Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion.

Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules.

 

Go Back   Doom9's Forum > General > Decrypting

Reply
 
Thread Tools Search this Thread Display Modes
Old 3rd January 2007, 11:24   #281  |  Link
OverlordQ
Registered User
 
Join Date: Jul 2005
Posts: 18
Eh that's what I get for skimming lol, I saw Volume ID but I missed the Volume Key parts
OverlordQ is offline   Reply With Quote
Old 3rd January 2007, 11:36   #282  |  Link
karandras
Registered User
 
Join Date: Dec 2006
Posts: 3
Keys

You don't have to make a search on volume key but on Volume Unique Key.
But i haven't found any interresting informations on how to get any keys.
I have all the hadware requirement to test. So if somebody have an idea...
karandras is offline   Reply With Quote
Old 3rd January 2007, 12:01   #283  |  Link
hajj_3
Registered User
 
Join Date: Mar 2004
Posts: 1,120
am i the only person who's completely confused??

hope you can bring out a new version soon muslix64, even if you only post here once a month like you did yesterday along with a new release.

hope 1.01 will have a windows interface, that would be cool!

i hope you can find the keys and release them on p2p!

p.s you should update the first post on this thread with the link to version 1.00 otherwise people who dont read all these pages wont know there is a new version out.

Last edited by hajj_3; 3rd January 2007 at 12:09.
hajj_3 is offline   Reply With Quote
Old 3rd January 2007, 13:00   #284  |  Link
Hellreaper
Registered User
 
Join Date: Dec 2006
Posts: 8
If this is real after all (I'm still not sure) then I'm getting it.

muslix64 has problems with his/her conscience.

muslix64 wants to show that he/she has found a weakness, but she/he does not want to be fully responsible for major piracy issues. (which would definately come up)

I don't believe muslix64 is afraight of getting caught.
Hellreaper is offline   Reply With Quote
Old 3rd January 2007, 14:24   #285  |  Link
evdberg
Registered User
 
Join Date: Dec 2006
Posts: 202
Quote:
Originally Posted by neviens View Post
Better pay attention to CLDShowX.dll library, it's the only file
with all necessary crypto functions (Rijndael aka AES, SHA1,
ECC) into.
On what grounds do you come to this conclusion?
evdberg is offline   Reply With Quote
Old 3rd January 2007, 14:50   #286  |  Link
Guest
Guest
 
Join Date: Jan 2002
Posts: 21,901
Quote:
Originally Posted by vsv View Post
I searched more info about BackupHDDVD and have found interesting files.
Struck for posting warez. Don't do it again.
Guest is offline   Reply With Quote
Old 3rd January 2007, 15:15   #287  |  Link
vsv
Registered User
 
vsv's Avatar
 
Join Date: Mar 2002
Location: kitchen
Posts: 146
neuron2
But how to know warez this or not?
In description of these files i can't see word "warez"...
Thank you.
vsv is offline   Reply With Quote
Old 3rd January 2007, 15:30   #288  |  Link
Guest
Guest
 
Join Date: Jan 2002
Posts: 21,901
@vsv

Now you're posting off-topic. You can challenge strikes through proper channels.
Guest is offline   Reply With Quote
Old 3rd January 2007, 17:21   #289  |  Link
zeroprobe
Registered User
 
Join Date: Jan 2002
Posts: 155
we need somewhere to discuss and share everything on this.

Last edited by zeroprobe; 3rd January 2007 at 17:27.
zeroprobe is offline   Reply With Quote
Old 3rd January 2007, 18:55   #290  |  Link
generalnewbie
Registered User
 
Join Date: May 2003
Posts: 22
what ive gathered

From what ive gathered this info might be helpful to more info and ill share it here

Memory.dmp--you can generate the Memory.dmp file by holding CTRL on the right side of the spacebar while you press SCROLL LOCK two times. Not verified to work but someone said it may......

Windows XP Service Pack 2 Support Tools has a command called dumpchk that will verify the dump and display information about it. This command can be found in the Windows XP Support Tools. The easiest way to run it is to copy the dumpchk.exe into the same folder as the memory.dmp file.

IE c:\windows\memory.dmp

At a command prompt in this folder run the command “dumpchk memory.dmp”.


To really dig into the memory.dmp file you will need to use the Microsoft Debug Tools. You also need the correct symbols for the os that the memory dump came from. These can be downloaded here.
http://www.microsoft.com/whdc/devtoo...nstallx86.mspx
http://www.microsoft.com/whdc/DevToo...symbolpkg.mspx

After all that is installed, open up the Debug program windbg. It can be found in the start menu. First set the symbol path, by clicking File, symbol path; and add the path that you installed the symbols to. Default is c:\windows\symbols.

