confused???

Can anyone enlighten me??

Change directory to the aacskeys folder first. Then run the exe.

Thank you for your prompt response. However, I'm still confused as to where to put the text file. Here's the file config I've presently got:

Local Disk (C:)
aacskeys-o.4.0 (folder)
bin (folder)
win 32 (folder)
aacskeys.exe (app file)
ProcessingDeviceKeysSimple (text file)

My command line from the C prompt in DOS is as follows:

c:\aacskeys-0.4.0\bin\win32\aacskeys.exe e

Where the last e is the drive. When I run this command, I get the error message in my last message. What am I doing wrong here??

you didn't use the cd command
cd c:\aacskeys-0.4.0\bin\win32\
aacskeys.exe e

Heres exactly what I typed after opening the command screen:

CD C:\ (to change to the C: prompt)

Now I'm at the C: prompt and I typed:


aacskeys-0.4.0\bin\win32\aacskeys.exe e

Is this wrong....

Thanks

aacskeys looks for the Processing Key file and the Host Certificate file in the current working directory, thats the directory from where you issue the command. In your example this is C:\, apparently this is not the directory where these files reside, they are in aacskeys-0.4.0, so you have to change into that directory first.

Your steps should look like this:

C:\Users\KenD00> cd c:\aacskeys-0.4.0
C:\aacskeys-0.4.0> bin\win32\aacskeys e

:rolleyes:

I had the same issue http://forum.doom9.org/showthread.php?t=149727
Place the ProcessingDeviceKeysSimple.txt here C:\ ProcessingDeviceKeysSimple.txt right where the error is telling you it's missing and ALSO the same folder as aacskeys .exe and all will be well

I had the same issue http://forum.doom9.org/showthread.php?t=149727
Place the ProcessingDeviceKeysSimple.txt here C:\ ProcessingDeviceKeysSimple.txt right where the error is telling you it's missing and ALSO the same folder as aacskeys .exe and all will be well

That's unnecessary if you're smart enough to cd to the aacskeys folder before you try to run it. :rolleyes:

Thanks KenD00 for the feedback.

Yes, by using your syntax, I can get the command file to work. However, now I'm getting an error message "c:\aacskeys-0.4.0\bin\win32\aacskeys.exe is not a valid Win32 application."

I've also noticed that when I click on the aacskeys.exe file from Windows, I also get the same error message. It seems to me that earlier when I did that, I got a flash of the Command file on the screen. Not sure whats up all of sudden. Maybe I should delete and reload aacskeys files?

That's unnecessary if you're smart enough to cd to the aacskeys folder before you try to run it. :rolleyes:

Either way will work, I had typed the command so much trying to get it to work
I eventually got lazy and cut and pasted the path in command prompt and than ran the exe
Guess that is where I made my mistake

KenD00

Thanks for your assistance in this issue.
I got it going by reloading the aacskeys files. It now runs, but I get an error message as attached. Reading through some of the archives, I see this may be related to drive patching?

Hmm, the recent Host Certificate should work for all known MKB versions, are you using the 0.4.0c release?

What MKB version does the disc have that you are using, and is this the newest disc you ever played back with that drive? Run aacskeys in verbose to get the MKB version of the disc, like

aacskeys -v e

:rolleyes:

I assume the Blu ray disc does not have to actually running, only mounted to run aacskeys, and the mentioned query?

Tried to run the aacskeys -v e routine. Had no luck. Is that also run from the same prompt?

Well, uhhh, of course, you are just supplying some different command line arguments...

Ok, it looks like you have not really an idea of what are you doing here so basically i wonder what are you actually trying to achieve? With the recent Host Certificate there is again a much more unexperienced user friendly free way to decrypt your HD-DVD / Blu-Ray - recent BD+ discs (read: after the initial setup insert a disc and press 5 buttons) available, maybe this is the better solution for you.

:rolleyes: