Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion.

Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules.

 

Go Back   Doom9's Forum > General > Decrypting

Reply
 
Thread Tools Search this Thread Display Modes
Old 25th May 2007, 17:42   #1  |  Link
aKzenT
Registered User
 
Join Date: May 2007
Posts: 18
AACSTree - A program to visualize the AACS tree / MKB

Hello,

this is my first post in this forum, but I have been following the discussions arround AACS here for quite some time now.

Reading threads like this:
http://forum.doom9.org/showthread.php?t=122363

helped me a lot to understand AACS and especially the subset difference method that is used by AACS.

After understanding the Subset Difference technique, I thought it would be cool to visualize the AACS tree with the subset differences, so that you can actually see which devices are revoked and which are not.

And apparently I'm not the only one
Quote:
Originally Posted by arnezami View Post
The same area covered by the new mkb:
Code:
umask:uv number

05:0000001C
[...]
The rest is all the same. So only the first tree has been divided.

It would be pretty cool to illustrate this graphically .
So I wrote a small tool called AACS Tree, which does exactly that.

The program including the source code is attached. You need the .NET Framework 2.0 if you don't have it installed already.

At the moment you can only load the MKBv1 and MKBv3 which are hardcoded in the program. My next goal is to be able to load an mkbrom.aacs directly to support future MKBs.
Unfortunately I don't have an mkbrom.aacs file to play with, so if anyone could send me one I would be very happy.

Also attached you will find 2 pictures of the MKBv3 that were saved from AACSTree.

If you look at the mkb2_large.png while reading this post from FoxDisc:
http://forum.doom9.org/showthread.ph...20#post1004720

you can see that it is exactly what he is describing.

Please try this out and tell me what you think about this. Also if you find bugs or if you would like a feature to be added please let me know.

In the next post I will give you some tips and tricks to use the program.

Image of the MKBv3:


Image of the MKBv3 with all nodes below the first difference node expanded.




edit (2007-06-01): Until the download is approved, you can download the new version here: http://www.sendspace.com/file/d5nwai
Attached Files
File Type: zip AACSTree.zip (130.1 KB, 548 views)

Last edited by aKzenT; 1st June 2007 at 11:24. Reason: new version, see below; corrected MKBv2 to MKBv3
aKzenT is offline   Reply With Quote
Old 25th May 2007, 17:57   #2  |  Link
aKzenT
Registered User
 
Join Date: May 2007
Posts: 18
Some tipps and tricks:

To get started go in the menu and select Load MKB > v1 / v2 > First Subtree.

First Subtree means that only the SD sets of the first of the 512 master trees are shown. Complete means that all subset differences (the actual mkb) are included, but this will result in a very big tree.

Click a node to expand or collapse a node.

If you strg-click a node you can expand the tree 9 levels deep starting from the node (be careful with this, because it can make your tree very big)

Use + and - to zoom in and out.

In the top left corner you can see a small box with some information about the node you are currently hovering.

The Path is given in the form 0xXXXXXXXX/MM where X is the binary path from the root of the tree to the node as a hexadecimal number and MM is the number of significant bits in the path value.

The uv number is the same that you find in the mkb.

The "Member Of:" part shows you which Subset-difference-sets in the mkb this node could use to decode a movie.


Nodes labelled S are the Subset nodes in the MKB, nodes labelled D are the Difference nodes. Everything below a difference node is revoked and therefore displayed red. Green nodes are part of at least one subset-difference.

Enjoy!

Last edited by aKzenT; 25th May 2007 at 18:06. Reason: coloring explained, getting started section
aKzenT is offline   Reply With Quote
Old 25th May 2007, 18:08   #3  |  Link
arnezami
Registered User
 
Join Date: Sep 2006
Posts: 390
This sounds really cool .

Can a mod please approve the links? Thanks.

Or aKzenT: maybe upload the files to http://www.sendspace.com/

Eager to see this...

arnezami
arnezami is offline   Reply With Quote
Old 25th May 2007, 18:12   #4  |  Link
FoxDisc
Registered User
 
Join Date: Jan 2007
Posts: 274
Quote:
Originally Posted by aKzenT View Post
After understanding the Subset Difference technique, I thought it would be cool to visualize the AACS tree with the subset differences, so that you can actually see which devices are revoked and which are not.
I'd like to look at your images, but that has to wait until they are approved unless you want to post them elsewhere.

