View Single Post
Old 17th February 2007, 17:38   #285  |  Link
KenD00
Registered User
 
Join Date: Jan 2007
Location: Internet
Posts: 378
Quote:
Originally Posted by evdberg View Post
You need to 'sniff' the Volume ID, because you need a trusted connection with the drive before the drive will send it over.
Well, this seems to be only the half truth. According to the AACS-Spec, the upper half of the VolumeID is stored on the disc in the BCA, the lower half in a Copyright Data Section of the Control Data Zone in the disc Lead-In in a manner described in the AACS HD DVD and DVD Pre-recorded Book, Confidential Part. The AACS-Spec defines extenions to the Mt. Fuji Protocol and indeed, these extensions (except the one to read the P-MKB) require the ACCS-Authentication.
I wanted to verify that and send these commands to the drive, so i've read the MMC-6 draft to get the missing information to do that and i found out something interesting. You can read the BCA and the Copyright Data Section of the disc directly with MMC-6 commands, and these commands do not require the AACS-Authentication! I've tested that and it works, but somehow only partially. I got the BCA with the first half of the VolumeID, but everything i got from the Copyright Data Section was zero. I could also read the Copyright Protection Information from the Control Data Section but i dont know whats this for.

If someday sniffing won't work anymore this would at least reduce the brute force amount to 48 bit, but thats still quite much.

KenD00 is offline   Reply With Quote