To open up the memory.dmp file, select File, Open Crash dump. It will first show the same info that dumpchk displayed. To get more detailed info, enter this command: !analyze -v. This will display a much more detailed analysis of the problem. Some other useful things you can look at are the call stack (View, Call Stack) to see what system calls were being run when the crash occured, registers (view, registers) to see what registers were being used, and the actually memory (view, memory) to view the contents of the memory when the crash occured. You could also view the dissassembly to see what code was running.
generalnewbie is offline   Reply With Quote
Old 3rd January 2007, 18:56   #291  |  Link
CAFxX
Stray Developer
 
CAFxX's Avatar
 
Join Date: Mar 2003
Location: Italy
Posts: 82
[OT]
Quote:
Originally Posted by zeroprobe View Post
we need somewhere to discuss and share everything on this.
Then switch to some kind of darknet.
TOR hidden services or Freenet websites should do.
[/OT]
__________________
CAFxXcrossway, a collection of my projects
CAFxX@strayorange, my blog

Last edited by CAFxX; 3rd January 2007 at 18:59.
CAFxX is offline   Reply With Quote
Old 3rd January 2007, 19:26   #292  |  Link
dukey
Registered User
 
Join Date: Dec 2005
Posts: 560
Brute forcing the memory for keys should work. The title key or whatever is needed to actually decrypt the content of the disc will probably be stuck on the heap as aposed to the stack as it will probably need to outlive the scope of the decryption functions

Someone suggested the key will be in the registers .. well it will be eventually but i guess the key is probably bigger than the current x86 registers so probably easier to get it out of mem.

I can't really see how you can protect against this hack.
dukey is offline   Reply With Quote
Old 3rd January 2007, 19:44   #293  |  Link
CAFxX
Stray Developer
 
CAFxX's Avatar
 
Join Date: Mar 2003
Location: Italy
Posts: 82
Quote:
Originally Posted by dukey View Post
I can't really see how you can protect against this hack.
TPM (sigh!)
__________________
CAFxXcrossway, a collection of my projects
CAFxX@strayorange, my blog
CAFxX is offline   Reply With Quote
Old 3rd January 2007, 19:45   #294  |  Link
Gradius
RPC-1 to people
 
Join Date: Sep 2003
Location: from Mars to Earth
Posts: 39
You can just look @ C:\program files\CyberLink\PowerDVD (6.5 HD) and check what "some specific files" do.

I doubt is on registry, must be on memory (RAM).

I do not have a HD-DVD, nor HD-DVD movies, so I cannot try it by myself.
__________________
Gradius

Living in Mars is nice!
Gradius is offline   Reply With Quote
Old 3rd January 2007, 19:47   #295  |  Link
Gradius
RPC-1 to people
 
Join Date: Sep 2003
Location: from Mars to Earth
Posts: 39
Quote:
Originally Posted by CAFxX View Post
TPM (sigh!)
Keep the old good ones working, never buy ANY TPM/TPC compliant.
__________________
Gradius

Living in Mars is nice!
Gradius is offline   Reply With Quote
Old 3rd January 2007, 19:58   #296  |  Link
Lord_KiRon
Registered User
 
Join Date: Aug 2002
Posts: 151
From what I had understood EACH AND EVERY HD-DVD TITLE has it's own volume key (or more).
Like "Superman" released in US has it's own volume key ,"Superman" released in Europe has it's own volume key , "Enter the dragon" released in US has it's own volume key, etc...
Morever even same title like "Superman" released in US can have SEVERAL volume keys like one for disks produced in October-November and one for disks produced in December-February, etc ...

This means for each HD-DVD disk someone will need to find a right volume key , not just once per player or even one per title.

This means this someone need to post it somewhere to be accessible by other users and therefor this someone can be sued.

Also since wast majority of users will not be able to extract Title key for every disk they put in their drive by themselves they will need someone to do it for them.

No Automatic key extraction software will be possible, let's say someone for example develop such software that uses speciffic version of PowerDVD (just for example it can be any other software player even on Vista 64 despite all the protections built-in) to extract volume key. Then very soon studios will block that player's key (so it will not play new titles at all) and PowerDVD will release new version with new player key.
So no reason to stick with old version and new version can't be "harvested" for keys automatically.


All the above means that probably same as with ISO "releases" one of two "industries" will develop :

1. "Indexing" sites that hold a lot of volume keys for different versions of the movies.

2. "Images" releases same as cracked games will spread on Torrent or other P2P networks with already decoded versions of HD-DVDs same way as now they "release" images of games with crack.
(This option I believe more feasible, after all what is 25 or even 50GB for Torrent ? And internet speeds continue to increase all the time).

In both cases it will be either professional programmers that will do the debugging (like now only few people in the world do software cracking) or people around industry steal volume keys (like now steal games before they even get released).

So that's my analysis on the future of HD-DVD (and probably BD too).
This means no "immediate" threat for studios, there will be no such programs as DVDDecriptor for DVDs that any kid can use at home to decrypt but in a long run - yes, AACS IS cracked.

