Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
|
|
Thread Tools | Search this Thread | Display Modes |
14th March 2007, 01:44 | #41 | Link |
Registered User
Join Date: Jan 2007
Posts: 20
|
compilation ps3
[HTML]Done under PS3 with Yellow Dog Linux 5. I have modified the ioctl.c file to match both send_cmd header. (I add unsigned to the linux header function). So now, I don't get the error between ioctl.c and aacskeys.h
But still get these errors. Seems that openssl can't get correctly installed. Don't know why. openssl ppc version (not ppc64). It seems it install itself in /usr/local/ssl/include instead of the default path. If I run openssl, it says it's version 0.9.8a 11 october 2005 But I compiled 0.9.8e Please someone with C compilation knowledge (I so much love perl, so such compilation problem) compile a binary for linux-ppc or linux-ppc64. Staticly linked would be better I think. Here is the output from the gcc command: gcc -o aacskeys -lcrypto -I/usr/local/ssl/include ioctl.c ecdsa.c mmc.c aes.c aacskeys.c ecdsa.c: In function ‘aacs_set_cert’: ecdsa.c:29: warning: initialization discards qualifiers from pointer target type ecdsa.c: In function ‘aacs_sign’: ecdsa.c:67: warning: comparison between pointer and integer aes.c:62:2: warning: no newline at end of file aacskeys.c: In function ‘main’: aacskeys.c:555: warning: comparison is always false due to limited range of data type /tmp/ccIwRoTT.o: In function `aacs_key': ecdsa.c.text+0x14): undefined reference to `EC_KEY_new' ecdsa.c.text+0x4c): undefined reference to `EC_KEY_set_group' ecdsa.c.text+0x6c): undefined reference to `EC_KEY_free' /tmp/ccIwRoTT.o: In function `aacs_set_cert': ecdsa.c.text+0xd0): undefined reference to `EC_KEY_get0_group' ecdsa.c.text+0x190): undefined reference to `EC_POINT_new' ecdsa.c.text+0x1c8): undefined reference to `EC_POINT_set_affine_coordinates_GFp' ecdsa.c.text+0x1fc): undefined reference to `EC_KEY_set_public_key' /tmp/ccIwRoTT.o: In function `aacs_sign': ecdsa.c.text+0x2cc): undefined reference to `EC_KEY_set_private_key' ecdsa.c.text+0x2dc): undefined reference to `EVP_ecdsa' ecdsa.c.text+0x34c): undefined reference to `ECDSA_do_sign' ecdsa.c.text+0x3c4): undefined reference to `ECDSA_SIG_free' ecdsa.c.text+0x3d8): undefined reference to `EC_KEY_free' /tmp/ccIwRoTT.o: In function `aacs_verify': ecdsa.c.text+0x458): undefined reference to `EVP_ecdsa' ecdsa.c.text+0x4b4): undefined reference to `ECDSA_SIG_new' ecdsa.c.text+0x534): undefined reference to `ECDSA_do_verify' ecdsa.c.text+0x550): undefined reference to `ECDSA_SIG_free' ecdsa.c.text+0x564): undefined reference to `EC_KEY_free' /tmp/ccIwRoTT.o: In function `aacs_group': ecdsa.c.text+0x828): undefined reference to `EC_GROUP_new_curve_GFp' ecdsa.c.text+0x864): undefined reference to `EC_POINT_new' ecdsa.c.text+0x918): undefined reference to `EC_POINT_set_affine_coordinates_GF2m' ecdsa.c.text+0x9bc): undefined reference to `EC_GROUP_set_generator' ecdsa.c.text+0xa04): undefined reference to `EC_GROUP_free' ecdsa.c.text+0xa20): undefined reference to `EC_POINT_free' collect2: ld returned 1 exit status[/HTML] |
14th March 2007, 02:15 | #42 | Link |
Registered User
Join Date: Mar 2007
Posts: 8
|
I couldn't get aacskeys working on ps3 linux. I had similar errors as the ones stated above.
