FindVUK tool - get VUK of all Blurays supported by DVDfab applications

[MrPenguin]

Quote:

Originally Posted by johannu

Why does method 1 fail?

Because your Host Certificate was revoked in MKBv72, and at some point you have inserted a disk into your drive which uses MKBv72 or above. Unfortunately, your drive remembers the highest MKB version that it has even been asked to read, regardless of which version MKB your current disk uses.

You need to add a new "| HC |" entry into your KEYDB.cfg file which contains a new non-revoked Host Certificate. Have you seen this?

[johannu]

@MrPenguin: Thank you very much for your hint!

Basically the FindVUK-command to find the AACS key of my BD discs works very well now with new new given Host Certificate. Anyway I have some issues with two of my BD discs.

I get this error with this BD disc on all my drives (WH16NS60 1.00 LibreDrive enabled, BU40N 1.00 LibreDrive enabled): JOKER_FOLIE_A_DEUX
14:32:34 - Get basic AACS data
-------------------------------------------------------------------------------
14:32:34 - AACS folder on disc is reachable - Validate is possible
14:32:35 - Different VolumeName detected - most likely the disc has been changed... take the new name
14:32:35 - VolumeName >JOKER_FOLIE_A_DEUX<
14:32:35 - DiscId >AA704C4B1A154F305153A47651F282FDB13F9BA2< (2024-10-16)
14:32:35 - DiscType >BD<
14:32:35 - MKB Revision >68<
14:32:35 - Disc-BusEncEnabled >1<
14:32:35 - Drve-BusEncCapable >1<
14:32:35 - ==> Bus Encryption active!
14:32:35 - UnitKeyCount >1<
14:32:35 - >>> UnitKeyENC (1) >E78D506D86980DF35649727ED3C399C2<
14:32:35 - UnitKeys recalculated with VUK:
14:32:35 - UnitKeyCount >1<
14:32:35 - >>> UnitKeyDEC (1) >96D5CBF744EEAC3E04791A0A05FDEAEA<
-------------------------------------------------------------------------------
14:32:35 - BusEncryption enabled => either ReadDataKey or disabling of BusEncryption required
-------------------------------------------------------------------------------
14:32:35 - Try to read ReadDataKey from RDK cache
14:32:35 - RDK not found in cache! Cannot validate disc!
14:32:35 - BusEncryption could not be defeated! Stop now.

Any ideas?

UHD disc: UHD_JW4
FindVUK does not work! It stops working after PART 1 --- GET AACSKEYS DATA

Any ideas?

I also wanted to make a 1:1 copy (ISO file with all protetctions included) of one my BD discs. I therefore used Xreveal and makemkv with ImgBurn. I then burned this ISO file to disc and then wanted to find the AACS key using FindVUK again.
I got this error:
12:30:26 - AACSkeys could not get data with host certificate >4B7AEF00859AF7F8E88AE97418D862FBE404571A< - #BRAKEYS_AacsKeysError<
12:30:26 - Couldn't get MediaKey, VolumeId and VUK from AACSkeys - close now

Any ideas?

And interestingly non of these burned BD disc does work in my TV Blu-ray player.

Thank you very much?

[MrPenguin]

Quote:

Originally Posted by johannu

14:32:35 - BusEncryption enabled => either ReadDataKey or disabling of BusEncryption required
-------------------------------------------------------------------------------
14:32:35 - Try to read ReadDataKey from RDK cache
14:32:35 - RDK not found in cache! Cannot validate disc!
14:32:35 - BusEncryption could not be defeated! Stop now.

Any ideas?

Yes, you need to defeat bus encryption. So either you need to discover the Read Device Key (RDK) for your drive/disk and add it to the local AACS cache, or you need to activate LibreDrive - probably by setting this value in FindVUK.ini:

Code:

Disable_Bus_Encryption_Cmd = "C:\Program Files (x86)\MakeMKV\makemkvcon.exe" info dev:$DRIVE$

Assuming this is where you have installed MakeMKV, of course.

Quote:

Originally Posted by johannu

I also wanted to make a 1:1 copy (ISO file with all protections included) of one my BD discs. I therefore used Xreveal and makemkv with ImgBurn.

Not even MakeMKV can make a 1:1 copy of a BluRay disk, which is why its "back-up" feature also creates discatt.dat or discattd.dat files. AFAIK Xreveal only understands AACS, and does not attempt to break any BluRay protections.

You probably just want to use MakeMKV's "back-up" feature with ImgBurn. I don't see why you would need Xreveal here.

[coricopat]

Quote:

Originally Posted by johannu

I also wanted to make a 1:1 copy (ISO file with all protetctions included) of one my BD discs.

Under Linux you can e.g. use dd for such task, but for the resulting UDF image (BDs don't use ISO ;-) ) to be useful, you still need to defeat bus encryption (if that is used).
Such image would contain all the regular encryption methods (except bus encryption, if you managed to circumvent it - which, AFAIU, is however anyway not really on the medium, so it would be more or less the best raw copy you can get).

[johannu]

@MrPenguin: Thank you very much, the command for defeating bus encryption works flawless...

But now my LG BU40N has revoked this Host Certificate, when I analysed a BD disc using MKBv72... unbelievable... the result is, that I can't use this drive anymore to find AACS keys.

It seems, that - as you already said - this drive remembers the highest MKB version that it has even been asked to read. Where does this information be stored in the drive and can it be deleted? Or is there a new non revoked Host Certificate available?

Thank you!

[MrPenguin]

Quote:

Originally Posted by johannu

It seems, that - as you already said - this drive remembers the highest MKB version that it has even been asked to read. Where does this information be stored in the drive and can it be deleted? Or is there a new non revoked Host Certificate available?

