Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion.

Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules.

 

Go Back   Doom9's Forum > General > Decrypting

Reply
 
Thread Tools Search this Thread Display Modes
Old 29th October 2018, 00:12   #41  |  Link
MartyMcNuts
Registered User
 
Join Date: Aug 2018
Posts: 16
Quote:
Originally Posted by maetel99 View Post
I can put together a command line tool to help evaluate device keys if there is any interest. The tool would take two path arguments, one to a keydb.cfg file with test device keys, and one to an MKB file or a folder of MKB files. The output would tell you which device keys worked for which MKB files and what the resulting processing keys are. The tool would be Mac-based.
Your tool sounds very interesting. Although I am a Windows user, I'd still love to see it. Could you also provide the source code?

Thanks,
Marty
MartyMcNuts is offline   Reply With Quote
Old 19th November 2018, 02:15   #42  |  Link
MartyMcNuts
Registered User
 
Join Date: Aug 2018
Posts: 16
@maetel99

Haven't heard from you in a while. Just wondering how you are going with creating your tool?
MartyMcNuts is offline   Reply With Quote
Old 29th November 2018, 06:46   #43  |  Link
maetel99
Registered User
 
Join Date: Apr 2018
Posts: 21
Quote:
Originally Posted by MartyMcNuts View Post
@maetel99
Haven't heard from you in a while. Just wondering how you are going with creating your tool?
Sorry, I've been a bit busy. I will try to put together the command line tool and post it.
maetel99 is offline   Reply With Quote
Old 19th May 2022, 19:41   #44  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 259
So someone pointed out that the partially correct XOR stream retrieved from FW4.70 -> FW4.76 (see previous post) reveals a new key on FW4.86 that works up to MKBv71

Code:
| DK | DEVICE_KEY 0x38841673E2B4E05191659899606CFFB8 | DEVICE_NODE 0x0C00 | KEY_UV 0x00000A00 | KEY_U_MASK_SHIFT 0x0B ; MKBv49-MKBv71
candela is offline   Reply With Quote
Old 23rd May 2022, 03:49   #45  |  Link
DanTheMann15
Registered User
 
DanTheMann15's Avatar
 
Join Date: Aug 2019
Location: Pennsylvania
Posts: 23
@candela

cool!

now people can play their blurays that use MKBv71 and lower. (assuming they have not attempted to play a >v72 disc)

so here's a new basic config that implements this new device key:
Code:
; KEYDB.cfg

; Processing Keys

; Device Keys
| DK | DEVICE_KEY 0x5FB86EF127C19C171E799F61C27BDC2A | DEVICE_NODE 0x0A00 | KEY_UV 0x00000400 | KEY_U_MASK_SHIFT 0x17 ; MKBv01-MKBv48
| DK | DEVICE_KEY 0x38841673E2B4E05191659899606CFFB8 | DEVICE_NODE 0x0C00 | KEY_UV 0x00000A00 | KEY_U_MASK_SHIFT 0x0B ; MKBv49-MKBv71

; Host Certificate
| HC | HOST_PRIV_KEY 0x909250D0C7FC2EE0F0383409D896993B723FA965 | HOST_CERT 0x0203005CFFFF800001C100003A5907E685E4CBA2A8CD5616665DFAA74421A14F6020D4CFC9847C23107697C39F9D109C8B2D5B93280499661AAE588AD3BF887C48DE144D48226ABC2C7ADAD0030893D1F3F1832B61B8D82D1FAFFF81 ; MKBv71

; Bluray Disc VUK Keys ;
i still find it funny that sony is still obligated to keep pushing updates to the PS3 firmware to keep it able to play the latest blurays, i believe it's how most of these keys get collected since the PS3 is the easiest to hack.
DanTheMann15 is offline   Reply With Quote
Old 13th March 2023, 22:33   #46  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 259
Partially correct XOR stream retrieved from FW4.70 -> FW4.76 (see previous post) reveals a new key on FW4.90 that works from MKBv72 up to ? (at least MKBv81, possibly higher)

Code:
| DK | DEVICE_KEY 0x861B3719B02F24BE6F1A30E2E3ABEE94 | DEVICE_NODE 0x0C40 | KEY_UV 0x00000D00 | KEY_U_MASK_SHIFT 0x0A ; MKBv72-...

