i have downloaded aacskyes from bd-tools list.
I tried a blu-ray disc which is released at 2006.
That my bd drive is SONY BDRW BWU-100A:
the output is :

Processing key: 09F911029D74E35BD84156C5635688C0
Encrypted C-value: 6E983201B9079C4A99495B3414F7722E
Corresponding uv: 00000001

Decrypted C-value: 9D6E8422BD9A3483545A515FAD311EE7
Media key: 9D6E8422BD9A3483545A515FAD311EE6

Encrypted verification data: 459B6AB79A5C004E8A67E0DC96BBC83D
Decr verif data should be: 0123456789ABCDEF
Decrypted verification data: 0123456789ABCDEF5DDCD905E8794A9D

Drive FW info: 1.0aJly03 ,2006RC3D

AGID: 03

Host certificate from: Power DVD 7.1
Host certificate (Hcert): 0200005CFFFF0000000C00006E3DEB679B9A16AD
FAA8E30878767BA6EB2A9B415385AD1181B4446C
31E9A5DD2AB808B364FF15885BAC490964318C9B
F8029FCF76F688A54FBDA03F6D9332EF04E5A613
12DA85880A4D9CBB79D8602E
Host Private Key (Hpriv): 4737676058D7029452514F0AB186DC4CCA8C578F
Host Nonce (Hn): 2923BE84E16CD6AE529049F1F1BBE9EBB3A6DB3C

Drive certificate (Dcert): 0000000000000000000000000000000000000000
0000000000000000000000000000000000000000
0000000000000000000000000000000000000000
0000000000000000000000000000000000000000
000000000000000000000000
Drive Nonce (Dn): 0000000000000000000000000000000000000000

Your drive isn't giving back its Drive Certificate.It looks like the given Host Certficate/Private Key has been revoked (by your drive).

the question is: my bd drive was bought at the beginning of 2007(although it was produced in 2006),so,the MKB version of such bd couldn't revoke my device! So,anyone would like to tell me why aacskeys would failed?Thnx.

You inserted a movie that updated the drive's own MKB and thereby its host revocation list.

but i had not reveal any keys of my drive,why it updated its MKB revocation list to this unexpected version?
and if this really done,how should i resolve such a problem? In another word,how do i use aacskeys to work again?
Thanks.

You are screwed that's how it is as there is no going back - you play a disc with a more up-to-date revocation list and you never get rid of that revocation list again. Every time you play a disc, the player will update the revocation list if the disc contains a more recent version than you currently have. In addition, I suppose firmware updates also come with more up-to-date revocation lists.

how do i use aacskeys to work again?


If you don't have a new Host Certificate present you have to use DumpVID to acquire the Volume ID from the disc and feed it into aacskeys.

:rolleyes:

If you don't have a new Host Certificate present you have to use DumpVID to acquire the Volume ID from the disc and feed it into aacskeys.

:rolleyes:

first,i can understand that my drive could be in the revocation list.but i have not use reveal any information of my drive,why they revoke my drive?

second,i also want to use DumpVID,but i can't open the download linker at Got VolumeID without AACS authentication
(http://forum.doom9.org/showthread.php?p=993782#post993782),so could you send one copy to me?thanks
my mail is kcynice@hotmail.com,

first,i can understand that my drive could be in the revocation list.but i have not use reveal any information of my drive,why they revoke my drive?


It's not your drive that is on the revocation list, but the authentication key that aacskeys is using.

So if you are running windows, you can try AnyDVD HD, which uses an non-revoked certificate and will simply unlock any HD-DVD/BD.

Otherwise you'll have to do what KenD00 suggested - though I can't help you with that link for DumpVID, I don't know myself where to get it from.

i am very appreciated for your reply. also thanks slysoft,too.i have a anyDVD,i bought it last year.but,as a student,i want to learn how to decrypt bd movies,i was very interested in it since i first entered this forum.Since anyDVD is a excellent software,i had tried to know how it works for.
But as a developer of anyDVD,it's very kind of you giving me some useful ideas(anyDVD is a commercial tool).

