Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
3rd January 2007, 21:45 | #301 | Link | |
Registered User
Join Date: Aug 2002
Posts: 151
|
Mediatek does not have HD-DVD players (yet) , the current one is Toshiba which is basically PC which makes it easier to hack in.
The problem can be the OS they use, if it's something of their own if will be really hard to hack but if it's Windows or Linux based ... Quote:
Title keys is different from player keys , different from volume keys. |
|
3rd January 2007, 22:02 | #303 | Link |
Registered User
Join Date: Apr 2002
Posts: 306
|
Or perhaps I2P. The "Off Topic" area of the I2P forums would be one place to start a thread to discuss further communications options, while keeping the doom9 thread "on-topic." There may be other I2P sites that would be appropriate and I2P seems to be working better, of late, and could certainly use more users. But yes, it would be nice if someone could anonymously host a forum using Tor hidden services or I2P.
|
3rd January 2007, 22:08 | #304 | Link |
Registered User
Join Date: Dec 2006
Posts: 27
|
I've been chomping at the bit to post (had to wait 5 days after registering).
I'm very surprised that muslix64 has been taken so seriously on the flimsiest of evidence. I actually had to laugh when I saw that Reuters had picked up the story. Granted, muslix64's story could be legit, but so could anyone else making the claim and offering no evidence. It's nice to see a few more doubters over the last few days. Don't be fooled by some code that hashes the title key file and then twiddles bits. The code could be 100% legitimate and fully capable of decrypting the movie, but what does that prove other than that muslix64 was able to put together a java app using some standard decryption libraries. I'm also bothered by the vague references to finding the key in memory. Why not be more specific? Why not say when X function is called the stack contains the key, etc? Why conveniently pop up, answer no question, conveniently pop up again, answer no question, then conveniently take a vacation? He says that the key was easy to find, so could this be the reason he didn't think he needed to offer any more help? If so, one would think someone else having the decrypt code all done for them could have verified the story. Would anyone have taken this story very seriously if it were just a video on youtube? If not then you probably shouldn't be taking it seriously, because that's basically all it is. What muslix64 has added is some unverifiable code (without the key it does noting useful) and he has popped into this forum and said virtually nothing. So what do we have as evidence? I'd say nothing. I've looked at some of the calls to crypto routines in the DLL mentioned earlier in the thread. All I see is some stuff doing secure key exchanges and key BLOBs (which you can search for on MSDN). I don't claim to know how this stuff works or how you could ever use a key without it being in the clear in memory at some point unless the decryption is done in hardware. What hardware would that be, though? What are the hardware requirements for HD and BD DVD? Does it require a video card with HDCP to play at all and if so is the decryption done in hardware on the card? The PowerDVD people claim the key is not kept in memory. Could they be lying? Yes, but if so they'll eventually be caught in a lie. Since keeping the key in memory would be an obvious and huge security hole, their story seems more believable than muslix64's claim (which he offers no evidence for). Another question I would have for muslix64 if he weren't "taking a vacation" is, why hash the entire key file in the first version of his app? Couldn't the encrypted title key in that file have been used as an ID avoiding the sha1 hash? Was it simply a design choice? Last edited by NghtShd; 3rd January 2007 at 22:11. |
3rd January 2007, 22:32 | #305 | Link | |||
Registered User
Join Date: Apr 2002
Posts: 306
|
Quote:
Quote:
1. Main DRAM memory. (The obvious place). 2. Files/Registry. 3. CPU Cache (unlikely to remain there--under Windows memory mgmt.) Disable cache. 4. CPU Registers (ultimately and fleetingly, a certainty) 5. FPU Registers (at 80 bits maximum, how likely?) 6. Swap files. Disable virtual memory. 7. On the HD-DVD drive. (Seems unlikely across the USB interface and do drives have any volatile/flash memory?) Quote:
Last edited by calinb; 3rd January 2007 at 22:37. |
|||
3rd January 2007, 22:44 | #307 | Link | |
Registered User
Join Date: Dec 2006
Posts: 154
|
My take on the possible locations:
Cyberlink denies it but they have a pretty big vested interest. This is very likely. At the lowest level, the key would still have to be loaded into memory and ultimately registers to use it, so this possibility can be ignored with 100% certainty. Quote:
A breakpoint on the decryption routine would discover it here, this should be the top priority. Can be safely assumed not to be the case. This should be pursued as a second priority after CPU registers. Extremely unlikely. I almost want to say it can be safely ignored. |
|
3rd January 2007, 22:57 | #308 | Link | |
Registered User
Join Date: Dec 2006
Posts: 27
|
Quote:
|
|
3rd January 2007, 23:11 | #309 | Link |
Registered User
Join Date: Apr 2002
Posts: 306
|
(WRT: files/registry)My point here isn't about any single location, but yes, there are places that can be ignored without precluding the finding of a solution. However, should they be ignored? Some places are easier to observe than others. Most commercial binary code isn't all that easy to observe and debug--even with SoftICE. Both observability and probability should be considered.
