Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
15th February 2007, 13:23 | #1 | Link |
Registered User
Join Date: Dec 2006
Posts: 202
|
AnyDVD method of operation
I already suggested this in another thread, but I had to make sure ... and indeed: AnyDVD is using the Host Certificate of PowerDVD (V6.5) to communicate with the drive. This means they follow the complete AACS protocol, at least starting at the Processing Key, but most likely starting with the Device Key, and they read the Volume ID from the drive using the appropriate MMC commands (after they authenticated and put the drive in Bus Key state).
|
15th February 2007, 16:47 | #5 | Link | |
Registered User
Join Date: Dec 2006
Posts: 202
|
The Host Certificate is a set of private and public keys (+ signature of the public key) issued by the AACS-LA. With this a Host (in this case HD-DVD player software) can setup a 'trusted' connection with a drive (which has its own Drive Certificate) to exchange key data for the AACS decryption protocol (in this case the Volume ID).
Quote:
|
|
16th February 2007, 06:13 | #9 | Link |
Registered User
Join Date: Jan 2007
Posts: 11
|
I think noclip is referring to the fact that AnyDVD HD is using a part of an existing closed-source app, which means that it would not be something that an open-source app could use. noclip was probably hoping it was something that could actually be used in an open-source app (I.E. HD-DVD player for Linux, which does not need a pre-decrypted disc).
|
16th February 2007, 11:28 | #12 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
Just my thoughts . Regards, arnezami PS. evdberg: I'm not sure if I missed the source of your mkb proggy. Could you release it? That would be nice. Last edited by arnezami; 16th February 2007 at 11:56. |
|
16th February 2007, 11:40 | #13 | Link |
Guest
Posts: n/a
|
Hmm, normally I would side with the crowd looking for a more convenient way to access content that you paid for, but in this case - assuming that evdberg's findings are correct - it just oozes of piracy, i.e. that SlySoft illegally acquired proprietary files from a third-party software, shipped it with their own commercial (!) software as an integral part, and used them to circumvent certain measures in a way that is commonly refered to as an exploit.
So effectively - still assuming that evdberg is correct - they are in breach of (1) IP laws of almost any jurisdiction in the Western hemisphere, (2) EULAs of Cyberlink, (3) license agreements of the AACS-LA. I seriously think that mods here should take a good hard look at the way SlySoft's software operates, especially concerning point (2). Cyberlink's Host Certificate is by no means in the public domain. If evdberg is right then SlySoft is doing something that is clearly prohibited on this board, i.e. distributing proprietary (i.e. copyrighted) files without express permit from the copyright owner. And please note that I'm not alluding to the aim of accessing your purchased content, but to the way that AnyDVD HD allegedly works, which is in very close proximity to piracy itself. Which, actually, is quite ironic since SlySoft themselves go to great lengths to secure their products or parts thereof against illegal distribution. Last edited by honai; 16th February 2007 at 13:35. Reason: clarified issues |
16th February 2007, 13:50 | #14 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
I ask this because it is the only way to make an independent player/decrypter and would therefore like to know whether I should pursue this or not. Regards, arnezami Last edited by arnezami; 16th February 2007 at 13:57. |
|
16th February 2007, 14:06 | #15 | Link | |
Guest
Posts: n/a
|
Such a sequence of numbers is typically encountered in the form of "serial numbers", and trading/distributing/posting those is most likely illegal. To further the analogy, many badly-programmed applications already come with a list of valid serial numbers buried deep in the application/installer code. Does that make the retrieval and distribution legal only because the manufacturer already kind of distributed the serial numbers of their own, or wrote sloppy code to protect them? No.
The main characteristic of a serial number is that it is bound and customized to a single client, and that it may only be used by that client. And that is exactly the nature of Cyberlink's host keys/certificates. These files were only meant to be internally used by their player applications. If you buy HD-DVD media you acquire the fair use rights to said media, but certainly not distribution rights for parts of a totally different application. The host keys/certificates don't originate from the HD-DVD that you purchased. Also, by way of making AnyDVD-HD available to you via evaluation or purchase Slysoft is distributing an integral part of another application which you may or may not have licensed, and there doesn't seem to be any form of cross-licensing agreement between Slysoft and Cyberlink - which would be invalid, anyway, under the terms of the AACS-LA. Let me put it in other terms: How would SlySoft react if I wrote a tool that incorporated a serial number for AnyDVD, with said tool then being used by n users for whichever purpose? Why, they'd blacklist that serial number and, in case of the tool being distributed by a forum such as Doom9, ask the maintainers to take it offline. EDIT: Quote:
And Slysoft, perhaps unintentionally, already recognizes that their approach is illegal since they didn't go the intuitive way of applying for their own host key/certificate at the AACS-LA but instead reverse-engineered a third-party software. Last edited by honai; 16th February 2007 at 14:51. |
|
16th February 2007, 16:16 | #16 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
My idea about this is this: you buy a movie and a drive. You should be able to watch it. Since you paid for it. Using Device Keys/Processing Keys is one way of retrieving VUKs. But these Device and Procssing Keys come directly out of a Software player (just like the host private key). If this is not what we want on this forum then so be it. I just want to know (for the moment I don't care about AnyDVD). I care about what doom9 will allow and will not allow. I'll just wait and see. Regards, arnezami Last edited by arnezami; 16th February 2007 at 16:34. |
|
16th February 2007, 16:49 | #17 | Link | |
Guest
Posts: n/a
|
That's not exactly a valid comparison. Processing keys are inherent properties of the media, whereas the private host certificate is a document issued to Cyberlink by the AACS-LA. But I agree on the device key, it's also a proprietary entity that belongs to Cyberlink, and you should have a valid, licensed copy of PowerDVD in order to use it.
Quote:
My point is simply that Slysoft crossed a line by pirating Cyberlink's IP. As Felten and others have already demonstrated, AACS can be defeated as a system by exploiting its weak properties rather than going the cheap route and simply mimicking a valid endpoint by way of packaging copyrighted material with your tools. The latter is definitely a dead-end, even if it weren't for legal ramifications. Last edited by honai; 16th February 2007 at 17:03. Reason: clarified |
|
16th February 2007, 17:22 | #19 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
But then I believe there won't be a problem with the following: 1 - We build a program the has as input an Host Private Key (+Cert) and Device Keys which can decrypt/play a movie. But it doesn't contain these keys. Just basic AACS implementation. 2 - We build a Device Key finder and a Host Private Key finder so anybody who legally owns a software player can extract these two things. If somebody has a disc, a drive and a software player he can extract (using prog 2) the Keys from his software player (once) and use it in our prog 1. Regards, arnezami |
|
|
|