BackupHDDVD, a tool to decrypt AACS protected movies

[evdberg]

I never seen an ADV_PCK, so can you please give a hex dump of the first 128 (0x80) bytes? Based on your description above I would say that BackupHDDVD indeed tries to decrypt this kind of block.

[cwm9]

Quote:

Originally Posted by evdberg

I never seen an ADV_PCK, so can you please give a hex dump of the first 128 (0x80) bytes? Based on your description above I would say that BackupHDDVD indeed tries to decrypt this kind of block.

I wish I could. All of that was based on the sentence "NV_PCK and ADV_PCK are not allowed to be encrypted." found in AACS_Spec_HD_DVD_and_DVD_Prerecorded_0_912.pdf

I did find references to ADV_PCKs in the patent, but the header and subheader IDs were the only thing I could find.

Worse, when I tried to match up the code to the patent, it didn't seem to jive. There's no reference to stream id 0xbb in the patent, but thats exactly what's looked for in the code. (it looks like t and t2 are the packetid and subpacketid but i forget which is which -- and i might be wrong) Also the patent refers multiple packets per pack (at least in one example), but the code assumes only one with a header length of 128 bytes ... and that length doesn't jive with the patent either. Maybe a navigation pack has a specific format that has only one packet in it?

The whole pack/packet thing was a source of confusion for a while. I guess a pack is 2048 bytes long which contains packets of various types.

What's really needed is a copy of the HD-DVD 1.0 spec, but you have to be a DVD Forum member to get a copy.

I'm guessing they probably will be filing an amended patent later with updated information?

I could be way off base here. All of this info is based on sifting through what I could find in just a couple of hours.

[noclip]

Quote:

Originally Posted by cwm9

I wish I could. All of that was based on the sentence "NV_PCK and ADV_PCK are not allowed to be encrypted." found in AACS_Spec_HD_DVD_and_DVD_Prerecorded_0_912.pdf

I did find references to ADV_PCKs in the patent, but the header and subheader IDs were the only thing I could find.

Worse, when I tried to match up the code to the patent, it didn't seem to jive. There's no reference to stream id 0xbb in the patent, but thats exactly what's looked for in the code. (it looks like t and t2 are the packetid and subpacketid but i forget which is which -- and i might be wrong) Also the patent refers multiple packets per pack (at least in one example), but the code assumes only one with a header length of 128 bytes ... and that length doesn't jive with the patent either. Maybe a navigation pack has a specific format that has only one packet in it?

The whole pack/packet thing was a source of confusion for a while. I guess a pack is 2048 bytes long which contains packets of various types.

What's really needed is a copy of the HD-DVD 1.0 spec, but you have to be a DVD Forum member to get a copy.

I'm guessing they probably will be filing an amended patent later with updated information?

I could be way off base here. All of this info is based on sifting through what I could find in just a couple of hours.

PCKs are described in a good amount of detail in those docs. Look at the section after HD-DVD protection on a medium.

[evdberg]

The code of BackupHDDVD does look specifically for a nv_pck using a number of byte markers. First of all this is not an elegant way of doing it, and second it might be error prone. So if we would actually find a adv_pck in the wild, we can see whether it will be decrypted or not. I was making a small demuxer, so I will see if I can find something. The only problem is that I do not own any of the movies that are mentioned to not work properly.

[noclip]

Quote:

Originally Posted by evdberg

The code of BackupHDDVD does look specifically for a nv_pck using a number of byte markers. First of all this is not an elegant way of doing it, and second it might be error prone. So if we would actually find a adv_pck in the wild, we can see whether it will be decrypted or not. I was making a small demuxer, so I will see if I can find something. The only problem is that I do not own any of the movies that are mentioned to not work properly.

Look at the docs. PCKs' data is stored in their "unencrypted portion" right on the disk. All BHDVD has to do is not try to decrypt them.

Quote:

Originally Posted by evdberg

The only problem is that I do not own any of the movies that are mentioned to not work properly.

