Magic Memory = pure BS, don't believe on them! :logfile:

Then each can be played in turn, and dumps of the suspected key storage areas made (memory, registers, files, etc.). Comparing the dumps, the differences between them will point to the location(s) where key information is stored.The title keys also change between titles of the same disc. I proposed the same idea earlier in this thread and it could still be useful, if combined with other techniques, but a lot of other stuff (besides the keys) changes too.

I suggest that sensitive or perhaps even speculatiive brainstorming, that might be considered off-topic here, be conducted offline in an anonymous forum.

Install I2P and join the discussion:

http://forum.i2p/viewtopic.php?p=9157#9157

(The link doesn't work unless you've installed I2P)

Dear mods: if you've not ever used I2P and visited the I2P forum, I must assure you that it's not a warez site. It is simply a public site where users may speak freely with a high degree of anonymity. It is available to anyone who installs I2P software.

New I2P users: Let's keep it that way! This is about exercising Fair Use rights and no more/less!

@calinb: There is no need for secrecy: what was done in secret by the making of the HD-DVD and Blu-Ray copy protection schemes, will be undone in public.

Like good encryption, good decryption will not die by being exposed for all the world to see. In this case, the hardware standard is already set in stone, with thousands of players and lots of discs already sold, so that's not going to change.

As far as player software, that will always change, but it will be reverse-engineered too, using the same or better methods. Fundamentally, there is no way to keep the system closed as long as PC playback is a possibility.

The possibilities mentioned in my last two posts have no doubt already been thought of or are soon to be seen by player developers. The ideas are general, and apply to a wide range of possible cases; more like a sample guide for security auditing.

Perhaps most importantly, there is nothing player developers can do but issue an ever-growing stream of updates and new versions with ever more convoluted protection schemes, that will all be reverse engineered.

The only real threat to this kind of attack is a protective operating system, like Vista. But like russian dolls, cracks will be found and made at all layers, so even that will not stand long.

As for personal risk, I won't post anything here that is illegal in my country, or against forum rules, so I have nothing to fear. I hope this is the case for all posters, because all that needs to be accomplished can be done right here without any problems from either local policies or enforcement agencies, if users think carefully before posting.

As for personal risk, I won't post anything here that is illegal in my country, or against forum rules, so I have nothing to fear. I hope this is the case for all posters, because all that needs to be accomplished can be done right here without any problems from either local policies or enforcement agencies, if users think carefully before posting.Well--in the U.S. we have the DMCA. Other coutries have vairous "exported" versions if it. The DMCA contradicts Fair Use. As far as I can tell, this has not been resolved through either legislative or judicial process. Not everyone wants to risk becoming case law.

I have tried to make a HD-DVD image with Scenarist. I can't test it because it's obviously UDF2.5 and mounting with Daemon Tools doesn't work. I can't find UDF 2.5 drivers. It's only 4.5MB so if it's not right it doesn't waste much bandwidth.

http://www.filehost.gr/643076

If anyone can get it to work, the keys should be:

C29E56D1E80EA92B010733C46A73DECA
6ACF5ADFCFD8A3D404D0DB6155229D36

I think the second one is for the main video. Not sure what the other one is for.

It's the first time I've used Scenarist so it probably is wrong...

By the way id anyone's interested I just made a blank 1920x1080 video with AVISynth and encoded it with Mainconcept h264. x264 doesn't work for creating compliant elementary h264 streams.

edit: the first one is the volume key, the second one is the title key for the single title in the ISO.

Daemon 4.0 works, I've just do it.

Played with windvd 8. 7 seconds clip.

Edit: extracting files with isobuster 2, plays same way. No aacs proteccion in that iso. ?? Remains in memory ??

Returning to the topic at hand - which in this case is the BackupHDDVD application - I'd like to extend my congratulations to Muslix64, who not only chose a username corresponding with my favorite cereal, but also made good effort to build an application which may help the cause of fair use.

The most valuable thing Muslix64 has provided by establishing this thread is not an application called BackupHDDVD, but an idea called YouCanBackupYourHDDVD.

Just by building an application which may or may not decrypt HD-DVDs, and dropping hints and clues in his posts and release notes, his ideas are now making lots of people think about how to make applications which can do the same or better.

Perhaps the YouTube video itself was the best inspiration; even if it was an utter fraud it provided and still provides a glimmer of the light at the end of the tunnel for fair use in the twenty-first century.

The hardest step to take is always the first one, but as soon as someone does, many more are both informed and inspired to follow. Of course, often that first step is over a cliff or into a deep quicksand, but that doesn't really matter.

What matters is that such an event changes many people's thought patterns from "we are victims" to "we can change this". The holdup is almost always a lack of will and faith in capability, not in intelligence per se., manpower, technology or money.

