I believe you are wrong here.
Almost any hardware player can be read out (including the RAM state) with chip relevant "debugger" tool (same as EPROM programmer but more advanced.
Of course this is not for amatures but still can be done.

No, I am not...

No, I am not...

It could be done, but if they use a custom chip that needs a special debugger that only "people who need to know" can get hold of.
And only after and signing a non-disclosure forms when it's will be a little harder.

The people at windvd did sure make a blunder.

If it wanted to keep the keys in memory, just a simple
left roll circular before saving it and a right roll circular when
it's back in the cpu registry would have stopped us to find it.

Now that we know a alot of keys, we would have to use a debugger in the next version of player that stops when a register have the known key (it most be in the register at least one time)

So we could apply a patch that write this register to some known space in memory.

Now that muselix has 1 set of *Correct* keys for a BD disc, it will be trivial to find the keys for any other disc in memory unless the Software DVD player guys get into some heavy obfuscation. Even then, the key has to be in memory at some point, even if its only for a few cpu cycles. You can always put that BD disc with the known keys in and search the memory continually for those keys. Even if they move they keys around in memory continually, one could reverse engineer the algorithm that does this. At this point it is a cat and mouse game.

As long as you can access 100% of the memory on your computer as you wish, no DRM scheme will ever be totally secure.

Hence the reason people are pushing the "TPM" chips soo much. They are the only thing that will make DRM much more resistant to local attacks.


Anyway keep up the good work guys.

I think this dispels any rumors as to muselix's intentions as well, you guys are too harsh.

It could be done, but if they use a custom chip that needs a special debugger that only "people who need to know" can get hold of.
And only after and signing a non-disclosure forms when it's will be a little harder.

I'm talking about doubble layer processors, where you have one security processor and one main processor... But ofcourse if you could get past the security processor then you could do some debugging... Maybe you could get past it with some HNO3...

Sorry for the OT, now back to topic...

Best regards!

As long as you can access 100% of the memory

The CPU's registry is not part of the memory.
Think of it as internal memory buffer.

So you would have to do registry dump and
probably a 1000 times before you do it at the exact right moment.

And it would only a part of the 128bit key in the registry.
probably a 32bit big-endian, if that what the AACS calc uses.

It could be split up to different registrys at the same time that would make it a little easier.
But that is depending how the compiler handles calculation.
Or if the code was writted in Assembly code for more direct control.

The CPU's registry is not part of the memory.
Think of it as internal memory buffer.

So you would have to do registry dump and
probably a 1000 times before you do it at the exact right moment.

And it would only a part of the 128bit key in the registry.
probably a 32bit big-endian, if that what the AACS calc uses.

It could be split up to different registrys at the same time that would make it a little easier.
But that is depending how the compiler handles calculation.
Or if the code was writted in Assembly code for more direct control.

I'm a CS major, I know what registers are...

It's not hard to peek at reg / stack values while in a debugger. Nor is it hard to print out registry values just like you do with a memory dump..

Also in order to get a value into a register don't you have to move it from memory into a register? (mov XXXXXXXX,$EAX)

Obviously you can manipulate it once in there, but that data has to exist somewhere before it goes into mem.

Obviously you can manipulate it once in there, but that data has to exist somewhere before it goes into mem.

But next software player version of windvd would not be allowed
to keep any calculated keys in memory without doing some
manipulation to it first (roll circular left 1bit in this simplified example)

And during play back
line1: Load 32bit word from mem to registry a
line2: roll circular right 1bit on reg a
line3: now use reg a to do some calculation.
line4: clear reg a

A debugger could now stop between line 2 and 3 as registry a now matches some known part of the key.

It sure make it a lot easier to hunt down the code and and
figure out what manipulation they are doing.

Now any memory dump key finder would just have to do the same manipulation to get it work.

If we never had access to un-manipulation keys it probably could take years to reverse engineer powerdvd or windvd.
But thanks to people at windvd we do have that.

But next software player version of windvd would not be allowed
to keep any calculated keys in memory without doing some
manipulation to it first (roll circular left 1bit in this simplified example)

And during play back
line1: Load 32bit word from mem to registry a
line2: roll circular right 1bit on reg a
line3: now use reg a to do some calculation.
line4: clear reg a

A debugger could now stop between line 2 and 3 as registry a now matches some known part of the key.

