Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
20th January 2007, 10:20 | #1 | Link |
Registered User
Join Date: Sep 2004
Posts: 16
|
hd-dvd volume key finder
hi, i've coded a little c++ app to grab the volume key from windvd memory.
this uses the same method as jokin's winhex script/bat files (searching for 200000003F00000080000000) just run windvd and get a hd-dvd playing, then hit "get volume key" and it should find it. i have posted the source as well incase anyone wants to improve it or fix incompatibilities. binary: hxxp://glib.name/hddvd_vukeyfinder.zip source code (warning: this is a mess ): hxxp://glib.name/hddvd_vukeyfinder_src.zip some parts are from d2hackit v2.0 & hxxp://www.codeproject.com/threads/MDumpAll.asp Last edited by ape; 22nd January 2007 at 23:54. |
20th January 2007, 11:08 | #2 | Link | |
Dwight Schrute's homeboy
Join Date: Jan 2007
Location: The Office
Posts: 136
|
Quote:
|
|
20th January 2007, 11:22 | #3 | Link |
Guest
Posts: n/a
|
Thanks, great work ape, much nicer with a stand-alone app, I assume don't need any third party tools except WinDVD to use your app? I haven't got a HD-DVD drive yet to test your app.
Can you add functionality to grab the CMAC value, The Title name and the production date? All is available on the HD DVD discs. Look here: http://forum.doom9.org/showthread.ph...746#post939746 It would be nice to verify the extracted key based on the CMAC value too which is already implemented in BackupHDDVD. In the long run I think the best thing would be to integrate your C++ app into BackupHDDVD to have a single application with a single GUI doing both key,CMAC, title and production date extraction, saving it to a database and decrypting the movies too. |
20th January 2007, 11:51 | #4 | Link | |
Registered User
Join Date: Sep 2004
Posts: 16
|
Quote:
|
|
20th January 2007, 12:34 | #7 | Link | |
Guest
Posts: n/a
|
Quote:
Here's where to find TKF MAC and Movie Title: TKF MAC (CMAC): The format of VTKF.AACS file can be found in paragraph 3.4 of AACS_Spec_HD_DVD_and_DVD_Prerecorded_0_912, more specifically in Table 3-5. The TKF MAC field (16 bytes) is bytes 2464-2479. http://forum.doom9.org/showthread.ph...202#post938202 Movie Title: The movie title is stored in the top of VPLST000.XPL like you can see here: http://forum.doom9.org/showthread.ph...400#post939400 displayName="Batman Begins HD DVD" http://forum.doom9.org/showthread.ph...661#post939661 displayName="V for Vendetta HD DVD" Maybe you can get someone with a HD-DVD drive to uplad some VTKF.AACS and VPLST000.XPL files so you can test te funtions. |
|
20th January 2007, 15:33 | #9 | Link | |
Guest
Posts: n/a
|
Quote:
http://glib.name/hddvd_vukeyfinder.zip http://glib.name/hddvd_vukeyfinder_src.zip |
|
20th January 2007, 15:40 | #11 | Link | |
Guest
Posts: n/a
|
Quote:
It requires that someone (muslix64 or someone else who finds them too) reveals keys for Blu-Ray discs. |
|
20th January 2007, 16:13 | #12 | Link |
Registered User
Join Date: Oct 2002
Location: Florida, USA
Posts: 90
|
Could your program be modified to verify that the key is 100% correct?
I under stand that you have to cmac a title key with a volume key to check. So what is the sure way to always find title keys in the mem dump too? Last edited by tonyp12; 20th January 2007 at 16:20. |
20th January 2007, 16:32 | #13 | Link |
Registered User
Join Date: Oct 2002
Posts: 65
|
Just to confirm (because I have heard conflicting reports), the ONLY version of Windvd that currently will play these files/movies is the JAP version of Windvd 8?
