Mercurial > mplayer.hg
comparison libmpdvdkit2/css.c @ 10720:f23c35ce0d16
synced to libdvdcss 1.2.8 (except the DVDCSS_PATH guessing, we use our
get_path() instead). anyway it's mostly cosmetics only.
author | arpi |
---|---|
date | Sat, 30 Aug 2003 13:35:25 +0000 |
parents | f0f0f176d298 |
children | c2ddedd0619e |
comparison
equal
deleted
inserted
replaced
10719:caec33353477 | 10720:f23c35ce0d16 |
---|---|
403 * -disc key hash crack, | 403 * -disc key hash crack, |
404 * -decryption with player keys if they are available. | 404 * -decryption with player keys if they are available. |
405 *****************************************************************************/ | 405 *****************************************************************************/ |
406 int _dvdcss_disckey( dvdcss_t dvdcss ) | 406 int _dvdcss_disckey( dvdcss_t dvdcss ) |
407 { | 407 { |
408 unsigned char p_buffer[2048]; | 408 unsigned char p_buffer[ DVD_DISCKEY_SIZE ]; |
409 dvd_key_t p_disc_key; | 409 dvd_key_t p_disc_key; |
410 int i; | 410 int i; |
411 | 411 |
412 if( GetBusKey( dvdcss ) < 0 ) | 412 if( GetBusKey( dvdcss ) < 0 ) |
413 { | 413 { |
430 ioctl_InvalidateAgid( dvdcss->i_fd, &dvdcss->css.i_agid ); | 430 ioctl_InvalidateAgid( dvdcss->i_fd, &dvdcss->css.i_agid ); |
431 return -1; | 431 return -1; |
432 } | 432 } |
433 | 433 |
434 /* Decrypt disc key using bus key */ | 434 /* Decrypt disc key using bus key */ |
435 for( i = 0 ; i < 2048 ; i++ ) | 435 for( i = 0 ; i < DVD_DISCKEY_SIZE ; i++ ) |
436 { | 436 { |
437 p_buffer[ i ] ^= dvdcss->css.p_bus_key[ 4 - (i % KEY_SIZE) ]; | 437 p_buffer[ i ] ^= dvdcss->css.p_bus_key[ 4 - (i % KEY_SIZE) ]; |
438 } | 438 } |
439 | 439 |
440 switch( dvdcss->i_method ) | 440 switch( dvdcss->i_method ) |
488 /***************************************************************************** | 488 /***************************************************************************** |
489 * _dvdcss_titlekey: get title key. | 489 * _dvdcss_titlekey: get title key. |
490 *****************************************************************************/ | 490 *****************************************************************************/ |
491 int _dvdcss_titlekey( dvdcss_t dvdcss, int i_pos, dvd_key_t p_title_key ) | 491 int _dvdcss_titlekey( dvdcss_t dvdcss, int i_pos, dvd_key_t p_title_key ) |
492 { | 492 { |
493 static uint8_t p_garbage[ 2048 ]; /* static because we never read it */ | 493 static uint8_t p_garbage[ DVDCSS_BLOCK_SIZE ]; /* we never read it back */ |
494 uint8_t p_key[ KEY_SIZE ]; | 494 uint8_t p_key[ KEY_SIZE ]; |
495 int i, i_ret = 0; | 495 int i, i_ret = 0; |
496 | 496 |
497 if( dvdcss->b_ioctls && ( dvdcss->i_method == DVDCSS_METHOD_KEY || | 497 if( dvdcss->b_ioctls && ( dvdcss->i_method == DVDCSS_METHOD_KEY || |
498 dvdcss->i_method == DVDCSS_METHOD_DISC ) ) | 498 dvdcss->i_method == DVDCSS_METHOD_DISC ) ) |
521 /* Test ASF, it will be reset to 0 if we got a Region error */ | 521 /* Test ASF, it will be reset to 0 if we got a Region error */ |
522 switch( GetASF( dvdcss ) ) | 522 switch( GetASF( dvdcss ) ) |
523 { | 523 { |
524 case -1: | 524 case -1: |
525 /* An error getting the ASF status, something must be wrong. */ | 525 /* An error getting the ASF status, something must be wrong. */ |
526 _dvdcss_debug( dvdcss, "lost ASF reqesting title key" ); | 526 _dvdcss_debug( dvdcss, "lost ASF requesting title key" ); |
527 ioctl_InvalidateAgid( dvdcss->i_fd, &dvdcss->css.i_agid ); | 527 ioctl_InvalidateAgid( dvdcss->i_fd, &dvdcss->css.i_agid ); |
528 i_ret = -1; | 528 i_ret = -1; |
529 break; | 529 break; |
530 | 530 |
531 case 0: | 531 case 0: |
532 /* This might either be a title that has no key, | 532 /* This might either be a title that has no key, |
533 * or we encountered a region error. */ | 533 * or we encountered a region error. */ |