Regards.

i am very appreciated for your reply. also thanks slysoft,too.i have a anyDVD,i bought it last year.but,as a student,i want to learn how to decrypt bd movies,i was very interested in it since i first entered this forum.Since anyDVD is a excellent software,i had tried to know how it works for.
But as a developer of anyDVD,it's very kind of you giving me some useful ideas(anyDVD is a commercial tool).

Regards.

Ok, I see :)

Bummer, that you messed up your revocation list then.
But any bus sniffing tool will help you get the Volume IDs then - they are still being transmitted in plain.

Ok, I see :)

Bummer, that you messed up your revocation list then.
But any bus sniffing tool will help you get the Volume IDs then - they are still being transmitted in plain.

well.some one had sent me a copy of dumpvid. but when the program running,software player refused to play the bd movies.lol.
It seems that,it would not work now.
i will try to get another method.
thanks

What software player did you use? I remember it didn't work with the very first HD/BD version of WinDVD. And did you use the Blu-Ray version of DumpVID? The first post of the DumpHD thread (http://forum.doom9.org/showthread.php?t=123111) contains new download links to a package of both DumpVID versions now. I have tested them with the latest PowerDVD version and they still work.

:rolleyes:

What software player did you use? I remember it didn't work with the very first HD/BD version of WinDVD. And did you use the Blu-Ray version of DumpVID? The first post of the DumpHD thread (http://forum.doom9.org/showthread.php?t=123111) contains new download links to a package of both DumpVID versions now. I have tested them with the latest PowerDVD version and they still work.

:rolleyes:
heh,i downloaded the bd-supported version from dumpvid 0.3 (adapted)
(http://www.sendspace.com/file/wyqw47),was it right?I use PowerDVD.it seems that,when the program running,PowerDVD refused to play the movie now,so that dumpvid can't return the result.
But it's very strange that,why powerDVD can get the volume id but we can't. why we can't pretend to be a compliant player.For example,tell the drive,i am PowerDVD(of course not),please return the right data or any keys needed? If PowerDVD has a real key can make drive open its door,why we can't? At least we can replicate such a key. in our reality,who has such a door(or a lock) with only one key? i'm afraid no!

perhaps such a thought is a little puerile,but i want to know the reason anyway.thnx

Yes, thats the right version. I have tested it with PowerDVD Ultra 7.3.3730 and it still works on my machine, what PowerDVD version do you use? And, just to be sure, your PowerDVD can play the disc when DumpVID is not running? Does it show any error message or does playback simply not start (even after waiting some time)?

Well, maybe you should read the AACS specs and get some basic background about cryptography before you start asking why we can't to this what others can do and so. Or, to answer with your real life comparison, why would you build a lock into your house's door if every random guy passing by can make himself a key without hassle in a second?

:rolleyes:

Actually, the host is revoked. Not your drive.

Yes, thats the right version. I have tested it with PowerDVD Ultra 7.3.3730 and it still works on my machine, what PowerDVD version do you use? And, just to be sure, your PowerDVD can play the disc when DumpVID is not running? Does it show any error message or does playback simply not start (even after waiting some time)?

Well, maybe you should read the AACS specs and get some basic background about cryptography before you start asking why we can't to this what others can do and so. Or, to answer with your real life comparison, why would you build a lock into your house's door if every random guy passing by can make himself a key without hassle in a second?

:rolleyes:

I am not on my computer,now.but i remember my powerdvd's main version is 7.3 and can play my bd movies normally except running with dumpvid. When dumpVID was running, i pressed powerdvd's play button it would tell me that i need update it necessary component,no matter i selected yes (it would show update successfully immediately) or not,when i pressed play again,all the thing would be the same.

Second,i am reading AACS standard very hard these days. But i still don't know why we can't replicate something what powerdvd uses to verify with a drive. if its a constant key it should be existed somewhere in some way,if it should be calculated from sth the seeds and the algorithm must can be found and then calculated the final verify keys too. so why?:)

Actually, the host is revoked. Not your drive.

yes,must be. if not,my powerdvd would refuse to play the movie too.
now,i want to know the answer of the question above.

When dumpVID was running, i pressed powerdvd's play button it would tell me that i need update it necessary component
Hmm, maybe your drive doesn't like to be probed with multiple AGIDs and invalidates the one used by PowerDVD. Maybe its time to update that little hack to a more featured program ;).

