The last known public Host Certificate (HC) needed for Blu-ray playback has been revoked in MKBv82. As the amount of discs with a newer MKB version increases, more and more people will find themselves in the situation where their drives have permanently revoked this HC. When relying on libaacs for playback (e.g. VLC), this causes problems for new and old (!) discs as the HC is needed to retrieve the VID (aacs decryption) and the RDK (bus encryption) unless keys are cached or available in KEYDB.cfg.

Even though VID is always needed in theory to retrieve VUK/UK, in practice this is not a problem because these keys can be found using FindVUK (https://forum.doom9.org/showthread.php?t=172472) or by downloading FindVUK's KEYDB.cfg containing a large database of keys. However RDK is unique for every drive and cannot be shared in the same way. The RDK affects a minority of BD discs but 100% of UHD discs. libaacs 0.11.0 (https://forum.doom9.org/showthread.php?t=176924) supports cached RDK keys allowing playback of bus encrypted discs without a valid HC. However, to have this RDK in the libaacs cache, the disc had to be played before the certificate was revoked.

Just like FindVUK can get VUK/UK from DVDFab, it's possible to get VID/RDK from other players or rippers that contain an unrevoked HC. This guide shows you how to get these keys from MakeMKV. This is based purely on public information released by MakeMKV but it is nonobvious. Please support MakeMKV for the work that they do.

Update: Following programs automate the steps below


Windows: RDKfromMMKV by Nalor

RDKfromMMKV 0.1 (https://forum.doom9.org/showthread.php?p=1975204#post1975204)
RDKfromMMKV 0.2 (https://forum.doom9.org/showthread.php?p=1975360#post1975360)
RDKfromMMKV 0.4 (https://forum.doom9.org/showthread.php?p=1976672#post1976672)
RDKfromMMKV 0.5 (https://forum.doom9.org/showthread.php?p=1981775#post1981775)

Linux: gen-rdk.sh by Nitro322

gen-rdk.sh (https://forum.doom9.org/showthread.php?p=1979303#post1979303)



The following steps are performed on Windows but they are similar for Linux & Mac

Step 1. Install MakeMKV

Choose a version that has an unrevoked HC. As of this moment, this is v1.15.1 or later

http://makemkv.com/download/

MakeMKV v1.15.1 (15.4.2020 )
- Added support for AACS v76 (for those poor souls without LibreDrive)


If needed, register using the Beta key (https://forum.makemkv.com/forum/viewtopic.php?f=5&t=1053)


Step 2. Get a list of drives

Open a command window and run

"C:\Program Files (x86)\MakeMKV\makemkvcon.exe" f --list


Example output

Found 2 drives(s)
00: \Device\CdRom0, \Device\CdRom0, F:
HL-DT-ST_BDDVDRW_GGC-H20L_1.03_20080515123456_XXXX

01: \Device\CdRom1, \Device\CdRom1, G:
ASUS_BW-16D1HT_3.00_211511031110_YYYY


Write down the drivenumber/name for the selected driveletter


Step 3. Disable LibreDrive

On supported drives, LibreDrive disables bus encryption and prevents MakeMKV from revealing the RDK. Luckily, it can be disabled

Disable LibreDrive (https://forum.makemkv.com/forum/viewtopic.php?p=75476#p75476)

There are 2 ways to pass this setting to MakeMKV:

1. Using MakeMKV config file, the setting name is sdf_Stop . On Linux / Mac that would be the following line in config:
sdf_Stop = "yourdriveid1 yourdriveid2"
On Windows this would be the registry variable under MakeMKV settings.

2. Or you can set environment variable SDF_STOP with the same syntax.

In the command window set the environment variable to the drivename from step 2.

set SDF_STOP=ASUS_BW-16D1HT_3.00_211511031110_YYYY



Step 4. Create an encrypted backup

In the command window (same one where step 3. is performed) run

"C:\Program Files (x86)\MakeMKV\makemkvcon" backup disc:1 "c:\temp\getrdk"

note:
- disc:1 is the drivenumber from step 2
- "c:\temp\getrdk" is a directory of your choice


Example output

MakeMKV v1.15.1 win(x86-release) started
Debug logging enabled, log will be saved as C:\Users\*/MakeMKV_log.txt
The new version 1.17.1 is available for download at http://www.makemkv.com/download/
Backing up disc into folder "c:\temp\getrdk"
Loaded content hash table, will verify integrity of M2TS files.


