Quote:
Originally Posted by noclip
To go after a device key with known plaintext you must first have a known plaintext (the media key). We should focus on working our way up the chain of command from Volume to Media to Device to possibly (but unlikely) Root key.
|
Thats not entirely accurate. Although I agree its probably easier to go after the Media Key
right now.
Why is it not entirely accurate? Well to let a known plaintext work it doesn't have to involve just
one encryption step (you do not have to know the Media Key in advance). Lets say we have a disc containing a MKB. In that MKB is a verify media key record. In essense this means: if you think you have found the media key using one of many possible Device Keys (which you try one by one using the memory dump as seed) then you can check if its valid. So yes you can go for Device Keys directly. But its a lot harder I think (because of the way the subset difference algo works).
The future will tell whether its easier to go for Device Keys (and then for Media Keys) or for Media Keys directly.
Ok. Lets go for this Media Key shall we?
And more Volume IDs are helpful too
.
Regards,
arnezami
PS. And I'm not talking about variant keys. Those a (little) harder still...