@Borbus: excellent work! I've downloaded the file but don't yet have the player to test with. Also it is late at night right now; I will write more tomorrow.

I can confirm that the ISO mounts fine with Daemon Tools, but Windows cannot recognize the filesystem; I don't have the UDF 2.5 driver installed (yet). I'd hoped that Scenarist might come with the driver, since it should also include the emulator.

@Borbus: can you confirm if anywhere in the package, is located the emulator?

Also, it is likely that the Microsoft HD DVD Interactivity Jumpstart includes a UDF 2.5 driver, since it would be rather pointless for a development kit of this type to not have it, hopefully?

I will install a UDF 2.5 driver tomorrow and report on further findings.

Edit: extracting files with isobuster 2, plays same way. No aacs proteccion in that iso. ?? Remains in memory ??
Really? But I set it up to use encryption, and the AACS files are there which aren't if you don't turn on encryption (edit: at least I think they are, they're in the output directory, are they in the ISO?). Any idea what I might have done wrong?

Here's a screenshot of me enabling AACS:

http://img403.imageshack.us/img403/7081/neoshooter22em8.th.png (http://img403.imageshack.us/my.php?image=neoshooter22em8.png)

http://www.macfergus.com/niels/dmca/cia.html

Finally, 5 days, that's really, really @$@^$% up. I found that link. It's good reading, old though.

http://img127.imageshack.us/img127/8535/snap1ql9.th.jpg (http://img127.imageshack.us/my.php?image=snap1ql9.jpg)

Thinking about it, aacs can be in the iso ?

It doesn't seem to have worked at all. The AACS stuff isn't in the ISO at all. It's in the output directory, but even the EVO file in there plays in PowerDVD fine. I don't know what's wrong...

The stream doesn't look encrypted at all. After compression it's only 16kB.

@Borbus: Excellent work! I had only hoped that this step would be fairly feasible; you've proven this supposition correct. However, it would be good if you can generate one more sample ISO, this time with two items different:

1. It should have a few frames of visible content, so we can see that the player is actually working.

2. In your AACS Settings dialog, the last dropdown box is called ICT. You must select none, or disabled, rather than the current constrained. Reason why is because if the ICT is enabled, only those with a valid HDCP output chain (videocard, monitor) can test your sample. Remember, the purpose of this investigation is to help reverse-engineer an AACS implementation, not HDCP.
The reason why Susana had no problem playing the file is because the title key was generated from a portion of the available keyspace assigned to Scenarist's application license.

The disc key was undoubtedly also added but not displayed; it is only required when the player supports and requires disc authentication, which daemon tools and isobuster do not, of course.

Because of that, any player with a licensed unrevoked decryption key will be able to play the files in his ISO.

The important part of the AACS is not in the ISO volume structure; it is the files themselves that are encrypted, just like regular DVD VOBs. And it is their encryption which BackupHDDVD is purportedly capable of removing, provided the correct Title Key.

Now, getting those files off a real HD-DVD disc requires the player to authenticate the disc, or vice-versa. That step should be automatic, ie. people have been able to copy the EVOBs from HD-DVDs with only the UDF 2.5 driver and drive installed.

I just read this in the documentation, so actually it probably isn't feasible:
Note: When outputting a project, AACS is only written to DLTs and PlantDirect images. AACS is not written when burning discs.

Unless there is some software that can burn or mount PlantDirect images...

edit 1: Daemon Tools does mount PlantDirect images somehow... now uploading the image...

The AACS they are referring to is probably the Disc Key system. What makes me think this is in the AACS Settings dialog, the Enable AACS checkbox and associated settings are in their own separate area.

Something to test: if you uncheck Enable AACS, do the Title Settings below go gray?

Something to test: if you uncheck Enable AACS, do the Title Settings below go gray?

Yes, everything below goes grey.

Ok, here's the PlantDirect image. The AACS stuff makes it much bigger:

http://www.filehost.gr/276912

I'm still not sure if the video is encrypted though because it's exactly the same size but I don't have a registered version of ISOBuster to extract the files with. The keys are the same as before:
Volume: C29E56D1E80EA92B010733C46A73DECA
Title: 6ACF5ADFCFD8A3D404D0DB6155229D36

Same as before, windvd plays mounted .dat and extracted files.

http://img293.imageshack.us/img293/6865/snap1vd2.th.jpg (http://img293.imageshack.us/my.php?image=snap1vd2.jpg)

Magic Memory = pure BS, don't believe on them! :logfile:Another totally off topic post. Posters have been warned enough. Keep to the topic please! Strike issued.

Regards

Well--in the U.S. we have the DMCA. Other coutries have vairous "exported" versions if it. The DMCA contradicts Fair Use. As far as I can tell, this has not been resolved through either legislative or judicial process. Not everyone wants to risk becoming case law.If you read Doom9's very good synopsis of DMCA (http://www.doom9.org/index.html?/dmca_revealed.htm), you will see provision for Fair Use. It's the reason you can backup your DVD. Should you wish to discuss this further, a separate thread would be more appropriate.