I just tried running aacskeys from windows xp(qemu) on the ps3 and I get the "All AGIDs are in use, aborting." message. Same thing happened when I used a daemon-tools mounted iso on my normal windows xp computer. |
14th March 2007, 02:19 | #43 | Link |
Registered User
Join Date: Jan 2007
Posts: 20
|
iscsi-target
If someone could compile and correctly execute the iscsi-target on the ps3, we could access the blu-ray from windows with the iscsi-initiator:
iscsi-initiator: http://www.microsoft.com/downloads/d...DisplayLang=en iscsi-target: http://iscsitarget.sourceforge.net/ Watch out, I think openssl needs to be compile in ppc64. For my part, iscsi-target compiles correctly. It's when I run it that the're an error in /var/log/messages For all the linux guru, please help us! |
14th March 2007, 02:55 | #44 | Link | |
Registered User
Join Date: Feb 2007
Posts: 123
|
Quote:
For the rpm installed openssl you can check that by Code:
rpm -qa|grep -i openssl|xargs rpm -ql Code:
./configure --help |
|
14th March 2007, 04:55 | #45 | Link |
Registered User
Join Date: Jan 2007
Posts: 20
|
recompile openssl with --prefix=/usr
Now the default openssl is 0.9.8e Remove the -I/usr/local/ssl/include part But still same error. Check in the /usr/include/openssl/evp.h and the function EVP_ecdsa is well defined. Why can't the compiler find it ? |
14th March 2007, 07:18 | #46 | Link |
Registered User
Join Date: Sep 2006
Posts: 390
|
Ok. It looks like ebsi has managed to compile and run aacskeys on the PS3. It looks like his Dv/Dsig values are all zero. As far as I can see he has also added a mount point variable (to make a distinction between the device file where mmc commands are send to and the mountpoint to find the MKB/UnitKey files I guess). So my source probably requires some more tweaking for linux.
Can somebody else confirm this? I wonder if Dcert is returned by the drive (don't post it we just need to know if its not all 0's). Last edited by arnezami; 14th March 2007 at 08:03. |
14th March 2007, 14:40 | #47 | Link |
Registered User
Join Date: Feb 2007
Posts: 2
|
http://www.sendspace.com/file/d3aava
In the archive you also find a PS3 linux binary. It's compiled on Ubuntu Edgy for PPC. For mounting the a BD disk this patch : http://sourceforge.net/tracker/index...95&atid=300295 is needed. To use it you must mount the BD disk. For example: mount /dev/scd0 /media/cdrom ./aacskeys /dev/scd0 /media/cdrom s Dv, Disg, HK and BK are empty. |
14th March 2007, 19:16 | #48 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
There are some things we can do to see what is the problem with retrieving the Dsig and Dv. (1) There is an (small) error in the report key and send key command. This is what report_key should look like: Code:
int report_key(drive_handle h, unsigned char * buffer, char agid, char key_format, short length, unsigned char bluray) { unsigned char cmd[CDROM_PACKET_SIZE]; memset(cmd, 0, CDROM_PACKET_SIZE); cmd[0] = REPORT_KEY; cmd[1] = 0; cmd[7] = 0x02; cmd[8] = (length>>8)&0xff; cmd[9] = (length)&0xff; cmd[10] = agid<<6|(key_format&0x3f); memset(buf, 0, length); if(send_cmd(h, cmd, buf, 0, length) >= 0) return 0; else return -1; } This is what send_key should look like: Code:
int send_key(drive_handle h, unsigned char *buffer, char agid, char key_format, short length, unsigned char bluray) { unsigned char cmd[CDROM_PACKET_SIZE]; memset(cmd, 0, CDROM_PACKET_SIZE); cmd[0] = SEND_KEY; cmd[1] = 0; cmd[7] = 0x02; cmd[8] = (length>>8)&0xff; cmd[9] = (length)&0xff; cmd[10] = agid<<6|(key_format&0x3f); if(send_cmd(h, cmd, buf, length, 0) >= 0) return 0; else return -1; } (2) There could be a problem with timing or the agid being invalid (after the drive cert has been recieved). This is unlikely but we could check if the agid is still in use after retrieving the drive cert. We do this by trying to obtain an agid just after we have done the report_drive_cert_chal. If its -1 then the agid is still in use (as it should be). But if its 0 then the agid has been dropped by the drive. Alternatively we could try to wait a little