So, this key, the one in the title, appears to be the key to rule all hd dvd keys. Or is it? It was actually posted may 23rd on Freedom To Tinker in a comment?!?!? Yeah, you can use it as the key to decrypt alot of new HD discs but will it end any need to work further on cracking AACS craptastic codes? (Note this is the new HD key, not the one that was widely published and all fuxxored on d!gg.)
My only other source is this forum: DOOM9
Moving on, because this key was supposedly found one day after it was “put into action” by the powers that be, I’m gonna explore how the key was so rapidly extracted.
First, I’m gonna guess, just for shits and giggles. Perhapse someone simply brute forced a prefab “wordlist” or 16 value hex number sets? Since I refuse to go HD (either format) I have no way of really knowing if this is even plausible, cause I can’t test it out myself. I also don’t have an XBOX 360 with the external HD-DVD drive handy to experiment with either. So its fair to say that my first inclination is a pure shot in the dark… or is it? (see arnezami’s method of finding a Volume ID later on in the post)
Second, I’ll ask Google. Well … so far its not an answer but it appears that someone bought this domain: http://455fe10422ca29c4933f95052b792ab2.com/ …which is funny as hell cause there is no content, its just pure net real estate hilariousness.
But lets dig deeper, shall we? Lets plug this hint “uv=00000047″, from the comment by BtCB, into Google. (pause for effect)
Okey dokey, now we are in business. It would appear that a curios fellow who goes by the name arnezami over at DOOM9 FORUMS has some simple instructions on how to grab a Volume ID for HD-DVD. And it follows:
Finding the Volume ID
How did I find the Volume ID?
There are essentially two ways (now). I used the USB sniffer (with the xbox 360 HD DVD) because I knew I didn’t have to bother with the (possibly obscured/wiped) memory of the software player.
- Download USB sniffer 1.8 then unzip and start it.
- Select the “USB Mass Storage Device” (I use the xbox 360 HD DVD drive) and click install.
- Unplug the HD DVD drive (the usb cable) and replug it again. It will be recognized by windows and the sniffer starts logging.
- Insert the Disc into the drive while the sniffer is.. well sniffing. Then start WinDVD and immediatly quit when the video (even the first black screen) starts. Then click ‘Close’ on the sniffer.
- You now have a huge log file (60+ MB or something). Open it in WinHex (pressing F7 for ascii only) and search for the ascii string (not hex search!) “00000000: 00 22 00 00″ including the spaces (but excluding the quotes of course ).
- There was only one occurence of this in the whole file. So it has to be the Volume ID. Tata!
Btw: I used WinDVD but the above should also work for other players.
A different method (but less reliable I think) is to use WinDVD’s memdump.
- Open WinDVD’s memdump in WinHex
- Hex search (with WinHex) for 002200004000 or alternatively 0020202020200000. **
- There you will (usally) find the Volume ID. But I’m not sure this will always work. There may be more than one occurance. You can check if the last 16 bytes (of the 36 beginning with 0022) are random since that would have to be the MAC. If its not random you haven’t found it yet so you should go on searching until you do.
PS. Almost forgot: make sure you remove the last 16 bytes from the Volume ID log (which is the MAC) like I did in my first post. This is because in theory they might be able to track down your drive with that part… (you don’t want that). The Volume ID itself is for everybody the same (with the same movie) so that won’t reveal anything about yourself .
Seems like a plan, but if you look further you can just use these little apps posted in the same forums by a person named ape:
hddvd_vukeyfinder.zip and for Blu Ray use bdkeyfinder.zip
But wait there’s more…
Well here is something to play with.
For me it works with WinDVD (which is the most sensitive I believe) and the Xbox 360 HD DVD. My sweet spot is a time value between 390 and 420. I usually set it at 410 which works perfectly (btw time is measured in nr of AGID retrieval attempts counted from the moment the player accesses the drive).
Just try it and play with it a bit.
Remember: this program does not use the private key. It just “watches” the drive carefully and then pretends to be the software player.
It works for HD DVD only atm.
PS. This is experimental programming. There could be bugs in it.
And that is all she wrote folks. Yes this is the latest key to rule them all for AACS DRM craptakery and that was a little peek into how it was uncovered. There should be HUGE applause for anrezami et all for all the hard work they did. Just reading everything really gave me a pretty solid grasp of how AACS Encryption/DRM works. Congrats to all the peeps at DOOM9 who worked very hard on getting all this info together. All credit goes to them.
Of course SOMEBODY had to make some money off of all arnezami, BtCB and the rest of DOOM9’s hard work, and it looks like slysoft has borrowed arnezami and friends cracking methods to offer AnyDVD HD that will rip allmost any HD DVD or Blu Ray Disc without you having to do a damn thing. I wonder if at least arnezami is getting a cut of the profits? One lives in hope.
Anyhew none of this is native to linux but you can probably run most of it in WINE or convert the c++ aps to python. Since AnyDVD doesn’t REALLY rip any HD disc then you might even consider just using the methods used by arnezami and the apps he and his friends over at DOOM9 created.
I made a little software pack for everyone so you don’t have to download everything seperately, except the slysoft app of course: HDandBDcrakingFiles.rar
Big Ups To All That Showed Big Hollywood That DRM is Useless.
Keep information free,
As it turns out you don’t need to do a damn thing because according to
Follow the Jump to find arnezami’s sweet description of AACS encryption, if you want to understand everything that is…
Read the rest of this entry »