Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
30th May 2007, 06:19 | #1 | Link |
Registered User
Join Date: Sep 2006
Posts: 390
|
New Processing Key found!! (MKB v3 is now open)
I guess its official now.
The new Processing Key was posted by BtCB on freedom to tinker about a week ago (release day +1). its: Code:
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2 This opens up all newly released (and many to be released) HD DVD and Blu-ray discs. Wanna understand: go here. Regards, arnezami PS. I strongly advise everybody who knows how it was retrieved not to talk about it publicly. -- Btw: To get a VUK you first need to get the Volume ID of the disc (there are several ways). If you have that you can use aacskeys with this Volume ID as input. -- Last edited by arnezami; 30th May 2007 at 18:16. |
30th May 2007, 12:56 | #5 | Link |
Registered User
Join Date: Jan 2007
Posts: 274
|
BtCB made it clear where it came from. He used Ed Felten's automatic key assignment proggie on that web page. Wow! It's amazing that he happened to be assigned a valid PK! I wonder what the chances are that it will happen again..... say shortly after the next revocation.
|
30th May 2007, 14:50 | #8 | Link | |
Registered User
Join Date: Jan 2007
Posts: 274
|
Quote:
The AACS LA knows the content of the last MKB (can anyone tell me where the "V3" number comes from? Is it built into the MKB?) The last MKB had only 15 S-D sets that matched 15 DKs and 15 PKs (these 15 are in the software branch - there are another 511 non-software branches). Presumably, this PK is one of the 15. Some of the 15 are as small as a single device. One of them is huge (about 2^22), but I strongly suspect that this is not that big set. I'll guess that this PK is one of the other 14, all of which fall within 128 devices. By matching this PK to the MKB released, they narrow the device down, and may have pinpointed it. Even if the group that matches this PK is not a single device, they may be able to narrow it further. A processing key corresponds to a device key. A device key corresponds to a specific subset difference set, i.e., a specific node on a specific "floor" of the entire tree. The LA knows the matching floor and node numbers. They also know that the matching DK can only be calculated from DKs on this floor that are on the binary tree above this node. Finally they know which DKs have been given out. They may be able to narrow the device down if not all DKs that can calculate this PK have been assigned. I'd like to know which of these groups match the PK just disclosed. It's something the LA already knows, and it's something that could be calculated with a moderate bit of effort. Code:
umask:uv number 05:0000001C 03:0000002A 05:00000028 03:00000046 02:00000049 02:0000004F 02:00000055 02:0000005B 03:00000069 05:00000068 02:00000085 02:0000008B 04:00000091 07:00000090 17:00000080 Last edited by FoxDisc; 30th May 2007 at 16:21. |
|
30th May 2007, 15:10 | #10 | Link |
Registered User
Join Date: Jan 2007
Posts: 45
|
Attempting to decrypt my Pirates of the Caribbean: Dead Man's Chest with new info.
New Proessing key works. However, it is required to copy the Certificate folder as well as BDMV folder. Used fetchvidbr to get vid, then inserted the new processing key into the simple.txt file for aacskeys. Then used aacskeys to calculate the hash and vuk while using the vid in the command line args. Then inserted into DumpHD database and presto. Last edited by Bystander; 30th May 2007 at 16:42. |
30th May 2007, 16:05 | #12 | Link | |
Registered User
Join Date: Jan 2007
Posts: 274
|
Quote:
If Slysoft does not release the PK they are using, someone here will sooner or later uncover and release a PK. Notice how quickly BtCB had this PK. He published it on release day +1, and may have had it before then. If BtCBs PK is the same one that Slysoft is using in AnyDVD, there's no harm, but what if they are different? If there are two holes, both will get plugged in the next round of cat vs. mouse (IMHO, the LA looks like the poor mouse right now.) It would be better for Slysoft not to have both holes plugged. They may even have found the same PK released here, but used another one and by not publicly disclosing the one they use in their software, they lose this PK as a backup for the next round. I'd also like to point out that it's in the best interest of fair use lovers here for Slysoft to copy and use any PK released here, if it's released before Slysoft releases their own software, and for any PK released by Slysoft to be used in software released here. No one should complain about such behaviour from Slysoft or open source software authors - for the same reason - there's just no benefit to having two or more PKs released and two or more exploits closed on every round. My .02 |
|
30th May 2007, 16:53 | #13 | Link | |
Registered User
Join Date: Dec 2006
Posts: 202
|
@FoxDisc,
According to my (updated) MKB tool the media key is found at entry 4 (zero-based, so the 5th entry). Quote:
Last edited by evdberg; 30th May 2007 at 17:02. |
|
30th May 2007, 17:23 | #14 | Link | |
Registered User
Join Date: Jan 2007
Posts: 274
|
Quote:
Would that be: 02:00000049? ( I think the order is correct) 00000049 points to a revoked node on the lowest level (the device level) in the V3 MKB (PK/DKs are located at the difference part of the S-D sets - i.e., at revoked device nodes or above groups of revoked devices - devices don't have the PK/DK associated with their own device number.) The only device that has that PK/DK is the adjacent (to the right) 0000004B device (the 02: part tells us this floor has only 2 devices and one is revoked). That means the LA knows exactly where this PK came from. I suspect some software player company got another nasty phone call from an irate LA exec. I've been trying to figure out BtCBs "hint" of uv:00000047. That points to one of a pair of revoked devices, but the associated PK/DK is not used in the MKB V3. My guess as to the "hint" is that it is the device number of one of the revoked software players, but maybe I'm missing something. |
|
30th May 2007, 17:48 | #15 | Link | |
Registered User
Join Date: Feb 2007
Posts: 47
|
Quote:
|
|
30th May 2007, 17:54 | #16 | Link | |
Registered User
Join Date: Jan 2007
Posts: 224
|
Quote:
|
|
30th May 2007, 17:56 | #17 | Link |
Registered User
Join Date: Sep 2006
Posts: 390
|
Its another one of those good days .
Here is a screenshot of aacskeys working with the new Processing Key: KenD00 and I are working on a combined program of DumpHD and aacskeys (basicly having the latter being accessed as a backup in case a VUK is not found in the local database and as a source of newly found vuks). Prototype is working . Still quite a bit to do. But I will now have more time for programming again... Ooh. And for those (other) "key finders" out there: we still need a Host Private Key for (really) easy Volume ID retrieval. That would be great. For aacskeys users: keep in mind the current version of aacskeys does not give a proper error when trying and failing to retrieve a Volume ID: but if the VID is all 00's then you know you first have to get the Volume ID yourself and then input it into aacskeys (like I did above). Btw: the uv 47 is a typo : it should be 49 (as can be seen in the above screenshot). Regards, arnezami Last edited by arnezami; 31st May 2007 at 06:47. |
30th May 2007, 19:11 | #19 | Link |
Registered User
Join Date: Jan 2007
Posts: 274
|
I notice that the aacskeys screenshot is giving the uv number, which includes the path and the v-mask encoded together, but I don't see the u-mask. The u-mask gives the "floor" that this node is on and is necessary to figure out how many other devices are in the set that has access to this PK. Unless I'm missing something, you might want to add it - it's only one byte value. I'm used to the 02:00000049 format where the u-mask precedes the uv number and is separated by a colon.
|
Thread Tools | Search this Thread |
Display Modes | |
|
|