Last edited by candela; 27th June 2023 at 22:29.
candela is offline   Reply With Quote
Old 17th March 2023, 02:58   #47  |  Link
nitro322
Registered User
 
Join Date: Nov 2022
Posts: 2
Quote:
Originally Posted by candela View Post
Partially correct XOR stream retrieved from FW4.70 -> FW4.76 (see previous post) reveals a new key on FW4.90 that works from MKBv72 up to ? (at least MKBv78, possibly higher)
Just a quick thanks. I haven't been able to play blu-rays on my drive for several months now due to the previous key being revoked. Just updated this and now it's working again. Thanks!
nitro322 is offline   Reply With Quote
Old 24th July 2023, 14:14   #48  |  Link
RealSnoopyDog
Registered User
 
Join Date: May 2011
Posts: 76
One "dumb" question: If I have a Blu-Ray with MKBv76, a host certificate which was revoked from MKBv72 on and a device key which is valid for at least MKBv76 - can this Blu-Ray be played back even if the host certificate is not valid anymore?
RealSnoopyDog is offline   Reply With Quote
Old 24th July 2023, 16:33   #49  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 259
Quote:
Originally Posted by RealSnoopyDog View Post
One "dumb" question: If I have a Blu-Ray with MKBv76, a host certificate which was revoked from MKBv72 on and a device key which is valid for at least MKBv76 - can this Blu-Ray be played back even if the host certificate is not valid anymore?
No, when the host authentication is performed for the MKBv76 disc, the drive will revoke the certificate and authentication will fail. The device key can still be used to retrieve the MK for that disc. Combined with the VID retrieved using a different means (e.g. from MakeMKV or even commercial players since VID is often not protected well) you can still get the VUK/UK and play the disc (unless it's BUS encrypted in which case you need to retrieve also the RDK)

You can keep using the cert on a drive as long as no disc >=MKBv72 was ever authenticated.
candela is offline   Reply With Quote
Old 29th October 2023, 16:16   #50  |  Link
MrPenguin
Mr Penguin
 
Join Date: Oct 2023
Posts: 23
Quote:
Originally Posted by candela View Post
Partially correct XOR stream retrieved from FW4.70 -> FW4.76 (see previous post) reveals a new key on FW4.90 that works from MKBv72 up to ? (at least MKBv81, possibly higher)
I have a MKBv76 disk, but this device key doesn't extract its media key:
Code:
mkb.c:45: Retrieved MKB record 0x04 (0x1c57ecc)
mkb.c:45: Retrieved MKB record 0x05 (0x1c58ac4)
mkb.c:45: Retrieved MKB record 0x10 (0x1c57570)
mkb.c:45: Retrieved MKB record 0x81 (0x1c5783c)
aacs.c:385: Applying subset-difference for device 0xc40 is #18:
aacs.c:386:   UV: 0x00000c70  U mask: 0xffffffc0  V mask: 0xffffffe0
aacs.c:297: could not find applying device key (device 0xc40)
Am I missing something please? (I mean, apart from the media key )

Thanks for any help here.
MrPenguin is offline   Reply With Quote
Old 29th October 2023, 16:25   #51  |  Link
mick0
Registered User
 
Join Date: Dec 2017
Posts: 35
Quote:
Originally Posted by MrPenguin View Post
I have a MKBv76 disk, but this device key doesn't extract its media key:
Code:
mkb.c:45: Retrieved MKB record 0x04 (0x1c57ecc)
mkb.c:45: Retrieved MKB record 0x05 (0x1c58ac4)
mkb.c:45: Retrieved MKB record 0x10 (0x1c57570)
mkb.c:45: Retrieved MKB record 0x81 (0x1c5783c)
aacs.c:385: Applying subset-difference for device 0xc40 is #18:
aacs.c:386:   UV: 0x00000c70  U mask: 0xffffffc0  V mask: 0xffffffe0
aacs.c:297: could not find applying device key (device 0xc40)
Am I missing something please? (I mean, apart from the media key )

