Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion.

Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules.

 

Go Back   Doom9's Forum > General > Decrypting

Reply
 
Thread Tools Search this Thread Display Modes
Old 1st October 2009, 04:41   #1  |  Link
880
Registered User
 
Join Date: Jan 2009
Posts: 124
Pseudorandom processing key search, a joke?

I am very bored and want some Processing Keys, so I began searching Japanese websites. I stumbled across MKB full and MKB random (version 0.2 by taku). They appear to generate possible Processing Keys and test them against a Blu-ray.

But this is madness! Unless this program is using good guesses, it will never find the key! There are 340,282,366,920,938,463,463,374,607,431,768,211,456 possible keys (340 undecillion). Even if it took 1ns to check, these programs will run for ten sextillion years. Does 'taku' know something I do not?

880 is offline   Reply With Quote
Old 1st October 2009, 05:59   #2  |  Link
setarip_old
Registered User
 
setarip_old's Avatar
 
Join Date: Aug 2005
Posts: 16,274
@880

Hi!

The very obvious question - Have you tried it?
setarip_old is offline   Reply With Quote
Old 1st October 2009, 18:25   #3  |  Link
880
Registered User
 
Join Date: Jan 2009
Posts: 124
Yes. I let it run for ten seconds. It did not find the key to my MKB v12 disc.
880 is offline   Reply With Quote
Old 1st October 2009, 19:12   #4  |  Link
burfadel
Registered User
 
Join Date: Aug 2006
Posts: 2,235
How does the disk player play the disk in the first place? surely it can't be that difficult for an expert to create a 'reader' for the key (hasn't that already been done anyway)?
burfadel is offline   Reply With Quote
Old 1st October 2009, 20:04   #5  |  Link
LoRd_MuldeR
Software Developer
 
LoRd_MuldeR's Avatar
 
Join Date: Jun 2005
Location: Last House on Slunk Street
Posts: 13,022
Nope, the player doesn't read the key from the disc. At least not directly

The player can derive the disc key by using data read from the disc (some of that data can only be read with a valid certificate or a hacked drive) combined with secret information that never leave the player!

So even if you manage to read all the required data from the disc, that data will be useless for you, unless you also have the secret data that the player "knows".

As far as I know, so far the success in hacking AACS was always done by stealing the secrets from a "weak" software player. However AACS has a system to blacklist "broken" players on future disc releases.

Therefore "fresh" keys must be leaked for each new disc generation. Of course the player developers try to make it harder to "extract" the secret keys with each update -> cat-and-mouse game

For details:
http://forum.doom9.org/showthread.php?t=122363
__________________
There was of course no way of knowing whether you were being watched at any given moment.
How often, or on what system, the Thought Police plugged in on any individual wire was guesswork.



Last edited by LoRd_MuldeR; 1st October 2009 at 21:41.
LoRd_MuldeR is online now   Reply With Quote
Old 1st October 2009, 20:11   #6  |  Link
TomZ
Registered User
 
Join Date: Oct 2007
Posts: 31
Quote:
Originally Posted by 880 View Post
I am very bored and want some Processing Keys, so I began searching Japanese websites. I stumbled across MKB full and MKB random (version 0.2 by taku). They appear to generate possible Processing Keys and test them against a Blu-ray.

But this is madness! Unless this program is using good guesses, it will never find the key! There are 340,282,366,920,938,463,463,374,607,431,768,211,456 possible keys (340 undecillion). Even if it took 1ns to check, these programs will run for ten sextillion years. Does 'taku' know something I do not?

So, what we need, is "only" 340 undecillion computers and it will take less than 1s to find keys
TomZ is offline   Reply With Quote
Old 3rd October 2009, 00:58   #7  |  Link
HWK
Registered User
 
HWK's Avatar
 
Join Date: Feb 2009
Location: Toronto, Ontario, Canada
Posts: 1,059
Quote:
Originally Posted by TomZ View Post
So, what we need, is "only" 340 undecillion computers and it will take less than 1s to find keys
And lot of megawatts of electricity.
HWK is offline   Reply With Quote
Old 3rd October 2009, 11:44   #8  |  Link
Wombler
Affable Wanderer
 
Wombler's Avatar
 
Join Date: Apr 2007
Location: Northern Ireland
Posts: 451
Or a quantum computer!


Wombler
Wombler is offline   Reply With Quote
Old 3rd October 2009, 11:53   #9  |  Link
Dark Shikari
x264 developer
 
Dark Shikari's Avatar
 
Join Date: Sep 2005
Posts: 8,689
Quote:
Originally Posted by Wombler View Post
Or a quantum computer!


Wombler
Not enough. A quantum computer only reduces the cost of a linear search from O(n) to O(sqrt(n)), which effectively reduces the key size by half. A 64-bit keyspace is still enormous.
Dark Shikari is offline   Reply With Quote
Old 3rd October 2009, 13:06   #10  |  Link
Wombler
Affable Wanderer
 
Wombler's Avatar
 
Join Date: Apr 2007
Location: Northern Ireland
Posts: 451
Quote:
Originally Posted by Dark Shikari View Post
Not enough. A quantum computer only reduces the cost of a linear search from O(n) to O(sqrt(n)), which effectively reduces the key size by half. A 64-bit keyspace is still enormous.
Pardon my ignorance here but how come you can't check all the possible keys simultaneously?


Wombler
Wombler is offline   Reply With Quote
Old 3rd October 2009, 14:25   #11  |  Link
Guest
Guest
 
Join Date: Jan 2002
Posts: 21,923
Read about Grover's search algorithm:

http://www.quantiki.org/wiki/index.p...arch_algorithm
Guest is offline   Reply With Quote
Old 3rd October 2009, 18:36   #12  |  Link
Wombler
Affable Wanderer
 
Wombler's Avatar
 
Join Date: Apr 2007
Location: Northern Ireland
Posts: 451
Thanks for that.