Once the file c:\temp\getrdk\discatt.dat is created press CTRL-C to interrupt the backup process


Step 5. Extract Drive Certificate (DC), VID and RDK

The DC, VID and RDK are present in discatt.dat. The file format is described in the MakeMKV source code that is (partially) publicly available

MakeMKV linux build & source (https://forum.makemkv.com/forum/viewtopic.php?f=3&t=224)

file makemkv-oss-1.17.1\libdriveio\inc\driveio\driveio.h states
- dicat_DriveStandard=1,
- dicat_DiscSpecific=4,
- diid_DriveCert=(dicat_DriveStandard<<24)+(3<<16)+0x38,
- diid_Aacs_VID=(dicat_DiscSpecific<<24)+(0<<16)+0x80,
- diid_Aacs_DataKeys=(dicat_DiscSpecific<<24)+(0<<16)+0x84,

i.e. the following byte sequences should be present in discatt.dat
- 01 03 00 38 00 00 00 5C [92 bytes = DC]
- 04 00 00 80 00 00 00 10 [16 bytes = VID]
- 04 00 00 84 00 00 00 20 [16 bytes = RDK]


The required bytes can be manually extracted using any hexeditor (https://alternativeto.net/feature/hex-editor/?license=opensource). A tool like Swiss File Knife (http://www.stahlworks.com/dev/swiss-file-knife.html) can immediately save the values in the correct format for later use

sfk hexdump -raw c:\temp\getrdk\discatt.dat +xex "/010300380000005C[184 bytes]/[part2]/" +hextobin c:\temp\getrdk\dc.bin
sfk hexdump -raw c:\temp\getrdk\discatt.dat +xex "/0400008000000010[32 bytes]/[part2]/" -tofile c:\temp\getrdk\vid.txt
sfk hexdump -raw c:\temp\getrdk\discatt.dat +xex "/0400008400000020[32 bytes]/[part2]/" -tofile c:\temp\getrdk\rdk.txt


To display the saved values

sfk hexdump -raw c:\temp\getrdk\dc.bin
type c:\temp\getrdk\vid.txt
type c:\temp\getrdk\rdk.txt


Example output

DC = 0101005C...
VID = 65869168F2AF4D69EDB79754B515A8AC
RDK = 96175870A5A27DEE528975C3BF6756F9


Note:
- RDK is only available if the drive supports bus encryption
- if the drive supports bus encryption, RDK is also present for discs without bus encryption even though RDK is not needed for playback
- do not post your DC on the forum. Theoretically (but unlikely) it can be revoked


Step 6. Save VID and RDK in libaacs cache

The cache files are located in a subdir of the aacs dir with the KEYDB.cfg file
- RDK: ..\aacs\rdk\[driveid]\[discid]
- VID: ..\aacs\vid\[discid]

where
- driveid = SHA1 hash of DC which is different for all your drives
- discid = SHA1 hash of the file AACS\Unit_Key_RO.inf on your Blu-ray disc

Use a tool like 7-Zip (https://www.7-zip.org) to calculate these hashes

driveid:
"C:\Program Files\7-Zip\7z" h -scrcSHA1 c:\temp\getrdk\dc.bin

discid:
"C:\Program Files\7-Zip\7z" h -scrcSHA1 G:\AACS\Unit_Key_RO.inf

note:
- G: is driveletter from step 2


Example output

driveid:
SHA1 for data: F4530616E23597A2368757EAFCFC8685C1EC38D1

discid:
SHA1 for data: B01C8C10CEA251CE65508498993E36D3FD1A7B72


Copy the VID and RDK files to the correct location, rename to discid and remove the .txt file extension