before asking the drive for the Dv/Dsig (or ask many times). (3) We should try to compile and run this program on a PC linux system. When using either a Bluray drive or a HD DVD drive on a linux PC (not the PS3) we can see what works. If this is working (on a PC) then the PS3 hypervisor is probably giving us trouble (or the distro/processor whatever). If it doesn't work for linux PC (or maybe only bluray) then we have to solve that first. (4) We should make sure we get better error messages When the report_drive_key is executed it gives back all 0's. But this can be due to several reasons. We could change this function to give us a little more info on what happened (by check the resulting value of course) Code:
int report_drive_key(drive_handle h, char agid, unsigned char *point, unsigned char *signature, unsigned char bluray) { if(report_key(h, buf, agid, 2, 84, bluray)) return -2; if(buf[0] != 0 || buf[1] != 0x52) return -1; memcpy(point, buf+4, 40); memcpy(signature, buf+44, 40); return 0; } Of course somebody has to do some precise debugging to see where the problem lies. (5) We should compile and try aacsauth We have working source code (for linux) in aacsauth. We could use this for trying to see what works. When we add the following in the read_vid of jx6bpm's source it should work for bluray: Code:
int read_vid(drive_handle h, char agid, char *vid, char *mac) { char cmd[CDROM_PACKET_SIZE]; memset(cmd, 0, CDROM_PACKET_SIZE); cmd[0] = 0xad; cmd[1] = 1; cmd[7] = 0x80; cmd[8] = 0; cmd[9] = 36; cmd[10] = (agid<<6)&0xc0; if(send_cmd(h, cmd, buf, 0, 36) < 0) return -1; memcpy(vid, buf+4, 16); memcpy(mac, buf+20, 16); return 0; } The report key command (aswell as the other commands) say that byte 11 is somewhat vendor specific: Currently we set this entire byte to 0. I don't know if this is a problem (since the Dcert is working it wouldn't make sense this is the reason the Dv isn't retrieved). And what is NACA, flag and link? There is also the question if this is correct: Code:
cmd[8] = (length>>8)&0xff; cmd[9] = (length)&0xff; We could also do a GET CONFIGURATION command and see what comes out of that. Hopefully we will find out soon what is going on here. The fact that the PS3 is actually returning the Dcert is very positive news because it means that the mmc commands are not blocked . Regards, arnezami Last edited by arnezami; 14th March 2007 at 20:01. |
|
14th March 2007, 23:45 | #49 | Link |
Registered User
Join Date: Feb 2003
Posts: 41
|
boy am I lost now! I thought I was getting it, then whammo!
OK, so I hope this question falls into this thread: If the program reveals all AACS Keys needed to decrypt, then how do I get the SHA1 hash? I believe that is needed to decrypt? In the following example of the BD movie Click, I don't know how to get the 40 character string prior to the "=Click" name. I DO know how to get the 32 character string following the "|00/00/00|". F40F9413E223031170483DEBD0495F5D64F41392=Click |00/00/00|C1F8540A04E9405FED346872CD125990 ....^ I can not figure out how to get this string.................................^ I do know how to get this one. (Its just the CPS key) So, does this program help in revealing that 40-character string? Thanks!
__________________
___ Last edited by Electrox3d; 14th March 2007 at 23:48. |
15th March 2007, 00:05 | #50 | Link |
Registered User
Join Date: Jan 2007
Posts: 20
|
sha1 key of file
The hash is the sha1 hash of the AACS/CPUnit00001.cci file.
under linux, type: openssl sha1 CPUnit00001.cci Under windows, down an utility to calculate sha1 hash of file Maybe this could help: http://www.codeproject.com/cs/files/dt_file_hasher.asp or try this: http://hashtab.beeblebrox-org.qarchive.org/ You could also have looked in the backupblurayv21.zip source. Under src/shared/utils.java, the hashFile function explain how it's done. And the src/main/BackupBluRay.java show which file is hashed. Last edited by woodspire; 15th March 2007 at 00:15. |
15th March 2007, 00:13 | #51 | Link |
Registered User
Join Date: Jan 2007
Posts: 20
|
Same problem has ebsi.