So it seems it's not possible to present all the possible keys at once even if you have enough qubits.

Odd that, but then everything about quantum physics is counterintuitive.

Last edited by Wombler; 4th October 2009 at 16:23. Reason: Typo
Wombler is offline   Reply With Quote
Old 4th October 2009, 14:58   #13  |  Link
Guest
Guest
 
Join Date: Jan 2002
Posts: 21,923
Quote:
Odd that, but then everything about quatum physics is counterintuitive.
Only when incorrectly interpreted.

Last edited by Guest; 4th October 2009 at 15:47.
Guest is offline   Reply With Quote
Old 7th October 2009, 19:11   #14  |  Link
bazzerr
Registered User
 
Join Date: May 2007
Posts: 24
How about if the program was modified to include a starting address code query and then we could spread the load amongst everyone - granted we'd still require a shedload of people / computers and time .
bazzerr is offline   Reply With Quote
Old 7th October 2009, 19:16   #15  |  Link
LoRd_MuldeR
Software Developer
 
LoRd_MuldeR's Avatar
 
Join Date: Jun 2005
Location: Last House on Slunk Street
Posts: 13,022
Quote:
Originally Posted by bazzerr View Post
How about if the program was modified to include a starting address code query and then we could spread the load amongst everyone - granted we'd still require a shedload of people / computers and time .
Even if every computer on earth did participate, this still would take far too long...
__________________
There was of course no way of knowing whether you were being watched at any given moment.
How often, or on what system, the Thought Police plugged in on any individual wire was guesswork.


LoRd_MuldeR is online now   Reply With Quote
Old 7th October 2009, 19:41   #16  |  Link
cRTrn13
Registered User
 
cRTrn13's Avatar
 
Join Date: Aug 2009
Posts: 31
But using a randomized search pattern, we could strike it lucky (ignoring the large statistical improbability). Maybe it's worth donating our spare flops anyway...
cRTrn13 is offline   Reply With Quote
Old 7th October 2009, 19:43   #17  |  Link
kreet
Registered User
 
Join Date: Jul 2009
Posts: 41
the key space is 128 bits, not 64.

bazzerr: processing keys are randomly selected using a strong true-rng. there is no 'starting address code'. you would need to attempt each and every one of the 340282366920938463463374607431768211456 keys.

(you could probably eliminate the values of all known processing keys for previous mkbs, and all known revoked device-keys, but that only cuts a hundred or so off that number. hardly a difference

in addition the operation necessary to verify that a key is good is two AES operations. 1 to generate a volume-unique key from the processing key and volume-identifier, and 1 to generate a title key from the volume-unique key and the encrypted title key.

a heavily optimized application could probably get around 5000-10000 tests per second. lets be generous and say we can squeeze out 10000 seconds. wed still need 34028236692093846346337460743176821 seconds!

thats 486117667029 times the number of stars in the universe!

as for your distribution idea. lets say there are 6.5 billion people on earth. lets say half (gross overestimate!) of those have computers, and that each of those computers can achieve our 10000 attempts per second (well round it up to 4 billion, to ease the math):

>>> ((2 ** 128)/10000)/(4 * (10**9))
8507059173023461586584365L

thats still a lot of seconds

bottom line: brute forcing the processing key is always a joke!
kreet is offline   Reply With Quote
Old 7th October 2009, 19:49   #18  |  Link
cRTrn13
Registered User
 
cRTrn13's Avatar
 
Join Date: Aug 2009
Posts: 31
Well a sperm whale was suddenly and instantly called into existence moments before hitting the ground, but that didn't stop Douglas Adams from writing a book about it!

@kreet
10000 tests per second is generous anyway.

Maybe a parallel FPGA array could handle it?? Could pipe through a lot more than 10000 tests/sec...

Last edited by cRTrn13; 7th October 2009 at 19:52.
cRTrn13 is offline   Reply With Quote
Old 7th October 2009, 19:59   #19  |  Link
kreet
Registered User
 
Join Date: Jul 2009
Posts: 41
cRTrn13:

(wow! thats hard to type!)

even with dedicated hardware it would be practically impossible. sfaik, the biggest key cracked with fpgas was a DES 56 bit key. even that takes a few days, and hundreds of thousands of dollars. remember that each additional bit in the key DOUBLES the time needed to search the space.

"The amount of time required to break a 128-bit key is also daunting. Each of the 2128 (340,282,366,920,938,463,463,374,607,431,768,211,456) possibilities must be checked. A device that could check a billion billion keys (1018) per second would still require about 1013 years to exhaust the key space. This is a thousand times longer than the age of the universe, which is about 13,000,000,000 () years."

http://en.wikipedia.org/wiki/Brute_force_attack <-- end of story
kreet is offline   Reply With Quote
Old 10th October 2009, 21:27   #20  |  Link
NeonMan
Registered User
 
NeonMan's Avatar
 
Join Date: Nov 2007
Posts: 80
Has anyone reviewed the code to see what it does?

processing keys are randomly selected using a strong true-rng. there is no 'starting address code'. you would need to attempt each and every one of the 340282366920938463463374607431768211456 keys.

It wouldn't be the first time a DRM used a shortened keyspace and a flawed PRNG (CSS anyone?)
__________________

< War is Peace; Freedom is Slavery; Ignorance is Strength!>
^__^
(oo)\_______
(__)\.......)\/\
. . ||----w |
. . || . . ||
NeonMan is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 21:13.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2019, vBulletin Solutions Inc.