Note that you can also find these hashes by creating a libaacs log using VLC or aacs_info.exe included with libaacs

set AACS_DEBUG_MASK=65535
set AACS_DEBUG_FILE=debuglog.txt
aacs_info G:


Example debuglog.txt file (search for "\rdk")

src/file/file_win32.c:131: Opened WIN32 file
C:\Users\*\AppData\Roaming\aacs\rdk\f4530616e23597a2368757eafcfc8685c1ec38d1\b01c8c10cea251ce65508498993e36d3fd1a7b72
(00000000008b7cc0)


aacs_info.exe output will also show if the drive (device) and disc (media) have bus encryption

Bus encryption:
Device support: yes
Enabled in media: yes



Step 7. Repeat for other drives

The RDK for the disc is unique for every drive so repeat the steps for all your drives that support bus encryption

Warning: in case the firmware of a drive is updated, the RDK for all discs possible changes


FAQ
- VID can also be put in the KEYDB.cfg file instead of the local cache
- VID in combination with MK can be used to calculate VUK/UK. Device Keys for MK retrieval are public for up to MKBv82. Besides libaacs also aacskeys supports input of VID instead of using a HC
- it seems libaacs has some bugs in aacs keys calculation flow. Put both VID and MK in keydb.cfg to get the VUK in the ..\aacs\vuk\[discid] file
- RDK unlike the other keys are disc+drive specific. There is NO POINT in sharing these keys as they will not work for anyone else
- If MakeMKV is allowed to enable LibreDrive a power off is need to reset your drive and allow VLC to play bus encrypted discs
- MakeMKV used to include the tool cddump.exe (https://forum.doom9.org/showthread.php?p=1262464#post1262464) to generate the discatt.dat but it has been removed. It's unknown if there is a similar makemkvcon command to generate the file without starting a disc backup

Thanks for these detailed instructions. But it is mainly for VLC users, right ?

Thanks for these detailed instructions. But it is mainly for VLC users, right ?

well for any player/tool that uses libaacs (e.g. VLC) or allows input of VID (e.g. aacskeys)

O.K. I have got RDK and VID for one disc now but I am unfortunately stuck at step 6. Sorry, but I am confused - what should I do there ? Tools ? Also can't find this inf-file on my system.

O.K. I have got RDK and VID for one disc now but I am unfortunately stuck at step 6. Sorry, but I am confused - what should I do there ? Tools ? Also can't find this inf-file on my system.

I have rewritten the guide from step 5

Check if it's more clear now

Yes, much clearer now. Thanks !! But it is a somewhat tedious process so I hope that someone might write an app for it.
(By the way, Xreveal reports Discid and other infos that might be interesting.)

Yes, much clearer now. Thanks !! But it is a somewhat tedious process so I hope that someone might write an app for it.
(By the way, Xreveal reports Discid and other infos that might be interesting.)

I'm already on it ;)

(will be a very simple app)

Here it is: RDKfromMMKV 0.01 (http://fvonline-db.bplaced.net/download/RDKfromMMKV_0.01.zip) :D

Feedback is welcome :)

I'm not sure if my way to detect if MakeMKV is installed is reliable - so please tell me your results :)

I have tested the app with one Blu-Ray and one UHD and it worked, as far as I can see, perfectly !!! Thank you very much guys - you are awesome :thanks:

Follow up. Great results - now I am finally able to watch the extras on some discs also in MPC-BE instead of VLC.

RDKfromMMKV doesn't work if the \rdk directory doesnt already exist

ERROR! Couldn't create directory >C:\Users\*\AppData\Roaming\aacs\rdk\3ee0a0fb6732df820f82e831e2f0319cf38b4933\<
ERROR! Creating the RDK cache file failed!