Regards

Ok, here's the PlantDirect image. The AACS stuff makes it much bigger:

http://www.filehost.gr/276912

I'm still not sure if the video is encrypted though because it's exactly the same size but I don't have a registered version of ISOBuster to extract the files with. The keys are the same as before:
Volume: C29E56D1E80EA92B010733C46A73DECA
Title: 6ACF5ADFCFD8A3D404D0DB6155229D36

Your image is not crypted but it is ready to be crypted by HD DVD replicator manufactory
with a specific software from AACS (with yours keys, like CSS with Scenarist SD)....
The video file in movie stream is a H264 encoded by MainConcept 2.0.1889

HP@L4.1 (1920x1084 ?), there is no audio stream.







Golgot13

Damn it was a nice idea. Back to square one.

Quote from sonopress.co.uk

"The Content owner provides the authored HD DVD data to a licensed replicator, the authoring project needs to be set up or “flagged” for subsequent processing. The AACS Licensing Authority provides the replicator with keys and a Content Certificate that allows the blocking of content to be copied from the playback device or even put settings to the output of a player that allows the downscaling of HD signals at the analogue output in order to prevent copying of the analogue signal.
The replicator then manufactures the HD DVDs, which carry the encrypted content and the AACS data, and they are shipped to the customers. AACS LA also supplies Device Keys and the Public Key to licensed player manufacturers, which will allow legally produced discs to play without problem"

But the information in AACS folder is good, the AACS key of HDDVD replicator is missing....



Golgot13

without the replicator key would the whole decryption process take place with powerdvd??

would it still grab the title keys etc.

This schema is the AACS chain from HD DVD White Paper (pdf file from
public web site of DVD Forum).


http://img136.imageshack.us/my.php?image=aacschainkm6.jpg




Golgot13

If the "the information in AACS folder is good". (IE, you have encrypted title key and other info in there)

Are you saying that you have everything but the encrypted video?

Why not just encrypt it with your title key?

There may be other requirements though...
"A Player shall decide that a Disc to be played back is an AACS Disc if the AACS-Compliant drive for the
Player is able to read the PMSN or if the drive is able to read the Volume ID."

Page105 - content binding diagram shows requirements for Media Key Block (MKB), VolumeID and Encrypted Title key.

question: why write your own crypto implementation, when there exist off-the-shelf libraries? random example: http://www.cryptopp.com/.

answer: obscurity.

cheers,
-- pete

Alright, for those who are interested.

Nothing is loaded into memory when PowerDVD is running. It is only when you press the play button.

The code that first loads the AACS files into memory is from the HDDVDAdvNav.dll file. From here the following DLL's are used:

CBS.dll, and FileSystemMgr.dll

Here is the code that loads the AACS files:1009D460 /$ 56 PUSH ESI ; Loads Files into Memory
1009D461 |. 8BF1 MOV ESI,ECX
1009D463 |. E8 A8F7FFFF CALL HDDVDAdv.1009CC10
1009D468 |. 68 C8B71D10 PUSH HDDVDAdv.101DB7C8 ; /Arg3 = 101DB7C8
1009D46D |. 8D86 A0000000 LEA EAX,DWORD PTR DS:[ESI+A0] ; |AACS/MKBROM.AACS
1009D473 |. 50 PUSH EAX ; |Arg2
1009D474 |. 8D8E 9C000000 LEA ECX,DWORD PTR DS:[ESI+9C] ; |
1009D47A |. 51 PUSH ECX ; |Arg1
1009D47B |. 8BCE MOV ECX,ESI ; |
1009D47D |. E8 FEFBFFFF CALL HDDVDAdv.1009D080 ; \HDDVDAdv.1009D080
1009D482 |. 8D8E 24010000 LEA ECX,DWORD PTR DS:[ESI+124]
1009D488 |. FF15 18031A10 CALL DWORD PTR DS:[<&MSVCP71.?c_str@?$ba>; MSVCP71.?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
1009D48E |. 50 PUSH EAX ; /Arg3
1009D48F |. 8D96 A8000000 LEA EDX,DWORD PTR DS:[ESI+A8] ; |AACS/VTKF000.AACS
1009D495 |. 52 PUSH EDX ; |Arg2
1009D496 |. 8D86 A4000000 LEA EAX,DWORD PTR DS:[ESI+A4] ; |
1009D49C |. 50 PUSH EAX ; |Arg1
1009D49D |. 8BCE MOV ECX,ESI ; |
1009D49F |. E8 DCFBFFFF CALL HDDVDAdv.1009D080 ; \HDDVDAdv.1009D080
1009D4A4 |. 68 74B81D10 PUSH HDDVDAdv.101DB874 ; /Arg3 = 101DB874
1009D4A9 |. 8D8E C8000000 LEA ECX,DWORD PTR DS:[ESI+C8] ; |AACS/CONTENT_HASH_TABLE2..AACS
1009D4AF |. 51 PUSH ECX ; |Arg2
1009D4B0 |. 8D96 C4000000 LEA EDX,DWORD PTR DS:[ESI+C4] ; |
1009D4B6 |. 52 PUSH EDX ; |Arg1
1009D4B7 |. 8BCE MOV ECX,ESI ; |
1009D4B9 |. E8 C2FBFFFF CALL HDDVDAdv.1009D080 ; \HDDVDAdv.1009D080
1009D4BE |. 68 38B81D10 PUSH HDDVDAdv.101DB838 ; /Arg3 = 101DB838
1009D4C3 |. 8D86 D0000000 LEA EAX,DWORD PTR DS:[ESI+D0] ; |AACS/CONTENT_HASH_TABEL1.AACS
1009D4C9 |. 50 PUSH EAX ; |Arg2
1009D4CA |. 8D8E CC000000 LEA ECX,DWORD PTR DS:[ESI+CC] ; |
1009D4D0 |. 51 PUSH ECX ; |Arg1
1009D4D1 |. 8BCE MOV ECX,ESI ; |
1009D4D3 |. E8 A8FBFFFF CALL HDDVDAdv.1009D080 ; \HDDVDAdv.1009D080
1009D4D8 |. 68 08B81D10 PUSH HDDVDAdv.101DB808 ; /Arg3 = 101DB808
1009D4DD |. 8D96 D8000000 LEA EDX,DWORD PTR DS:[ESI+D8] ; |AACS/CONTENT_CERT.AACS
1009D4E3 |. 52 PUSH EDX ; |Arg2
1009D4E4 |. 8D86 D4000000 LEA EAX,DWORD PTR DS:[ESI+D4] ; |
1009D4EA |. 50 PUSH EAX ; |Arg1
1009D4EB |. 8BCE MOV ECX,ESI ; |
1009D4ED |. E8 8EFBFFFF CALL HDDVDAdv.1009D080 ; \HDDVDAdv.1009D080
1009D4F2 |. 68 B0B81D10 PUSH HDDVDAdv.101DB8B0 ; /Arg3 = 101DB8B0
1009D4F7 |. 8D8E E0000000 LEA ECX,DWORD PTR DS:[ESI+E0] ; |AACS/CONTENT_REVOCATION_LIST.AACS
1009D4FD |. 51 PUSH ECX ; |Arg2
1009D4FE |. 8D96 DC000000 LEA EDX,DWORD PTR DS:[ESI+DC] ; |
1009D504 |. 52 PUSH EDX ; |Arg1
1009D505 |. 8BCE MOV ECX,ESI ; |
1009D507 |. E8 74FBFFFF CALL HDDVDAdv.1009D080 ; \HDDVDAdv.1009D080
1009D50C |. 8D8E 40010000 LEA ECX,DWORD PTR DS:[ESI+140]
1009D512 |. FF15 18031A10 CALL DWORD PTR DS:[<&MSVCP71.?c_str@?$ba>; MSVCP71.?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
1009D518 |. 50 PUSH EAX ; /Arg3
1009D519 |. 8D86 C0000000 LEA EAX,DWORD PTR DS:[ESI+C0] ; |AACS/VTUF000.AACS
1009D51F |. 50 PUSH EAX ; |Arg2
1009D520 |. 8D8E BC000000 LEA ECX,DWORD PTR DS:[ESI+BC] ; |
1009D526 |. 51 PUSH ECX ; |Arg1
1009D527 |. 8BCE MOV ECX,ESI ; |
1009D529 |. E8 52FBFFFF CALL HDDVDAdv.1009D080 ; \HDDVDAdv.1009D080
1009D52E |. 5E POP ESI
1009D52F \. C3 RETN

Also the program uses HeapFree which is a Kernal32 command to overwrite the data it uses. A simple patch would allow the code to remain in memory if you know what you are looking for.

The magic call to remove the AACS stuff is here:028D4D4B /74 09 JE SHORT FileSyst.028D4D56 ; force this jump
028D4D4D . |50 PUSH EAX
028D4D4E |E8 87320000 CALL <JMP.&MSVCR71.??_V@YAXPAX@Z> ; clears heap ... file info is gone

In this section forcing the JE to JMP would bypass it without corrupting the stack.

This should get you started.... enjoy

P.S. After it's loaded might want to break into the RSAENH.dll (windows\system32 directory) and you'll notice it's doing the Cryptography (SHA1 too). And remember to stop the HeapFree command when you are tracing to stop it from hiding it's tracks.

