Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion.

Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules.

 

Go Back   Doom9's Forum > General > Decrypting

Reply
 
Thread Tools Search this Thread Display Modes
Old 4th September 2017, 08:53   #221  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 153
Quote:
Originally Posted by m4tthi4s View Post
Do you have more information? How did you find out that it is encrypted?
I think "encrypted" is the wrong choice of words. The keys are no longer available at fixed offsets and the presence of keys also seems to depends on the timing of the dump. It doesn't seem like they are actively trying to hide keys though. Even a simple xor would make us find nothing. I don't remember if previously the unitkeys were present but now they are. So possibly they just changed some code which has some bad side effects for us. Judging from a couple of tests, most if not all keys are still present when the dump is taken at the right time but at semi-random locations.

Brute force is a way to get keys from the dump but each key requires a different kind of verification and is obviously more time consuming then dumping data at fixed offsets. However, such a general implementation would also work with dumps from other rippers/players that have at least title keys (Leawo, etc.) so the effort seems worthwhile
candela is offline   Reply With Quote
Old 4th September 2017, 20:31   #222  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 292
I think the memory area we're usually searching for is a c-structure - and that the relevant information (volumeid, mediakey, vuk) is still there, but not in plaintext any longer... I also noticed that the beginning of the structure is different now, so basically it might be possible to detect if it's a plaintext structure or an obfuscated one without even validating the vuk, but for the moment I'll just check the version of DVDfab and Passkey and exit in case an unsupported version is discovered.

If anyone is interested: I already created a brute-force application that is simply searching for a valid VUK in a memory dump - using 4 threads that check simultaneously it takes about 2min to check all possible combinations in a 100mb binary file and personally I've no idea how I could optimize this any further (AES encoding / decoding is already done with libgcrypt because the internal purebasic methods are way too slow) and with 4 threads my cpu is already on it's limit.

So for the moment it's easier to use an older release of the dvdfab applications (and I can install different releases without restarting windows - so I think it's no problem at all to switch to an older release for FindVUK and install the current one again afterwards).
nalor is offline   Reply With Quote
Old 3rd November 2017, 21:00   #223  |  Link
ErichV
Registered User
 
Join Date: Dec 2012
Posts: 14
Quote:
Originally Posted by nalor View Post
Already implemented it a while ago - but as nobody complained I resigned to release it.
Will try to create a new release this weekend.
FYI:
A new version of DVDFab Media Player has been released: 3.2.0.0
ErichV is offline   Reply With Quote
Old 5th December 2017, 02:37   #224  |  Link
spotter
Registered User
 
Join Date: Jan 2002
Posts: 250
recently upgraded to 17.09 windows 10 release, and findvuk is now failing on the dump

Quote:
2017-12-04 17:35:43 # 173312 # DiscID found >607675E3ECDCC36202EADC0BC85A5B34337D1C33<
2017-12-04 17:35:44 # 174627 # DVDfab got VUK - create memdump now!
2017-12-04 17:35:44 # 174734 # DUMP >>>
2017-12-04 17:35:44 # 174740 # DUMP >>> ProcDump v9.0 - Sysinternals process dump utility
2017-12-04 17:35:44 # 174745 # DUMP >>> Copyright (C) 2009-2017 Mark Russinovich and Andrew Richards
2017-12-04 17:35:44 # 174752 # DUMP >>> Sysinternals - www.sysinternals.com
2017-12-04 17:35:44 # 174757 # DUMP >>>
2017-12-04 17:35:44 # 174762 # DUMP >>> [17:35:44] Multiple processes match the specified name.
2017-12-04 17:35:44 # 174769 # ERROR!! Exitcode >-2< - Dump failed! - Program >C:\Users\spott\Downloads\FindVUK_1.02\tool\procdump.exe< Parameter > -ma -o DVDFab.exe "C:\Users\spott\Downloads\FindVUK_1.02\dump\607675E3ECDCC36202EADC0BC85A5B34337D1C33_HOUSE_OF_CARDS_TRILOGY_D1.dmp"<
2017-12-04 17:35:44 # 174775 # Error during process memory dump - please report in the doom9 forum!
2017-12-04 17:35:44 # 174785 # ERROR! Couldn't create memory dump! Exit application!
2017-12-04 17:35:44 # 174795 # CloseAtTheEnd is active, close DVDfab now
2017-12-04 17:35:44 # 174805 # There are >1< DVDfab processes running
spotter is offline   Reply With Quote
Old 5th December 2017, 02:46   #225  |  Link
spotter
Registered User
 
