Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
8th September 2008, 18:12 | #102 | Link | ||
Registered User
Join Date: Aug 2004
Posts: 211
|
Quote:
Quote:
|
||
8th September 2008, 19:59 | #104 | Link | |
Registered User
Join Date: Aug 2004
Posts: 211
|
Quote:
And aacs_aes.h contains the following funtions: Code:
calculate_subdev_proc_key decrypt_c_value decrypt_verification_data calculate_volume_unique_key decrypt_title_key calculate_title_key_file_mac calculate_title_key_file_hash calculate_volume_id_mac |
|
8th September 2008, 20:11 | #105 | Link | ||
Guest
Posts: n/a
|
Quote:
Quote:
Last edited by Oopho2ei; 9th September 2008 at 00:31. |
||
8th September 2008, 22:44 | #106 | Link | |
Software Developer
Join Date: Jun 2005
Location: Last House on Slunk Street
Posts: 13,248
|
Quote:
__________________
Go to https://standforukraine.com/ to find legitimate Ukrainian Charities 🇺🇦✊ |
|
8th September 2008, 23:40 | #107 | Link | |
Registered User
Join Date: Jan 2007
Location: Internet
Posts: 378
|
Quote:
|
|
9th September 2008, 21:16 | #108 | Link | |
Registered User
Join Date: Nov 2007
Posts: 80
|
Quote:
I know this is a quite delayed opinion but I couldn't find the time to write it and I think a CVS/SVN will help the development of this BD+ implementation and will also allow a faster error tracking.
__________________
< War is Peace; Freedom is Slavery; Ignorance is Strength!> ^__^ (oo)\_______ (__)\.......)\/\ . . ||----w | . . || . . || |
|
9th September 2008, 22:07 | #109 | Link | ||
Registered User
Join Date: Aug 2004
Posts: 211
|
I'll just quote Oopho2ei:
Quote:
Quote:
The next feature I implemented was an .svm parser. Now you can load a segment of an svm file, the BDSVM_CC header is verified, the length is calculated and then the data is copied to mem and the first 0x1000 bytes are zeroed. And I again rewrote the dasm part, as It was a horror to debug both earlier versions. I hope thats the last time I'll do that. Next stop: implementing traps *edit* perhaps I'll restructure the code first... *edit2* oh and perhaps I'll also rewrite the debug trace functions first... restructuring the code is also a good thing, so more ppl can work on the code without the need of backporting or merging code. Last edited by Disabled; 9th September 2008 at 22:21. |
||
9th September 2008, 23:47 | #110 | Link | ||
Guest
Posts: n/a
|
Quote:
Quote:
For those who want to play around a bit with the emulator here is an extended program counter trace: http://uploaded.to/?id=gx84gh (~4 million entries) If you need other (extended) traces please leave a note here or send me a private message. Thanks to all who made suggestions where to host our software development project. We currently have a working repository but this is still very helpful if we get trouble and have to move to another location. |
||
10th September 2008, 16:22 | #112 | Link | |
Guest
Posts: n/a
|
Quote:
Btw. if you want to test a trap implementation use the pc trace from posting #110 and ask me for some memory snapshots. You can also send me a modified memory snapshot so you can run your own program with your own data on a fully implemented player. I would need the initial register values and where to start and stop execution. But please comment your program and all the other changes you made so i can verify that no player specific data is retrieved. You would get the result as a memory/register file snapshot. Last edited by Oopho2ei; 10th September 2008 at 16:50. |
|
10th September 2008, 18:16 | #113 | Link | |
Registered User
Join Date: Sep 2008
Posts: 17
|
Quote:
BTW, great job. |
|
10th September 2008, 19:39 | #114 | Link | |
Guest
Posts: n/a
|
Quote:
Edit: The following archive contains a series of 16 snapshots taken after each of the first 16 trap executions. Example: post_trap_mem_000.bin + post_trap_reg_000.bin is a snapshot after the execution of the first trap which is Trap_AES (TRAP #110). Each snapshot is supposed to be loaded by your emulators with every new trap call you encounter when executing the given program (see the program counter trace in posting #110). In other words instead of executing the trap you only load the corresponding snapshot. After the 11th trap call you will find yourself right in the middle of the decryption process of the second section from the second file (00001.svm). Also there seem to be pictures in the *.svm files somewhere. So it's getting more interesting soon. post trap snapshots: obsolete. see posting #130 (for those who don't know: we are executing the first section of http://uploaded.to/?id=jqstc8 which is one of the files stored in the BDSVM directory of every BD+ protected blue ray disc) Last edited by Oopho2ei; 13th September 2008 at 23:50. Reason: fixed mistake in snapshot series (*_002.bin) |
|
11th September 2008, 10:11 | #116 | Link |
Registered User
Join Date: Jun 2007
Posts: 215
|
BD Debugger
ok... sorry for the delay.