Can't compile right now the binary for aacskeys (openssl problem stated above) but the binary provided by ebsi is working. Dv, Dsig, Hk and BK all zero. Dcert not zero. Actually, no other info are zero except the 4 above. Get a volume Unique Key for talladega nights: Code:
Processing key: 09F911029D74E35BD84156C5635688C0 Encrypted C-value: CBB16165DDC196FC65D0E6A0333045F5 Corresponding uv: 00000001 Decrypted C-value: 31143BED2A2E4A23A546A708267DDC7C Media key: 31143BED2A2E4A23A546A708267DDC7D Encrypted verification data: B385A42078219980710627B27BF7C541 Decr verif data should be: 0123456789ABCDEF Decrypted verification data: 0123456789ABCDEF682370557C3E243C AGID: FF Host certificate from: Power DVD 7.1 Host certificate (Hcert): 0200005CFFFF0000000C00006E3DEB679B9A16AD FAA8E30878767BA6EB2A9B415385AD1181B4446C 31E9A5DD2AB808B364FF15885BAC490964318C9B F8029FCF76F688A54FBDA03F6D9332EF04E5A613 12DA85880A4D9CBB79D8602E Host Private Key (Hpriv): 4737676058D7029452514F0AB186DC4CCA8C578F Host Nonce (Hn): 2923BE84E16CD6AE529049F1F1BBE9EBB3A6DB3C Drive certificate (Dcert): ######################################## ######################################## ######################################## ######################################## ######################## Drive Nonce (Dn): ######################################## Drive key point (Dv): ######################################## ######################################## Drive key signature (Dsig): ######################################## ######################################## Host key (Hk): 0000000000000000000000000000000000000000 Host key point (Hv): 8E9B0E3CF41FA7DA3A829F604122EA4ED5261AA4 7570CE0BB9061A66FAF92C4A7D98ACC171CBF19B Host key signature (Hsig): ######################################## ######################################## Drive signature wrong/error Bus key (BK): ################################ Volume ID: 8E9B0E3CF41FA7DA3A829F604122EA4E Voluem ID MAC: ################################ Volume Unique Key: 3104B2690FA032CD8849139B2D518D0F Encrypted Unit Key 1: 819CCCE5F7FCF2C8F30FD559F0DDCA0E Decrypted Unit Key 1: 23403F01F9FD3023ADDF2698C12E7C03 It's my way to check if the application is working. Can't make the change to the source code because can't compile but can run any binary you provide, if you want to debug (woodspire@hotmail.com) P.S. I have a strange copy of "The Prestige" that can't be decrypt with the key provided in this forum. Hopping to correct the problem and be able to provide it to everybody after testing it. |
15th March 2007, 00:31 | #52 | Link | |
Registered User
Join Date: Feb 2003
Posts: 41
|
Quote:
This is the first time it was clearly put to me what needed to be done to get this Hash... The software you linked wouldn't work based on some kind of .NET security, but a program called Pinpoint Hash by Pinpoint Laboratories pulled up that exact code! I was like then then Thanks!
__________________
___ |
|
15th March 2007, 05:58 | #53 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
Sorry for not being more clear about this. But there is a time for building and programming stuff and there is a time for explaining stuff. Usually in that order . Regards, arnezami |
|
15th March 2007, 06:21 | #54 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
In this post the Volume ID for Talladega Nights The Ballad of Ricky Bobby was posted: Code:
7f 58 3c b4 6c 30 99 e5 c8 99 44 08 07 f7 41 4b There is another thing we should try. I now suspect the Dv/Dsig is not empty at all its just not copied to the appropiate buffers (because it contains something strange). In order to test this you could remove the following code from the report_drive_key function: Code:
int report_drive_key(drive_handle h, char agid, unsigned char *point, unsigned char *signature, unsigned char bluray) { if(report_key(h, buf, agid, 2, 84, bluray)) return -1; if(buf[0] != 0 || buf[1] != 0x52) return -1; memcpy(point, buf+4, 40); memcpy(signature, buf+44, 40); return 0; } Code:
int report_drive_key(drive_handle h, char agid, unsigned char *point, unsigned char *signature, unsigned char bluray) { if(report_key(h, buf, agid, 2, 84, bluray)) return -1; memcpy(point, buf+4, 40); memcpy(signature, buf+44, 40); return 0; } [edit] Ooh wait. The agid is wrong! Huh?! There is something wrong there. It should never be FF. Ah. Ok. The check has been removed by ebsi. This explains why its acting up. No agid means no go. Although it doesn't help us yet. Will try to figure out how to proceed. arnezami ** It may be wise/healthy paranoia to remove everything from this "Volume ID" and all stuff below that (until we know what it is). Last edited by arnezami; 15th March 2007 at 06:45. |
|
15th March 2007, 08:35 | #56 | Link |
Registered User
Join Date: Sep 2006
Posts: 390
|
Ok. I've completely stripped aacskeys into aacstiny.