1009D48F |. 8D96 A8000000 LEA EDX,DWORD PTR DS:[ESI+A8] ; |AACS/VTKF000.AACS so it loads the all talked about file just after it loads

1009D46D |. 8D86 A0000000 LEA EAX,DWORD PTR DS:[ESI+A0] ; |AACS/MKBROM.AACS

Then it loads up 2 sets of hash tables along with the Revocation list along with a
1009D4DD |. 8D96 D8000000 LEA EDX,DWORD PTR DS:[ESI+D8] ; |AACS/CONTENT_CERT.AACS (wonder what this file has)

and then

1009D519 |. 8D86 C0000000 LEA EAX,DWORD PTR DS:[ESI+C0] ; |AACS/VTUF000.AACS

VTKF000.AACS and VTUF000.AACS The Change in the K and U are these the K and U that they are talking about in the specs? You add them together you get the key?

Also perhpas they are right they didn't use the RAM but instead kept it all in the registers of the CPU? .. I dunno though Me + Assembly = Bad grade last semester so I dunno if I reading it right..

The code does exist in memory. Regardless if it's in the drive or the computer it must reside in the memory before it gets to the processor. Most protections will mask/overwrite the code once it does what it needs to do which literally removes it from memory.

Nothing magical about that.

Is Bystander = Muslix64.

Just joined and pretty much tells how to get the
keys but without telling all of it.
Sounds like Muslix, and using a second screen name will
lessen the chance of getting traced and sued.

I think Muslix is from Germany, where the cereal is from and a land where Commodore 64 was a hackers first toy.

This is just speculations, and Mods can delete this post if it's
out of bound/irrelevant.

Good morning all! I see there's been much activity since yesterday...

There is no need to bring the keyed but unencrypted files to a licensed HD-DVD replicator to get them encrypted... here is one example of software on the market :

Eclipse Data Releases High-Speed Blu-ray AACS Encryption Software (http://www.emedialive.com/Articles/ReadArticle.aspx?ArticleID=11623)

"We knew that we needed to minimize the impact of moving encryption into the premastering process"

Premastering is what you do with the Sonic package. This means you can get secondary software which will take the fileset made by Sonic and convert it to a fully AACS-encrypted fileset or ISO image.

Sonic only adds AACS information to DDP images, also known as PlantDirect:

"A powerful add-on option for Scenarist Studio (SEN-3101), PlantDirect Tapeless Premastering allows DDP file sets to be written to hard disk, rather than to DLT, enabling delivery of DVD masters for replication via the Internet saving time and money on physical shipments." (http://www.filmwareproducts.com/Sonic/SEN-3111.html)

DDP is the industry standard for disc imaging, and was established by a company known as DCA Inc. They established the standard, so it should surprise nobody that they also make a product called Blazer:

Blazer is an application designed to encrypt a DDP V3.0 HD ROM image with the Advanced Access Content System (AACS) encryption. Blazer automatically recalculates the HCRC in the AACS encrypted image. (http://www.dcainc.com/products/ddptools/blazer/index.html)

I contacted the company by phone this morning, and found out that the software, while it runs on XP (screenshot (http://www.dcainc.com/products/ddptools/blazer/blazerprogress.jpg)), only comes bundled with a workstation machine with RAID, etc. The cost is probably high, I didn't ask, but will do so later today and report my findings.

Other than this it seems the Sonic product "DVDit Pro HD (http://www.roxio.com/enu/products/dvdit/hd/overview.html)" can author AACS protected Blu-Ray DDP filesets, but it doesn't have HD-DVD functionality.

Finally, an email was sent to Eclipse requesting a price quote for their EclipseSuite + AACS addon software. It runs on any hardware (ie. software-only); the specifications page (http://www.eclipsedata.com/products/eclipsesuite/index.htm) states that it will run on Windows NT 4.0, 2000 and XP. It also seems to need an Adaptec SCSI controller, but those are cheap.

FYI...
http://www.youtube.com/profile?user=muslix64
muslix64
Age: 26
Country: Canada

FYI...
http://www.youtube.com/profile?user=muslix64
muslix64
Age: 26
Country: Canada

I doubt that is true....he (or she) is not that stupid.

Is Bystander = Muslix64.

Just joined and pretty much tells how to get the
keys but without telling all of it.
Sounds like Muslix, and using a second screen name will
lessen the chance of getting traced and sued.

I think Muslix is from Germany, where the cereal is from and a land where Commodore 64 was a hackers first toy.

This is just speculations, and Mods can delete this post if it's
out of bound/irrelevant.

I don't think it matters who Bystander is. He seems like a knowledgable person and it looks as if he would be an asset to this community. You shouldn't question the identities of people. If they want you to know who they are then they would tell you.

Yes it is speculation and you should use your own judgement and delete it yourself if you think it is out of line.