It's interesting how things evolved (nice work!). As announced in my last post, I implemented a Java BDVM together with a graphical debugger. It executes the BD+ program correctly until the 0x520 trap (memory dumps and registers match) - just as the other two VMs do, which I used as an orientation/prototype. The code is pretty similar (in my notion, it is slightly cleaner and more compact than my C implementation due to Java's convenient ByteBuffer classes which take care of endianness; Apart from that, the graphical Debugger is actually less code than the VM (294 SLOC vs. 245 SLOC) ; the implementation is big endian throughout; I just started looking at the traps). I don't know whether this will be useful. I mainly implemented this for fun and educational purposes (for me and maybe others). I agree that the implementation by KJI's friend is very clean (this probably doesn't matter, but I think 'vm->watchdog-=2;' in 'void ExecuteInstruction(BDVM *vm)' is not correct - see post #25). Below is a screenshot of the debugger (ok, no screenshot... no idea where to upload it to.. it's included in the zip). BTW, the disassembling is dynamic (updated after every step). Source (2 Java files - 1 VM and 1 Debugger) is available from here: http://uploaded.to/?id=s46hrd |
11th September 2008, 11:24 | #117 | Link | |
Registered User
Join Date: Mar 2008
Posts: 98
|
Quote:
Code:
BDSVM_header -----8<------ magic 8 bytes - is string 'BDSVM_CC' ?version 1 byte - always 1? ?unk9 4 bytes - usualy 1 (sometimes 0x2000 in AVP2, Jumper) year 2 bytes month 1 byte day 6 bits chunkSize 26 bits - always 0? (don't remember why I named it) datalen 4 bytes - size of code chunk following the header ----->8------ ContentCodeBlock of datalen bytes CC_signature 40 bytes Last edited by derbeDeus; 11th September 2008 at 11:40. |
|
11th September 2008, 18:44 | #118 | Link | |
Guest
Posts: n/a
|
Quote:
Code:
javac Debugger.java BDVM.java Debugger.java:110: error: The method actionPerformed(ActionEvent) of type Debugger must override a superclass method public void actionPerformed(ActionEvent e) { Could you also please load a snapshot for traps which are currently not implemented? See postings #114 for details. |
|
11th September 2008, 19:49 | #119 | Link | |
Registered User
Join Date: Mar 2007
Posts: 11
|
Quote:
|
|
11th September 2008, 21:57 | #120 | Link |
Registered User
Join Date: Jun 2007
Posts: 215
|
Okay, I made things a little simpler:
The binaries, a readme and an ant build script are included in this updated version: http://uploaded.to/?id=khplo8 Java 1.5 or newer is required in order to compile and run the Debugger (not sure whether gcj will work). Ant is helpful for compiling. Regarding the traces... Executing with the help of the dumps was successful I'm not sure whether this is already clear: r1 seems to contain the return values from the trap calls. Apart from r1, the registers were always identical to the dumps (if I haven't missed something). Note that loading the mem dumps and register dumps is not automated in the debugger. Currently this has to be done manually. The Traps were: (<dump no>) <trap id> <instruction counter> (0) 110 (1) 110 (2) 520 (3) 520 (4) 520 (5) 110 (6) 110 (7) 110 (8) 540 4527 (9) 110 13536 (10) 230 13547 (11) 110 22408 (12) 230 22419 (13) 110 31289 (14) 230 31300 (15) 110 40161 ((16) 230 40172) |
|
|