It sure make it a lot easier to hunt down the code and and
figure out what manipulation they are doing.

Now any memory dump key finder would just have to do the same manipulation to get it work.

If we never had access to un-manipulation keys it probably could take years to reverse engineer powerdvd or windvd.
But thanks to people at windvd we do have that.

I agree, I think we were saying the same things just different ways.

This release is not for everyone! This is only for those who wants to experiment with early version of Blu-ray decryption.

Known limitations:

Don't support BD+
Don't support Volume unique key
Only support one CPS unit key per disc
I don't clear the HDMV_copy_control_descriptor in the stream
Don't have any FAQ or document so far...

You have to provide your own CPS unit key.

The playback seems to work with VideoLan

Because I don't have any Blu-ray equipment, I will need the help of the community to go further with Blu-ray decryption.

I have only test this with one video file...

Stay tuned!

Link:
http://www.sendspace.com/file/yvylle

i tested the other file from the disc that brings up the copy rights and it played perfect fine.

Amazing work....

Just shows ya that both parties are sorta looking at one another going uh its your fault!

Thanks muslix64 , i will work on this and let you know the results.

Thanks !

Muslix, would you please use an XML file to store keys, as per this thread (http://forum.doom9.org/showthread.php?t=121002)?

XML for next version...

This is absolutely hilarious - to all those people saying he was trying to sabotage one camp or the other, eat your words and come publicly apoligize.

Arent the new disc encrypted with SHA-1?

I just read this... at slashdot..
http://it.slashdot.org/article.pl?sid=07/01/20/1936257&from=rss

Chinese Prof Cracks SHA-1 Data Encryption Scheme
Which means.. that the formats are both compromised.. on more then 1 way.

Thanks for not disappearing after proving yourself, muslix :cool: ;)

Many thanks muslix64. This is where it starts getting interesting.

Arent the new disc encrypted with SHA-1?

I just read this... at slashdot..
http://it.slashdot.org/article.pl?sid=07/01/20/1936257&from=rss

Chinese Prof Cracks SHA-1 Data Encryption Scheme
Which means.. that the formats are both compromised.. on more then 1 way.
That article is misleading and is based off a report from months ago. Basically you can create 2 files that hash to the same value. It does nothing for decrypting.

That article is misleading and is based off a report from months ago. Basically you can create 2 files that hash to the same value. It does nothing for decrypting.

This is basic math. With infinite possible inputs and finite possible outputs two different inputs can produce the same output.

Arent the new disc encrypted with SHA-1?

nope, they're encrypted with aes

each 3 sectors (3*2048 bytes) starts with a non-encrypted 16 byte seed. using this seed and the "cps unit key" (read: title key) your're able to decrypt the remainder of 6128 bytes.

1st step uses an aes 1way function
2nd step is aes in cbc mode

see 2.1.3 in AACS_Spec_Common_0.91.pdf and 3.10.1 in AACS_Spec_BD_Prerecorded_0.912.pdf

regards

Ah, great news if this turns out to work for every disc. :D Actually makes me want to go buy more original discs, because I can be sure I'll be able to watch them on my hardware without having to spend loads buying new kit which supports the rights restrictions! Bonus.


<this space reserved for future sage words, for now just sits back and waits for the HD-DVD/BD mudslinging contest to pick back up again>

Ah, great news if this turns out to work for every disc. :D Actually makes me want to go buy more original discs, because I can be sure I'll be able to watch them on my hardware without having to spend loads buying new kit which supports the rights restrictions! Bonus.

Exactly! I'll race you over to amazon HD/BR DVD section shop till you drop! Those protectionist guy's just don't get it. I just spent a $100 bucks on 5 disc's plus shipping of course.

Thanks for all your help guy's.

I'll be right behind you as soon as the dual format drives start coming out, and get more affordable (Christmas 2007 I hope :cool: ). Maybe Star Wars will be out on HD Disc by then.

I have a beautiful 23" Sony LCD Monitor that I spent more than $1500 on two years ago. I'm not about to replace it just because it doesn't have HDCP!