But i still don't know why we can't replicate something what powerdvd uses to verify with a drive
This is cryptography! If you have the secret information that the AACS LA is storing in its fall-out shelter you can create a certificate with ease, but if you don't have it you need more time to try every possible combination than the sun remains shining.

:rolleyes:

Hmm, maybe your drive doesn't like to be probed with multiple AGIDs and invalidates the one used by PowerDVD. Maybe its time to update that little hack to a more featured program ;).
I am no ideas for updating it.how to?

This is cryptography! If you have the secret information that the AACS LA is storing in its fall-out shelter you can create a certificate with ease, but if you don't have it you need more time to try every possible combination than the sun remains shining.

:rolleyes:
Of course this is. but it seems that your aacskeys did. priv_key,host_cert,host_nonce and host_key were all crypted by powerDVD,right?

I am no ideas for updating it.how to?

Stuff like let the user choose which AGIDs to use, request all but one, something like that. This was more a note to myself ;).


Of course this is. but it seems that your aacskeys did. priv_key,host_cert,host_nonce and host_key were all crypted by powerDVD,right?
aacskeys IS NOT FROM ME, its from arnezami. Right now i'm just maintaining it because he doesn't. And no, the host_cert travels freely on the unencrypted bus, host_nonce and host_key are calculated, the priv_key was the challenge, this one is hidden inside the player.

:rolleyes:

Stuff like let the user choose which AGIDs to use, request all but one, something like that. This was more a note to myself ;).
if so,the aacskesys can get the right AGID value now?


aacskeys IS NOT FROM ME, its from arnezami. Right now i'm just maintaining it because he doesn't. And no, the host_cert travels freely on the unencrypted bus, host_nonce and host_key are calculated, the priv_key was the challenge, this one is hidden inside the player.
:rolleyes:
ok. but the host_cert is dependent on the the priv_key,right? If no,or in another word,the host_key is permanent,we can use aacskeys to iterate and get the right priv_key,if we have enough time to try.isn't it?

host_key is the private-key-part, host_cert is the corresponding public-key-part.

And no, you cannot brute-force. Even if you get the key by only having searched 0,000000001% of all possibilities, our universe is running out of time before getting there.

yes,the possibility shoule be very small,and time-eating.

Since so,i think i should go another way to get it,like powerdvd. And is there some advice to do such work?

I cannot help but think you're just here for the sake of arguing.. why can't you accept things like they are? If it were so easy to extract a new host certificate from a newer PowerDVD, don't you think the guys who did it for PowerDVD 7.1 would've done so again? Cyberlink has made great improvements in protecting the AACS elements they need to protect according to the AACS license agreement.

I believe that until you have properly studied the AACS specs and acquired the appropriate reverse engineering skills to start attacking software players, this is not going to go anywhere.

In the meantime.. what's wrong with buying AnyDVD HD? My stance on commercial versus free is well known so when I suggest a commercial tools, it's because there's simply no good alternative (and it's better than bringing up all the old ideas about BD+ again when you come across your first BD+ disc).

Currently there's no need for a new certificate. Might change if they introduce bus encryption. And as they always revoke all (pc) certificates with each new MKB iteration it is currently also a waste of time to hack it out of powerdvd.

In the meantime.. what's wrong with buying AnyDVD HD? My stance on commercial versus free is well known so when I suggest a commercial tools, it's because there's simply no good alternative (and it's better than bringing up all the old ideas about BD+ again when you come across your first BD+ disc).
In fact,I had bought a AnyDVD(not AnyDVD HD).AnyDVD is a excellent tool which can decrypt my bd movies well. Since bd is using a robust tech,why not to try it by myself?I think i should do so as a student.I do all the things for myself,so if i failed,nothing lost but experience accumulated!Yes,I might lacks knowledge about aacs,but I am learning it hard since 2 weeks before.Perhaps RE is another issue,perhaps not. I think there are many other folks like me,they are working hard. Some useful ideas should be needed,otherwise,the more same work would be repeated;so,right ideas should be focused and ...:stupid: