Mercurial > mplayer.hg

comparison libmpdvdkit2/css.c @ 10720:f23c35ce0d16

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
synced to libdvdcss 1.2.8 (except the DVDCSS_PATH guessing, we use our get_path() instead). anyway it's mostly cosmetics only.
author arpi
date Sat, 30 Aug 2003 13:35:25 +0000
parents f0f0f176d298
children c2ddedd0619e
comparison
equal deleted inserted replaced
10719:caec33353477 10720:f23c35ce0d16
403 * -disc key hash crack, 403 * -disc key hash crack,
404 * -decryption with player keys if they are available. 404 * -decryption with player keys if they are available.
405 *****************************************************************************/ 405 *****************************************************************************/
406 int _dvdcss_disckey( dvdcss_t dvdcss ) 406 int _dvdcss_disckey( dvdcss_t dvdcss )
407 { 407 {
408 unsigned char p_buffer[2048]; 408 unsigned char p_buffer[ DVD_DISCKEY_SIZE ];
409 dvd_key_t p_disc_key; 409 dvd_key_t p_disc_key;
410 int i; 410 int i;
411 411
412 if( GetBusKey( dvdcss ) < 0 ) 412 if( GetBusKey( dvdcss ) < 0 )
413 { 413 {
430 ioctl_InvalidateAgid( dvdcss->i_fd, &dvdcss->css.i_agid ); 430 ioctl_InvalidateAgid( dvdcss->i_fd, &dvdcss->css.i_agid );
431 return -1; 431 return -1;
432 } 432 }
433 433
434 /* Decrypt disc key using bus key */ 434 /* Decrypt disc key using bus key */
435 for( i = 0 ; i < 2048 ; i++ ) 435 for( i = 0 ; i < DVD_DISCKEY_SIZE ; i++ )
436 { 436 {
437 p_buffer[ i ] ^= dvdcss->css.p_bus_key[ 4 - (i % KEY_SIZE) ]; 437 p_buffer[ i ] ^= dvdcss->css.p_bus_key[ 4 - (i % KEY_SIZE) ];
438 } 438 }
439 439
440 switch( dvdcss->i_method ) 440 switch( dvdcss->i_method )
488 /***************************************************************************** 488 /*****************************************************************************
489 * _dvdcss_titlekey: get title key. 489 * _dvdcss_titlekey: get title key.
490 *****************************************************************************/ 490 *****************************************************************************/
491 int _dvdcss_titlekey( dvdcss_t dvdcss, int i_pos, dvd_key_t p_title_key ) 491 int _dvdcss_titlekey( dvdcss_t dvdcss, int i_pos, dvd_key_t p_title_key )
492 { 492 {
493 static uint8_t p_garbage[ 2048 ]; /* static because we never read it */ 493 static uint8_t p_garbage[ DVDCSS_BLOCK_SIZE ]; /* we never read it back */
494 uint8_t p_key[ KEY_SIZE ]; 494 uint8_t p_key[ KEY_SIZE ];
495 int i, i_ret = 0; 495 int i, i_ret = 0;
496 496
497 if( dvdcss->b_ioctls && ( dvdcss->i_method == DVDCSS_METHOD_KEY || 497 if( dvdcss->b_ioctls && ( dvdcss->i_method == DVDCSS_METHOD_KEY ||
498 dvdcss->i_method == DVDCSS_METHOD_DISC ) ) 498 dvdcss->i_method == DVDCSS_METHOD_DISC ) )
521 /* Test ASF, it will be reset to 0 if we got a Region error */ 521 /* Test ASF, it will be reset to 0 if we got a Region error */
522 switch( GetASF( dvdcss ) ) 522 switch( GetASF( dvdcss ) )
523 { 523 {
524 case -1: 524 case -1:
525 /* An error getting the ASF status, something must be wrong. */ 525 /* An error getting the ASF status, something must be wrong. */
526 _dvdcss_debug( dvdcss, "lost ASF reqesting title key" ); 526 _dvdcss_debug( dvdcss, "lost ASF requesting title key" );
527 ioctl_InvalidateAgid( dvdcss->i_fd, &dvdcss->css.i_agid ); 527 ioctl_InvalidateAgid( dvdcss->i_fd, &dvdcss->css.i_agid );
528 i_ret = -1; 528 i_ret = -1;
529 break; 529 break;