I think for the studios it's again (like with CSS or/and region protected DVDs) the situation becoming worse then if no protection were used since legal user will have many limitations (streaming for example if forbidden etc) while pirates will have more "usable" versions.

Last edited by Lord_KiRon; 3rd January 2007 at 20:10.
Lord_KiRon is offline   Reply With Quote
Old 3rd January 2007, 20:45   #297  |  Link
noclip
Registered User
 
Join Date: Dec 2006
Posts: 154
I have a theory for how to figure out where to find a key for any given player application after PowerDVD 6.5 HD gets revoked (you know it's coming).

Say you picked some HD-DVD available in stores today and figured out its keys via Muslix's PowerDVD exploit. You now have a copy of the decrypted key. You would then play back that same disk for which you already know the key in any other current or future HD-DVD playing application. You would then watch memory (knowing in advance the decrypted key) for the decrypted key to appear and remember the memory location where it was found.

Now you know where in memory decrypted keys are kept and you can play any other disk, go to the same memory location, and there's the decrypted key.

A program could easily be written to automate all of this.
noclip is offline   Reply With Quote
Old 3rd January 2007, 21:01   #298  |  Link
Adub
Fighting spam with a fish
 
Adub's Avatar
 
Join Date: Sep 2005
Posts: 2,699
Good thought process. Except for that fact that we are not sure that Muslix64 even used PowerDVD to find the keys in the first place. Although it does look that way, we should totally assume anything.
__________________
FAQs:Bond's AVC/H.264 FAQ
Site:Adubvideo
Adub is offline   Reply With Quote
Old 3rd January 2007, 21:32   #299  |  Link
maksa
Registered User
 
Join Date: Apr 2004
Location: NTSC R1
Posts: 173
Let's look logicaly...

1. Task is to encript content and deliver it to the public without discovering the keys for decription.
2. At the same time they have to give you (user) the key in some form so you can watch the movie.
3. You own the player, soft or standalone and have acces to it.
4. If you have the acces to it, you could extract the keys or the algorithm in theory - everyhing should be there.
5. Main rule for authrized decription is not followed. Key is public on the media side, key is public on the player side.
Even encripted, they are accesible.
6. Only way to have message secure is to have user specific key that only he/she knows (public/private key scheme).
7. In this case "private" key is accesible (in some way) by "malevolent hacker'.
8. Logical conclusion is that there is now way to protect content available to all public in secure way. It is just matter of time spent to get there.
9. If we remember Enigma machine, only way English could decipher it was to get hands on code book and a machine. Germans changed the code, but too late, and the alghoritm wasn't changed for the compatibility reasons (sounds familiar for standalones). I am not saying that it couldnt be done brute force at the end, language is closed set and it has its own distribution and syntaxe, but it would take indefinite time.
10. AACS alghoritm was made public, keys are out there, so only logical conclusion is - it could be done!

I am not a programmer, have no clue how to do it, but please comment on above statements.
I figure, the only reason for content scrambling is to stop "average joe" to copy movies. Remember NagraVision 2, it was praised as unbrakable, Asian sat dealrs were offering 1M$ for a solution, I know (and you too) that money is collected.
The only way to secure something is to keep one part secret (totally, not encrypted in some form and accesible), either private key or algorithm, or content probability distribution. All else is just increasing workload. Having computers and smart hackers out there, even workload could be shortened.
just my 2c...
Regards...
maksa is offline   Reply With Quote
Old 3rd January 2007, 21:33   #300  |  Link
Mtz
Registered User
 
Mtz's Avatar
 
Join Date: Sep 2003
Location: On The Beach
Posts: 714
Quote:
And insecure players will always exist, in fact you can extract keys from any player! (by Muslix64)
Quote:
Lanier's point was that AACS has the ability to revoke compromised keys. AACS can revoke a compromised key with future HD DVD releases.
The way keys are revoked is by putting the revocation information on future releases. For instance, if a title key is revoked, the revocation information is stamped onto all future HD DVD releases, every title. When the disc is inserted in a player for the first time, the player's memory is updated with the revocation information. At that point, the compromised title will no longer play. (Chris Lanier, a Microsoft MVP for Digital Media products)
Some of us can mod firmware of a standalone player, usually the Mediatek based. From this players the firmware can be extracted using a serial cable.
As Lanier said, if a player will be upgraded with some revocation, comparing the firmware after and before inserting new HDDVD disc will give us some informations. The wrong step from them is to release a disc which include revocation.
Another way is to read the memory dump from the player when inserting a HDDVD disc. I never made this type of dump, but some people already did it when hacking the Mediatek firmwares.

Edit:
Quote:
The title keys are used to decrypt media files. You can have up to 64 title keys on a disk. (by Muslix64)
And all this 64 keys must to be in the player firmware, no?

enjoy,
Mtz

Last edited by Mtz; 3rd January 2007 at 21:48.
Mtz is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 18:29.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.