But the "Nav Chain bug" is also on all the movies that "work properly" isn't it?

[cwm9]

Quote:

Originally Posted by He-Man

But the "Nav Chain bug" is also on all the movies that "work properly" isn't it?

Yes. My SWAG is that the ADV_PCK contains "extra" information that may or may not be needed for playing back the film. In the case of ucontrol movies, the extra data might be in the ADV_PCK. If there are references back and forth between the video content and the ucontrol structures, that would cause serious problems if the ADV_PCKs were unreadable. For non-ucontrol films, the extra info just gets lost but it doesn't matter.

Remember: this could be completely and totally wrong, it's just a GUESS at this point.

[Mistar Muffin]

Here is a modified version of BackupHDDVD that will compute it's own hash, thanks to OverlordQ, and then retrieve a key from the online database at http://www.hdkeys.com/

It also writes the key to keydb.cfg for later use.

http://www.hdkeys.com/files/BackupHDVD_HDKeys.com.rar

The syntax it uses to retrieve the keys is as follows:

http://www.hdkeys.com/getkey/hddvd/hash

It then reports:

Title|VolumeKey

Have fun!

[evdberg]

Acccording to the doc, the Advanced packet contains 'specific data structure for copyright protection system' ...

Quote:

But the "Nav Chain bug" is also on all the movies that "work properly" isn't it?

BackupHDDVD does perform the 'fix' for it on all titles, if that is what you mean. It is corrupting the VOBU_EndAddress by setting the MSB to 0x7F (V0.99 set it to 0xF, but this is ofcourse just as wrong). I have no idea if there is really a 'nav chain bug' !

[rack04]

I'm anxious to try this backup method but I'm wondering how and if I can connect an Xbox HD DVD drive to my PC. My system specs are listed below:

MB: ABIT NF7-S v2.0
CPU: AMD XP-M 2400+ @ 2475
VC: ATI Radeon 9800Pro->XT Cat 7.1 430 mem / 385 core
Mem: PDP PC3200LLK 512mbx2
PSU: Ultra XConnect 500 Watt ATX
HD: 2 x Seagate Barracuda 120.0GB Ultra ATA/100
Optical Drives: BenQ DW1620 Pro and Liteon SOHD-167T
LCD: LG Flatron L17108
Case: Kingwin KT-424-BK-WM
OS: Windows XP Professional w/ SP2

[blutach]

Mister Muffin - I know your posts pertain to both threads, but please be careful about cross posting. You can assume people interested in web access to keys will read that thread.

Wookie Groomer - you've been around long enough to know all about rule 12. Please observe it. Multiple post deleted.

Regards

[Nutrition24]

The more I'm reading the AACS spec, the more I'm confused...

The backuphddvd tool treats packs as NV_PCK and others. For others, the PES flag is checked (Header[20] & 0x30 == 01) to see if the content is encrypted.
If the data is encrypted, it's decrypted with the Title key which is a simple decryption with the Volume Key.

The spec (0.912) however talks about the content key Kc:
Each Encrypted Pack is encrypted by a 128-bit Content Key (Kc). The Content Key (Kc) is calculated
by a 128-bit Title Key (Kt), a 32-bit Title Key Data (Dtk) and the least significant 96 bits of the CPI field in
the GCI_PKT as follows
Kc = AES-G (Kt, Dtk || CPIlsb_96)

from the decryption process:
If the PES_scrambling_control of the current Pack is 01b or if the current Pack is an HL_PCK, the Player calculates a 128-bit Content Key (Kc) using Title Key (Kt)

It's also not clear why they stress the importance for HL_PCK (hightlight) while first they say to use it for all encrypted packs. Could it be that it's only done for HL_PCK with the Kc and otherwise with the plain Title key ? If it's always with the Kc, then how can backuphddvd decrypt any content successfully with the wrong key ?

