Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
20th February 2007, 22:38 | #321 | Link |
Registered User
Join Date: Jan 2007
Location: Tel-Aviv, Israel
Posts: 185
|
I am providing these for four different movies: Full Metal Jacket, Rambo I, Rambo II and Rambo III.
Volume ID for Full Metal Jacket is: Code:
TransferBufferMDL = 83b06f88 00000000: 00 22 00 00 40 00 46 55 4c 4c 4d 45 54 41 4c 4a 00000010: 41 43 00 00 xx xx xx xx xx xx xx xx xx xx xx xx 00000020: xx xx xx xx UrbLink = 00000000 [56868 ms] http://forum.doom9.org/showpost.php?...&postcount=191 sectors.rar file contains the .bin files corresponding to the following session (My drive is also on letter I: (and plscsi -w seems to agree)): Code:
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Administrator>cd Desktop C:\Documents and Settings\Administrator\Desktop>set PLSCSI=\\.\I: C:\Documents and Settings\Administrator\Desktop>plscsi.exe -v -x "AD 00 00 00 00 00 00 1 5 08 04 00 00" -i x804 -t FULLMETAL.bin x 00000000 AD 00 00:00:00:00 00 15:08:04:00 00 .. .. .. .. "-@@@@@@UHD@@" x 00000000 F8:02:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "xB@@@@@@@@@@@@@@" x 00000010 00:00:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "@@@@@@@@@@@@@@@@" ... x 000007F0 00:00:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "@@@@@@@@@@@@@@@@" x 00000800 00:00:00:00 .. .. .. .. .. .. .. .. .. .. .. .. "@@@@" // 0 = plscsi.main exit int C:\Documents and Settings\Administrator\Desktop>plscsi.exe -v -x "AD 00 00 00 00 00 00 1 5 08 04 00 00" -i x804 -t RAMBO3.bin x 00000000 AD 00 00:00:00:00 00 15:08:04:00 00 .. .. .. .. "-@@@@@@UHD@@" x 00000000 F8:02:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "xB@@@@@@@@@@@@@@" x 00000010 00:00:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "@@@@@@@@@@@@@@@@" ... x 000007F0 00:00:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "@@@@@@@@@@@@@@@@" x 00000800 00:00:00:00 .. .. .. .. .. .. .. .. .. .. .. .. "@@@@" // 0 = plscsi.main exit int C:\Documents and Settings\Administrator\Desktop>plscsi.exe -v -x "AD 00 00 00 00 00 00 1 5 08 04 00 00" -i x804 -t RAMBO2.bin x 00000000 AD 00 00:00:00:00 00 15:08:04:00 00 .. .. .. .. "-@@@@@@UHD@@" x 00000000 F8:02:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "xB@@@@@@@@@@@@@@" x 00000010 00:00:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "@@@@@@@@@@@@@@@@" ... x 000007F0 00:00:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "@@@@@@@@@@@@@@@@" x 00000800 00:00:00:00 .. .. .. .. .. .. .. .. .. .. .. .. "@@@@" // 0 = plscsi.main exit int C:\Documents and Settings\Administrator\Desktop>plscsi.exe -v -x "AD 00 00 00 00 00 00 1 5 08 04 00 00" -i x804 -t RAMBO1.bin x 00000000 AD 00 00:00:00:00 00 15:08:04:00 00 .. .. .. .. "-@@@@@@UHD@@" x 00000000 F8:02:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "xB@@@@@@@@@@@@@@" x 00000010 00:00:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "@@@@@@@@@@@@@@@@" ... x 000007F0 00:00:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "@@@@@@@@@@@@@@@@" x 00000800 00:00:00:00 .. .. .. .. .. .. .. .. .. .. .. .. "@@@@" // 0 = plscsi.main exit int C:\Documents and Settings\Administrator\Desktop> Last edited by awhitehead; 20th February 2007 at 22:41. Reason: WinHex information added. |
21st February 2007, 01:18 | #322 | Link |
Registered User
Join Date: Feb 2007
Posts: 71
|
thanks
so, the second half of the volume id is not in that sectors, or better, not in the data portion of that sectors, maybe it's in what CPR_MAI field is for dvd-rom secotrs (6bytes of data before the 2048 data bytes), but i don't know the phisical structure of hd-dvd (does anyone has the not public hd-dvd phisical book?), and anyway an hacked firmware is needed for a raw reading. |
21st February 2007, 07:31 | #324 | Link | |
I swallow bugs!
