Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion.

Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules.

 

Go Back   Doom9's Forum > General > Decrypting

Reply
 
Thread Tools Search this Thread Display Modes
Old 2nd October 2015, 03:02   #41  |  Link
foxyshadis
ангел смерти
 
foxyshadis's Avatar
 
Join Date: Nov 2004
Location: Lost
Posts: 9,558
If nothing else, with source included someone else can come along and pick it up years after it's been abandoned, and add their own updates and improvements to it. I've done that a couple of times. Binaries on the forum are iffy, but source is always welcome, especially since external file hosts tend to come and go.
foxyshadis is offline   Reply With Quote
Old 3rd October 2015, 08:55   #42  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 490
Just want to tell that I got an email from cyren / f-prot:

Quote:
Following receipt of your False Positive (FP) report, we have identified it to be wrongly detected as a malware. This FP is now fixed, and this file will no longer be detected as malware.
I'm currently on vacation so I cannot verify if the correction is already active.


Gesendet von meinem D5803 mit Tapatalk
nalor is offline   Reply With Quote
Old 3rd October 2015, 16:34   #43  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 259
Version 0.70 fails to validate the VUK even though it is valid. Appears to happen with all discs

Code:
2015-10-03 16:09:05 # 1207999 # DVDfab_GetVukFromDump - File >C:\Utils\FindVUK_0.70\dump\6915989258FC4C802F37198172DA6F89E2B9B488_BARBARELLA..dmp< DiscID >6915989258FC4C802F37198172DA6F89E2B9B488< Offset_Folder_DiscId >0x114< Offset_DiscId_Vuk >0x5F<
2015-10-03 16:09:06 # 1208467 # ------------------------------------
2015-10-03 16:09:06 # 1208473 #  VolumeName: BARBARELLA
2015-10-03 16:09:06 # 1208478 #  DiscID    : 6915989258FC4C802F37198172DA6F89E2B9B488
2015-10-03 16:09:06 # 1208483 #  VUK       : 2C71BCD772B0567DAF39B3BB9F4A2796
2015-10-03 16:09:06 # 1208488 # ------------------------------------
2015-10-03 16:09:06 # 1208496 # AACS folder on disc is reachable - ValidateVUK is possible
2015-10-03 16:09:06 # 1208502 # AACS folder on bluray is reachable!
2015-10-03 16:09:06 # 1208526 # Information: preferred Bluray-MetaTitle language found >Barbarella<
2015-10-03 16:09:06 # 1208545 #   FeatureDescriptor    :00 00 00 0C 00 00 00 40 01 0D 01 04 01 01 01 01 
2015-10-03 16:09:06 # 1208550 #   AacsVersion          :1
2015-10-03 16:09:06 # 1208555 #   AacsActive           :1
2015-10-03 16:09:06 # 1208559 #   BindingNonceGenSupp  :1
2015-10-03 16:09:06 # 1208564 #   BindingNonceBlockCnt :1
2015-10-03 16:09:06 # 1208568 #   BusEncryptionSupp    :0
2015-10-03 16:09:06 # 1208572 #   ReadDriveCertificate :0
2015-10-03 16:09:06 # 1208576 #   AgidCount            :1
2015-10-03 16:09:06 # 1208580 # Get UnitKeys
2015-10-03 16:09:06 # 1208594 # UnitKeyCount >7<
2015-10-03 16:09:06 # 1208598 #  >>> UnitKey: 584FDD75AD8BC136BCD829CFD7F0B90C
2015-10-03 16:09:06 # 1208603 #  >>> UnitKey: 12B4D0D990284F4D1B94DE7846E8BAA7
2015-10-03 16:09:06 # 1208608 #  >>> UnitKey: A828A551C4BCCE2E05B677683C053236
2015-10-03 16:09:06 # 1208613 #  >>> UnitKey: 89A4C27DD1FFE6F49A2ECE0C73DB2F5A
2015-10-03 16:09:06 # 1208619 #  >>> UnitKey: AE14752A7489779F9AD15152C8C825B9
2015-10-03 16:09:06 # 1208625 #  >>> UnitKey: 0E0A2EE4398919D0D544B2D08A6F07F2
2015-10-03 16:09:06 # 1208631 #  >>> UnitKey: 9FDA1562148C2A9B5CCB8FC6506EB7CB
2015-10-03 16:09:06 # 1209141 # File >F:\BDMV\STREAM\00011.m2ts< is encrypted!
2015-10-03 16:09:06 # 1209146 # ERROR! Validation of VUK failed >0<
Version 0.68 works fine