All this really makes me sorry I never got seriously into computer programming. I would love to be able to help you guys out with this stuff. Sadly though, I'm confined to the sidelines for now. Go Team!

just wanted to add really, i don't think any company that designes software to playback HD-DVD and blueray can get done, in fact the company behind AACS, said it can't be broke no matter what, unless of course there admitting that a simple playback software has broken a multi billion dollar encryption,

and the fact is, i don't think they can stopsoftware makers supporting this format, because the world is made with different laws all around the globe, they may be able to stop america, or japan, but there will be other countries that they can't stop because of legislation in that country, and by doing so would risk there format being banned in that country,

so the fact is software developers making programs that support these new format can't really be told what to do, and i'm sure there argument would be, "this format is suppose to be the strongest protected format on the planet" and righly said,


oh, i'm glad your doing blueray, as they have just done a press release, and they are ripping into HD DVD big time, pretty much slagging them of in so many words, because of HD DVD's weaknesses, jesus, i can't believe that they are so cock sure of themselves thinking there format won't be beet,

to all would be crackers, go get blueray, the over confident ba**ards, blueray thinks they can't be beet, and it's probably because of there secret weapon BD+.

Ah, great news if this turns out to work for every disc. :D Actually makes me want to go buy more original discs, because I can be sure I'll be able to watch them on my hardware without having to spend loads buying new kit which supports the rights restrictions! Bonus.


<this space reserved for future sage words, for now just sits back and waits for the HD-DVD/BD mudslinging contest to pick back up again>


Talk about losses for the industry.

As of muslik64 supposed intensions some dickhead wrote, I said it was a BS from the start ( I have a post I can link to if anybody cares).

muslix64 is our hero, we need to love and protect him and make a way to give him BD and HD players so he can either continue to help us or just lay back and enjoy life..:D

just wanted to add really, i don't think any company that designes software to playback HD-DVD and blueray can get done, in fact the company behind AACS, said it can't be broke no matter what, unless of course there admitting that a simple playback software has broken a multi billion dollar encryption,

and the fact is, i don't think they can stopsoftware makers supporting this format, because the world is made with different laws all around the globe, they may be able to stop america, or japan, but there will be other countries that they can't stop because of legislation in that country, and by doing so would risk there format being banned in that country,

so the fact is software developers making programs that support these new format can't really be told what to do, and i'm sure there argument would be, "this format is suppose to be the strongest protected format on the planet" and righly said,


oh, i'm glad your doing blueray, as they have just done a press release, and they are ripping into HD DVD big time, pretty much slagging them of in so many words, because of HD DVD's weaknesses, jesus, i can't believe that they are so cock sure of themselves thinking there format won't be beet,

to all would be crackers, go get blueray, the over confident ba**ards, blueray thinks they can't be beet, and it's probably because of there secret weapon BD+.

If they implement BD+, they will lose the war right away for the reasons too obvious to mention.

muslix, do you have an address I could mail a donation to? I don't have Paypal but I'd really like to help you with the whole getting a Blu-ray player thing, because this is awesome.

Also, I can post my XML class for C++ if anyone wants it. It reads and writes XML files nicely, very clean readable code etc. I know I should just put it on my web site at some point but, well, that's on a biiiiig todo list. :-p

FYI, it's quite possible for a program to prevent you from reading its memory, at least using conventional methods. They can mark ranges of memory as protected, and ReadProcessMemory() will refuse to read them. Of course, there are other ways to go about reading memory...

Hi, sorry for off topic but it is so nice that I can't resist !
Oups, I did it again!
<img src="images/smilies/biggrin.gif" border="0" alt="" title="Big Grin" class="inlineimg" />
:)

Most are still mpeg2? That is awfully depressing...


What will muslix64 accomplish next?

He will save the Earth from aliens !

Janvitos, Muslix64 : Guys, I like what you did so much !

He will save the Earth from aliens !

Do you mean aliens from hollywood? (http://www.theofficialjohncarpenter.com/pages/themovies/tl/tl.html):)
http://www.theofficialjohncarpenter.com/data/movies/titles/tlti.jpg

muslix, do you have an address I could mail a donation to? I don't have Paypal but I'd really like to help you with the whole getting a Blu-ray player thing, because this is awesome.This is most irregular and I would ask you to be more sensitive in asking such questions. If muslix64 wanted donations, he'd set up some methodology, I am sure.