Please, it shouldn't matter who one or the other is. What they post is important.

There were actually other files with the PlantDirect image, they might be important if anyone manages to get hold of Blazer or an equivalent. Note how small it all is when RARed, I suppose it's the blank revocation files.

http://www.filehost.gr/883400

The IMAGE.DAT is the same as before.

I was going to make a short video with more than just a blank screen and maybe audio too, but, this sounds really stupid, I couldn't think of a way to encode just a few seconds of video with MainConcept... Any idea how to make a short animated clip with AVISynth?

Simple solution: use Colorbars(width,height) and ShowFrameNumber().

Some observations for those with HDDVD drive and know, what OllyDbg is.
Seems, HDDVDAdvNav.dll is a module where stuff is located.
Here are all AES function calls:

;-----------------------------------------------------------
...
.text:100C350F push 1 ; crypto mode
.text:100C3511 lea ecx, [ebp+var_40]
.text:100C3514 call CryptoModeSelector ; 1 == CBC decrypt
.text:100C3519 mov [ebp+var_4], 0
.text:100C3520 lea eax, [ebp+var_40]
.text:100C3523 push 80h ; int
.text:100C3528 push [ebp+arg_0] ; KEY!
.text:100C352B push eax ; int
.text:100C352C call AES_KeyExpand
.text:100C3531 mov ebx, eax
.text:100C3533 test ebx, ebx
.text:100C3535 jl short loc_100C355F
.text:100C3537 push offset CBC_InitVector ; ==0BA0F8DD..
.text:100C353C lea eax, [ebp+var_40]
.text:100C353F push eax ; int
.text:100C3540 call _initCBC
.text:100C3545 mov ebx, eax
.text:100C3547 test ebx, ebx
.text:100C3549 jl short loc_100C355F
.text:100C354B push [ebp+arg_C] ; data len
.text:100C354E push [ebp+arg_8] ; output
.text:100C3551 push [ebp+arg_4] ; input
.text:100C3554 lea eax, [ebp+var_40]
.text:100C3557 push eax ; expanded switch
.text:100C3558 call AES_SwitchFunc2
.text:100C355D mov ebx, eax
.text:100C355F
.text:100C355F loc_100C355F: ; CODE XREF: CBC_decrypt+4Dj
.text:100C355F ; CBC_decrypt+61j
.text:100C355F mov [ebp+var_4], 0FFFFFFFFh
.text:100C3566 lea ecx, [ebp+var_40]
.text:100C3569 call ClearExpandedKey
...
It was CBC mode, most likely content decryption, Title key??

;-----------------------------------------------------------
.text:100C35E8 push 21h ; crypto mode
.text:100C35EA lea ecx, [ebp+var_54]
.text:100C35ED mov [ebp+var_14], edx
.text:100C35F0 call CryptoModeSelector ; 21== ECB decrypt
.text:100C35F5 mov edx, [ebp+var_14]
.text:100C35F8 mov [ebp+var_4], 0
.text:100C35FF mov ecx, [ebp+var_1C]
.text:100C3602 lea ebx, [ebp+var_54]
.text:100C3605 push 80h ; int
.text:100C360A mov [ebp+var_14], edx
.text:100C360D push ecx ; KEY!
.text:100C360E push ebx ; int
.text:100C360F call AES_KeyExpand
.text:100C3614 mov edx, [ebp+var_14]
.text:100C3617 mov ebx, eax
.text:100C3619 test ebx, ebx
.text:100C361B jl loc_100C36AE
.text:100C3621 mov ecx, [ebp+var_20]
.text:100C3624 lea ebx, [ebp+var_54]
.text:100C3627 push 10h ; data len
.text:100C3629 mov [ebp+var_14], edx
.text:100C362C push ecx ; output
.text:100C362D push edx ; input
.text:100C362E push ebx ; expanded key
.text:100C362F call AES_SwitchFunc2
...
This one was Triple AES Generator (AES-G3)

;-----------------------------------------------------------
.text:100C3C47 push 21h
.text:100C3C49 lea ecx, [ebp+var_40]
.text:100C3C4C call CryptoModeSelector ; 21== ECB decrypt
.text:100C3C51 mov [ebp+var_4], 0
.text:100C3C58 lea eax, [ebp+var_40]
.text:100C3C5B push 80h ; int
.text:100C3C60 push [ebp+arg_0] ; KEY!
.text:100C3C63 push eax ; int
.text:100C3C64 call AES_KeyExpand
.text:100C3C69 mov ebx, eax
.text:100C3C6B test ebx, ebx
.text:100C3C6D jl short loc_100C3C82
.text:100C3C6F lea eax, [ebp+var_40]
.text:100C3C72 push 10h ; data len
.text:100C3C74 push [ebp+arg_8] ; output
.text:100C3C77 push [ebp+arg_4] ; input
.text:100C3C7A push eax ; expanded key
.text:100C3C7B call AES_SwitchFunc2
.text:100C3C80 mov ebx, eax
.text:100C3C82
.text:100C3C82 loc_100C3C82: ; CODE XREF: sub_100C3C20+4Dj
.text:100C3C82 mov [ebp+var_4], 0FFFFFFFFh
.text:100C3C89 lea ecx, [ebp+var_40]
.text:100C3C8C call ClearExpandedKey
...
ECB stuff

