Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion.

Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules.

 

Go Back   Doom9's Forum > General > Decrypting

Reply
 
Thread Tools Search this Thread Display Modes
Old 24th September 2009, 19:36   #741  |  Link
cRTrn13
Registered User
 
cRTrn13's Avatar
 
Join Date: Aug 2009
Posts: 31
Quote:
Originally Posted by XYZ123 View Post
Anyone working on BD+ at the moment?
Yup. Someone is.
cRTrn13 is offline   Reply With Quote
Old 30th September 2009, 16:29   #742  |  Link
boza111
Registered User
 
Join Date: Oct 2004
Posts: 6
hey cRTrn13 how is your tool coming along i found your blog , looks like your making good promising progress
boza111 is offline   Reply With Quote
Old 1st October 2009, 10:38   #743  |  Link
cRTrn13
Registered User
 
cRTrn13's Avatar
 
Join Date: Aug 2009
Posts: 31
Quote:
Originally Posted by boza111 View Post
hey cRTrn13 how is your tool coming along i found your blog , looks like your making good promising progress
Lol - haven't updated that a while - maybe i'll post an update. Yes, it's fairly stable for AACS - just working on some little bits and pieces.. It's coming along nicely though!
cRTrn13 is offline   Reply With Quote
Old 4th October 2009, 10:10   #744  |  Link
kreet
Registered User
 
Join Date: Jul 2009
Posts: 41
im working on reversing some players to understand the whole bd-j thing and grab new keys. theres a lot of work to do. if someone wants to volunteer to implement some of the things i discover, it would be very helpful. pm me.
kreet is offline   Reply With Quote
Old 6th October 2009, 10:56   #745  |  Link
kreet
Registered User
 
Join Date: Jul 2009
Posts: 41
i think im gonna start a new thread for bd+ reversing and updating libbluray support to current titles. what do you guys think? there is a crapload of work that needs to be done and i could really use a hand, both on implementation and reversing.

if you have leet skillz in x86 asm, java reversing, c/c++ coding and/or java coding pm me here or ping me on irc://irc.efnet.net/#doom9
kreet is offline   Reply With Quote
Old 6th October 2009, 12:14   #746  |  Link
GLUBSCH
Registered User
 
Join Date: Sep 2009
Posts: 45
Sounds great, kreet! Ive got leet skillZ in testing stuff.
GLUBSCH is offline   Reply With Quote
Old 6th October 2009, 14:29   #747  |  Link
kreet
Registered User
 
Join Date: Jul 2009
Posts: 41
new thread here: http://forum.doom9.org/showthread.php?p=1332018

let the games begin!
kreet is offline   Reply With Quote
Old 13th January 2010, 07:48   #748  |  Link
Accident
Registered User
 
Join Date: Aug 2002
Posts: 111
Any readers out there who can run the java Debugger and record snapshots still? I would like to fix more of the small differences in the C version. My old saved snapshots may no longer be current.

Edit: Counting differences I get:
Code:
10: 1 times                                                                     
140: 192 times                                                                  
420: 33 times                                                                   
530: 350 times
I completely re-did the DiscoveryRAM, with the proper memory dumps, so it no longer differs. sha(140) differs only in the work area. SlotRead(420) differs since our flash.bin files are different from starting.

As for why Finish (010) differs one time, i do not know. Now it runs much better, and has been committed. I have had reports of old bdplus disks playing, which is encouraging.

Did we ever decide on a name for EVENT_220 ?

Edit:

Thanks Mike Chen.

Last edited by Accident; 21st January 2010 at 13:59.
Accident is offline   Reply With Quote
Old 21st January 2010, 10:37   #749  |  Link
Mike Chen
Registered User
 
Join Date: Jun 2008
Posts: 67
Quote:
Originally Posted by Accident View Post
Did we ever decide on a name for EVENT_220 ?
ComputeSP
Mike Chen is offline   Reply With Quote
Old 28th May 2010, 03:14   #750  |  Link
Accident
Registered User
 
Join Date: Aug 2002
Posts: 111
I know the current BD+ code we have will not handle Avatar, but for those curious this is what happens:

Code:
UDF-fs INFO UDF 0.9.9 (2005/21/07) Mounting volume 'RED_BIRD_2D_F6'
bdplus.c:105: [bdplus] loading BDSVM/00000.svm and flash.bin...
[snip]
bdsvm/trap.c:983: [TRAP] TRAP_ApplicationLayer: WARNING reading from PSR103!
bdsvm/trap.c:983: [TRAP] TRAP_ApplicationLayer: WARNING reading from PSR104!
bdsvm/trap.c:983: [TRAP] TRAP_ApplicationLayer: WARNING writing to PSR104!
bdsvm/trap.c:983: [TRAP] TRAP_ApplicationLayer: WARNING writing to PSR102!
bdsvm/trap.c:983: [TRAP] TRAP_ApplicationLayer: WARNING reading from PSR103!
bdsvm/trap.c:983: [TRAP] TRAP_ApplicationLayer: WARNING reading from PSR104!
bdsvm/trap.c:983: [TRAP] TRAP_ApplicationLayer: WARNING writing to PSR104!
bdsvm/trap.c:983: [TRAP] TRAP_ApplicationLayer: WARNING writing to PSR102!
[snip]
bdsvm/interface.c:128: [interface] trap_ConvertionTable(000F3CCC, *002EFAC8)
bdsvm/trap.c:164: [TRAP] TRAP_FixUpTableSend(998604/3994416)
bdsvm/segment.c:50: [segment] Starting decode of conv_tab.bin: 0x1012efac8 (998604)
bdsvm/segment.c:92: [segment] num tables 193
bdsvm/segment.c:127: [segment] Table 0 ID 00000001, 1 segments
bdsvm/segment.c:206: [segment] Table done. Setting ptr to 00000010
bdsvm/segment.c:127: [segment] Table 1 ID 00000002, 442 segments
bdsvm/segment.c:157:    Segment 1 offset 00000702 -> 69 entries
bdsvm/segment.c:157:    Segment 2 offset 00000C6A -> 103 entries
bdsvm/segment.c:157:    Segment 3 offset 0000147A -> 118 entries
[snip]
Now I would suspect it will fail after this, when it attempts to decode the segment keys, as the (missing) BDJ interface responds incorrectly. But since it was an hiccup for Sly-soft as well, I presume there will be an upcoming road-block that I can not yet see?



Edit:

dirio49: that is fascinating for sure. Nice to have it laid out. I did notice that it requires the VM to run permanently, but don't know anything about mk.enc.

Last edited by Accident; 29th May 2010 at 13:57.
Accident is offline   Reply With Quote
Old 29th May 2010, 13:23   #751  |  Link
dirio49
JuSt a PoWer uSEr
 
Join Date: Mar 2005
Location: None of your Business
Posts: 288
@Accident

i don't know if you have seen this, fengtao posted it over at dvdfab forum.
Hope it helps

BTW it that the newer BDVM that people are working on videolan?
later
Code:
Generation 1
- started with "The Day After Tomorrow" on 08jun2007
- Cryptography Research, Inc. was making BD+ code back then.
- some FUEs (FixUp Element) were watermarked

Generation 2
- started with "Mrs Doubtfire" on 20dec2007 and not with Hitman as previously believed
- TRAP_MediaCheck() is used to check if the disc is original

Generation 3
- started with "Jumper" on 14apr2008
- Macrovision, Corp. bought the technology from CRI.
- useless FUEs were produced; when patching the movie, these have to be skipped
- TRAP_DebugLog() is used to print messages from BD+ code
- starting with the James Bonds movies a BDJ/BD+ Handshake is used

Generation 4
- starts with "Futurama: Benders Game" on 22aug2008
- Handshake becomes more complicated; the BDJ code, after exchanging data with BD+,
gets to decrypt and run a hidden Java object that does further checks (mk.enc)

Generation 5
- starts with "Slumdog Millionaire" on 02feb2009
- Handshake return codes are not standard anymore (1000=ok, 200X=error card, etc);
they are now different for each movie
- MKJ.enc fallback package disappears, MK.enc will do the checks

Generation 6
- starts with "Valkyrie" on 31mar2009
- MK.enc is moved from 77771.jar to 77773.jar

Generation 7
- starts with "Ice Age 3" on 18aug2009
- new 00003.svm appears; it was mentioned in the patents, but not used till now

