Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion.

Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules.

 

Go Back   Doom9's Forum > General > Decrypting

Reply
 
Thread Tools Search this Thread Display Modes
Old 13th September 2022, 20:41   #1  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 237
Get Blu-ray VID and RDK from MakeMKV

The last known public Host Certificate (HC) needed for Blu-ray playback has been revoked in MKBv72. As the amount of discs with a newer MKB version increases, more and more people will find themselves in the situation where their drives have permanently revoked this HC. When relying on libaacs for playback (e.g. VLC), this causes problems for new and old (!) discs as the HC is needed to retrieve the VID (aacs decryption) and the RDK (bus encryption) unless keys are cached or available in KEYDB.cfg.

Even though VID is always needed in theory to retrieve VUK/UK, in practice this is not a problem because these keys can be found using FindVUK or by downloading FindVUK's KEYDB.cfg containing a large database of keys. However RDK is unique for every drive and cannot be shared in the same way. The RDK affects a minority of BD discs but 100% of UHD discs. libaacs 0.11.0 supports cached RDK keys allowing playback of bus encrypted discs without a valid HC. However, to have this RDK in the libaacs cache, the disc had to be played before the certificate was revoked.

Just like FindVUK can get VUK/UK from DVDFab, it's possible to get VID/RDK from other players or rippers that contain an unrevoked HC. This guide shows you how to get these keys from MakeMKV. This is based purely on public information released by MakeMKV but it is nonobvious. Please support MakeMKV for the work that they do.

Update: The author of FindVUK has released RDKfromMMKV which will perform steps below automatically
The following steps are performed on Windows but they are similar for Linux & Mac

Step 1. Install MakeMKV

Choose a version that has an unrevoked HC. As of this moment, this is v1.15.1 or later
Quote:
http://makemkv.com/download/

MakeMKV v1.15.1 (15.4.2020 )
- Added support for AACS v76 (for those poor souls without LibreDrive)
If needed, register using the Beta key


Step 2. Get a list of drives

Open a command window and run
Code:
"C:\Program Files (x86)\MakeMKV\makemkvcon.exe" f --list
Example output
Code:
Found 2 drives(s)
00: \Device\CdRom0, \Device\CdRom0, F:
	HL-DT-ST_BDDVDRW_GGC-H20L_1.03_20080515123456_XXXX

01: \Device\CdRom1, \Device\CdRom1, G:
	ASUS_BW-16D1HT_3.00_211511031110_YYYY
Write down the drivenumber/name for the selected driveletter


Step 3. Disable LibreDrive

On supported drives, LibreDrive disables bus encryption and prevents MakeMKV from revealing the RDK. Luckily, it can be disabled
Quote:
Disable LibreDrive

There are 2 ways to pass this setting to MakeMKV:

1. Using MakeMKV config file, the setting name is sdf_Stop . On Linux / Mac that would be the following line in config:
sdf_Stop = "yourdriveid1 yourdriveid2"
On Windows this would be the registry variable under MakeMKV settings.

2. Or you can set environment variable SDF_STOP with the same syntax.
In the command window set the environment variable to the drivename from step 2.
Code:
set SDF_STOP=ASUS_BW-16D1HT_3.00_211511031110_YYYY

Step 4. Create an encrypted backup

In the command window (same one where step 3. is performed) run
Code:
"C:\Program Files (x86)\MakeMKV\makemkvcon" backup disc:1 "c:\temp\getrdk"

note:
- disc:1 is the drivenumber from step 2
- "c:\temp\getrdk" is a directory of your choice
Example output
Code:
MakeMKV v1.15.1 win(x86-release) started
Debug logging enabled, log will be saved as C:\Users\*/MakeMKV_log.txt
The new version 1.17.1 is available for download at http://www.makemkv.com/download/
Backing up disc into folder "c:\temp\getrdk"
Loaded content hash table, will verify integrity of M2TS files.
Once the file c:\temp\getrdk\discatt.dat is created press CTRL-C to interrupt the backup process


Step 5. Extract Drive Certificate (DC), VID and RDK

The DC, VID and RDK are present in discatt.dat. The file format is described in the MakeMKV source code that is (partially) publicly available
Code:
MakeMKV linux build & source

file makemkv-oss-1.17.1\libdriveio\inc\driveio\driveio.h states
- dicat_DriveStandard=1,
- dicat_DiscSpecific=4,
- diid_DriveCert=(dicat_DriveStandard<<24)+(3<<16)+0x38,
- diid_Aacs_VID=(dicat_DiscSpecific<<24)+(0<<16)+0x80,
- diid_Aacs_DataKeys=(dicat_DiscSpecific<<24)+(0<<16)+0x84,