;-----------------------------------------------------------
.text:100DBFE6 push 21h ; crypt mode
.text:100DBFE8 lea ecx, [ebp+var_54]
.text:100DBFEB call CryptoModeSelector ; 21== ECB decrypt
.text:100DBFF0 mov [ebp+var_4], 0
.text:100DBFF7 mov eax, [ebp+var_20]
.text:100DBFFA lea edx, [ebp+var_54]
.text:100DBFFD push 80h ; int
.text:100DC002 push eax ; KEY!
.text:100DC003 push edx ; int
.text:100DC004 call AES_KeyExpand
.text:100DC009 mov eax, [ebp+var_1C]
.text:100DC00C mov edx, [ebp+var_24]
.text:100DC00F lea ecx, [ebp+var_54]
.text:100DC012 push 10h ; data len
.text:100DC014 push eax ; output
.text:100DC015 push edx ; input
.text:100DC016 push ecx ; expanded key
.text:100DC017 call AES_SwitchFunc
.text:100DC01C mov eax, [ebp+var_1C]
.text:100DC01F movzx edx, byte ptr [eax]
.text:100DC022 test edx, 80h
.text:100DC028 jnz short loc_100DC084
...

This one looks interesting!
Chapter 3.2.4, Calculation of Processing Key?

;-----------------------------------------------------------
.text:100DC49C call CryptoModeSelector ; 1 == CBC decrypt
.text:100DC4A1 mov edx, [ebp+var_18]
.text:100DC4A4 mov [ebp+var_4], 1
.text:100DC4AB mov eax, [ebp+var_24]
.text:100DC4AE lea ecx, [ebp+var_C0]
.text:100DC4B4 push 80h ; int
.text:100DC4B9 mov [ebp+var_18], edx
.text:100DC4BC push eax ; KEY!
.text:100DC4BD push ecx ; int
.text:100DC4BE call AES_KeyExpand
.text:100DC4C3 mov edx, [ebp+var_18]
.text:100DC4C6 lea ebx, [ebp+var_C0]
.text:100DC4CC lea ecx, [ebp+var_78]
.text:100DC4CF lea eax, [ebp+var_68]
.text:100DC4D2 push 10h ; data len
.text:100DC4D4 mov [ebp+var_18], edx
.text:100DC4D7 push eax ; output
.text:100DC4D8 push ecx ; input
.text:100DC4D9 push ebx ; expanded key
.text:100DC4DA call AES_SwitchFunc
.text:100DC4DF mov edx, [ebp+var_18]
.text:100DC4E2 mov [ebp+var_4], 0FFFFFFFFh
.text:100DC4E9 lea ecx, [ebp+var_C0]
.text:100DC4EF mov [ebp+var_18], edx
.text:100DC4F2 call ClearExpandedKey

CBC decrypt again.

;-----------------------------------------------------------
.text:100DC79C call CryptoModeSelector ; 1 == CBC decrypt
.text:100DC7A1 mov eax, [ebp+var_14]
.text:100DC7A4 mov [ebp+var_4], 0
.text:100DC7AB mov edx, [ebp+var_24]
.text:100DC7AE lea ecx, [ebp+var_9C]
.text:100DC7B4 push 80h ; int
.text:100DC7B9 mov [ebp+var_14], eax
.text:100DC7BC push edx ; KEY!
.text:100DC7BD push ecx ; int
.text:100DC7BE call AES_KeyExpand
.text:100DC7C3 mov eax, [ebp+var_14]
.text:100DC7C6 lea ebx, [ebp+var_9C]
.text:100DC7CC lea ecx, [ebp+var_58]
.text:100DC7CF lea edx, [ebp+var_48]
.text:100DC7D2 push 10h ; data len
.text:100DC7D4 mov [ebp+var_14], eax
.text:100DC7D7 push edx ; output
.text:100DC7D8 push ecx ; input
.text:100DC7D9 push ebx ; expanded key
.text:100DC7DA call AES_SwitchFunc
.text:100DC7DF mov eax, [ebp+var_14]
.text:100DC7E2 mov [ebp+var_4], 0FFFFFFFFh
.text:100DC7E9 lea ecx, [ebp+var_9C]
.text:100DC7EF mov [ebp+var_14], eax
.text:100DC7F2 call ClearExpandedKey
...
CBC decrypt with xoring...