Also any idea where to find more information about the HD DVD-Video Specifications ? It's not really clear what must be cleared here:
HeaderPart[0x3c]=0; // Clear CPI field
HeaderPart[0x48]=0;

[VistaVick]

Can anyone tell me what happened to the thread devoted to demuxing/reconcoding hd dvd images to different formats?

Quote:

Originally Posted by VistaVick

Can anyone tell me what happened to the thread devoted to demuxing/reconcoding hd dvd images to different formats?

EVOB De/Multiplexers: http://forum.doom9.org/showthread.php?t=120652

[VistaVick]

Quote:

Originally Posted by He-Man

EVOB De/Multiplexers: http://forum.doom9.org/showthread.php?t=120652

Thanks

[cwm9]

Quote:

Originally Posted by Nutrition24

The more I'm reading the AACS spec, the more I'm confused...

I feel your pain....

At first the more I read the more confused I became, but at least some of it is becoming clearer.

Part of my problem was that I had initially read the HDDVD patent w/o reading the AACS spec, so there were a few details I had confused.

AACS seems to slice up the standard packs at certain points and insert extra information, most notably the key and the 0x20 PES decryption indicator.

According to the decryption part of the spec, you're supposed to decrypt the pack if EITHER the PES bit is set OR it's an HL_PCK. The ADV_PCK stuff I found earlier is something that's forbidden to be encrypted, but it would still be embedded in an "encryption pack" marked either don't encrypt (pes bit not set) or maybe in an HL_PCK, I don't know.

The point is, I'm now trying to figure out how to determine when a pack is an HL_PCK which is kinda hard since I could only find two references to it anywhere and I now think that the ADV_PCK is not (directly) related to the problem.

[jimfcarroll]

Quote:

Originally Posted by Nutrition24

The more I'm reading the AACS spec, the more I'm confused...

The backuphddvd tool treats packs as NV_PCK and others. For others, the PES flag is checked (Header[20] & 0x30 == 01) to see if the content is encrypted.
If the data is encrypted, it's decrypted with the Title key which is a simple decryption with the Volume Key.

The spec (0.912) however talks about the content key Kc:
Each Encrypted Pack is encrypted by a 128-bit Content Key (Kc). The Content Key (Kc) is calculated
by a 128-bit Title Key (Kt), a 32-bit Title Key Data (Dtk) and the least significant 96 bits of the CPI field in
the GCI_PKT as follows
Kc = AES-G (Kt, Dtk || CPIlsb_96)

Take a look at "Pre-recorded Video Book" - which is a different spec. Specifically chapter 3.

http://www.aacsla.com/specifications...orded_0.91.pdf

[HD Hell]

Quote:

Originally Posted by muslix64

Congratulations!
So now you see BackupHDDVD is not a fake...
Now we have to make movies with the IME feature playable with PowerDVD.

Then, ... BD+!

Hi muslix64 - I'm one of those who thinks that you are doing this as a partisan attack on HD DVD. I suspect that you are going to stall on the Blu-Ray version of this.

Are you going to prove me wrong, or just continue to stall? I suspect you could have the Blu-Ray version working in only a couple of days given the work you have already done here.

It's not fair that you attack only one format - if you are true to what you say you are, you would have already released a Blu-Ray version of this program by now...

Color me skeptical of your true motives at the moment.

[Mug Funky]

@ HD Hell:

dude, most of us can't afford an xbox 360 drive, let alone one of them AND a blu-ray drive.

chill out. the guy gave the community something for free, started the hunt to break AACS.

blu-ray will be broken soon enough. but don't get shirty that an anonymous person isn't giving you what you want. he didn't have to post anything at all, then you'd have nothing to complain about except a pile of HD-DVDs that you can't decrypt.

not a good first first post there...

[diogen]

Quote:

Originally Posted by HD Hell

Hi muslix64 - I'm one of those who thinks that you are doing this as a partisan attack on HD DVD...

Geeez...
Talk about not having a clue.

Diogen.