Code:
2015-10-03 16:22:13 # 1980482 # DVDfab_GetVukFromDump - File >C:\Utils\FindVUK_0.68\dump\6915989258FC4C802F37198172DA6F89E2B9B488_BARBARELLA..dmp< DiscID >6915989258FC4C802F37198172DA6F89E2B9B488< Offset_Folder_DiscId >0x114< Offset_DiscId_Vuk >0x5F<
2015-10-03 16:22:14 # 1980977 # ------------------------------------
2015-10-03 16:22:14 # 1980983 #  VolumeName: BARBARELLA
2015-10-03 16:22:14 # 1980988 #  DiscID    : 6915989258FC4C802F37198172DA6F89E2B9B488
2015-10-03 16:22:14 # 1980993 #  VUK       : 2C71BCD772B0567DAF39B3BB9F4A2796
2015-10-03 16:22:14 # 1980998 # ------------------------------------
2015-10-03 16:22:14 # 1981071 # AACS folder on disc is reachable - ValidateVUK is possible
2015-10-03 16:22:14 # 1981079 # AACS folder on bluray is reachable!
2015-10-03 16:22:14 # 1981089 # Information: no bdmv-meta-dl directory available on disc - cannot read meta-title (-6)
2015-10-03 16:22:15 # 1981640 #   FeatureDescriptor    :00 00 00 0C 00 00 00 40 01 0D 01 04 01 01 01 01 
2015-10-03 16:22:15 # 1981645 #   AacsVersion          :1
2015-10-03 16:22:15 # 1981649 #   AacsActive           :1
2015-10-03 16:22:15 # 1981652 #   BindingNonceGenSupp  :1
2015-10-03 16:22:15 # 1981657 #   BindingNonceBlockCnt :1
2015-10-03 16:22:15 # 1981661 #   BusEncryptionSupp    :0
2015-10-03 16:22:15 # 1981665 #   ReadDriveCertificate :0
2015-10-03 16:22:15 # 1981668 #   AgidCount            :1
2015-10-03 16:22:15 # 1981673 # Get UnitKeys
2015-10-03 16:22:15 # 1981685 # UnitKeyCount >7<
2015-10-03 16:22:15 # 1981691 #  >>> UnitKey: 584FDD75AD8BC136BCD829CFD7F0B90C
2015-10-03 16:22:15 # 1981697 #  >>> UnitKey: 12B4D0D990284F4D1B94DE7846E8BAA7
2015-10-03 16:22:15 # 1981702 #  >>> UnitKey: A828A551C4BCCE2E05B677683C053236
2015-10-03 16:22:15 # 1981708 #  >>> UnitKey: 89A4C27DD1FFE6F49A2ECE0C73DB2F5A
2015-10-03 16:22:15 # 1981713 #  >>> UnitKey: AE14752A7489779F9AD15152C8C825B9
2015-10-03 16:22:15 # 1981719 #  >>> UnitKey: 0E0A2EE4398919D0D544B2D08A6F07F2
2015-10-03 16:22:15 # 1981724 #  >>> UnitKey: 9FDA1562148C2A9B5CCB8FC6506EB7CB
2015-10-03 16:22:15 # 1982235 # Decrypted first unit of file >F:\BDMV\STREAM\00011.m2ts< with UnitKey >1<
2015-10-03 16:22:15 # 1982241 # Validation successful! VUK is valid!!
2015-10-03 16:22:15 # 1982252 # -------------------------------------------------------
2015-10-03 16:22:15 # 1982257 #  VolumeName: BARBARELLA
2015-10-03 16:22:15 # 1982262 #  DiscID    : 6915989258FC4C802F37198172DA6F89E2B9B488
2015-10-03 16:22:15 # 1982266 #  VUK       : 2C71BCD772B0567DAF39B3BB9F4A2796
2015-10-03 16:22:15 # 1982271 #  MKBrev    : 31
2015-10-03 16:22:15 # 1982277 #  BusEncrEn : 0
2015-10-03 16:22:15 # 1982282 # -------------------------------------------------------
candela is offline   Reply With Quote
Old 4th October 2015, 19:32   #44  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 490
You're right... once again I managed to release a more or less unuseable version
nalor is offline   Reply With Quote
Old 4th October 2015, 21:27   #45  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 490
Posted a hopefully bugfree release 0.71 in the first post.