534 _dvdcss_debug( dvdcss, "lost ASF reqesting title key" ); | 534 _dvdcss_debug( dvdcss, "lost ASF requesting title key" ); |
535 break; | 535 break; |
536 | 536 |
537 case 1: | 537 case 1: |
538 /* Drive status is ok. */ | 538 /* Drive status is ok. */ |
539 /* If the title key request failed, but we did not loose ASF, | 539 /* If the title key request failed, but we did not loose ASF, |
552 for( i = 0 ; i < KEY_SIZE ; i++ ) | 552 for( i = 0 ; i < KEY_SIZE ; i++ ) |
553 { | 553 { |
554 p_key[ i ] ^= dvdcss->css.p_bus_key[ 4 - (i % KEY_SIZE) ]; | 554 p_key[ i ] ^= dvdcss->css.p_bus_key[ 4 - (i % KEY_SIZE) ]; |
555 } | 555 } |
556 | 556 |
557 /* If p_key is all zero then there realy wasn't any key pressent | 557 /* If p_key is all zero then there really wasn't any key present |
558 * even though we got to read it without an error. */ | 558 * even though we got to read it without an error. */ |
559 if( !( p_key[0] | p_key[1] | p_key[2] | p_key[3] | p_key[4] ) ) | 559 if( !( p_key[0] | p_key[1] | p_key[2] | p_key[3] | p_key[4] ) ) |
560 { | 560 { |
561 i_ret = 0; | 561 i_ret = 0; |
562 } | 562 } |
604 * key : title key for this sector | 604 * key : title key for this sector |
605 *****************************************************************************/ | 605 *****************************************************************************/ |
606 int _dvdcss_unscramble( dvd_key_t p_key, uint8_t *p_sec ) | 606 int _dvdcss_unscramble( dvd_key_t p_key, uint8_t *p_sec ) |
607 { | 607 { |
608 unsigned int i_t1, i_t2, i_t3, i_t4, i_t5, i_t6; | 608 unsigned int i_t1, i_t2, i_t3, i_t4, i_t5, i_t6; |
609 uint8_t *p_end = p_sec + 0x800; | 609 uint8_t *p_end = p_sec + DVDCSS_BLOCK_SIZE; |
610 | 610 |
611 /* PES_scrambling_control */ | 611 /* PES_scrambling_control */ |
612 if( p_sec[0x14] & 0x30) | 612 if( p_sec[0x14] & 0x30) |
613 { | 613 { |
614 i_t1 = (p_key[0] ^ p_sec[0x54]) | 0x100; | 614 i_t1 = (p_key[0] ^ p_sec[0x54]) | 0x100; |
988 { 0xcf, 0x1a, 0xb2, 0xf8, 0x0a }, | 988 { 0xcf, 0x1a, 0xb2, 0xf8, 0x0a }, |
989 { 0xec, 0xa0, 0xcf, 0xb3, 0xff }, | 989 { 0xec, 0xa0, 0xcf, 0xb3, 0xff }, |
990 { 0xfc, 0x95, 0xa9, 0x87, 0x35 } | 990 { 0xfc, 0x95, 0xa9, 0x87, 0x35 } |
991 }; | 991 }; |
992 | 992 |
993 /* Decrypt disc key with player keys from csskeys.h */ | 993 /* Decrypt disc key with the above player keys */ |
994 while( n < sizeof(player_keys) / sizeof(dvd_key_t) ) | 994 while( n < sizeof(player_keys) / sizeof(dvd_key_t) ) |
995 { | 995 { |
996 for( i = 1; i < 409; i++ ) | 996 for( i = 1; i < 409; i++ ) |
997 { | 997 { |
998 /* Check if player key n is the right key for position i. */ | 998 /* Check if player key n is the right key for position i. */ |
999 DecryptKey( 0, player_keys[n], p_struct_disckey + 5 * i, | 999 DecryptKey( 0, player_keys[n], p_struct_disckey + 5 * i, |
1000 p_disc_key ); | 1000 p_disc_key ); |
1001 | 1001 |
1002 /* The first part in the struct_disckey block is the | 1002 /* The first part in the struct_disckey block is the |
1003 * 'disc key' encrypted with it self. Using this we | 1003 * 'disc key' encrypted with itself. Using this we |
1004 * can check if we decrypted the correct key. */ | 1004 * can check if we decrypted the correct key. */ |
1005 DecryptKey( 0, p_disc_key, p_struct_disckey, p_verify ); | 1005 DecryptKey( 0, p_disc_key, p_struct_disckey, p_verify ); |
1006 | 1006 |
1007 /* If the position / player key pair worked then return. */ | 1007 /* If the position / player key pair worked then return. */ |
1008 if( memcmp( p_disc_key, p_verify, KEY_SIZE ) == 0 ) | 1008 if( memcmp( p_disc_key, p_verify, KEY_SIZE ) == 0 ) |
1245 /***************************************************************************** | 1245 /***************************************************************************** |
