Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion.

Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules.

 

Go Back   Doom9's Forum > General > Decrypting

Reply
 
Thread Tools Search this Thread Display Modes
Old 4th October 2018, 07:16   #1  |  Link
maetel99
Registered User
 
Join Date: Apr 2018
Posts: 6
Is it possible to derive AACS host certificates from the USB data stream?

I was curious if anyone had considered using a USB packet sniffer (software or hardware) to try to obtain new valid host certificates and private keys. If you look at the AACS drive authentication procedure in section 4.3 of the AACS common spec, the host sends the host certificate in plain text to the drive. Later, the host sends a data block signed with its host private key comprising a session key point (not sent by USB) and the drive nonce (sent earlier over USB).

The question is whether it is possible to derive the corresponding host private key for the host certificate given these values pulled from the USB stream.
maetel99 is offline   Reply With Quote
Old 4th October 2018, 13:26   #2  |  Link
LoRd_MuldeR
Software Developer
 
LoRd_MuldeR's Avatar
 
Join Date: Jun 2005
Location: Last House on Slunk Street
Posts: 12,920
A certificate contains the public key, it does not contain the corresponding private key. In fact, a certificate is "public" information and does not contain any "secret" information at all.

Also, it is essential to any asymmetric cryptosystem that the private key can not be derived from the public key*. Otherwise public-key cryptography (asymmetric cryptography) would be rather pointless

BTW: Creating a valid digital signature requires to have the private key, but for validation of the signature the public key suffices. You never expose your private key to the "outside world".


* and here I mean: The private key can not be derived from the public key in reasonable time. It is not entirely impossible, but even the most performant "supercomputers" available today would require decades. So, it is practically impossible.
__________________
There was of course no way of knowing whether you were being watched at any given moment.
How often, or on what system, the Thought Police plugged in on any individual wire was guesswork.



Last edited by LoRd_MuldeR; 4th October 2018 at 13:36.
LoRd_MuldeR is offline   Reply With Quote
Old 5th October 2018, 04:15   #3  |  Link
maetel99
Registered User
 
Join Date: Apr 2018
Posts: 6
Quote:
Originally Posted by LoRd_MuldeR View Post
A certificate contains the public key, it does not contain the corresponding private key. In fact, a certificate is "public" information and does not contain any "secret" information at all.

Also, it is essential to any asymmetric cryptosystem that the private key can not be derived from the public key*. Otherwise public-key cryptography (asymmetric cryptography) would be rather pointless

BTW: Creating a valid digital signature requires to have the private key, but for validation of the signature the public key suffices. You never expose your private key to the "outside world".

* and here I mean: The private key can not be derived from the public key in reasonable time. It is not entirely impossible, but even the most performant "supercomputers" available today would require decades. So, it is practically impossible.
All of this is quite correct. However, we have more information than just the host certificate with the public key. For example, we have potentially the following additional information:

1. The plain text of a block of data encrypted with the host private key
2. Encrypted versions of the host certificate and private key from the player firmware or executable binary
maetel99 is offline   Reply With Quote
Old 5th October 2018, 15:46   #4  |  Link
dizzier
Registered User
 
Join Date: Jan 2010
Posts: 72
Quote:
Originally Posted by maetel99 View Post
1. The plain text of a block of data encrypted with the host private key
https://en.wikipedia.org/wiki/Known-plaintext_attack
https://crypto.stackexchange.com/que...key-encryption

Quote:
Originally Posted by maetel99 View Post
2. Encrypted versions of the host certificate and private key from the player firmware or executable binary
https://en.wikipedia.org/wiki/Differ..._cryptanalysis
dizzier is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 23:22.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.