Did you write the program to work in 2-D (single tree) or 3-D (parking garage floors starting at each node)? Did you use the full 32 level tree or the 23 level tree?

Ultimately, I think it would be great to have a 3-D tree that shows all the past and present S-D sets and labels all the devices/software players with their assigned device numbers. I'm not sure how valuable it would be, but it might start to throw some light on the whole device assignment and LA revocation process.
FoxDisc is offline   Reply With Quote
Old 25th May 2007, 18:14   #5  |  Link
FoxDisc
Registered User
 
Join Date: Jan 2007
Posts: 274
Quote:
Originally Posted by arnezami View Post
Can a mod please approve the links?
It just occurred to me - aren't we without a moderator right now? These may never get approved.
FoxDisc is offline   Reply With Quote
Old 25th May 2007, 19:37   #6  |  Link
aKzenT
Registered User
 
Join Date: May 2007
Posts: 18
Hey,

it uses 2d since I don't know how you could present that in 3d in an understandable way. The floor / parking garage metaphor is good, but I don't think it works that well if you apply it to the full 32 or 23 level tree (since you cannot show the complete tree).

It uses the 32 level tree, but for the mkb you can choose to ignore all but the first subtree.

The links are all approved, but I removed the images, since they were a little too large. They are now hosted on imageshack.

What else (beside the subset differences) would you like to see visualized with this? I have written the source code so that I can easily add and remove visualizations. For example I thought of adding a visualization that shows the device keys a device has if you hover over the device node.

btw, could one of you send me an mkbrom.aacs file so I can finish my real mkb loader?

Last edited by aKzenT; 25th May 2007 at 20:16. Reason: images now hosted on imageshack
aKzenT is offline   Reply With Quote
Old 25th May 2007, 20:11   #7  |  Link
arnezami
Registered User
 
Join Date: Sep 2006
Posts: 390
It looks very good. You can clearly see now which nodes are revoked. Well done! **


Using my own handcalculations everything is exactly the same exept for one part in your picture:



My calculations made me come to the conclusion that nodes 30-33h (if you start counting with 00) are not revoked. Will have to look into that. --- [edit] removed something: was incorrect ---

[edit]Seems my hand-calc was wrong here. Meaning 30-33h are revoked. Too tired now to be accurate. But looks like your picture/program is perfect.

arnezami

** I haven't tried the program itself yet (don't like to install .net on this system) but judging by the pictures: well done.

Last edited by arnezami; 25th May 2007 at 21:45.
arnezami is offline   Reply With Quote
Old 25th May 2007, 20:22   #8  |  Link
FoxDisc
Registered User
 
Join Date: Jan 2007
Posts: 274
Quote:
Originally Posted by aKzenT View Post
it uses 2d since I don't know how you could present that in 3d in an understandable way.
I've been trying to wrap my mind around the full tree, with all processing keys, device keys, devices and MKBs with all the S-D sets, and I keep coming up with the 3-D layered tree picture.

I presume you've read the AACS specs and they use a layered 3-D picture to ilustrate S-D sets.

I had in mind a 3-D configuration that could be collapsed to 2-D to show revoked and allowed devices for specific MKBs, as you do now. In the 3-D mode you would be able to scroll vertically in sections to see any specific layer/parking garage floor. That would let you see multiple MKBs at the same time. You could eliminate all floors that have no S-D sets on them, which would make visibility better and you could collapse multiple floors (like the full 2-D collapse that you are showing now,) but limited to defined ranges of floors. To distinguish MKBs, you'd use color coding. The nodes at the bottom would be labeled with the manufacturer and software version of the player.

Perhaps something like the eDrawings 3-D viewer from SolidWorks that lets you check out 3-D models could be used.

I know - way too much effort for a simple visualization tool.
FoxDisc is offline   Reply With Quote
Old 25th May 2007, 20:49   #9  |  Link
aKzenT
Registered User
 
Join Date: May 2007
Posts: 18
@arnezami:
edit: removed (see arnezamis edit)

@FoxDisc:
The AACS specs use a layered picture, but they show only one layer for each "sublevel" instead of 2,4,8,...