A little bit more details about the changes than in the first post:

1) to detect if a file on the disc is encrypted or not I need to read a byte from this file and check for the encryption flag - before releasing 0.70 I noticed that in my virtual machine this detection didn't work as expected.. so I checked for the reason and found this: basically my bluray-optical-drive that is connected as passthrough device into the virtual machine isn't working any longer - don't know why, but it's not possible to read a file from a bluray in the drive.
But FindVUK didn't detect an error when reading from the file - and finally I've found this: purebasic-readbyte command - this command returns '0' in case of an error, and also '0' in case a '0' byte has been successfully read from the file, so finally there's no way to detect if an error occured or the read byte is zero.. strange thing.
This was the reason to change the related procedure in FindVUK from the integrated purebasic to a few winapi commands so I can properly detect read errors when reading the disc - unfortunately I introduced a stupid error when changing this: because of the options to detect errors I've changed the return values of the procedure and missed to adopt all related parts accordingly.
So finally it always ended in an error in case an encrypted file has been found to validate the vuk... I've no idea why I didn't notice this before releasing... stupid me


2) because of this false positive malware topic I tried to remove all procedures from the application that are never called by anything. In case you're wondering why there are such procedures in the application: to make things easier I have a couple of include-files that contain different procedures for a certain topic, usually only a fraction of them is really used in the application, but as the purebasic compiler doesn't make a difference if something is really used or not all procedures from those include files are compiled and find their way into the final exe file.
In the past I've used this include file here for registry access: Registry_Include.pbi - this has everything you need to get easy access to the registry But as I only read from the registry in FindVUK I've removed all procedures that are used to write to the registry and also those parts from the 'read' procedures that are used to read from foreign computers through the network.
Finally the compiled exe is now approx. 7kB smaller than before, but it didn't change anything about the malware topic... still 4 of 43 find something suspicious in my application grrr
nalor is offline   Reply With Quote
Old 4th October 2015, 21:53   #46  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 490
Noticed that AACS updater ignores all lines with the additional date-entry, so I've immediatly created a 0.72 where it's possible to use an ini switch to enable the date entry that is by default set to off.
nalor is offline   Reply With Quote
Old 11th October 2015, 13:45   #47  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 259
The latest Vivaldi browser version now warns me findVUK_x.zip is malicious and has been blocked when I download. Not sure what's going on there...
candela is offline   Reply With Quote
Old 11th October 2015, 14:37   #48  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 490
Whats a vivaldi Browser?

Gesendet von meinem D5803 mit Tapatalk
nalor is offline   Reply With Quote
Old 11th October 2015, 14:48   #49  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 259
Quote:
Originally Posted by nalor View Post
Whats a vivaldi Browser?

Gesendet von meinem D5803 mit Tapatalk
The new browser from some former Opera employees. It's based on Chrome so I assume that will give similar warnings. Not sure how it checks downloads
candela is offline   Reply With Quote
Old 11th October 2015, 17:22   #50  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 490
Just installed vivaldi and tried to download this file - and you're right about this 'malicous' message

But honestly vivaldi isn't scanning the file but simply blacklisting everything from file-upload.net ... (see here: Vivaldi Forum about 'malicicous' message

And this was the first time ever I've seen how much advertising is on the file-uploaded page.. wow (usually I'm using an adblocker in firefox so I've never noticed how bad this page really is.... ).

I'm currently finishing my final release and will check which other file-hoster is an option with little to none annoying ads on the page...
nalor is offline   Reply With Quote
Old 11th October 2015, 19:09   #51  |  Link
Brazil2
Registered User
 
Join Date: Jul 2008
Posts: 532
Quote:
Originally Posted by nalor View Post
Download from MEGA
Ah no, please, not Mega!

For such small files I suggest you to use http://www.tinyupload.com
Brazil2 is offline   Reply With Quote
Old 11th October 2015, 19:13   #52  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 490
Now MEGA and TinyUpload are available... as I already mentioned a few posts earlier: personally I don't care where I upload..
nalor is offline   Reply With Quote
Old 11th October 2015, 20:34   #53  |  Link
Brazil2
Registered User
 
Join Date: Jul 2008
Posts: 532
Thank you!
Brazil2 is offline   Reply With Quote
Old 11th October 2015, 21:05   #54  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 490
Released 0.80 - this is the 'feature complete' release, at the moment I don't have any ideas what else I could add that would be a benefit for the application (considered that basically it's still a really small app and I never wanted it to get too fancy...).

The main last feature I've added is that it now reads the main-keydb file and the backup-keydb file and checks if there's already an entry for the current disc before adding a new entry to the file.

At the moment 5 values are compared:
  • DISCID
    in case it's not completely identical a new entry is written
  • TITLE
    verify if title in keydb-file is 'meaningless' - in case it is a new entry is written
  • VUK
    in case it's not completely identical a new entry is written - additionally the user is informed that there's already an entry for the current disc with a different VUK and that he should report this here in the forum so that the faulty entry gets deleted
  • DATE
    only compared in case it's enabled to be written - in case it is enabled and it's not completely identical a new entry is written
  • COMMENT
    check if all relevant information is also present in the keydb-file-comment: MKB-version, BD+, BEE - if a detail of the current disc is missing in the existing keydb-file entry write a new entry

Finally I've the hope that the comparison logic of the AACSupdater will also be improved so that in case a new entry is more complete than an existing entry the new information will be used and the old one deleted....