Also I forgot discatt contains rdk even if bus encryption is not enabled on disc. Maybe do a check if rdk is needed

Without rdk the opening of the extras on that discs fails again - so I would say it is needed ! Best wishes

RDKfromMMKV doesn't work if the \rdk directory doesnt already exist

ERROR! Couldn't create directory >C:\Users\*\AppData\Roaming\aacs\rdk\3ee0a0fb6732df820f82e831e2f0319cf38b4933\<
ERROR! Creating the RDK cache file failed!


Also I forgot discatt contains rdk even if bus encryption is not enabled on disc. Maybe do a check if rdk is needed

Improved both things:


;- ### History
; 20220923 .. nalor .. release 1st version
; 20220924 .. nalor .. added check for BEC and BEE before trying to get RDK
; 20220926 .. nalor .. fixed create-directory procedure


Here it is: RDKfromMMKV 0.02 (http://fvonline-db.bplaced.net/download/RDKfromMMKV_0.02.zip)

Didn't test it myself - so please report if I did something wrong.

Improved both things:

Here it is: RDKfromMMKV 0.02 (http://fvonline-db.bplaced.net/download/RDKfromMMKV_0.02.zip)

Didn't test it myself - so please report if I did something wrong.

Well it works but now it doesn't continue to get the VID if disc or drive doesn't have bus encryption

Well it works but now it doesn't continue to get the VID if disc or drive doesn't have bus encryption

Ah - you're right, I can at least carry on for the VID and just skip the RDK.

Improved a few things:

Quote:
;- ### History
; 20221009 .. nalor .. at least create vid cache file even in case busencryption is not active
; check if makemkv has expired
; 20221016 .. nalor .. write warning to console if there's no license key for MakeMKV in registry
; Release 0.04

Here it is: RDKfromMMKV 0.04
(http://fvonline-db.bplaced.net/download/RDKfromMMKV_0.04.zip)

Didn't test it myself - so please report if I did something wrong.

RDKfromMMKV 0.04
(http://fvonline-db.bplaced.net/download/RDKfromMMKV_0.04.zip)

Just tried now into a win10 virtual machine, after installing makemkv-1.17.2

RDKfromMMKV cannot detect makemkv if you did not run it at least once, and fails.

Edit:
after this, a different error occurred here the log (https://0x0.st/ow9v.txt) (error creating dir?)

Same problem here. Strangely enough it also reports an error for RDK even though the file gets created
2022-10-18 21:47:41 # 15320 # [E] / / ERROR! Creating the RDK cache file failed! >BRKDB OK<

Hello. Wanted to say thanks to candela for this tutorial. I was able to get VLC to play a blu-ray that otherwise gave me a key revocation error using this method. Much appreciated.

I also wrote a bash script to automate this process on Linux. Just run 'gen-rdk.sh -d <dev>' (it defaults to /dev/sr0 if you omit -d) and it'll extract everything for you to ~/.config/aacs/. So far this has only been tested on my Gentoo system w/ a small handful of blu-rays, but seems pretty solid. The part where it's most likely to break is probably when it forks makemkvcon into the background and waits for it to rip discatt.dat; I've had makemkvcon hang up trying to read the disc at that point, resulting in the script itself seeming to hang. You'll need to kill the script (ctrl+c), kill makemkvcon, and likely need to eject or possibly power cycle the drive to get makemkv to read the disc at that point. Otherwise, it should complete quite quickly.

Here's an example of it running:

$ gen-rdk.sh -d /dev/sr1
Properties:
Device = /dev/sr1
Label = ASUS_BW-16D1HT_3.02_211711241413_SIK9QFCOB301
Disc num = 1
Temp dir = /tmp/genrdk-LXxkg

Begin discatt.dat extraction...
MakeMKV v1.17.2 linux(x64-release) started
Debug logging enabled, log will be saved as file:///home/user/MakeMKV_log.txt
DEBUG: Code 0 at /$zy3A30Z$ocw#7oPfmD-~:29393631
DEBUG: Code 0 at 0S=e}4X.);~#gZ:M:29395540
Backing up disc into folder "file:///tmp/genrdk-LXxkg"
Loaded content hash table, will verify integrity of M2TS files.

Mount blu-ray disc...