But I agree that this could work and that it is too much effort ;-) And I actually find it now easier to understand in the 2d space. You just have to understand that a device key is not a single node in the tree but a combination of two nodes.

Last edited by aKzenT; 25th May 2007 at 20:58.
aKzenT is offline   Reply With Quote
Old 25th May 2007, 20:52   #10  |  Link
arnezami
Registered User
 
Join Date: Sep 2006
Posts: 390
Quote:
Originally Posted by aKzenT View Post
--- Not relevant anymore. ---
Sorry. You must have missed my edit. Your program is working perfectly .



arnezami

Last edited by arnezami; 25th May 2007 at 21:15.
arnezami is offline   Reply With Quote
Old 25th May 2007, 20:56   #11  |  Link
FoxDisc
Registered User
 
Join Date: Jan 2007
Posts: 274
Quote:
Originally Posted by aKzenT View Post
But I agree that this could work and that it is too much effort ;-)
I drew up a little map when I was working it out, and like you - I did it in 2-D.
FoxDisc is offline   Reply With Quote
Old 25th May 2007, 21:14   #12  |  Link
aKzenT
Registered User
 
Join Date: May 2007
Posts: 18
@arnezami: yes I missed your edit, but I'm happy that my program works fine ;-)

I am thinking of adding some labels to special nodes. e.g. labeling the first node as the first processing key or labelling known revoked players. Do we know the device nodes of some players? E.g do we know which of the revoked nodes is PowerDVD?

Also could someone please upload a plain mkb file somewhere, so that I can try to load them directly in my program. I don't own a HDDVD player myself.

aKzenT is offline   Reply With Quote
Old 25th May 2007, 21:19   #13  |  Link
arnezami
Registered User
 
Join Date: Sep 2006
Posts: 390
Quote:
Originally Posted by aKzenT View Post
@arnezami: yes I missed your edit, but I'm happy that my program works fine ;-)

I am thinking of adding some labels to special nodes. e.g. labeling the first node as the first processing key or labelling known revoked players. Do we know the device nodes of some players? E.g do we know which of the revoked nodes is PowerDVD?

Also could someone please upload a plain mkb file somewhere, so that I can try to load them directly in my program. I don't own a HDDVD player myself.

Look in your pm box .

I was thinking something about colors like I do in my examples (when dealing with multiple layers). Still 2D but it is more clear that there is more than one level. Not sure if that would be easy in any way though...

Either way this is already very cool .

arnezami

Last edited by arnezami; 25th May 2007 at 21:36.
arnezami is offline   Reply With Quote
Old 25th May 2007, 21:26   #14  |  Link
arnezami
Registered User
 
Join Date: Sep 2006
Posts: 390
As an aside: looking at these pictures I have to admit the Subset Difference Technique is quite an accomplishment. I'll give them that (well the cryptographers that invented it).

Its a very clever system by itself.

Of course AACS as a whole is plagued by implementation (security) issues...

Last edited by arnezami; 25th May 2007 at 21:42.
arnezami is offline   Reply With Quote
Old 25th May 2007, 21:33   #15  |  Link
awhitehead
Registered User
 
Join Date: Jan 2007
Location: Tel-Aviv, Israel
Posts: 185
Very neat!

Thank you for writing this tool - it makes things alot clearer.

Now come the questions.... *runs*

This is a bit of a general question: With MKB v3 (Am I correct in understanding that original MKB was reporting itself as version 1, and now with Matrix HD-DVDs, etc the version that MKB is reported is 3? Amazon delayed my Matrix box set, so I can't check for myself *grumble*) a few devices got rewoked. We know which nodes they are on the tree, but do we know what player corresponded to which node?

It is speculated that WinDVD 8 JP and at least PowerDVD 6.5 keys were revoked (Was PowerDVD 7.1 revoked?). To which nodes to those devices correspond?

Lastly, set top players are using a different subtree then software players, right? Where on the big picture are they? Another branch off node 9 from the top of the big picture?

(Coincidentially, anyone has a legitimate license for PowerDVD 6.5? Maybe it was shipped with your Toshiba Cosmio Laptop? Did PowerDVD 6.5 get an official update as well?)
awhitehead is offline   Reply With Quote
Old 25th May 2007, 21:40   #16  |  Link
aKzenT
Registered User
 
Join Date: May 2007
Posts: 18
Quote:
Originally Posted by arnezami View Post
Look in your pm box .