Join Date: Jan 2002
Posts: 250
if I run procdump manually, the same thing happens, but if I run it with the pid of the dvdfab process, it works.

It be nice if findvuk could be updated to use pid instead of just the exe name.
spotter is offline   Reply With Quote
Old 5th December 2017, 07:39   #226  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 292
Quote:
Originally Posted by spotter View Post
if I run procdump manually, the same thing happens, but if I run it with the pid of the dvdfab process, it works.

It be nice if findvuk could be updated to use pid instead of just the exe name.
Interesting, upgraded my Computer also to 1709 on saturday and used findvuk yesterday without any problems.
Will check tonight which exact version of procdump I am using and will also check with your version.

Gesendet von meinem E5823 mit Tapatalk
nalor is offline   Reply With Quote
Old 5th December 2017, 17:36   #227  |  Link
spotter
Registered User
 
Join Date: Jan 2002
Posts: 250
Quote:
Originally Posted by nalor View Post
Interesting, upgraded my Computer also to 1709 on saturday and used findvuk yesterday without any problems.
Will check tonight which exact version of procdump I am using and will also check with your version.

Gesendet von meinem E5823 mit Tapatalk
I was able to run procdump by name on notepad.exe, maybe a function of something else, but as I said, pid worked fine. if you exec the dvdfab product, you should have the pid, right?
spotter is offline   Reply With Quote
Old 6th December 2017, 23:18   #228  |  Link
hajj_3
Registered User
 
Join Date: Mar 2004
Posts: 810
DVDFab Media Player 3.2.0.1 has been released.
hajj_3 is offline   Reply With Quote
Old 7th December 2017, 21:19   #229  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 292
Quote:
Originally Posted by spotter View Post
2017-12-04 17:35:44 # 174762 # DUMP >>> [17:35:44] Multiple processes match the specified name.
Just noticed this line and I think it explains why it didn't work -> it seems as if 2 dvdfab processes were running at the same time?

Unfortunately I don't get the PID when I start something with FindVUK - so all I could do is to retrieve it later and would also fail because I couldn't identify the correct process in case there are multiple running with the same name.

So for the moment I think I'll just keep it as it is.
nalor is offline   Reply With Quote
Old 23rd December 2017, 18:53   #230  |  Link
ErichV
Registered User
 
Join Date: Dec 2012
Posts: 14
FYI: DVDFab Media Player 5.0.0.1 has been released.
ErichV is offline   Reply With Quote
Old 23rd December 2017, 21:02   #231  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 292
Quote:
Originally Posted by ErichV View Post
FYI: DVDFab Media Player 5.0.0.1 has been released.
Will try to check it during the christmas holidays :-)

Gesendet von meinem E5823 mit Tapatalk
nalor is offline   Reply With Quote
Old 22nd January 2018, 19:50   #232  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 292
New release 1.05 is now online - the list of new features is not that impressive:

# read Mainplaylist from passkey-log and dvdfab-log and write it to a 'bluraydb-file' (just a test file in the user directory)
# support for DVDfab until 10.0.4.8 and Mediaplayer 3.2.0.0
>> newer releases are not supported any longer
# new mode /synchronize that synchronizes with an online database - the url currently written to the ini-file 'http://fvonline-db.bplaced.net' is just a dummy website - there's a static keydb file available for download and uploads are possible, but there's no backend that processes them -> currently I think Relight will help here, see New Online Database
# new mode /GetMetaInfoFromDisc=X - just collects meta information from this inserted in drive X and uploads it to the new online database

All in all not that impressive... and finally I have to admit that as always I haven't done that much testing with the new release....