Extract RDK and VID...
VID = 'XXXXX'
RDK = 'XXXXX'
Dev ID = 'XXXXX'
Disc ID = 'XXXXX'

Write RDK and VID...

Unmounting blu-ray disc and deleting temp files...
Unmounted /dev/sr1.

Feedback welcome if anyone else wants to try it. You can download from here:
https://www.legroom.net/files/software/gen-rdk.sh

Just tried now into a win10 virtual machine, after installing makemkv-1.17.2

RDKfromMMKV cannot detect makemkv if you did not run it at least once, and fails.

Edit:
after this, a different error occurred here the log (https://0x0.st/ow9v.txt) (error creating dir?)

Ups - missed your post and never used the tool until today ...

I've fixed it, please download 0.05: RDKfromMMKV_0.05.zip
(http://fvonline-db.bplaced.net/download/RDKfromMMKV_0.05.zip)

This time I've tried it myself and it's working. But I didn't change the detection if MakeMKV has never been started before - please simply start it once :D

What am I doing wrong? What is this busencryption?

-----------------------------------------------------------
10:26:39 - ----------- RDKfromMMKV 0.05 -----------
-----------------------------------------------------------
10:26:39 - Specified drive: e
10:26:39 - Drive >E< is BusEncryptionCapable
10:26:39 - ERROR! Disc in drive >E< is NOT BusEncryptionEnabled!
10:26:39 - BusEncryption is not active (drive is not BEC or disc is NOT BEE) - only VolumeID cache file will be created
10:26:39 - MakeMKV is installed :)
10:26:39 - MakeMKV has no license key - please visit >https://forum.makemkv.com/forum/viewtopic.php?t=1053< to get the current key
10:26:39 - MakeMKVcon path: C:\Program Files (x86)\MakeMKV\MakeMKVcon.exe
10:26:39 - Drivenumber is >0<
10:26:46 - discatt.dat appeared - kill MakeMKVcon now
10:26:46 - Target file >C:\Users\renan\AppData\Local\Temp\RDKfromMMKV_20230729_102639\discatt.dat<
10:26:46 - DriveId >6B9F58D60858AD3161D22EE693BA11D8AA6E35F0<
10:26:46 - VolumeId >31825E0CA73FC8697C37566BB0EA570C<
10:26:46 - DiscId >72E1395B5F4C18110140A7940D108D0785CEC94D<
10:26:46 - KeyDB path >C:\Users\renan\AppData\Roaming\aacs\keydb.cfg<
10:26:46 - VID cache will be created >C:\Users\renan\AppData\Roaming\aacs\vid\72e1395b5f4c18110140a7940d108d0785cec94d<
10:26:46 - Created the VID cache file!
Press ENTER to exit

C:\Users\renan>"C:\Program Files (x86)\MakeMKV\makemkvcon.exe" f --list
Found 1 drives(s)
00: \Device\CdRom0, \Device\CdRom0, E:
ASUS_SBW-06D2X-U_1.10_QLDL071227WL

Also, my MakeMKV key is valid and I can't find MakeMKV config file on Windows to disable LibreDrive.

What am I doing wrong? What is this busencryption?


10:26:39 - ERROR! Disc in drive >E< is NOT BusEncryptionEnabled!
10:26:39 - BusEncryption is not active (drive is not BEC or disc is NOT BEE) - only VolumeID cache file will be created
...
10:26:46 - VID cache will be created >C:\Users\renan\AppData\Roaming\aacs\vid\72e1395b5f4c18110140a7940d108d0785cec94d<
10:26:46 - Created the VID cache file!