Thanks for any help here.
Can you try again after changing the DEVICE_NODE from 0x0C40 to 0x0E00?
mick0 is offline   Reply With Quote
Old 29th October 2023, 17:30   #52  |  Link
MrPenguin
Mr Penguin
 
Join Date: Oct 2023
Posts: 23
Quote:
Originally Posted by mick0 View Post
Can you try again after changing the DEVICE_NODE from 0x0C40 to 0x0E00?
You sir, are a genius. I have now managed to retrieve the media key.

Thank you.
MrPenguin is offline   Reply With Quote
Old 29th October 2023, 20:14   #53  |  Link
Sunspark
Registered User
 
Join Date: Nov 2015
Posts: 467
I have an old PS3 with a burnt out HDMI port. The SCART port still works.

I don't actually have a bluray to test with, but will the SCART port still output full-resolution and bitrate today? I have read for units sold after a certain date Sony fixed it so that they wouldn't, but it's not clear to me if it was made retroactive to the older units that used to be able to do so.
Sunspark is offline   Reply With Quote
Old 30th October 2023, 08:51   #54  |  Link
Emulgator
Big Bit Savings Now !
 
Emulgator's Avatar
 
Join Date: Feb 2007
Location: close to the wall
Posts: 1,531
SCART can only handle analog FBAS (CVBS), plus a very few of them RGB, so analog SD.
__________________
"To bypass shortcuts and find suffering...is called QUALity" (Die toten Augen von Friedrichshain)
"Data reduction ? Yep, Sir. We're that issue working on. Synce invntoin uf lingöage..."
Emulgator is offline   Reply With Quote
Old 31st October 2023, 13:52   #55  |  Link
MrPenguin
Mr Penguin
 
Join Date: Oct 2023
Posts: 23
Observation about another device key

Quote:
Originally Posted by mick0 View Post
Can you try again after changing the DEVICE_NODE from 0x0C40 to 0x0E00?
For interest, I am testing some of my older BluRays against the current "minimal KEYDB.cfg", where one of its device keys is:
Quote:
| DK | DEVICE_KEY 0x5FB86EF127C19C171E799F61C27BDC2A | DEVICE_NODE 0x0A00 | KEY_UV 0x00000400 | KEY_U_MASK_SHIFT 0x17 ; MKBv01-MKBv48
When presented with a MKBv65 disk, libaacs outputs:
Quote:
aacs.c:297: could not find applying device key (device 0xa00)
However, if I change this device node to 0x0800 then libaacs outputs this instead:
Quote:
aacs.c:365: device 0x800 is revoked
aacs.c:380: could not find applying subset-difference for device 0x800
Personally, I actually expect libaacs to notice that this device key has been revoked. Does this mean that the key's device node should be 0x0800 rather than 0x0A00?

Thanks for any assistance here.

Edit: I have just tried with a MKBv76 disk, and the output is now:
Quote:
aacs.c:365: device 0x800 is revoked
aacs.c:380: could not find applying subset-difference for device 0x800
aacs.c:365: device 0xc00 is revoked
aacs.c:380: could not find applying subset-difference for device 0xc00
Which makes me think that the first device node should indeed be 0x0800 instead of 0x0A00, because then it behaves the same as the next revoked device key.

Last edited by MrPenguin; 31st October 2023 at 14:10.
MrPenguin is offline   Reply With Quote
Old 31st October 2023, 14:17   #56  |  Link
mick0
Registered User
 
Join Date: Dec 2017
Posts: 35
I think you're correct. The device node for this key should be 0x00000800.

Matching DEVICE_NODE can be derived from KEY_UV and KEY_U_MASK_SHIFT.
Code:
 % ./calc_dn 400 17
Device Node: 0x00000800
 % ./calc_dn a00 0b
Device Node: 0x00000C00
 % ./calc_dn d00 0a
Device Node: 0x00000E00

Last edited by mick0; 31st October 2023 at 14:42.
mick0 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 11:40.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.