i.e. the following byte sequences should be present in discatt.dat
- 01 03 00 38 00 00 00 5C [92 bytes = DC]
- 04 00 00 80 00 00 00 10 [16 bytes = VID]
- 04 00 00 84 00 00 00 20 [16 bytes = RDK]
The required bytes can be manually extracted using any hexeditor. A tool like Swiss File Knife can immediately save the values in the correct format for later use
Code:
sfk hexdump -raw c:\temp\getrdk\discatt.dat +xex "/010300380000005C[184 bytes]/[part2]/" +hextobin c:\temp\getrdk\dc.bin
sfk hexdump -raw c:\temp\getrdk\discatt.dat +xex "/0400008000000010[32 bytes]/[part2]/" -tofile c:\temp\getrdk\vid.txt
sfk hexdump -raw c:\temp\getrdk\discatt.dat +xex "/0400008400000020[32 bytes]/[part2]/" -tofile c:\temp\getrdk\rdk.txt
To display the saved values
Code:
sfk hexdump -raw c:\temp\getrdk\dc.bin
type c:\temp\getrdk\vid.txt
type c:\temp\getrdk\rdk.txt
Example output
Code:
DC  = 0101005C...
VID = 65869168F2AF4D69EDB79754B515A8AC
RDK = 96175870A5A27DEE528975C3BF6756F9
Note:
- RDK is only available if the drive supports bus encryption
- if the drive supports bus encryption, RDK is also present for discs without bus encryption even though RDK is not needed for playback
- do not post your DC on the forum. Theoretically (but unlikely) it can be revoked


Step 6. Save VID and RDK in libaacs cache

The cache files are located in a subdir of the aacs dir with the KEYDB.cfg file
- RDK: ..\aacs\rdk\[driveid]\[discid]
- VID: ..\aacs\vid\[discid]

where
- driveid = SHA1 hash of DC which is different for all your drives
- discid = SHA1 hash of the file AACS\Unit_Key_RO.inf on your Blu-ray disc

Use a tool like 7-Zip to calculate these hashes
Code:
driveid:
"C:\Program Files\7-Zip\7z" h -scrcSHA1 c:\temp\getrdk\dc.bin

discid:
"C:\Program Files\7-Zip\7z" h -scrcSHA1 G:\AACS\Unit_Key_RO.inf

note:
- G: is driveletter from step 2
Example output
Code:
driveid:
SHA1   for data:              F4530616E23597A2368757EAFCFC8685C1EC38D1

discid:
SHA1   for data:              B01C8C10CEA251CE65508498993E36D3FD1A7B72
Copy the VID and RDK files to the correct location, rename to discid and remove the .txt file extension

Note that you can also find these hashes by creating a libaacs log using VLC or aacs_info.exe included with libaacs
Code:
set AACS_DEBUG_MASK=65535
set AACS_DEBUG_FILE=debuglog.txt
aacs_info G:
Example debuglog.txt file (search for "\rdk")
Code:
src/file/file_win32.c:131: Opened WIN32 file 
C:\Users\*\AppData\Roaming\aacs\rdk\f4530616e23597a2368757eafcfc8685c1ec38d1\b01c8c10cea251ce65508498993e36d3fd1a7b72
(00000000008b7cc0)
aacs_info.exe output will also show if the drive (device) and disc (media) have bus encryption
Code:
Bus encryption:
  Device support:   yes
  Enabled in media: yes

Step 7. Repeat for other drives

The RDK for the disc is unique for every drive so repeat the steps for all your drives that support bus encryption

Warning: in case the firmware of a drive is updated, the RDK for all discs possible changes


FAQ
- VID can also be put in the KEYDB.cfg file instead of the local cache
- VID in combination with MK can be used to calculate VUK/UK. Device Keys for MK retrieval are public for up to MKBv71. Besides libaacs also aacskeys supports input of VID instead of using a HC
- it seems libaacs has some bugs in aacs keys calculation flow. Put both VID and MK in keydb.cfg to get the VUK in the ..\aacs\vuk\[discid] file
- RDK unlike the other keys are disc+drive specific. There is NO POINT in sharing these keys as they will not work for anyone else
- If MakeMKV is allowed to enable LibreDrive a power off is need to reset your drive and allow VLC to play bus encrypted discs
- MakeMKV used to include the tool cddump.exe to generate the discatt.dat but it has been removed. It's unknown if there is a similar makemkvcon command to generate the file without starting a disc backup

Last edited by candela; 27th September 2022 at 09:25.
candela is offline   Reply With Quote
Old 14th September 2022, 21:37   #2  |  Link
Grimsdyke
Registered User
 
Join Date: Nov 2013
Location: Hannover, Germany
Posts: 224
Thanks for these detailed instructions. But it is mainly for VLC users, right ?
__________________
MPC-BE feature wishlist: 1) Two independent volume control sliders in the UI when using dual-audio-out.
Grimsdyke is offline   Reply With Quote
Old 15th September 2022, 19:39   #3  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 237
Quote:
Originally Posted by Grimsdyke View Post
Thanks for these detailed instructions. But it is mainly for VLC users, right ?
well for any player/tool that uses libaacs (e.g. VLC) or allows input of VID (e.g. aacskeys)
candela is offline   Reply With Quote
Old 19th September 2022, 18:07   #4  |  Link
Grimsdyke
Registered User
 
