Since we now have the ablity to read the first 8 bytes of the volume ID it gets even easier to guess the other 8 bytes:
Code:
Constantine 05/12/2006 5:05
Hex: 40 00 30 06 53 05 16 11 57 47 48 44 56 4d 00 00
Ascii: W G H D V M
Code:
MI3 10/03/2006 15:34
Hex: 40 00 20 06 10 03 07 19 00 20 20 20 20 20 00 00
Looking at these two types we can simply try the two possible different 6 bytes. Check if the resulting VUK with the MAC in the Title Key File and if its correct we know it was one of these two types of Volume ID. My feeling is this amounts to more than 50-70% of all HD DVDs.
Code:
Swordfish 04/15/2006 2:10
Hex: 40 00 53 57 4f 52 44 46 49 53 48 20 20 20 00 00
Ascii: S W O R D F I S H
Then we can try the name of the movie/disc (first maybe look if the first 6 chars equal the first 6 chars of the movie) with spaces behind it. By now can decrypt a lot of discs already (with only 3 tries!!). If we don't find it this way (maybe the disc name is slightly different?) we could brute force like 3-4 characters using Capitals only (= 26^4 ~ 450,000 tries). Again: we should test the VUK with the MAC each time.
If this works (and I think it will) we should have like 70-90% of all discs decryptable.
Code:
The Matador 10/19/2006 20:41
Hex: 40 00 ba be 00 00 00 00 00 00 00 00 00 1c 00 00
This one I don't know. So far only one found of this kind. We could try 256 different values in the last byte. Don't know.
Code:
Rambo: First Blood II
Hex: 40 00 18 54 3b d6 24 9b 59 f3 31 1e 49 ee 00 00
This type we can't guess since its random. We simply instruct the user to extract/sniff the VID.
I think by doing it this way we could make a proggy that decrypts most HD DVDs without the use of WinDVD (Jap) or even a sniffer
.
Anyone who feels like doing it feel free.
Regards,
arnezami