View Single Post
Old 18th February 2007, 12:48   #296  |  Link
arnezami
Registered User
 
Join Date: Sep 2006
Posts: 390
Quote:
Originally Posted by KenD00 View Post
Well, this seems to be only the half truth. According to the AACS-Spec, the upper half of the VolumeID is stored on the disc in the BCA, the lower half in a Copyright Data Section of the Control Data Zone in the disc Lead-In in a manner described in the AACS HD DVD and DVD Pre-recorded Book, Confidential Part. The AACS-Spec defines extenions to the Mt. Fuji Protocol and indeed, these extensions (except the one to read the P-MKB) require the ACCS-Authentication.
I wanted to verify that and send these commands to the drive, so i've read the MMC-6 draft to get the missing information to do that and i found out something interesting. You can read the BCA and the Copyright Data Section of the disc directly with MMC-6 commands, and these commands do not require the AACS-Authentication! I've tested that and it works, but somehow only partially. I got the BCA with the first half of the VolumeID, but everything i got from the Copyright Data Section was zero. I could also read the Copyright Protection Information from the Control Data Section but i dont know whats this for.

If someday sniffing won't work anymore this would at least reduce the brute force amount to 48 bit, but thats still quite much.

OK. I just realized something here. When using your proggy it hanged (as I said). But what is more interesting is where it hanged: it stopped at position F000h of the Copyright Data Section.

Now look at the HD DVD docs:



Now if you didn't have this "hanging" problem (probably the time out acting up in my case, possibly caused by my OS) with your drive/OS then I would really like to know whats in your part of the cds.bin file at F000h through FFFFh (if anything). It could potentially contain the second half of the Volume ID encoded in a "Confidential way". Have you looked at this part?

Btw: others can try this too.

If there is anything there please also post the Volume ID of the disc used so we can see if/how its encoded.

Regards,

arnezami

[edit] Hmmm. I'm starting to get a little confused about what this cds (that is extracted) really is when looking at the docs. things don't seem to match...

Last edited by arnezami; 18th February 2007 at 13:39.
arnezami is offline   Reply With Quote