DiscImageCreator

[sarami]

Regarding CSS:

- Isn't the Player Key stored in the player, not on the disc? Do we need to add it into the disc entries?
- Is it possible to read not only the 409 Disc Keys, but also the Authentication Key?
- PlayerKey[1], DecryptedDiscKey[020] - what do "1" and "020" mean? Can these numbers differ?

Also, have you checked the DVDs without CSS but with modified structure, hacked TOC, etc? Does DIC read them fine?

- Player Key stores in the player. But some keys are already known. we need not to add it into the disc entries, I think.

Code: Select all

extern const unsigned char g_PlayerKeys[][6] = {
    // from mplayer:
    {0x01, 0xaf, 0xe3, 0x12, 0x80},
    {0x12, 0x11, 0xca, 0x04, 0x3b},
    {0x14, 0x0c, 0x9e, 0xd0, 0x09},
         :

- There is not Authentication Key. I found an understandable article about CSS https://www.extremetech.com/computing/5 … part-iii/3

- PlayerKey[1] is g_PlayerKeys[1][6]. g_PlayerKeys[1][6] is 0x01, 0xaf, 0xe3, 0x12, 0x80.
  DecryptedDiscKey[020] is the 20th key of AllDiscKey decrypted by the "PlayerKey".

And I've not checked yet the DVDs without CSS etc, but DIC executes CSS.exe only when the disc has "CopyrightProtectionType: CSS/CPPM".

Btw, it also checks for IFO and BUP keys, so, don't know again, maybe that is needed, afterall?

I don't know it, too. But perhaps IFO and BUP don't have keys.

Why does it check for the VIDEO_TS directory key? Can the directory itself be encrypted? I think it looks quite weird.

Because AnyDVD report the key of VIDEO_TS. I wanted to deny that VIDEO_TS dir have a key. I remove this checking in the next uploading.

sarami do you still have the build you posted on the 12th of may or so, with the removed hashing updates to console.

I don't have it anymore.

[Nexy]

OK, please disregard the weak sector comments about SafeDISC for now. I had these 2 discs buffed and they now read correctly despite not having any visual defects before hand. So could you revert what you did there, and also restore the hashing until a command line version of RapidCRC is made by someone. Thank you.

[F1ReB4LL]

- There is not Authentication Key. I found an understandable article about CSS https://www.extremetech.com/computing/5 … part-iii/3

There are three keys on the disc: the authentication key and the disc key, which are located in the lead in, and the title key, which is located in the sector header.

https://cs.stanford.edu/people/eroberts … ss/css.htm

Also, the Russian wiki claims the authentification key is the "disk key encrypted by itself", but this article claims these are different:

The Disk-Key. This key is used to encrypt the title key, and is itself decrypted by using the
playerkey. A table of the disk key encrypted under all the 409 playerkeys is stored on a hidden
sector of the DVD. In that sector, the disk key encrypted under the disk key is also stored. The
reason to do this, is so the player can verify, that it got the right disk key.
...
The Authentication key, which is used as the “secret” key for the mutual authentication process

http://www.daimi.au.dk/ivan/reports2009/DVDEncr.pdf

Authentication Key: This is a ‘secret’ string of characters that is used in the mutual authentication process. This lets the player know it is permitted to decrypt the content.

http://www.hometheaterinfo.com/css_encryption.htm

Still not very clear to me

[sarami]

and also restore the hashing until a command line version of RapidCRC is made by someone.

OK, it was comment out now. And CSS.exe was updated. http://www.mediafire.com/file/eq80y20l9 … st.7z/file


CSS Authentication function

Code: Select all

bool CDVDSession::Authenticate()
{
    if (m_session == DVD_END_ALL_SESSIONS) {
        return false;
    }

    BYTE Challenge[10], Key[10];

    for (BYTE i = 0; i < 10; i++) {
        Challenge[i] = i;
    }

    if (!SendKey(DvdChallengeKey, Challenge)) {
        return false;
    }

    if (!ReadKey(DvdBusKey1, Key)) {
        return false;
    }

    int varient = -1;

    for (int i = 31; i >= 0; i--) {
        BYTE KeyCheck[5];
        CSSkey1(i, Challenge, KeyCheck);
        if (!memcmp(KeyCheck, Key, 5)) {
            varient = i;
        }
    }

    if (!ReadKey(DvdChallengeKey, Challenge)) {
        return false;
    }

    CSSkey2(varient, Challenge, &Key[5]);

    if (!SendKey(DvdBusKey2, &Key[5])) {
        return false;
    }

    CSSbuskey(varient, Key, m_SessionKey);

    return true;
}

There isn't "Authenticate" in the word except fuction name. ChallengeKey, BusKey1, BusKey2 and SessionKey are all ramdom as extremetech.com says. Even if "Authentication key" exists, I don't know how to get it now.

[F1ReB4LL]

/viewtopic.php?t=17763 … gether-us/ -- this disc has a confirmed sub desync, but the recent DIC doesn't create the 'subs indexes' set of files (actually, the tracks are the same for both TOC and sub indexes, but the gaps in cue differ).

[Nexy]

I am unable to dump this disc because of a Q subchannel checksum being 0. The disc is fine and dumps fine with other tools.

Would you check it please.

possible mastering error from clonecd dump?

attached subs from clonecd.

[sarami]

/viewtopic.php?t=17763 … gether-us/ -- this disc has a confirmed sub desync, but the recent DIC doesn't create the 'subs indexes' set of files (actually, the tracks are the same for both TOC and sub indexes, but the gaps in cue differ).

http://www.mediafire.com/file/eq80y20l9 … st.7z/file
- fixed: Desync flag was not set in some cases

I am unable to dump this disc because of a Q subchannel checksum being 0.

This problem occurs when disc is reread. If you use /nq flag, this problem doesn't occur. (But SubQ channel isn't fixed.)

[Nexy]

OK, thanks.

[user7]

Before it slips my radar again, I wanted to mention that BD-R dumping still hangs for me. pic.bin dumps, but the .iso doesn't even begin to.

[sarami]

http://www.mediafire.com/file/eq80y20l9 … st.7z/file
- added: support PS3 drive (needs 3k3y ripper)
- added: sacd command (But SACD iso is scrambled like DVD CSS)

Near sector it slowed down/chopping progress: 22600000/23652352

If you have BD-ROM whose size is 43GB over, try to dump and report plz.