View Single Post
Old 17th February 2007, 17:47   #286  |  Link
SBeaver
Registered User
 
Join Date: Dec 2002
Posts: 86
Quote:
Originally Posted by KenD00 View Post
Well, this seems to be only the half truth. According to the AACS-Spec, the upper half of the VolumeID is stored on the disc in the BCA, the lower half in a Copyright Data Section of the Control Data Zone in the disc Lead-In in a manner described in the AACS HD DVD and DVD Pre-recorded Book, Confidential Part. The AACS-Spec defines extenions to the Mt. Fuji Protocol and indeed, these extensions (except the one to read the P-MKB) require the ACCS-Authentication.
I wanted to verify that and send these commands to the drive, so i've read the MMC-6 draft to get the missing information to do that and i found out something interesting. You can read the BCA and the Copyright Data Section of the disc directly with MMC-6 commands, and these commands do not require the AACS-Authentication! I've tested that and it works, but somehow only partially. I got the BCA with the first half of the VolumeID, but everything i got from the Copyright Data Section was zero. I could also read the Copyright Protection Information from the Control Data Section but i dont know whats this for.

If someday sniffing won't work anymore this would at least reduce the brute force amount to 48 bit, but thats still quite much.

Very good to hear, still depends on having the processing key which they might take away but it could end up being a safe solution for a long time.
Someone should really try to hack a firmware to accept any host certificate it gets and just allow the volume key to be read regardless.
That way there isn't even the slightest chance that any backup app based on processing key might be illegal because of use of stolen host certificates.
SBeaver is offline   Reply With Quote