530 530
531 case 0: 531 case 0:
532 /* This might either be a title that has no key, 532 /* This might either be a title that has no key,
533 * or we encountered a region error. */ 533 * or we encountered a region error. */
534 _dvdcss_debug( dvdcss, "lost ASF reqesting title key" ); 534 _dvdcss_debug( dvdcss, "lost ASF requesting title key" );
535 break; 535 break;
536 536
537 case 1: 537 case 1:
538 /* Drive status is ok. */ 538 /* Drive status is ok. */
539 /* If the title key request failed, but we did not loose ASF, 539 /* If the title key request failed, but we did not loose ASF,
552 for( i = 0 ; i < KEY_SIZE ; i++ ) 552 for( i = 0 ; i < KEY_SIZE ; i++ )
553 { 553 {
554 p_key[ i ] ^= dvdcss->css.p_bus_key[ 4 - (i % KEY_SIZE) ]; 554 p_key[ i ] ^= dvdcss->css.p_bus_key[ 4 - (i % KEY_SIZE) ];
555 } 555 }
556 556
557 /* If p_key is all zero then there realy wasn't any key pressent 557 /* If p_key is all zero then there really wasn't any key present
558 * even though we got to read it without an error. */ 558 * even though we got to read it without an error. */
559 if( !( p_key[0] | p_key[1] | p_key[2] | p_key[3] | p_key[4] ) ) 559 if( !( p_key[0] | p_key[1] | p_key[2] | p_key[3] | p_key[4] ) )
560 { 560 {
561 i_ret = 0; 561 i_ret = 0;
562 } 562 }
604 * key : title key for this sector 604 * key : title key for this sector
605 *****************************************************************************/ 605 *****************************************************************************/
606 int _dvdcss_unscramble( dvd_key_t p_key, uint8_t *p_sec ) 606 int _dvdcss_unscramble( dvd_key_t p_key, uint8_t *p_sec )
607 { 607 {
608 unsigned int i_t1, i_t2, i_t3, i_t4, i_t5, i_t6; 608 unsigned int i_t1, i_t2, i_t3, i_t4, i_t5, i_t6;
609 uint8_t *p_end = p_sec + 0x800; 609 uint8_t *p_end = p_sec + DVDCSS_BLOCK_SIZE;
610 610
611 /* PES_scrambling_control */ 611 /* PES_scrambling_control */
612 if( p_sec[0x14] & 0x30) 612 if( p_sec[0x14] & 0x30)
613 { 613 {
614 i_t1 = (p_key[0] ^ p_sec[0x54]) | 0x100; 614 i_t1 = (p_key[0] ^ p_sec[0x54]) | 0x100;
988 { 0xcf, 0x1a, 0xb2, 0xf8, 0x0a }, 988 { 0xcf, 0x1a, 0xb2, 0xf8, 0x0a },
989 { 0xec, 0xa0, 0xcf, 0xb3, 0xff }, 989 { 0xec, 0xa0, 0xcf, 0xb3, 0xff },
990 { 0xfc, 0x95, 0xa9, 0x87, 0x35 } 990 { 0xfc, 0x95, 0xa9, 0x87, 0x35 }
991 }; 991 };
992 992
993 /* Decrypt disc key with player keys from csskeys.h */ 993 /* Decrypt disc key with the above player keys */
994 while( n < sizeof(player_keys) / sizeof(dvd_key_t) ) 994 while( n < sizeof(player_keys) / sizeof(dvd_key_t) )
995 { 995 {
996 for( i = 1; i < 409; i++ ) 996 for( i = 1; i < 409; i++ )
997 { 997 {
998 /* Check if player key n is the right key for position i. */ 998 /* Check if player key n is the right key for position i. */
999 DecryptKey( 0, player_keys[n], p_struct_disckey + 5 * i, 999 DecryptKey( 0, player_keys[n], p_struct_disckey + 5 * i,
1000 p_disc_key ); 1000 p_disc_key );
1001 1001
1002 /* The first part in the struct_disckey block is the 1002 /* The first part in the struct_disckey block is the
1003 * 'disc key' encrypted with it self. Using this we 1003 * 'disc key' encrypted with itself. Using this we
1004 * can check if we decrypted the correct key. */ 1004 * can check if we decrypted the correct key. */
1005 DecryptKey( 0, p_disc_key, p_struct_disckey, p_verify ); 1005 DecryptKey( 0, p_disc_key, p_struct_disckey, p_verify );
1006 1006
1007 /* If the position / player key pair worked then return. */ 1007 /* If the position / player key pair worked then return. */
1008 if( memcmp( p_disc_key, p_verify, KEY_SIZE ) == 0 ) 1008 if( memcmp( p_disc_key, p_verify, KEY_SIZE ) == 0 )
1245 /***************************************************************************** 1245 /*****************************************************************************
1246 * RecoverTitleKey: (title) key recovery from cipher and plain text 1246 * RecoverTitleKey: (title) key recovery from cipher and plain text
1247 * Function designed by Frank Stevenson 1247 * Function designed by Frank Stevenson
1248 ***************************************************************************** 1248 *****************************************************************************
1249 * Called from Attack* which are in turn called by CrackTitleKey. Given 1249 * Called from Attack* which are in turn called by CrackTitleKey. Given
1250 * a guessed(?) plain text and the chiper text. Returns -1 on failure. 1250 * a guessed(?) plain text and the cipher text. Returns -1 on failure.
1251 *****************************************************************************/ 1251 *****************************************************************************/
1252 static int RecoverTitleKey( int i_start, uint8_t const *p_crypted, 1252 static int RecoverTitleKey( int i_start, uint8_t const *p_crypted,
1253 uint8_t const *p_decrypted, 1253 uint8_t const *p_decrypted,
1254 uint8_t const *p_sector_seed, uint8_t *p_key ) 1254 uint8_t const *p_sector_seed, uint8_t *p_key )
1255 { 1255 {
1395 * i_pos is the starting sector, i_len is the maximum number of sectors to read 1395 * i_pos is the starting sector, i_len is the maximum number of sectors to read
1396 *****************************************************************************/ 1396 *****************************************************************************/
1397 static int CrackTitleKey( dvdcss_t dvdcss, int i_pos, int i_len, 1397 static int CrackTitleKey( dvdcss_t dvdcss, int i_pos, int i_len,
1398 dvd_key_t p_titlekey ) 1398 dvd_key_t p_titlekey )
1399 { 1399 {
1400 uint8_t p_buf[0x800]; 1400 uint8_t p_buf[ DVDCSS_BLOCK_SIZE ];
1401 const uint8_t p_packstart[4] = { 0x00, 0x00, 0x01, 0xba }; 1401 const uint8_t p_packstart[4] = { 0x00, 0x00, 0x01, 0xba };
1402 int i_reads = 0; 1402 int i_reads = 0;
1403 int i_encrypted = 0; 1403 int i_encrypted = 0;
1404 int b_stop_scanning = 0; 1404 int b_stop_scanning = 0;
1405 int b_read_error = 0;
1405 int i_ret; 1406 int i_ret;
1406 1407
1407 _dvdcss_debug( dvdcss, "cracking title key" ); 1408 _dvdcss_debug( dvdcss, "cracking title key" );
1408 1409
1409 i_tries = 0; 1410 i_tries = 0;
1425 if( i_ret <= 0 ) 1426 if( i_ret <= 0 )
1426 { 1427 {
1427 if( i_ret == 0 ) 1428 if( i_ret == 0 )
1428 { 1429 {
1429 _dvdcss_debug( dvdcss, "read returned 0 (end of device?)" ); 1430 _dvdcss_debug( dvdcss, "read returned 0 (end of device?)" );
1431 }
1432 else if( !b_read_error )
1433 {
1434 _dvdcss_debug( dvdcss, "read error, resorting to secret "
1435 "arcanes to recover" );
1436
1437 /* Reset the drive before trying to continue */
1438 _dvdcss_close( dvdcss );
1439 _dvdcss_open( dvdcss );
1440
1441 b_read_error = 1;
1442 continue;
1430 } 1443 }
1431 break; 1444 break;
1432 } 1445 }
1433 1446
1434 /* Stop when we find a non MPEG stream block. 1447 /* Stop when we find a non MPEG stream block.
1476 /* Stop after 2000 blocks if we haven't seen any encrypted blocks. */ 1489 /* Stop after 2000 blocks if we haven't seen any encrypted blocks. */
1477 if( i_reads >= 2000 && i_encrypted == 0 ) break; 1490 if( i_reads >= 2000 && i_encrypted == 0 ) break;
1478 1491
1479 } while( !b_stop_scanning && i_len > 0); 1492 } while( !b_stop_scanning && i_len > 0);
1480 1493
1481 if( i_len <= 0 ) 1494 if( !b_stop_scanning )
1495 {
1482 _dvdcss_debug( dvdcss, "end of title reached" ); 1496 _dvdcss_debug( dvdcss, "end of title reached" );
1497 }
1483 1498
1484 { /* Print some statistics. */ 1499 { /* Print some statistics. */
1485 char psz_info[128]; 1500 char psz_info[128];
1486 snprintf( psz_info, sizeof(psz_info), 1501 snprintf( psz_info, sizeof(psz_info),
1487 "%d of %d attempts successful, %d of %d blocks scrambled", 1502 "%d of %d attempts successful, %d of %d blocks scrambled",
1512 ****************************************************************************** 1527 ******************************************************************************
1513 * Tries to find a repeating pattern just before the encrypted part starts. 1528 * Tries to find a repeating pattern just before the encrypted part starts.
1514 * Then it guesses that the plain text for first encrypted bytes are 1529 * Then it guesses that the plain text for first encrypted bytes are
1515 * a contiuation of that pattern. 1530 * a contiuation of that pattern.
1516 *****************************************************************************/ 1531 *****************************************************************************/
1517 static int AttackPattern( uint8_t const p_sec[0x800], 1532 static int AttackPattern( uint8_t const p_sec[ DVDCSS_BLOCK_SIZE ],
1518 int i_pos, uint8_t *p_key ) 1533 int i_pos, uint8_t *p_key )
1519 { 1534 {
1520 unsigned int i_best_plen = 0; 1535 unsigned int i_best_plen = 0;
1521 unsigned int i_best_p = 0; 1536 unsigned int i_best_p = 0;
1522 unsigned int i, j; 1537 unsigned int i, j;
1572 * Encrypted Padding_stream attack. 1587 * Encrypted Padding_stream attack.
1573 ****************************************************************************** 1588 ******************************************************************************
1574 * DVD specifies that there must only be one type of data in every sector. 1589 * DVD specifies that there must only be one type of data in every sector.
1575 * Every sector is one pack and so must obviously be 2048 bytes long. 1590 * Every sector is one pack and so must obviously be 2048 bytes long.
1576 * For the last pice of video data before a VOBU boundary there might not 1591 * For the last pice of video data before a VOBU boundary there might not
1577 * be exactly the right amount of data to fill a sector. They one has to 1592 * be exactly the right amount of data to fill a sector. Then one has to
1578 * pad the pack to 2048 bytes. For just a few bytes this is doen in the 1593 * pad the pack to 2048 bytes. For just a few bytes this is done in the
1579 * header but for any large amount you insert a PES packet from the 1594 * header but for any large amount you insert a PES packet from the
1580 * Padding stream. This looks like 0x00 00 01 be xx xx ff ff ... 1595 * Padding stream. This looks like 0x00 00 01 be xx xx ff ff ...
1581 * where xx xx is the length of the padding stream. 1596 * where xx xx is the length of the padding stream.
1582 *****************************************************************************/ 1597 *****************************************************************************/
1583 static int AttackPadding( uint8_t const p_sec[0x800], 1598 static int AttackPadding( uint8_t const p_sec[ DVDCSS_BLOCK_SIZE ],
1584 int i_pos, uint8_t *p_key ) 1599 int i_pos, uint8_t *p_key )
1585 { 1600 {
1586 unsigned int i_pes_length; 1601 unsigned int i_pes_length;
1587 /*static int i_tries = 0, i_success = 0;*/ 1602 /*static int i_tries = 0, i_success = 0;*/
1588 1603
1589 i_pes_length = (p_sec[0x12]<<8) | p_sec[0x13]; 1604 i_pes_length = (p_sec[0x12]<<8) | p_sec[0x13];
1590 1605
1591 /* Coverd by the test below but usfull for debuging. */ 1606 /* Coverd by the test below but usfull for debuging. */
1592 if( i_pes_length == 0x800 - 0x14 ) return 0; 1607 if( i_pes_length == DVDCSS_BLOCK_SIZE - 0x14 ) return 0;
1593 1608
1594 /* There must be room for at least 4? bytes of padding stream, 1609 /* There must be room for at least 4? bytes of padding stream,
1595 * and it must be encrypted. 1610 * and it must be encrypted.
1596 * sector size - pack/pes header - padding startcode - padding length */ 1611 * sector size - pack/pes header - padding startcode - padding length */
1597 if( ( 0x800 - 0x14 - 4 - 2 - i_pes_length < 4 ) || 1612 if( ( DVDCSS_BLOCK_SIZE - 0x14 - 4 - 2 - i_pes_length < 4 ) ||
1598 ( p_sec[0x14 + i_pes_length + 0] == 0x00 && 1613 ( p_sec[0x14 + i_pes_length + 0] == 0x00 &&
1599 p_sec[0x14 + i_pes_length + 1] == 0x00 && 1614 p_sec[0x14 + i_pes_length + 1] == 0x00 &&
1600 p_sec[0x14 + i_pes_length + 2] == 0x01 ) ) 1615 p_sec[0x14 + i_pes_length + 2] == 0x01 ) )
1601 { 1616 {
1602 fprintf( stderr, "plain %d %02x:%02x:%02x:%02x (type %02x sub %02x)\n", 1617 fprintf( stderr, "plain %d %02x:%02x:%02x:%02x (type %02x sub %02x)\n",
1603 0x800 - 0x14 - 4 - 2 - i_pes_length, 1618 DVDCSS_BLOCK_SIZE - 0x14 - 4 - 2 - i_pes_length,
1604 p_sec[0x14 + i_pes_length + 0], 1619 p_sec[0x14 + i_pes_length + 0],
1605 p_sec[0x14 + i_pes_length + 1], 1620 p_sec[0x14 + i_pes_length + 1],
1606 p_sec[0x14 + i_pes_length + 2], 1621 p_sec[0x14 + i_pes_length + 2],
1607 p_sec[0x14 + i_pes_length + 3], 1622 p_sec[0x14 + i_pes_length + 3],
1608 p_sec[0x11], p_sec[0x17 + p_sec[0x16]]); 1623 p_sec[0x11], p_sec[0x17 + p_sec[0x16]]);
1609 return 0; 1624 return 0;
1610 } 1625 }
1611 1626
1612 /* If we are here we know that there is a where in the pack a 1627 /* If we are here we know that there is a where in the pack a
1613 encrypted PES header is (startcode + lenght). It's never more 1628 encrypted PES header is (startcode + length). It's never more
1614 than two packets in the pack, so we 'know' the length. The 1629 than two packets in the pack, so we 'know' the length. The
1615 plaintext at offset (0x14 + i_pes_length) will then be 1630 plaintext at offset (0x14 + i_pes_length) will then be
1616 00 00 01 e0/bd/be xx xx, in the case of be the following bytes 1631 00 00 01 e0/bd/be xx xx, in the case of be the following bytes
1617 are also known. */ 1632 are also known. */
1618 1633