Quote:
Originally Posted by arnezami View Post
I was thinking something in the lines of colors like I do in my examples (when dealing with multiple layers). Still 2D but it is more clear that there is more than one level. Not sure if that would be easy in any way though...
I will look at this. The current view is probably best to show the revocations. If you want to explain how a device can or cannot get to an processing key an layer or coloring approach may be better.

Quote:
Originally Posted by arnezami View Post
Either way this is already very cool .
aKzenT is offline   Reply With Quote
Old 25th May 2007, 22:07   #17  |  Link
FoxDisc
Registered User
 
Join Date: Jan 2007
Posts: 274
Quote:
Originally Posted by aKzenT View Post
I am thinking of adding some labels to special nodes. e.g. labeling the first node as the first processing key or labelling known revoked players. Do we know the device nodes of some players? E.g do we know which of the revoked nodes is PowerDVD?
As I suspect you know, the first node is a pseudo device. It was "revoked" with MKB v1. I call it a pseudo device because no device issued that device number could decrypt any of the first set of discs. Interestingly, it was unrevoked with the last MKB v2.

That node also corresponds to multiple Processing Keys and their matching Device Keys - there's one at that node per floor. One of those PKs (on the largest floor) is the famous 09 f9 key.

I don't think anyone has publicly identified any device numbers.
FoxDisc is offline   Reply With Quote
Old 25th May 2007, 22:08   #18  |  Link
aKzenT
Registered User
 
Join Date: May 2007
Posts: 18
Quote:
Originally Posted by awhitehead View Post
Very neat!

Thank you for writing this tool - it makes things alot clearer.


Quote:
Originally Posted by awhitehead View Post
Now come the questions.... *runs*

This is a bit of a general question: With MKB v3 (Am I correct in understanding that original MKB was reporting itself as version 1, and now with Matrix HD-DVDs, etc the version that MKB is reported is 3? Amazon delayed my Matrix box set, so I can't check for myself *grumble*) a few devices got rewoked.
If this is in fact v3, then I mislabelled this mkb as version 2. I will correct that in the next version.

Quote:
Originally Posted by awhitehead View Post
We know which nodes they are on the tree, but do we know what player corresponded to which node?

It is speculated that WinDVD 8 JP and at least PowerDVD 6.5 keys were revoked (Was PowerDVD 7.1 revoked?). To which nodes to those devices correspond?
This is what I also want to know. I don't know if anyone here has information about this?

Quote:
Originally Posted by awhitehead View Post
Lastly, set top players are using a different subtree then software players, right? Where on the big picture are they? Another branch off node 9 from the top of the big picture?
We assume that, but we don't know that for sure.
If this is in fact true, then it would be on the same level as the first S node, possibly the other child of node 9.
You can try to load the complete tree in the program too see all possible subtrees.
aKzenT is offline   Reply With Quote
Old 25th May 2007, 22:26   #19  |  Link
aKzenT
Registered User
 
Join Date: May 2007
Posts: 18
Quote:
Originally Posted by FoxDisc View Post
As I suspect you know, the first node is a pseudo device. It was "revoked" with MKB v1. I call it a pseudo device because no device issued that device number could decrypt any of the first set of discs. Interestingly, it was unrevoked with the last MKB v2.
I was also wondering about this. But I suppose it makes sense, because keeping it revoked would only waste space in the mkb.

Quote:
Originally Posted by FoxDisc View Post
That node also corresponds to multiple Processing Keys and their matching Device Keys - there's one at that node per floor. One of those PKs (on the largest floor) is the famous 09 f9 key.
Yes, you are right. Labeling the first node as a special processing key would probably do more harm than good in explaining how AACS works.

Quote:
Originally Posted by FoxDisc View Post
I don't think anyone has publicly identified any device numbers.
I was afraid of that...
aKzenT is offline   Reply With Quote
Old 27th May 2007, 10:05   #20  |  Link
Pata
Registered User
 
Join Date: Feb 2007
Posts: 13
You can use this program to make this maps.

http://www.research.att.com/sw/tools/graphviz/
Pata is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 05:40.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.