The revocation lists are stored in flash memory within the drive, and you'd probably need to be an Electronics Whizz-kid with a soldering iron to do anything about them .

Do you have any other drives, apart from your BU40N?

I believe your link contains the latest publicly known AACSv1 host certificate, which AFAIK was revoked by MKBv76. There are (unfortunately!) no publicly known AACSv2 host certificates. However, you might want to consider reading the rest of the messages in that thread for advice about AACSv1.

[johannu]

Finding The Revocation List... very interesting...

Yes, I also own a WH16NS60 that is not affected from revoked Host Certificate. As long makemkv works with my BU40N it's not a very huge problem that it has revoked known Host Certificates.

[MrPenguin]

Quote:

Originally Posted by johannu

Yes, I also own a WH16NS60 that is not affected from revoked Host Certificate. As long makemkv works with my BU40N it's not a very huge problem that it has revoked known Host Certificates.

Before I discovered MakeMKV, my solution to this problem was to buy a brand new drive specifically for those MKB versions that wouldn't revoke my Host Certificates. This did at least allow me to continue playing my existing BDs while I was waiting for the next Host Certificate to appear. However, it's obviously not a viable strategy for UHD disks for which we don't have any Host Certificates in the first place.

[SamuriHL]

Quote:

Originally Posted by coricopat

Under Linux you can e.g. use dd for such task, but for the resulting UDF image (BDs don't use ISO ;-) ) to be useful, you still need to defeat bus encryption (if that is used).
Such image would contain all the regular encryption methods (except bus encryption, if you managed to circumvent it - which, AFAIU, is however anyway not really on the medium, so it would be more or less the best raw copy you can get).

This isn't accurate. At least not fully. One of the things that will NOT be in that image is the Volume unique IDentifier (VID). So unless you already know the VID or the unit keys are already available for your disc in the keydb, the UDF image is NOT complete enough to be decrypted. This is why MakeMKV creates a discatt.dat file which contains the VID when it does a backup. The VID is in a protected part of the disc and has no place to be stored in an image.

[coricopat]

Quote:

Originally Posted by SamuriHL

This isn't accurate. At least not fully. One of the things that will NOT be in that image is the Volume unique IDentifier (VID).

Well I've assumed that all key material would of course be gathered via some of the usual means. :-)

I wonder whether there's any FLOSS way to dump the regions outside of the regular image.

[MrPenguin]

Quote:

Originally Posted by coricopat

I wonder whether there's any FLOSS way to dump the regions outside of the regular image.

Sure, it's called "write your own drive firmware" .

[SamuriHL]

Quote:

Originally Posted by coricopat

Well I've assumed that all key material would of course be gathered via some of the usual means. :-)

I wonder whether there's any FLOSS way to dump the regions outside of the regular image.

If you have a valid AACS 2.x host certificate and device key, sure.

Other than that, no. Supposedly Libredrive was going to be made open source at some point but that hasn't happened.

[coricopat]

Do these region contain anything other than the VID?

But anyway, I'd still argue that, if one has (at least) the unit keys, the raw image of the UDF (with bus encryption circumvented) can be considered complete.

[SamuriHL]

Yea, there's a few things in the protected parts of the disc. It's laid out in the AACS specs.

I wasn't arguing against being able to use an image. I create protected images with bus encryption disabled all the time. I was simply correcting the "you have everything you need with an image" part because UNLESS you have the unit keys, which will have to be derived ultimately from an actual disc by someone, the image is not everything you need. What I mean is this, and this is relevant to FindVUK in a tangential way...

If no one has scanned the actual disc with something like FindVUK, DVDFab, MakeMKV, then the unit keys can't be found. This means that if you do the following:

1) Disable/Circumvent bus encryption
2) Create ISO image with your favorite image creation tool
3) Try to use the image mounted in Daemon Tools with FindVUK (or alternatively open said image with DVDFab), it will NOT be decrypted UNTIL someone opens FindVUK or DVDFab with the actual disc first

That is the reason I point this out. Because we are in the FindVUK thread where this is quite relevant. Someone thinking they can make an image first without scanning the disc with DVDFab, either directly or through FindVUK, won't be able to decrypt it if the unit keys aren't already known.

[Toad King]

One of the disc entries in the keydb is incorrect but submitting a correct version doesn't seem to fix it. Is it possible to reset this one so I can upload a correct version?

0xA6F5AC52B2EDC7BA254CAD6D491799EEC1EADC03 = BAD_BOYS_FOR_LIFE (Bad Boys for Life - 4K Ultra HD)

[SamuriHL]

Try using the ValidateDisc option. It should allow the entry to be corrected in theory.

[Toad King]

Quote:

Originally Posted by SamuriHL

Try using the ValidateDisc option. It should allow the entry to be corrected in theory.

I put in the correct keys and did that and it validates but the wrong keys are still in the download.

[SamuriHL]

Odd. Nalor will have to chime in then.

Sent from my SM-S938U1 using Tapatalk

[MrPenguin]

Quote:

Originally Posted by Toad King

I put in the correct keys and did that and it validates but the wrong keys are still in the download.

This disk's entry in KEYDB already appears to be a validated "meta-entry", which suggests that its Unit Key has been proved to work. Does this mean you were successful in updating it?

[Toad King]

Quote:

Originally Posted by MrPenguin

This disk's entry in KEYDB already appears to be a validated "meta-entry", which suggests that its Unit Key has been proved to work. Does this mean you were successful in updating it?

The "validated" entry in the keydb is incorrect and does not work. I'm trying to update it to the correct keys.