Join Date: Jan 2007
Location: Whitehouse corner Office
Posts: 49
|
Quote:
plscsi.exe -v -x "AD 00 00 00 00 00 00 15 08 04 00 00" -i x804 -t CDS.bin x 00000000 AD 00 00:00:00:00 00 15:08:04:00 00 .. .. .. .. "-@@@@@@UHD@@" x 00000000 F8:02:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "xB@@@@@@@@@@@@@@" x 00000010 00:00:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "@@@@@@@@@@@@@@@@" ... x 000007F0 00:00:00:00 00:00:00:00 00:00:00:00 00:00:00:00 "@@@@@@@@@@@@@@@@" x 00000800 00:00:00:00 .. .. .. .. .. .. .. .. .. .. .. .. "@@@@" // 0 = plscsi.main exit int Hope this helps. Last edited by frogman; 21st February 2007 at 07:33. Reason: typo |
|
21st February 2007, 16:55 | #325 | Link | ||
Registered User
Join Date: Jan 2007
Location: Internet
Posts: 378
|
Quote:
Quote:
As far as i know LBA is unsigned so there is no way. I think enough people have proven that you only get zeros from the Copyright Data Section, no need for more proofs. So there seems to be no way to get the second half of the VID directly off the disc without a hacked firmware, but why you want to read the sectors raw, why don't modify the drive to give it away without beeing authentified ? |
||
21st February 2007, 21:09 | #328 | Link | |
Registered User
Join Date: Dec 2006
Posts: 202
|
Quote:
|
|
22nd February 2007, 18:43 | #332 | Link |
Registered User
Join Date: Jan 2007
Posts: 39
|
Code:
Four Brothers 05/15/2006 - 18:46:24 vid: 40 00 05 15 20 06 03 50 00 20 20 20 20 20 00 00 Code:
40 00 YY YY MM DD 05 35 00 20 20 20 20 20 00 00 - babel 40 00 MM DD YY YY 03 50 00 20 20 20 20 20 00 00 - four bros 18:46:24 - babel 21:54:12 - four bros >>>If anyone has any other Paramount titles, please post the VIDs and lets see if we can figure out this scheme. |
22nd February 2007, 18:56 | #333 | Link | |
Registered User
Join Date: Feb 2007
Posts: 123
|
Quote:
Perhaps it would be a good idea to do there same here? There might be someone that can regonize the chip either based on the number of pins, or commen used components used in conjuction with that chip? |
|
22nd February 2007, 23:46 | #335 | Link | |
Registered User
Join Date: Jan 2007
Location: Internet
Posts: 378
|
Quote:
Also the here posted results show the correct Disc Structure Data Length. |
|
23rd February 2007, 05:14 | #336 | Link | |
Registered User
Join Date: Feb 2007
Posts: 123
|
Quote:
The original thread is here, (42 pages of how the firmware was hacked), but I can't find this image right now=( At this wiki there are the bar code of the XBox DVD. The reason they tried cover up the inner DVD section was to test if the disc contained any important information there. E.g. in our case, this could be the VID that was hidden there? There was made a wiki of all the facts and speculations, and I think it is this one, or atleast part of it. One of the things that speeded the XBox360 firmware hack a great deal up, was that the model numbers on the chip could be looked up, and deassembing could be done. It seams that they have read the thread in great detail, and learned that removing this information would cause trouble. The thread contains a lot of "I hope they didn't do that, because that would make it harder" and "why didn't they do that, because that would make it harder". Taking in consideration that they removed the chip model numbers, I bet searching for the above techniques, will pay off. Depending on how you read it, it is either a guide on how to hacked the firmware or a guide on how to make your next firmware better. Also, seaching for patents helped out hacking the firmware a lot, as a patent is more or less the specifiation. Google have just opened a patent search engine, but I don't know if it is complete? So if you ask me, these issues have to be resolved:
Last edited by lightshadow; 23rd February 2007 at 09:28. Reason: Forgot link. |
|
5th March 2007, 21:38 | #337 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
It first involves some tweaking by the user (but the proggy each try gives advise on what to do: setting the time earlier or later). But once setup it will work perfectly. And it requires no sniffing. It uses the moment the AGID is allocated by the Software Player as a pretty precise time marker. This technique uses the huge hole in AACS: no bus encryption. This allows us to pretend to be the Software Player at the exact right time. And I don't think they can plug this hole now since so many drives (without the capability to bus encrypt) are already sold. They really f**ked up here . They should have waited longer and finished the job properly. Shame on them. I will probably release the (now still experimental) program to do this in the future. Possibly combined with my other proggy that uses the now found Host Private Key. This technique can be used as a "fall-back position" in the case the found HPK gets revoked. Oh yes. We really are busting AACS. Piece by piece. In my mind the whole Drive-Host protection (Chapter 4 common AACS specs) is toast. Regards, arnezami Last edited by arnezami; 6th March 2007 at 07:45. |
|
5th March 2007, 22:25 | #338 | Link |
Resident DRM Hater
Join Date: Oct 2006
Location: International waters
Posts: 242
|
OK, some people were wondering about barcodes and burst cutting areas, so here's an image that should help clarify. This is a Gamecube disc but other discs will be similar; Gamecube discs are only mini DVDs really.
The "barcode" is printed on the inner ring. This is, as best I know, not readable by any drive. It serves only to identify the disc and probably contains the same info as the text around it or a serial number. The "burst cutting area" can be seen on the innermost section of the data area. This is phsyically pressed into the disc. Some drives can read this, but to write it requires very expensive disc pressing equipment. This could indeed hold things like volume ID.
__________________
Because Moogles pwn. |
6th March 2007, 06:48 | #340 | Link |
Registered User
Join Date: Sep 2006
Posts: 390
|
Well here is something to play with.
fetchvid.exe For me it works with WinDVD (which is the most sensitive I believe) and the Xbox 360 HD DVD. My sweet spot is a time value between 390 and 420. I usually set it at 410 which works perfectly (btw time is measured in nr of AGID retrieval attempts counted from the moment the player accesses the drive). Just try it and play with it a bit. Remember: this program does not use the private key. It just "watches" the drive carefully and then pretends to be the software player. It works for HD DVD only atm. Screenshot: Regards, arnezami PS. This is experimental programming. There could be bugs in it. Last edited by arnezami; 6th March 2007 at 07:59. |
Thread Tools | Search this Thread |
Display Modes | |
|
|