Hi,

I am using vlc on Linux and so far was able to play my only Bluray (Inception UK) (with libaacs and a generic KEYDB.cfg file containing only a list of processing keys and a host key/certificate, found at http://vlc-bluray.whoknowsmy.name:8080/files/KEYDB.cfg).

If I understand properly, the host key/certificate is the key of the software player, which is mixed with the BD drive key and the processing key to find the VUK of the movie to decrypt it.

Yesterday, unfortunately, I inserted a newer disc (not that new though, Julia's eyes UK, key v25, released in 2011) and now my host key/cert have been revoked by the player, as stated by aacskeys.

1. Again, if I understand well, this is irreversible. My drive is an LG BH10LS30 and even reflashing the drive would not remove the revocation. Am I correct?

2. Am I correct to say that the only two ways to correct this would be:
- to update the host key/certificate in the KEYDB.cfg file to ones that have not been revoked (yet)
- to use the VUK list for each specific disc instead.

The problem is that so far I have not been able to find different host key/certificates. There are several ones on the net, but they are all revoked (power dvd 7). The ones found in the PS3 unfortunately do not work with aacs (aacskeys gives me "Problem with verifying the host signature", I guess the PS3 key does not work in a Bluray computer drive?) Is there a way (through IRC) to get new ones?

3. Note that makemkv on Linux still works, I wonder how they do work. Do they have access to new host key/certificates?

Many thanks in advance for your answers and advice.

1. Again, if I understand well, this is irreversible. My drive is an LG BH10LS30 and even reflashing the drive would not remove the revocation. Am I correct?

Yes, I tried re-flashing after the cert provided for VLC was revoked it didn't clear the revoked cert. Nothing would play including older movies.

2. Am I correct to say that the only two ways to correct this would be:
- to update the host key/certificate in the KEYDB.cfg file to ones that have not been revoked (yet)
- to use the VUK list for each specific disc instead.

Correct.

The problem is that so far I have not been able to find different host key/certificates. There are several ones on the net, but they are all revoked (power dvd 7). The ones found in the PS3 unfortunately do not work with aacs (aacskeys gives me "Problem with verifying the host signature", I guess the PS3 key does not work in a Bluray computer drive?) Is there a way (through IRC) to get new ones?

the PS3 host certificate worked for me with VLC i only tried one bluray so far though. It used MKB v27, the PS3 cert is supposed to work up to MKB v29.

the PS3 host certificate worked for me with VLC i only tried one bluray so far though. It used MKB v27, the PS3 cert is supposed to work up to MKB v29.

Thank you. Strangely, when I use the PS3 cert (in a HostKeyCertificate.txt), then I get this error with aacskeys: "Problem with verifying the host signature". Do you have an idea of what I am doing wrong? Are you using it under Linux? Would you be kind enough to send me your HostKeyCertificate.txt in PM? Thanks in advance.

i've never tried with aacskeys so i'm not sure whats up there. I added the PS3 cert to KEYDB.cfg and use VLC in Windows.

i've never tried with aacskeys so i'm not sure whats up there. I added the PS3 cert to KEYDB.cfg and use VLC in Windows.

I'll try this. Would you mind sending me your KEYDB.cfg file in PM?

EDIT: Thanks a lot! :thanks:

Is it possible that my drive does not recognise the PS3 key because my most recent disc is a MKBv25: so this one revoked the old power host certificate I was using, but on the other hand, I would need a MKBv27 disc to update my drive to accept the PS3 key. Is that correct?
If so, do you know a MKBv27 or v29 disc available in the UK?

Actually, the new host key works. Inception segfaults, but it may be a problem with libaacs or vlc itself.

EDIT: Inception works with mplayer, the problem is perhaps with vlc.

It also means aacskeys 0.4.0c is buggy with the newer host key.

So in short, there are newer host certificates and processing keys out there... Good to know.

Current libaacs stores the VUKs for each played BD in a separate file (in linux, this is .cache/aacs/vuk, just as libdvdcss does in .dvdcss), so in theory, if you manage to play a BD once on your system, the VUK gets stored automatically, and you can play the title even if the HC gets revoked eventually.

Hi ro-ee,

Thanks. I just found this too, by experimenting :) It seems this is true with vlc, but not with mplayer, which requires a KEYDB.cfg file anyway, but maybe I am wrong. I need to test a bit more.

So in short, there are newer host certificates and processing keys out there... Good to know.

Current libaacs stores the VUKs for each played BD in a separate file (in linux, this is .cache/aacs/vuk, just as libdvdcss does in .dvdcss), so in theory, if you manage to play a BD once on your system, the VUK gets stored automatically, and you can play the title even if the HC gets revoked eventually.

Well AFAIK the PS3 cert has been revoked on new discs using MKB v30 and newer.

The processing keys released go up to MKB v23/25 but they appear to use the same key for v26-28.

One thing that i would like to see is something like P2P tool for libaacs that would share peoples cached VUK keys. That way if you can't decrypt a movie due to missing processing keys or revoked cert it could search a P2P network. :devil:

Another way would be to prevent flash writing of revocation lists, but I guess this is drive-dependent. Maybe using hacked firmwares? Apparently, the revocation list is read/write on a PS3!

Another way would be to prevent flash writing of revocation lists, but I guess this is drive-dependent. Maybe using hacked firmwares? Apparently, the revocation list is read/write on a PS3!

From what i read there were firmware patches for some LG drives back in 2008. They had a Volume ID firmware patch effectively it aloud you to bypass the aacs authentication between drive and player. This is exactly what people would need when you have a revoked host cert the drive would just hand over the VID without authentication. you can read about the patches here.

Volume ID firmware patch (http://forum.doom9.org/showthread.php?t=139522&highlight=Volume+firmware+patch)

I haven't read about any patches after 2008 i don't know if the industry figured out how to prevent people from patching the drives, lack of interest, or risk of lawsuits.

Thanks Zombiedeath. I'd love to see more of these patches for the new LG (or other drives)!