Why do you think something is wrong?
- The disc does not require busencryption so no RDK is needed
- The VID was retrieved and saved in VLC cache

Why do you think something is wrong?
- The disc does not require busencryption so no RDK is needed
- The VID was retrieved and saved in VLC cache

Well, VLC still can't open the disc nor xreveal

I've just tested Sonic 2 Blu-ray and got this:

-----------------------------------------------------------
09:35:05 - ----------- RDKfromMMKV 0.05 -----------
-----------------------------------------------------------
09:35:05 - Specified drive: e
09:35:05 - Drive >E< is BusEncryptionCapable
09:35:05 - ERROR! Disc in drive >E< is NOT BusEncryptionEnabled!
09:35:05 - BusEncryption is not active (drive is not BEC or disc is NOT BEE) - only VolumeID cache file will be created
09:35:05 - MakeMKV is installed :)
09:35:05 - MakeMKV has no license key - please visit >https://forum.makemkv.com/forum/viewtopic.php?t=1053< to get the current key
09:35:05 - MakeMKVcon path: C:\Program Files (x86)\MakeMKV\MakeMKVcon.exe
09:35:05 - Drivenumber is >0<
09:35:13 - discatt.dat appeared - kill MakeMKVcon now
09:35:13 - Target file >C:\Users\renan\AppData\Local\Temp\RDKfromMMKV_20230730_093505\discatt.dat<
09:35:13 - DriveId >6B9F58D60858AD3161D22EE693BA11D8AA6E35F0<
09:35:13 - VolumeId >81AA56CCF771AE1EAF8A1E5B9E4AA55F<
09:35:13 - DiscId >EDD6461A74439799857701A5D4E040DF1C8A5434<
09:35:13 - KeyDB path >C:\Users\renan\AppData\Roaming\aacs\keydb.cfg<
09:35:13 - VID cache will be created >C:\Users\renan\AppData\Roaming\aacs\vid\edd6461a74439799857701a5d4e040df1c8a5434<
09:35:13 - Created the VID cache file!
Press ENTER to exit

Still can't get the keys and watch it.

This tool does not create/retrieves VUKs !!
Read here : https://forum.doom9.org/showthread.php?t=172472

This tool does not create/retrieves VUKs !!
Read here : https://forum.doom9.org/showthread.php?t=172472

I was trying this because all my dvdfab registration expired and I can't get new keys.

Do you maybe use an old version of keydb.cfg ?

Do you maybe use an old version of keydb.cfg ?

How do I know it's old and where can I get the updated one?

This tool does not create/retrieves VUKs !!
Read here : https://forum.doom9.org/showthread.php?t=172472

You use this tool here to synchronize your keydb file. Even if you're not using it to find keys with DVDFab, it's still incredibly useful for managing your keydb file.

Yepp, launch synchronize.bat and FindVUK does all the work for you but you can also download the latest keydb.cfg by yourself but then you have to do the rest (unpacking, etc.) yourself as well.

Feedback welcome if anyone else wants to try it. You can download from here:
https://www.legroom.net/files/software/gen-rdk.sh

I have made some bugfixes and improvements; diffs below. Feel free to bring them upstream etc.


Remove openssl dep and fix related hexdump bug

Originally, hashing was done with openssl piped into hexdump. However, the format provided to hexdump was buggy; if a byte were repeated, it would only show up once and have a * following it, which is not the format libaacs expects the hashes to be in.

Changing the sha1 hashing to sha1sum, part of the already-assumed coreutils (or busybox or...) dependency, means that we no longer need a call to hexdump, since that outputs the hash in hexadecimal already: https://pastebin.com/xsnzKTfb
Wait for disc to actually unmount: https://pastebin.com/1KW3qY8t
Allow saving discatt.dat

This is slightly inelegant; it does more work in the default case where we arenʼt saving discatt.dat, but it was easier to write this way and does only negligible extra work: https://pastebin.com/HGtCeekZ
Add options to work without generating RDK

This program extracts both RDK and VID. There are some reasons the RDK might not be available, or even reasons one might want to have makemkvcon enable libredrive, but still extract the VID: https://pastebin.com/xnEmfsf2


Putting all of these together gives gen-rdk-vid.sh (https://pastebin.com/upZwt4kz).

If you like these changes feel free to incorporate them upstream

Just for my confirmation, the above method is not expected to work with UHD BDs (presumably because MakeMKV doesn't have a valid HC itself, and "merely" uses LibreMode to defeat Bus Encryption), or is it?