As well, think please! The whole encrypting world would be after muslix64, just as viodentia has been sued.

Let's stick to the topic please.

Regards

I guess the whole US film industry is already after him and they set any goverment organisation into motion to spy on him from now :p

If they implement BD+, they will lose the war right away for the reasons too obvious to mention.

No obvious enough for me, it would seem. I checked the wikipedia entry on BD+ but I'd still like someone to explain BD+ to me.

hey!

i copied the complete contest of the /BDMV/ folder to my hd ( from an original BD movie) then i putted the decryted files from the tool in to the stream folder and over write the old files.

then i opend the folder with windvd , and it works :-) i have the orignal BD menu structure :-).



http://s6.bilder-hosting.de/img/Z4J19.png

wow great news @mrazzido ! i think i buy a blu-ray burner next month ;-)

wow great news @mrazzido ! i think i buy a blu-ray burner next month ;-)

Me too, as long as it is below $200, seems unfair to pay more for BD than HD. :D

tomorrow i try a bit per bit copy on bd-re & db-r

Thats great news!!

Too bad the cheapest burner is $499 on fleaBay :\

I have a Sony and a Liteon Blu-ray burner, with about 20 BD titles and 30 free disk. Also a TDK Double layer disc.
I can do a lot of experiment.

I have a Sony and a Liteon Blu-ray burner, with about 20 BD titles and 30 free disk. Also a TDK Double layer disc.
I can do a lot of experiment.

Sounds great! You don't have Talladega Nights by any chance? If so, could you please post the key's so i can try out backupbluray on my PS3 ?

Aerox - please don't cross post and please keep to the topic.

Regards

First of all thanks where thanks is due to muslix and janvitos. Thanks so much for all your hard work :D

I had a few questions since I am in the preparation stage here:

What version of Win DVD and Power DVD are being used?

What blu-ray burner is best for purchase (LG or Sony)?

Thanks...

@repdetect2 - use search - this has been mentioned quite a bit.

As well, "what's best" is very subjective - beauty is in the eye of the beholder.

Regards

Awesome :) I wonder if they are just talking out their ass when they talk about BD+

Hmm, so on my SWAT BD .iso, i would require someone else to get me the key(s), decrypt the files, and then windvd should be able to play them?

Time for more google-ads, i mean bdkeys.com ?

I begin my backup test from the 5th element BD to a blank BD25.

The M2TS are decrypted but I think that we need to decrypt also others file /menu & navigation). The Samsung player doesn't play the disc.

So everything works? scene selections, subtitles, and extras?



hey!

i copied the complete contest of the /BDMV/ folder to my hd ( from an original BD movie) then i putted the decryted files from the tool in to the stream folder and over write the old files.

then i opend the folder with windvd , and it works :-) i have the orignal BD menu structure :-).



http://s6.bilder-hosting.de/img/Z4J19.png

dont know if all works i upload a small video here (http://www.file-upload.net/download-183110/videooo.avi.html) i switch in some menus.


subtitles works , scene selection works. and i test some extras.


btw.

the movie ist not complete ripped!! the tools decrypt all the files but the big movie file stopped @~2gb.

Janvitos had the same problem.

So i do some other experiments.

I try with the Fifth Element & PowerDVD tell me that some file are stil encrypted with AACS. If i try to playback che single M2TS everythink is ok, but I can't see navigation & menu structure.

And I also try to backup about 6 movies, but it's impossible to backup the entire movie M2TS, the software hang @ about 2 Gb.

@ dvdguru

try windvd i had problems with powerdvd.

copy the complete contest of the /BDMV/ directory. (without encrytped stream files ;) ) to your HD . then copy the Decrypted files to /bdmv/STREAM/ .

then open windvd and the folder from hd . dont know the english option to open the disc from hd here is a screenshotPicture (http://s6.bilder-hosting.de/img/3FVMW.png)


yeah we have the sample problem only~2gb ripped :-(.

Now I'm trying to burn the BDMV directory with the decrypted M2TS on a blank blu-ray.

35 minutes @ the end.