I have tried it with the HD version of Windvd 8 and just keep getting error's. It is the us version however as I cannot locate the jap version. Also, for those who have had success with the software, please post new keys in the sticky at the top of the page. I have quite a large library to back up myself and would like to help with this cause. |
20th January 2007, 16:39 | #14 | Link |
Registered User
Join Date: Dec 2006
Posts: 154
|
I think it would be best not to integrate this app into BackupHDDVD. While the technique for finding keys is likely to need to be changed often, BackupHDDVD has an entirely different release schedule. This program is perfect as a standalone, and it could be bundled with every copy of BackupHDDVD.
Another thing to explore is a heuristic approach to finding keys. This would be incredibly useful because the program would work with any HD DVD playing application and always yield results. Last edited by noclip; 20th January 2007 at 16:42. |
20th January 2007, 18:33 | #15 | Link |
Registered User
Join Date: Sep 2002
Location: Right Here
Posts: 53
|
I actually modified BackupHDDVD a few days ago to get a memdump from pmdump and then scan it for the volume key. It works pretty well. The only reason I haven't released it yet is becuase I was trying to integrate it to the GUI version. I'll see if I can get to that today. And honestly, IMO the method for finding volume keys shouldn't change much for the time being. As long as we keep using the same version of WinDVD I don't see why that hex marker would cease to reveal the volume key. Worst case scenario is that they blacklist that device key, but that may never happen or at the least, not for a while.
__________________
mmm...muffins |
20th January 2007, 21:14 | #16 | Link | |
Registered User
Join Date: Sep 2002
Location: Right Here
Posts: 53
|
Quote:
__________________
mmm...muffins |
|
21st January 2007, 01:35 | #17 | Link | |
Guest
Posts: n/a
|
Any particular reason to only search for 0000003F00000080000000 and not 200000003F00000080000000? Why leave out the first byte '20' in front of your pattern? Jokin also has '20' included in the beginning of his search pattern in his WinHex app and this seems to work fine for everyone.
The longer pattern you use the less risk there is to find the same pattern at another memory location, especially when there's so many zero bytes in the pattern. From what has been posted on this forum all HD DVD memory dumps contains 200000003F00000080000000 in front of the VUK. US titles looks like this: 06200000003F00000080000000 EU titles looks like this: 00200000003F00000080000000 http://forum.doom9.org/showthread.ph...144#post938144 Quote:
Last edited by He-Man; 21st January 2007 at 01:44. |
|
21st January 2007, 01:39 | #18 | Link | |
Registered User
Join Date: Sep 2004
Posts: 16
|
Quote:
|
|
21st January 2007, 15:58 | #19 | Link |
Registered User
Join Date: Sep 2002
Location: Right Here
Posts: 53
|
ape, was wondering if you could modify the app to accept command line parameters and then return its output via stdio. If you could do this, we could bundle it with BackupHDDVD and use java to read the output. This is actually what I use pmdump for in my current version, it has 2 steps.
1) get process list using pmdump and read via stdio, find windvd.exe PID 2) dump windvd.exe mem using found PID Then you have to search the memdump and this uses HD space and more time and then you have to clean up the files. If you could modify your app to do this, it would be the most elegant solution. In addition, if you could somehow combine your HD/BD Keyfinders so that they are the same app, then we could really make an All in one utility. Say, a command line switch such as -format HD or -format BD and then in the GUI just a radio button to select which one. Also, He-Man is right, when you modify the code you should have it search for the full string, including the "20" at the beginning. Just some thoughts.
__________________
mmm...muffins Last edited by Mistar Muffin; 21st January 2007 at 16:03. |
22nd January 2007, 04:49 | #20 | Link | |
Registered User
Join Date: Jan 2007
Posts: 224
|
Quote:
Ppl computer-literate enough to use those apps can go thru couple of extra clicks. Last edited by Galileo2000; 22nd January 2007 at 05:25. |
|
Thread Tools | Search this Thread |
Display Modes | |
|
|