Join Date: Nov 2013
Location: Hannover, Germany
Posts: 224
O.K. I have got RDK and VID for one disc now but I am unfortunately stuck at step 6. Sorry, but I am confused - what should I do there ? Tools ? Also can't find this inf-file on my system.
__________________
MPC-BE feature wishlist: 1) Two independent volume control sliders in the UI when using dual-audio-out.
Grimsdyke is offline   Reply With Quote
Old 19th September 2022, 18:21   #5  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 237
Quote:
Originally Posted by Grimsdyke View Post
O.K. I have got RDK and VID for one disc now but I am unfortunately stuck at step 6. Sorry, but I am confused - what should I do there ? Tools ? Also can't find this inf-file on my system.
I have rewritten the guide from step 5

Check if it's more clear now

Last edited by candela; 19th September 2022 at 20:39.
candela is offline   Reply With Quote
Old 22nd September 2022, 17:56   #6  |  Link
Grimsdyke
Registered User
 
Join Date: Nov 2013
Location: Hannover, Germany
Posts: 224
Yes, much clearer now. Thanks !! But it is a somewhat tedious process so I hope that someone might write an app for it.
(By the way, Xreveal reports Discid and other infos that might be interesting.)
__________________
MPC-BE feature wishlist: 1) Two independent volume control sliders in the UI when using dual-audio-out.
Grimsdyke is offline   Reply With Quote
Old 23rd September 2022, 21:43   #7  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 430
Quote:
Originally Posted by Grimsdyke View Post
Yes, much clearer now. Thanks !! But it is a somewhat tedious process so I hope that someone might write an app for it.
(By the way, Xreveal reports Discid and other infos that might be interesting.)
I'm already on it

(will be a very simple app)
nalor is offline   Reply With Quote
Old 23rd September 2022, 23:26   #8  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 430
Here it is: RDKfromMMKV 0.01

Feedback is welcome

I'm not sure if my way to detect if MakeMKV is installed is reliable - so please tell me your results
nalor is offline   Reply With Quote
Old 24th September 2022, 14:21   #9  |  Link
Grimsdyke
Registered User
 
Join Date: Nov 2013
Location: Hannover, Germany
Posts: 224
I have tested the app with one Blu-Ray and one UHD and it worked, as far as I can see, perfectly !!! Thank you very much guys - you are awesome

Follow up. Great results - now I am finally able to watch the extras on some discs also in MPC-BE instead of VLC.
__________________
MPC-BE feature wishlist: 1) Two independent volume control sliders in the UI when using dual-audio-out.

Last edited by Grimsdyke; 25th September 2022 at 19:12. Reason: Add infos
Grimsdyke is offline   Reply With Quote
Old 25th September 2022, 23:33   #10  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 237
RDKfromMMKV doesn't work if the \rdk directory doesnt already exist
Code:
ERROR! Couldn't create directory >C:\Users\*\AppData\Roaming\aacs\rdk\3ee0a0fb6732df820f82e831e2f0319cf38b4933\<
ERROR! Creating the RDK cache file failed!
Also I forgot discatt contains rdk even if bus encryption is not enabled on disc. Maybe do a check if rdk is needed
candela is offline   Reply With Quote
Old 26th September 2022, 19:08   #11  |  Link
Grimsdyke
Registered User
 
Join Date: Nov 2013
Location: Hannover, Germany
Posts: 224
Without rdk the opening of the extras on that discs fails again - so I would say it is needed ! Best wishes
__________________
MPC-BE feature wishlist: 1) Two independent volume control sliders in the UI when using dual-audio-out.
Grimsdyke is offline   Reply With Quote
Old 26th September 2022, 21:59   #12  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 430
Quote:
Originally Posted by candela View Post
RDKfromMMKV doesn't work if the \rdk directory doesnt already exist
Code:
ERROR! Couldn't create directory >C:\Users\*\AppData\Roaming\aacs\rdk\3ee0a0fb6732df820f82e831e2f0319cf38b4933\<
ERROR! Creating the RDK cache file failed!
Also I forgot discatt contains rdk even if bus encryption is not enabled on disc. Maybe do a check if rdk is needed
Improved both things:

Quote:
;- ### History
; 20220923 .. nalor .. release 1st version
; 20220924 .. nalor .. added check for BEC and BEE before trying to get RDK
; 20220926 .. nalor .. fixed create-directory procedure
Here it is: RDKfromMMKV 0.02

Didn't test it myself - so please report if I did something wrong.
nalor is offline   Reply With Quote
Old 27th September 2022, 09:22   #13  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 237
Quote:
Originally Posted by nalor View Post
Improved both things:

Here it is: RDKfromMMKV 0.02

Didn't test it myself - so please report if I did something wrong.
Well it works but now it doesn't continue to get the VID if disc or drive doesn't have bus encryption
candela is offline   Reply With Quote
Old 27th September 2022, 21:15   #14  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 430
Quote:
Originally Posted by candela View Post
Well it works but now it doesn't continue to get the VID if disc or drive doesn't have bus encryption
Ah - you're right, I can at least carry on for the VID and just skip the RDK.
nalor is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 16:57.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2022, vBulletin Solutions Inc.