And I guess there is still no other known way to defeat UHD BEE, other than LibreMode Drives?

I also saw https://github.com/xbmc/xbmc/pull/17145, where the author claims to have tested "UHD BD playback from disc" any ideas how he did that?

Thanks :-)

Just for my confirmation, the above method is not expected to work with UHD BDs (presumably because MakeMKV doesn't have a valid HC itself, and "merely" uses LibreMode to defeat Bus Encryption), or is it?

And I guess there is still no other known way to defeat UHD BEE, other than LibreMode Drives?

I also saw https://github.com/xbmc/xbmc/pull/17145, where the author claims to have tested "UHD BD playback from disc" any ideas how he did that?

Thanks :-)


I think you're right - it's not possible to get the RDK or VolumeId from MakeMKV for UHD discs.

And I guess there is still no other known way to defeat UHD BEE, other than LibreMode Drives?


FindVUK get's the RDK from the DVDfab Passkey memory dump and uses it - so you can use FindVUK to get the RDK and defeat BEE this way.

FindVUK get's the RDK from the DVDfab Passkey memory dump and uses it - so you can use FindVUK to get the RDK and defeat BEE this way.

That sounds interesting.

The RDK would be still per device+disc, right? But once I have the RDK (for a given disc+device), I should then be able to properly copy it just by using libaacs + dd?

I assume I'd need the "DVDFab Passkey for Blu-ray" version and not "DVDFab Passkey Lite"?

Doesn't that mean that they need to have a drive host cert for UHD somewhere in their program? Or how else could they get an RDK?

Do you happen to know whether DVDFab messes around with the drive Firmware? I.e. I don't want it to update/etc. the drive firmware, because I bought some LibreFriendly Panasonic drive.

Thanks :-)

I tried that now with a test version (most recent release) of DVDFab Passkey for Blu-ray, but that doesn't seem to work.

First, DVDFab Passkey itself said, that it couldn't open the UHD, as the drive wouldn't be supported (it's a LibreFriendly drive with AACS2.0 module, Pioneer BDR-XS07TUHD).
So... do I need another drive?

Second, FindVUK said that DVDFab Passkey would no longer have the keys in memory and I'd need to downgrade. Could I just use DVDFab itself (no passkey) and would that still work to get the RDK of an UHD?

Not with that drive. DVDFab doesn't support Pioneer for UHD.

And yet MakeMKV still creates discatt.dat / discattd.dat files when creating encrypted / decrypted UHD backups. These files must contain something, or else why create them in the first place? Granted, I understand that enabling LibreDrive mode must make it impossible for MakeMKV to obtain an RDK, but what about the UHD's VID?

Yes the VID is contained in the discatt.dat file. I have tools to extract it but nothing I can do with it except look at it. To use the VID you need a Media Key (which requires a device key), which we don't have. In any case, look at the very first post of this thread for information on the discatt.dat and how to extract the VID. When LibreDrive is enabled, the RDK is not there, as stated.

Yes the VID is contained in the discatt.dat file. I have tools to extract it but nothing I can do with it except look at it.

How did you extract the VID please? This is the code for AACSv1:

VIDOFFSET=$(LC_ALL=C grep -m1 -aobP "\x04\x00\x00\x80\x00\x00\x00\x10" "${DAT}" | cut -f1 -d:)
is_int "${VIDOFFSET}"
if [ $? -ne 0 ]; then
echo "Error: VID could not be located."
exit 2
fi
VID=$(hexdump -e '16/1 "%02x"' -s $((VIDOFFSET + 8)) -n 16 "${DAT}")

but I have generated a discatt.dat for the same UHD disk using two different LibreDrive-enabled drives, and did not generate the same VID this way, suggesting that there must be more to it.

To use the VID you need a Media Key (which requires a device key), which we don't have.
In theory, yes. Except that I have also noticed that two different disks can sometimes use the same Media Key. So it did occur to me at least to try every Media Key we know for the matching MKB version, just to see if it happens to unlock a working VUK...