Generation 8
- starts with "Avatar" on 06mar2010
- Macrovision Corp. gets rebranded to ROVI Corp.
- although still called Handshake, the BDJ/BD+ exchange becomes permanent, not just at the start of playback.
- the use of Native code begins; this adds support for new TRAPs on-the-fly
__________________
Birthdays are good. Statistics show that the people who have the most live the longest.
dirio49 is offline   Reply With Quote
Old 16th February 2012, 23:26   #752  |  Link
ro-ee
Registered User
 
Join Date: Aug 2010
Posts: 34
It's now almost two years later. Any news on BD-J or BD+?
ro-ee is offline   Reply With Quote
Old 17th February 2012, 04:33   #753  |  Link
Accident
Registered User
 
Join Date: Aug 2002
Posts: 111
I do believe VLC-2.0 RC is available which should include some of the bluray code. I don't know specifically which parts though. If sources are not available there, I guess we could check the latest known version into github or something.
Accident is offline   Reply With Quote
Old 17th February 2012, 10:16   #754  |  Link
ro-ee
Registered User
 
Join Date: Aug 2010
Posts: 34
Is there any point in providing only the *.svm files for debugging/testing purposes. Or does one need also VUK/VID/??? in order to have the VM run correctly? I reckon the Java files would also be needed for that.
I was just toying with the idea that the bd+-lib could calculate the convtable once and for all, so it wouldn't have to do it any time the disc is played, the files would simply be cached on the file system, just as the VUKs already are.
ro-ee is offline   Reply With Quote
Old 22nd February 2012, 13:08   #755  |  Link
monk3y
Registered User
 
Join Date: Sep 2011
Posts: 10
@Accident

VLC 2.0 includes libbluray, but not libaacs.
monk3y is offline   Reply With Quote
Old 22nd February 2012, 17:01   #756  |  Link
ro-ee
Registered User
 
Join Date: Aug 2010
Posts: 34
Quote:
Originally Posted by monk3y View Post
@Accident

VLC 2.0 includes libbluray, but not libaacs.
libbluray loads libaacs (and libbd+) if they are found, this means if you have them both (and the keys), then VLC should be able to play also encrypted BDs.

What I was asking earlier was the BD+ thing, which apparently needs some help from BD-J. Don't know if there is some support for it in VLC, and I also don't know how these two will/should/can work together.



Perhaps someone in the know can explain to me how the current BD+ situation is. From my knowledge, the TRAP instructions are old news, next up is BD-J interaction (also through Traps?), and recently I can upon someone claiming that X86 DLLs are loaded by the BD+ code. How does this even work on a standalone player?
ro-ee is offline   Reply With Quote
Old 11th March 2012, 02:01   #757  |  Link
HWK
Registered User
 
HWK's Avatar
 
Join Date: Feb 2009
Location: Toronto, Ontario, Canada
Posts: 1,059
Quote:
Originally Posted by ro-ee View Post

Perhaps someone in the know can explain to me how the current BD+ situation is. From my knowledge, the TRAP instructions are old news, next up is BD-J interaction (also through Traps?), and recently I can upon someone claiming that X86 DLLs are loaded by the BD+ code. How does this even work on a standalone player?

I think for standalone it doesn't. It is limited to pc only.
HWK is offline   Reply With Quote
Old 12th March 2012, 14:04   #758  |  Link
ro-ee
Registered User
 
Join Date: Aug 2010
Posts: 34
Quote:
Originally Posted by HWK View Post
I think for standalone it doesn't. It is limited to pc only.
So there must be a way in the code to detect if it runs on a certain player and branch out to different methods. I thought this was ruled out a while ago? Or has this been the case only recently?
ro-ee is offline   Reply With Quote
Old 12th March 2012, 18:33   #759  |  Link
HWK
Registered User
 
HWK's Avatar
 
Join Date: Feb 2009
Location: Toronto, Ontario, Canada
Posts: 1,059
All companies who are planning to license their player are required to provide blue print of their player to Rovi formerly macrovision.

Let say all standalone player has blue print of ABC and pc based player have 123. With this in mind BD+ code could perform initial check and they may have added logic if it is 123 run additional code on top of it.

To make matter worse player would be happy to run the code when player are running and playing movie. As such there is no need for autorun or anything along that line. Even admin account is not required to run code and while the code is running it can sniff around on pc just like trojan would do.

With this mind code is free to do whatever it wants.

Last edited by HWK; 12th March 2012 at 18:37.
HWK is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 13:38.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2017, vBulletin Solutions Inc.