Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
20th January 2007, 18:06 | #42 | Link |
Registered User
Join Date: Apr 2006
Posts: 78
|
192 bytes are TS packet. Normal TS packet has 188 bytes, with 47 as leading sync byte. m2ts adds 4 bytes timestamp before the sync byte. Actually 47 is always there(TS spec), but D1 is not guaranteed, since it is only timestamp, it could be any value, but timestamp won't change too quickly between adjacent TS packet, and D1 is MSB byte.
For EVOB, there is similiar pattern. 00 00 01 BA, then system clock reference , per 2048 bytes(program stream packet). For more details, read ISO13818-1. PS: muslix64, thanks for your excellent job :-) |
20th January 2007, 18:06 | #43 | Link | |
Registered User
Join Date: Oct 2002
Location: Florida, USA
Posts: 90
|
Quote:
And mostly always represented as two digits when displayed as hex Hex is just a text string and it would be really hard to decode it to unicode (decimal) if it was not even pairs unless you split each number with a , (A, 10, 4, F) = '0A10040F' and that would defeat the purpose as you could use dec is the first place. decimal 0, hex 00 , Binary 00000000 Last edited by tonyp12; 20th January 2007 at 18:59. |
|
20th January 2007, 18:36 | #44 | Link | |
0xdeadbeef
Join Date: Jan 2007
Posts: 18
|
Quote:
Amateur slueths will be shut out of direct key retrieval soon (amateur programmers working on WinDVD let us in the door anyway). |
|
20th January 2007, 19:06 | #46 | Link |
Dwight Schrute's homeboy
Join Date: Jan 2007
Location: The Office
Posts: 136
|
Seeing as how alot of people own PS3 and you can run linux on a PS3. It should be possible to decrypt my blu-ray discs from the PS3 correct (with a java decryption program)? This would work out great.
|
20th January 2007, 19:16 | #47 | Link | |
Registered User
Join Date: Dec 2006
Location: Norway
Posts: 8
|
Quote:
you're talking of some type of method like this, right? http://www.hdtvblogger.com/?p=39 (has yet to be confirmed though...) Last edited by snurregrekk; 20th January 2007 at 19:25. |
|
20th January 2007, 19:27 | #48 | Link | |
Registered User
Join Date: Oct 2002
Location: Florida, USA
Posts: 90
|
Quote:
If it wanted to keep the keys in memory, just a simple left roll circular before saving it and a right roll circular when it's back in the cpu registry would have stopped us to find it. Now that we know a alot of keys, we would have to use a debugger in the next version of player that stops when a register have the known key (it most be in the register at least one time) So we could apply a patch that write this register to some known space in memory. |
|
20th January 2007, 19:30 | #50 | Link | |
Registered User
Join Date: Aug 2002
Posts: 151
|
Quote:
Almost any hardware player can be read out (including the RAM state) with chip relevant "debugger" tool (same as EPROM programmer but more advanced. Of course this is not for amatures but still can be done. |
|
20th January 2007, 19:47 | #53 | Link | |
Registered User
Join Date: Dec 2006
Posts: 3
|
Quote:
As long as you can access 100% of the memory on your computer as you wish, no DRM scheme will ever be totally secure. Hence the reason people are pushing the "TPM" chips soo much. They are the only thing that will make DRM much more resistant to local attacks. Anyway keep up the good work guys. I think this dispels any rumors as to muselix's intentions as well, you guys are too harsh. |
|
20th January 2007, 19:58 | #54 | Link | |
Registered User
Join Date: Jun 2005
Posts: 12
|
Quote:
Sorry for the OT, now back to topic... Best regards! |
|
20th January 2007, 20:03 | #55 | Link | |
Registered User
Join Date: Oct 2002
Location: Florida, USA
Posts: 90
|
Quote:
Think of it as internal memory buffer. So you would have to do registry dump and probably a 1000 times before you do it at the exact right moment. And it would only a part of the 128bit key in the registry. probably a 32bit big-endian, if that what the AACS calc uses. It could be split up to different registrys at the same time that would make it a little easier. But that is depending how the compiler handles calculation. Or if the code was writted in Assembly code for more direct control. Last edited by tonyp12; 20th January 2007 at 20:15. |
|
20th January 2007, 20:26 | #56 | Link | |
Registered User
Join Date: Dec 2006
Posts: 3
|
Quote:
It's not hard to peek at reg / stack values while in a debugger. Nor is it hard to print out registry values just like you do with a memory dump.. Also in order to get a value into a register don't you have to move it from memory into a register? (mov XXXXXXXX,$EAX) Obviously you can manipulate it once in there, but that data has to exist somewhere before it goes into mem. |
|
20th January 2007, 20:44 | #57 | Link | |
Registered User
Join Date: Oct 2002
Location: Florida, USA
Posts: 90
|
Quote:
to keep any calculated keys in memory without doing some manipulation to it first (roll circular left 1bit in this simplified example) And during play back line1: Load 32bit word from mem to registry a line2: roll circular right 1bit on reg a line3: now use reg a to do some calculation. line4: clear reg a A debugger could now stop between line 2 and 3 as registry a now matches some known part of the key. It sure make it a lot easier to hunt down the code and and figure out what manipulation they are doing. Now any memory dump key finder would just have to do the same manipulation to get it work. If we never had access to un-manipulation keys it probably could take years to reverse engineer powerdvd or windvd. But thanks to people at windvd we do have that. Last edited by tonyp12; 20th January 2007 at 21:41. |
|
20th January 2007, 21:54 | #58 | Link | |
Registered User
Join Date: Dec 2006
Posts: 3
|
Quote:
|
|
20th January 2007, 22:00 | #59 | Link |
Registered User
Join Date: Dec 2006
Posts: 35
|
Here it is, alpha version of BackupBluRay V0.21!
This release is not for everyone! This is only for those who wants to experiment with early version of Blu-ray decryption.
Known limitations: Don't support BD+ Don't support Volume unique key Only support one CPS unit key per disc I don't clear the HDMV_copy_control_descriptor in the stream Don't have any FAQ or document so far... You have to provide your own CPS unit key. The playback seems to work with VideoLan Because I don't have any Blu-ray equipment, I will need the help of the community to go further with Blu-ray decryption. I have only test this with one video file... Stay tuned! Link: http://www.sendspace.com/file/yvylle Last edited by muslix64; 22nd January 2007 at 18:03. |
Thread Tools | Search this Thread |
Display Modes | |
|
|