04 00 00 80 00 00 00 10


Search for those bytes. Then read 32 bytes after it. That's the VID. This is why I said read the first post cause it's all listed there. Using swiss file knife:


sfk hexdump -raw c:\temp\getrdk\discatt.dat +xex "/0400008000000010[32 bytes]/[part2]/" -tofile c:\temp\getrdk\vid.txt


That'll extract it. I created my own tools to read it using the same method.

04 00 00 80 00 00 00 10


Search for those bytes. Then read 32 bytes after it. That's the VID. This is why I said read the first post cause it's all listed there.
Yes, I have tried that already. Except that two different LibreDrive-enabled drives gave me two different VIDs for the same UHD disk, which doesn't sounds right.

Don't know. Always works for me, even when I use multiple drives.

What I'd still find interesting is how DVDFab gets the RDK then (I mean for UHDs). Wouldn't that mean that they either need to have a UHD HC (which would then need to be in memory at some point - unless they calculate the RDK remotely on their servers and the HC never leaves that)?

On https://www.dvdfab.cn/4k-uhd-drives.htm they write:
"Normally, Friendly 4K UHD Drives refer to regular Blu-ray drives that can read BDXL media but do not implement AACS2 protection. Though unable to be used with official software, such 4K UHD drives allow any software with a regular AACS1 host certificate to read UHD disc data."

Is that what LibreDrive does? I always thought LibreDrive would modify the firmware, so that the drive simply doesn't do Bus Encryption at all.

But the above rather reads as if the drive would actually do BE, and they just use an AACS1 cert.

Don't know. Always works for me, even when I use multiple drives.

I'd suggest you re-examine your results. I've tried with three UHD disks across two different LibreDrive-enabled drives, and the two drives only agree on each VID's first byte using this method.

I'd suggest you re-examine your results. I've tried with three UHD disks across two different LibreDrive-enabled drives, and the two drives only agree on each VID's first byte using this method.

LOL I've examined literally dozens of results. I just did again after your post a while ago. Guess what. They match. Don't know what to tell you.

LOL I've examined literally dozens of results. I just did again after your post a while ago. Guess what. They match. Don't know what to tell you.
My drives are a Verbatim 43888 and a Pioneer XD08EMB-S. And obviously the only way to prove that a value is really the disk's VID would be to generate the VUK from it.

My drives are a Verbatim 43888 and a Pioneer XD08EMB-S. And obviously the only way to prove that a value is really the disk's VID would be to generate the VUK from it.

I've compared the ones mine generated against keydb entries and they match. I'm using 3 Pioneer drives and a bu40n. They all match.

(For some that have the VID in the keydb entry. Obviously not all do. I've no idea where those come from but I've been fortunate to have a few discs that match)

I've compared the ones mine generated against keydb entries and they match. I'm using 3 Pioneer drives and a bu40n. They all match.

KEYDB.cfg doesn't contain the VIDs for any UHD disk I own, so I can only generate discatt.dat files and then extract VIDs from them. And the VIDs generated by one LibreDrive-enabled drive simply do not match the VIDs generated by my other LibreDrive-enabled drive for the exact same disks.

I am using the Linux version of MakeMKV 1.17.6 for all of this.

Yup, I heard you the first couple times you said that. I can only repeat what I've said....that I have 3 pioneer drives and a bu40n and that they all match each other and match the keydb entries for the few discs I have that have the VID. So I'm quite confident that it works just fine. I don't, however, know why it doesn't for you. I wrote my own C# code to extract the VID in one of my utilities and it works every time. I've done it from both the windows and mac version of MakeMKV. Doesn't seem to matter. It's always the same for me.

I've done it from both the windows and mac version of MakeMKV. Doesn't seem to matter. It's always the same for me.

OK, thanks. So unless you are also performing Deep Magic over your drives before "casting" MakeMKV, my only remaining option is to assume the existence of a bug in the Linux version :scared:.

Definitely no deep magic. :)