|
3rd January 2007, 23:26 | #310 | Link | |
Registered User
Join Date: Dec 2006
Posts: 16
|
Quote:
I am willing to do more research from here if people are willing to help me. I am running the same exact setup as the youtube video shows except I don't have copies of the movies that were used. I have a copy of Data Rescue Pro but I have no clue how to use it. |
|
3rd January 2007, 23:38 | #311 | Link | |
Registered User
Join Date: Jul 2005
Posts: 97
|
Quote:
EDIT - These are the 2 devices which show up when plugging into a mac/pc XBOX 360 HD DVD Memory Unit XBOX 360 HD DVD Player |
|
3rd January 2007, 23:39 | #312 | Link | |
Registered User
Join Date: Dec 2006
Posts: 27
|
Quote:
If we aren't to believe him then we're at square one. We don't even know which player, if any, is a viable target. Personally, I think we are at square one. I'm interested in the secure key exchange stuff. I've just started reading the AACS docs which so far haven't given me a clear picture of the sequence of event's which occur when a movie is played using a PC. Is it possible that the primary decryption is done inside the HD-DVD drive and the secure key exchange is for streaming encrypted compressed video to the player using the player's public key? |
|
3rd January 2007, 23:50 | #313 | Link |
Guest
Posts: n/a
|
A hint
Guess it's time to help you guys out ...
So far we know that somewhere in the vast place that makes up the memory of our computers there must be a code piece that feeds keys into a decryption algorithm. These keys may or may not be "in the open", i.e. residing in unprotected data pages. One possible attack vector might be to inspect the kernel mode driver that Cyberlink PowerDVD 7.x installs. However, the biggest challenge so far has been to identify the key data portion (volume/title/etc). It seems that some people in this and various other boards - most of them being of the non-technical nature - believe that Cyberlink conveniently stored them in memory as an easily detectable string, like "YO HAX0R DIS IZ DA KEY: 8F902A...". Not so. The key is a sequence of 8-bit values with no deterministic characteristic, i.e. it will look completely random (in the cryptographical sense). But all hope is not lost. The biggest strength of AACS - relying on proven and secure cryptography - is also its weakness. What muslix64's code, unfortunately, obfuscated due to its reliance on a Java-internal cryptography library is the fact that AES-128 (or AES-Rijndael, as it is called) uses - apart from some discrete algebra - several sets of constants, namely:
These constant sequences must occur in every implementation of AES-Rijndael since AACS mandates the use of standard implementations of AES-Rijndael. So start looking for occurences of 0x637c777b or 0x8d010204 (possibly with reverse byte-order), and trap/breakpoint the code that uses that data, then you'll have found the AES-128 decryption routines. The Rijndael key schedule is especially noteworthy since it's being fed the decryption key directly ... Last edited by honai; 4th January 2007 at 00:08. Reason: corrected spelling |
3rd January 2007, 23:56 | #315 | Link | ||||||
Registered User
Join Date: Jul 2003
Posts: 36
|
If we believe all this to be true, doesn't the author say in memory numerous times? I can't imagine he wouldn't say registers, if in registers, etc
i.e. from post 244 Quote:
Quote:
Quote:
I suppose it would help if we knew the experience level of our poster. Quote:
He seems to drop a hundred hints Quote:
Quote:
but I have browsed through all the documents/specs, and volume unique keys descriptions are all over the place, in this document and in that one. It could be all a joke, but very elaborate none the less, he would have done alot of studying to not have made a mistake that one of us would have found by now. |
||||||
4th January 2007, 01:32 | #320 | Link |
Registered User
Join Date: Apr 2005
Posts: 12
|
i can't believe there is so much speculation and hype about this HD-DVD decrypter that muslix64 has written.
all the guy did was write an implementation of an AACS decrypter in java, and he posted the source code. THIS IS NOT A DIFFICULT THING TO DO FOLKS-- YOU CAN DOWNLOAD THE DAMN SPEC FROM A PUBLIC WEBSITE FOR GODS SAKE. since i am a software engineer, i would write same damn program in a week too, and so could every other software engineer in the world worth his salt. ah but there is more to the story. muxlix64 goes on to claim that he's extracted volume keys from his HD-DVD disks-- now that is one hell of a claim and actually takes some skill. BUT HE PROVIDES NOT ONE SHRED OF PROOF THAT HE'S ACTUALLY DONE THIS. anyone with a camcorder could make a you-tube movie with a blacked-out text screen where one claims to have secret volume keys. until someone provides real evidence that they can reliably extract volume keys from an HD-DVD player, this whole damn thread is all one gigantic waste of time. let's recap: muslix64: i wrote an aacs decrypter. me: *yawn* muslix64: and i've extracted volume keys from my HD-DVD's me: wow that's amazing, show me. muslix64: no me: *yawn* |
|
|