Simple solution: use Colorbars(width,height) and ShowFrameNumber().

Colorbars() makes 1hr of video by default. How can I change that to something shorter?

edit: Nevermind, did it with Trim()

Is Bystander = Muslix64.

Just joined and pretty much tells how to get the
keys but without telling all of it.
Sounds like Muslix, and using a second screen name will
lessen the chance of getting traced and sued.

I think Muslix is from Germany, where the cereal is from and a land where Commodore 64 was a hackers first toy.

This is just speculations, and Mods can delete this post if it's
out of bound/irrelevant.

FYI...
http://www.youtube.com/profile?user=muslix64
muslix64
Age: 26
Country: Canada

Sigh.... Why won't some posters read what we type and read the rules? Strikes issued.

Regards

Ok, here's another image with Colorbars and a Framecount instead of nothing. Analogue output is now allowed instead of constrained.

http://www.filehost.gr/73129

The volume and title keys are in the discinfo.dat file (volume key first, then title key).

Now there's probably not much else to play around with until someone can get hold of Blazer of figure out how to encrypt the video.

I'm designing a GUI for the HDDVD backup and attempting to make an easy way to enter the keys in as you get them.

Since I don't have an HDDVD player it makes it impossible for me to change any of the source that muslix provides and guarantee it works, and as such I will simply make a wrapping gui for the backup classes. If he continues to put up future releases it should be easy to plug in the new version into the gui.

http://img166.imageshack.us/img166/9430/screenshotnv2.jpg

This is a 30 second design in java, but it makes it easier to use. I'll be posting it soon for those who want an interface rather than command line.

@Borbus: Thank you!

I haven't yet receive a reply from Eclipse. It seems that for now, the best way to verify BackupHDDVD's functionality is to obtain an HD-DVD drive, AACS-protected HD-DVD disc, and player software.

The Title Key must be available in the clear during the entire playback process, as it is needed to decrypt each chunk of data as it is read.

Keeping the Title Key scrambled using the player software's algorithm or encrypted from disc would place a heavy burden on the CPU during playback, as it would have to be repeatedly decrypted to be used for chunk decryption, throughout playback.

Considering that most machines are only just able to decode 1080p content alone, it seems unlikely that software authors would cripple their product's performance using such a method.

if you guys want some hd-dvd's to test you can get 2 for £2.86 delivered from a mis-price on play-asia: http://www.hotukdeals.com/forums/showthread.php?t=42021

@ polly - great work, release the sourcecode when your done. also change the image of the dvd to this: http://www.hazi-mozi.hu/cfiles/527/HD-DVD_logo.jpg

Keeping the Title Key scrambled using the player software's algorithm or encrypted from disc would place a heavy burden on the CPU during playback, as it would have to be repeatedly decrypted to be used for chunk decryption, throughout playback.

Considering that most machines are only just able to decode 1080p content alone, it seems unlikely that software authors would cripple their product's performance using such a method.I believe they have, in fact, done so and the title keys may not remain in the clear for long. The player behavior I've seen is consistent with the code snippets Bystander posted. The player accesses the encrypted title keys in memory every few hundred milliseconds or so. I've also seen it clear heap memory.

The CPU load is enormous and regenerating keys whenever necessary, on the fly, could easily be accomplished, within the high load. Besides, compared to decrypting the content, decrypting the keys should not result in much additional load. I have a computer that plays high profile AVC HD with CoreAVC nicely. The computer can't even come close to decoding a VC-1 HD-DVD without dropping frames all over the place. The developers were probably more concerned with implementing DRM than realizing performance.

Bystander's suggestions are useful, based on the behavior I've captured.

So basically we can either add the steps in that were suggested or create a breakpoint JUST before the heap clears and instead dump the memory. What are you all using to play this.. My version of WinDVD HD crashes when I load the file..

I just received an email reply from the folks at Eclipse, regarding the costs for an AACS license (required before Eclipse will sell you their product):

"It's pretty expense. You can find more information at: http://www.aacsla.com/home

I think the adopter agreement costs about $20,000 per year, and then AACS collects about $2,000 per title, and $0.04 per disc."

So basically we can either add the steps in that were suggested or create a breakpoint JUST before the heap clears and instead dump the memory. What are you all using to play this.. My version of WinDVD HD crashes when I load the file..Sounds like a reasonable approach to try. I suspect that most people are following Muslix64's suggestion to use PowerDVD 6.5 but he said other players may yield keys too. Try launching or enabling your debugger after a title is playing and remember that the AACS spec says stuff must be cleared when the player is stopped. I don't know about pausing play.

It seems amazing, on how one posting has created a lot of conversation on the subject in question burning a HD-DVD and yet no one is able to burn one. Will sit in the background and see what this thread leads to.:D