Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
9th February 2007, 12:30 | #81 | Link |
Registered User
Join Date: Sep 2006
Posts: 390
|
I think I've found the Volume ID of a Blu-Ray disc. Well its from a memdump of WinDVD playing Lord of War.
Anyway here it is: Code:
Length Code: 00 22 00 00 Volume ID: 9F A6 47 7B B0 10 30 A5 63 7F 36 E1 9D C4 ED 11 MAC: xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx Because it has no 40 00 in it (like with HD DVDs) its much harder to find in a memdump but sniffing should be easier (searching for "00000000: 00 22 00 00"). But if you have a Blu-Ray burner and have a memdump of WinDVD you can try to hex search for 00 22 00 00. You will find many occurrences of that but only one with 32 random bytes behind it (= Volume ID + MAC). Thats the way I found it anyway (I mainly looked at the ascii part when pressing F3 so I could quickly see if it was followed by random bytes. I found it around Offset 4ABxxx but it could vary: between 300000 and 500000 would be my guess). Something different. Regarding Device Keys. Could some people count the number of 0xx.fcl files their PowerDVD version has? (where xx are sequenced numbers) I suspect the newer versions have more of them. This is still a "feeling" but it could be interesting (its possible the new PowerDVD version got a different set of Device Keys already...) Back to hunting Regards, arnezami PS. I just found out my xbox 360 HD DVD is not capable of Bus Encryption . If you do a text search in your sniff log on "00000000: 00 72" you'll find two occurrances. The one with 01 (not 02) at the blue byte is the Drive Certificate. The byte right next to it should be 00 (red) if not then you're screwed otherwise you will always be able to sniff volume IDs . Here is mine: Code:
00000000: 00 72 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00000010: xx xx xx xx xx xx xx xx 01 00 00 5c xx xx xx xx PPS. Apparently WinDVD isn't capable either. Seems they really haven't implemented Bus Encryption yet. Last edited by arnezami; 15th March 2007 at 20:38. |
9th February 2007, 22:00 | #82 | Link | |
Registered User
Join Date: Jan 2007
Posts: 40
|
Quote:
My version has two. .000 and .001. What new version are you speaking of? |
|
10th February 2007, 07:51 | #83 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
I ask because a full set of Device Keys would have 31 + 30 + 29 + .. + .. + 1 =~ 500 Keys. So that would require 500 x 16 =~ 8000 bytes. Now they could do without certain Keys and only give 31 Keys (or even a little less) but that would mean that when two non-adjacent Players are revoked this PowerDVD version has to get new Keys by default. Because it wouldn't have keys for sub-trees. Hard to explain quickly. Of course this is only relevant if these fcl files ineed contain the Device Keys that is . Do you have Power DVD 6.5 or 7.1 or 7.2 installed? Last edited by arnezami; 10th February 2007 at 08:47. |
|
10th February 2007, 08:02 | #84 | Link |
Registered User
Join Date: Jan 2007
Posts: 40
|
Some interesting things about the 001.fcl file.
I noticed the original file date was 9/21/2006 from an install I had on a separate partition, but it had recently been modified in my main install. It showed a date of 2/5/2007. The files were infact different, but not by much, it was actually smaller than the original. Every time you put in a new movie it writes to the 001.fcl. |
10th February 2007, 08:36 | #86 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
- Are you sure its every time you put in a new movie? Not every time Power DVD gets new keys from the internet? Can you re-install and insert a new movie (for that new installation) and check whether the file(s) has/have changed? What movies do change it? Does it change only once or with every new movie? - How many versions do you know of? - Is 000.fcl still original? - Is there any difference in behaviour between 7.1 and 7.2 in this matter? - What do you mean by "not by much": how many bytes of difference are we talking about and where? Are you talking about a difference in the content or just the size? Are they different in content? General question: does anybody have an (old) PowerDVD version that doesn't support HD/BD playback? Does it also have *.fcl files? Thanks. arnezami PS. Its possible they have given a separate Key Set for BD. Which means two full sets would need roughly 16kb. PPS. It might be possible Power DVD is removing Device Keys it knows it will never need (which it can see from the MKB on the first disc it sees) which might explain the "shrinking" here. Last edited by arnezami; 10th February 2007 at 09:02. |
|
10th February 2007, 09:20 | #87 | Link |
Registered User
Join Date: Sep 2006
Posts: 390
|
Making a perfect (but encrypted) backup
I've got a related idea.