I've just tested the main function - extract the VUK from a memory dump - with Passkey and DVDfab and it's working as expected.

But everything else is more or less untested....

You can get the release here: FindVUK 1.05
nalor is offline   Reply With Quote
Old 23rd January 2018, 23:54   #233  |  Link
ErichV
Registered User
 
Join Date: Dec 2012
Posts: 14
It looks like version 1.05 is not able to add new keys to the keydb.cfg file.
However, determining the VUK works fine with Mediaplayer 3.2.0.0.
ErichV is offline   Reply With Quote
Old 24th January 2018, 06:33   #234  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 292
Quote:
Originally Posted by ErichV View Post
It looks like version 1.05 is not able to add new keys to the keydb.cfg file.
However, determining the VUK works fine with Mediaplayer 3.2.0.0.
Can you upload the log with the error to tinyupload?
What I remember I have not changed the related code...

Gesendet von meinem E5823 mit Tapatalk
nalor is offline   Reply With Quote
Old 24th January 2018, 22:54   #235  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 153
Some issues in 1.05:

- new UnitKeys are not written when there's already an entry for the DiscID in main/backup keydb

- when re-opening the same disc without closing MediaPlayer, the entry is always written even though the same entry already exists. Also the database upload fails then

Code:
22:43:00 - -------------------------------------------------------
22:43:00 - --- Write entry in main-keydb file ---
22:43:00 - -------------------------------------------------------
22:43:00 - Keys in Keyfile: 0 keys - KeyFile: C:\Users\\AppData\Roaming\aacs\KEYDB.cfg
22:43:00 - KEYDB: no entry found for disc >> write new entry in keydb-file
22:43:00 - Added line with VUK to file >C:\Users\\AppData\Roaming\aacs\KEYDB.cfg<

22:43:00 - -------------------------------------------------------
22:43:00 - --- Write entry in backup-keydb file ---
22:43:00 - -------------------------------------------------------
22:43:00 - Keys in Keyfile: 0 keys - KeyFile: C:\Utils\FindVUK_1.05\VUKbackup\KEYDB.cfg
22:43:00 - KEYDB: no entry found for disc >> write new entry in keydb-file
22:43:00 - Added line with VUK to backup-file >C:\Utils\FindVUK_1.05\VUKbackup\KEYDB.cfg<
22:43:00 - ERROR! Couldn't post the BlurayMetaXML to the OnlineDB! (http://fvonline-db.bplaced.net/fv_upload.php) >< (0)
- md5 hash is lowercase (not really a bug)

- with AacsUpdater out of the picture, isn't it better to enable saving of all keys in keydb by default. At least in the keydb backup file

Last edited by candela; 24th January 2018 at 23:14.
candela is offline   Reply With Quote
Old 24th January 2018, 23:05   #236  |  Link
ErichV
Registered User
 
Join Date: Dec 2012
Posts: 14
Code:
...EVERYTHING IS FINE UP TO THIS POINT...

2018-01-23 23:41:32 # 759810 # [I] main / legacy / -------------------------------------------------------
2018-01-23 23:41:32 # 759811 # [I] main / legacy / -------------------------------------------------------
2018-01-23 23:41:32 # 759811 # [I] main / legacy / --- Write entry in main-keydb file ---
2018-01-23 23:41:32 # 759811 # [I] main / legacy / -------------------------------------------------------
... followed by several entries like this one ...