It now doesn't need openssl. So more people can compile and help us. It doesn't do much. Its just a test program. It gives more information about what is going with the drive so please try this and report back to us (careful: it dumps buffers so I've sort of marked potential sensitive data but if you don't trust yourself just desribe what you see) Here is part of what I see on my PC: Code:
Sending report key command: A40000000000000200003F00 Invalidation AGID 0. Result: 0 Sending report key command: A40000000000000200007F00 Invalidation AGID 1. Result: 0 Sending report key command: A4000000000000020000BF00 Invalidation AGID 2. Result: 0 Sending report key command: A4000000000000020000FF00 Invalidation AGID 3. Result: 0 Sending report key command: A40000000000000200080000 Returning buffer from report agid command: 0006000000000000 AGID: 00 Sending send key command: A30000000000000200740100 Host certificate from: Power DVD 7.1 Host certificate (Hcert): 0200005CFFFF0000000C00006E3DEB679B9A16AD FAA8E30878767BA6EB2A9B415385AD1181B4446C 31E9A5DD2AB808B364FF15885BAC490964318C9B F8029FCF76F688A54FBDA03F6D9332EF04E5A613 12DA85880A4D9CBB79D8602E Host Private Key (Hpriv): 4737676058D7029452514F0AB186DC4CCA8C578F Host Nonce (Hn): 2923BE84E16CD6AE529049F1F1BBE9EBB3A6DB3C Sending report key command: A40000000000000200740100 CAREFUL SENSITIVE: Returning buffer from report drive challenge command: 00720000xxxxxxx (sorry sendspace is down atm) Instructions: Code:
INSTALL Compile with gcc -o aacstiny ioctl.c mmc.c aacstiny.c There may be some warning. But hopefully it compiles for linux now (not tested yet). USAGE mount /dev/scd0 /media/cdrom (this may not be needed but well doesn't hurt I guess) ./aacstiny /dev/scd0 s /dev/scd0 is the device file of your drive arnezami PS. On a sidenote: since AACS auth is only implemented on "PC-based systems" its also possible the PS3 doesn't support it at all. If this is the case then I have no idea how the PS3 gets its volume ids. I highly doubt though this is the case. Last edited by arnezami; 15th March 2007 at 08:59. |
15th March 2007, 11:37 | #57 | Link |
Registered User
Join Date: Jan 2007
Posts: 20
|
Dcert
Code:
Can somebody look at their Dcert and see if the drive as Bus Key capable. As I explained earlier how to see this: look for 01 00 00 5c in there. The red value is zero if the drive is not capable of bus encryption. The only '5C' is at the start of my Dcert. Here how it starts: 0200005CFFFF00 ... So, it seems that it's not capable of bus encryption. And it doesn't begin with '01' but with '02'. Also, if no bus encryption is supported, isn't that a nice thing to have... no encryption ??? Last edited by woodspire; 15th March 2007 at 14:02. |
15th March 2007, 12:13 | #58 | Link |
Registered User
Join Date: Feb 2007
Posts: 123
|
I can't compile aacstiny Linux. The latter is a bit more verbose.
Code:
~/bdownload/aacstiny$ gcc -o aacstiny ioctl.c mmc.c aacstiny.c aacstiny.c: In function ‘main’: aacstiny.c:245: error: ‘EXIT_SUCCESS’ undeclared (first use in this function) aacstiny.c:245: error: (Each undeclared identifier is reported only once aacstiny.c:245: error: for each function it appears in.) ~/bdownload/aacstiny$ gcc -Wall -O2 -o aacstiny ioctl.c mmc.c aacstiny.c ioctl.c: In function ‘close_drive’: ioctl.c:167: warning: implicit declaration of function ‘close’ aacstiny.c:40: warning: return type defaults to ‘int’ aacstiny.c:83: warning: return type defaults to ‘int’ aacstiny.c: In function ‘main’: aacstiny.c:193: warning: pointer targets in passing argument 1 of ‘output_key’ differ in signedness aacstiny.c:245: error: ‘EXIT_SUCCESS’ undeclared (first use in this function) aacstiny.c:245: error: (Each undeclared identifier is reported only once aacstiny.c:245: error: for each function it appears in.) aacstiny.c:239: warning: label ‘err’ defined but not used ~/bdownload/aacstiny$ |
15th March 2007, 17:18 | #59 | Link | |
Guest
Posts: n/a
|
Quote:
http://www.beeblebrox.org/hashtab/ Might also come in handy for other uses, like comparing if two files are identical, or when you want to release some software on a public server. |
|
15th March 2007, 19:47 | #60 | Link | |
Registered User
Join Date: Sep 2006
Posts: 390
|
Quote:
Or download this one: http://www.sendspace.com/file/tutjhl Regards, arnezami |
|
Thread Tools | Search this Thread |
Display Modes | |
|
|