It just may be possible to create a perfect (but still encrypted) backup which is still playable. It would require re-encrypting the title key file and mac-ing it (with a new VUK) This new VUK would derive from the Volume ID of a re-writable (here lies the possible problem) and the unchanged Media Key (derived from the MKB). To test if this even could work somebody with a HD DVD burner (and maybe a usb connected HD DVD drive) would have to try the following: - Burn all (still encrypted) files to the new rewritable disc (do a bit-for-bit copy) - Put it in a (preferably usb) HD DVD drive (and with usb turn on the sniffer) and start a software player (btw the movie won't play) - See if the log contains a Volume ID (or if you don't have it usb connected and can't use the sniffer: if its in Jap WinDVD's memdump, see page 1 of this thread for instructions but leave out the 40 00 part like with Blu-Ray). If so it just might be possible... Its entirely possible the disc is first somehow checked if its a pre-recorded one (eg. the drive missing the HRL in the lead-in area: or does the bit-for-bit copy that too? or something in the so called "system lead-in") which ends the story right away. But its worth a try I think. arnezami Last edited by arnezami; 10th February 2007 at 15:55. |
10th February 2007, 10:07 | #88 | Link |
Registered User
Join Date: Jan 2007
Posts: 40
|
It's hard to tell when it is actually changing the file. This is the original file header:
Code:
00000000 43 4C 46 43 4C 30 30 31 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 03 01 05 CLFCL001 0000001C 00 06 00 00 00 02 01 00 00 07 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 02 00000038 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000054 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 30 00 Code:
00000000 43 4C 46 43 4C 30 30 31 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 03 01 05 CLFCL001 0000001C 00 06 00 00 00 03 01 05 00 07 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 02 00000038 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000054 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 30 00 Code:
00000000 43 4C 46 43 4C 30 30 30 01 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 07 00 06 CLFCL000 0000001C 00 06 00 00 00 02 00 05 00 07 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 00 00 02 00000038 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000054 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 |
10th February 2007, 10:59 | #89 | Link |
Registered User
Join Date: Sep 2006
Posts: 390
|
@jkenzie (or anybody else who has PowerDVD): could you try the following:
Open the 001.fcl file in WinHex (make a backup first) and see if there are any random stuff in it (I suspect the bulk is random is it?) Now change one byte in that area and try if Power DVD will play a movie. And try changing the file at different places (but only change at most one byte compared the the backup) and see what happens. This could pin-point the exact position of the Device Keys used. But its possible there is some kind of checksum which disables this technique. If it works all the time then I suspect there are no Device Keys in it at all. |
10th February 2007, 12:13 | #91 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
[edit] Sorry you need the bluray key finder of course... (but it checks for title/CPS keys so i'm not sure if this is a good test. Well maybe..) Last edited by arnezami; 10th February 2007 at 12:27. |
|
10th February 2007, 13:32 | #93 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
There are probably many other ways (maybe somebody else can give suggestions) but this will most likely work fine. Its interesing it actually crashes because that could mean we really fooled it (which is good news) . Last edited by arnezami; 10th February 2007 at 13:41. |
|
10th February 2007, 15:22 | #95 | Link |
Registered User
Join Date: Sep 2006
Posts: 390
|
That sounds right. The movie is encrypted and the current volume ID (which is unknown for the moment) and Media Key won't produce a VUK that decrypts the Title Key file correctly.
In order to make this completely work we need to know (1) if the VUK is calculated at all (2) what that VUK is (3) encrypt the decrypted Title Key file with this new VUK (4) change the iso with the new Title Key file bytes (5) burn the new iso. Keep in mind we are still at step 1 and 2. But for the moment it appears the Software player notices that decrypting the Title keys (with the "strange" VUK) isn't working. Which is correct since we haven't changed the Title Key file yet. In order to get any further we need to know if the Volume ID is extracted (which could be a sign that 1 is working) or extract the VUK directly (which sovles 1 and 2). But we can only do that with either a sniff log or a memdump. It might be possible to do a memdump (or use the key finder) during the 2 seconds you mentioned. Its tricky though... The best way is to let the crash be intercepted. |
10th February 2007, 15:45 | #97 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
Anyway maybe the posts (by mrazzido and me replying to him and my original idea-starter-post) about this subject (making an encrypted perfect copy) should be moved to separate thread because it really is a related idea. But has nothing much to do with trying to find Device/Processing/Media Keys and Volume IDs (sorry mods didn't really anticipate this). Last edited by arnezami; 10th February 2007 at 16:02. |
|
10th February 2007, 17:54 | #98 | Link | |
Registered User
Join Date: Jan 2007
Posts: 40
|
Quote:
I’ve watched the changes several times with several different disc’s inserted as first play. I always end up with a different .fcl file. I don't think the changes are from am internet update, because the computer I'm testing this on has no connection. |
|
10th February 2007, 18:16 | #99 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
|
|
11th February 2007, 07:23 | #100 | Link |
Registered User
Join Date: Sep 2006
Posts: 390
|
After some (sometimes frustrating) work I found the Media Key of King Kong:
Code:
07 4E 1F C8 8F B9 B7 80 A2 25 CA A2 3B C3 DB 56 With that we are one step closer to finding a Processing Key . Last edited by arnezami; 11th February 2007 at 09:15. |
|
|