Code:
2018-01-23 23:41:32 # 760216 # [E] bluray_keydb / _DebugDifference / DiscIDx1/0 - Title1 >y1< Title2 >z1<
2018-01-23 23:41:32 # 760480 # [E] bluray_keydb / _DebugDifference / DiscIDx2/0 - Title1 >y2< Title2 >z2<
...
Then, FindVUK suddenly stops without any error message.

Last edited by ErichV; 27th January 2018 at 12:42. Reason: typo
ErichV is offline   Reply With Quote
Old 24th January 2018, 23:21   #237  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 292
Quote:
Originally Posted by candela View Post
Some issues in 1.05:

- new UnitKeys are not written when there's already an entry for the DiscID in main/backup keydb

- when re-opening the same disc without closing MediaPlayer, the entry is always written even though the same entry already exists. Also the database upload fails then

Code:
22:43:00 - -------------------------------------------------------
22:43:00 - --- Write entry in main-keydb file ---
22:43:00 - -------------------------------------------------------
22:43:00 - Keys in Keyfile: 0 keys - KeyFile: C:\Users\\AppData\Roaming\aacs\KEYDB.cfg
22:43:00 - KEYDB: no entry found for disc >> write new entry in keydb-file
22:43:00 - Added line with VUK to file >C:\Users\\AppData\Roaming\aacs\KEYDB.cfg<

22:43:00 - -------------------------------------------------------
22:43:00 - --- Write entry in backup-keydb file ---
22:43:00 - -------------------------------------------------------
22:43:00 - Keys in Keyfile: 0 keys - KeyFile: C:\Utils\FindVUK_1.05\VUKbackup\KEYDB.cfg
22:43:00 - KEYDB: no entry found for disc >> write new entry in keydb-file
22:43:00 - Added line with VUK to backup-file >C:\Utils\FindVUK_1.05\VUKbackup\KEYDB.cfg<
22:43:00 - ERROR! Couldn't post the BlurayMetaXML to the OnlineDB! (http://fvonline-db.bplaced.net/fv_upload.php) >< (0)
- md5 hash is lowercase (not really a bug)

- with AacsUpdater out of the picture, isn't it better to enable saving of all keys in keydb by default. At least in the keydb backup file

Question:
when is the download url used?
Will check tomorrow, but I think you're right - I will remove the settings to enable/disable the saving of different elements into keydb.cfg and enable all of them by default.

The upload into the url that is currently set in the ini file always includes all details and as soon as the database of @Relight is functional I will re-poste all uploads that got uploaded into the interims database to his database.
nalor is offline   Reply With Quote
Old 24th January 2018, 23:27   #238  |  Link
candela
Registered User
 
Join Date: Jun 2005
Posts: 153
Can you read your PM asap please, i possibly uploaded things i shouldn't have

Also you can keep the settings, just put the default value to 1=enabled
candela is offline   Reply With Quote
Old 26th January 2018, 10:51   #239  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 292
Quote:
Originally Posted by ErichV View Post
[CODE]...EVERYTHING IS FINE UP TO THIS POINT...

Code:
2018-01-23 23:41:32 # 760216 # [E] bluray_keydb / _DebugDifference / DiscIDx1/0 - Title1 >y1< Title2 >z1<
2018-01-23 23:41:32 # 760480 # [E] bluray_keydb / _DebugDifference / DiscIDx2/0 - Title1 >y2< Title2 >z2<
...
Then, FindVUK suddenly stopps without any error message.
Found the bug - introduced an endless loop when parsing a keydb.cfg file with multi-line entries ...
Will be fixed in next release (hopefully ready this evening)
nalor is offline   Reply With Quote
Old 26th January 2018, 10:53   #240  |  Link
nalor
Registered User
 
Join Date: Dec 2013
Posts: 292
Quote:
Originally Posted by candela View Post
Some issues in 1.05:

- new UnitKeys are not written when there's already an entry for the DiscID in main/backup keydb
Good catch - the code to decide if it's worth to write a new entry never got updated to also consider differences in unit-keys...

Will be fixed in next release.
nalor is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 06:29.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.