Additionally I've corrected/changed a lot of additional details (e.g. improved the way the meta-title is read from the disc, important lines are displayed in colours now in the console window, ...)

There are also 3 new ini entries available:
  • FindVUK / KEYDB_Backup_Path : here you specify a folder where the backup-keydb-file should be created (in case it's empty it's created in the VUKbackup subdir as before)
  • FindVUK / KEYDB_Backup_WriteDateEntry : if the date entry should be written into the backup file or not (0/1 value)
  • FindVUK / MeaninglessVolumeNames : insert a list of meaningless volume names - the default values are: _NONAME_, BDROM, LOGICAL_VOLUME_ID

Personally I'm using FindVUK in a virtual Windows7x64 environment (with Virtualbox 5.0.6) and use DVDfab9 as tool of my choice (running in Test-Mode that will never expire, because in usage with FindVUK the trial period is never activated) - it takes about 30-40 seconds per disc to get the VUK, that basically this means you can insert one disc after the other with nearly no waiting time in between.

And just to inform everybody: on metascan-online there are still 4 of 43 engines that detect a threat in the application, no idea why but believe me: those are still false positives... and I continue my effort to get this engines corrected.

Last edited by nalor; 13th October 2015 at 19:48.
nalor is offline   Reply With Quote
Old 13th October 2015, 19:43   #55  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 490
Wrote an email to cyren/f-prot yesterday and got an answer today that they verified my release 0.80 and noticed that it's not doing anything bad - so currently you can scan here and only 2 of 43 engines report a possible threat in the application:

metascan-online - findvuk 0.80

But I noticed that even a simple recompile with zero functional changes (but e.g. the internal build number is changed - so the generated exe file is not 100% identical) is enough to get it detected as possible threat again.

Honestly I don't have any plans to put more time in this neverending story at this point - in case you don't trust me or the application just stop using it.
nalor is offline   Reply With Quote
Old 13th October 2015, 21:18   #56  |  Link
HaloSlayer255
Registered User
 
HaloSlayer255's Avatar
 
Join Date: Sep 2015
Posts: 20
Hello nalor,

Nice application, was able to get a few blu-ray vuks myself. I have switched over from using passkey to dvdfab blu-ray copy. However the application is now stating that it cannot find the dvdfab logfile. Attached is the log, I think it might be how my hard drive is partitioned because its looking for F:/My Documents/DVDFab9/Log/dvdfab_internal.log like its trying to follow a Linux/Unix path with the forward slashes.
Attached Files
File Type: txt dvdfab_internal.log.txt (74.1 KB, 125 views)
HaloSlayer255 is offline   Reply With Quote
Old 13th October 2015, 21:30   #57  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 490
Hi - I know the forward slashes are quite confusing - but I get the path from the registry this way and I never had any problems with it... so I don't think this is the problem.
Unfortunately I cannot access your logfile, can you send it as pm to me? Thanks!
nalor is offline   Reply With Quote
Old 14th October 2015, 13:23   #58  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 490
Hello again, now i could read the logfile, but noticed this is the one from dvdfab. Please include the logfile from findvuk also. Thanks

Gesendet von meinem D5803 mit Tapatalk
nalor is offline   Reply With Quote
Old 14th October 2015, 16:53   #59  |  Link
HaloSlayer255
Registered User
 
HaloSlayer255's Avatar
 
Join Date: Sep 2015
Posts: 20
Hi again nalor,

Sorry about that, must have got the files mixed up

Here is the FindVUK log file.
Attached Files
File Type: txt 2015-10-13_FindVUK.txt (12.4 KB, 138 views)
HaloSlayer255 is offline   Reply With Quote
Old 15th October 2015, 17:50   #60  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 490
@HaloSlayer255 - thanks for finding this bug!

Will create a new release this evening - already found the source of the problem, it's a small detail I didn't notice until now:
The DVDfab settings are stored in a xml-file and FindVUK reads the log-folder from this file - and for some strange reason all space-characters are encoded as _nbsp; in this xml-file.

This is what I can find in my xml after changing to a folder that includes spaces:
Quote:
LogFolder="C:/Users/test/Documents/DVDFab9/Log_nbsp;with_nbsp;Space/"
I'll take care to replace all _nbsp; with a space again (and will also change the slashes to backslashes so it's not that confusing any longer )

Workaround: simply select a logfolder without a space in the path in DVDfab9
nalor is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 09:06.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.