1246 * RecoverTitleKey: (title) key recovery from cipher and plain text | 1246 * RecoverTitleKey: (title) key recovery from cipher and plain text |
1247 * Function designed by Frank Stevenson | 1247 * Function designed by Frank Stevenson |
1248 ***************************************************************************** | 1248 ***************************************************************************** |
1249 * Called from Attack* which are in turn called by CrackTitleKey. Given | 1249 * Called from Attack* which are in turn called by CrackTitleKey. Given |
1250 * a guessed(?) plain text and the chiper text. Returns -1 on failure. | 1250 * a guessed(?) plain text and the cipher text. Returns -1 on failure. |
1251 *****************************************************************************/ | 1251 *****************************************************************************/ |
1252 static int RecoverTitleKey( int i_start, uint8_t const *p_crypted, | 1252 static int RecoverTitleKey( int i_start, uint8_t const *p_crypted, |
1253 uint8_t const *p_decrypted, | 1253 uint8_t const *p_decrypted, |
1254 uint8_t const *p_sector_seed, uint8_t *p_key ) | 1254 uint8_t const *p_sector_seed, uint8_t *p_key ) |
1255 { | 1255 { |
1395 * i_pos is the starting sector, i_len is the maximum number of sectors to read | 1395 * i_pos is the starting sector, i_len is the maximum number of sectors to read |
1396 *****************************************************************************/ | 1396 *****************************************************************************/ |
1397 static int CrackTitleKey( dvdcss_t dvdcss, int i_pos, int i_len, | 1397 static int CrackTitleKey( dvdcss_t dvdcss, int i_pos, int i_len, |
1398 dvd_key_t p_titlekey ) | 1398 dvd_key_t p_titlekey ) |
1399 { | 1399 { |
1400 uint8_t p_buf[0x800]; | 1400 uint8_t p_buf[ DVDCSS_BLOCK_SIZE ]; |
1401 const uint8_t p_packstart[4] = { 0x00, 0x00, 0x01, 0xba }; | 1401 const uint8_t p_packstart[4] = { 0x00, 0x00, 0x01, 0xba }; |
1402 int i_reads = 0; | 1402 int i_reads = 0; |
1403 int i_encrypted = 0; | 1403 int i_encrypted = 0; |
1404 int b_stop_scanning = 0; | 1404 int b_stop_scanning = 0; |
1405 int b_read_error = 0; | |
1405 int i_ret; | 1406 int i_ret; |
1406 | 1407 |
1407 _dvdcss_debug( dvdcss, "cracking title key" ); | 1408 _dvdcss_debug( dvdcss, "cracking title key" ); |
1408 | 1409 |
1409 i_tries = 0; | 1410 i_tries = 0; |
1425 if( i_ret <= 0 ) | 1426 if( i_ret <= 0 ) |
1426 { | 1427 { |
1427 if( i_ret == 0 ) | 1428 if( i_ret == 0 ) |
1428 { | 1429 { |
1429 _dvdcss_debug( dvdcss, "read returned 0 (end of device?)" ); | 1430 _dvdcss_debug( dvdcss, "read returned 0 (end of device?)" ); |
1431 } | |
1432 else if( !b_read_error ) | |
1433 { | |
1434 _dvdcss_debug( dvdcss, "read error, resorting to secret " | |
1435 "arcanes to recover" ); | |
1436 | |
1437 /* Reset the drive before trying to continue */ | |
1438 _dvdcss_close( dvdcss ); | |
1439 _dvdcss_open( dvdcss ); | |
1440 | |
1441 b_read_error = 1; | |
1442 continue; | |
1430 } | 1443 } |
1431 break; | 1444 break; |
1432 } | 1445 } |
1433 | 1446 |
1434 /* Stop when we find a non MPEG stream block. | 1447 /* Stop when we find a non MPEG stream block. |
1476 /* Stop after 2000 blocks if we haven't seen any encrypted blocks. */ | 1489 /* Stop after 2000 blocks if we haven't seen any encrypted blocks. */ |
1477 if( i_reads >= 2000 && i_encrypted == 0 ) break; | 1490 if( i_reads >= 2000 && i_encrypted == 0 ) break; |
1478 | 1491 |
1479 } while( !b_stop_scanning && i_len > 0); | 1492 } while( !b_stop_scanning && i_len > 0); |
1480 | 1493 |
1481 if( i_len <= 0 ) | 1494 if( !b_stop_scanning ) |
1495 { | |
1482 _dvdcss_debug( dvdcss, "end of title reached" ); | 1496 _dvdcss_debug( dvdcss, "end of title reached" ); |
1497 } | |
1483 | 1498 |
1484 { /* Print some statistics. */ | 1499 { /* Print some statistics. */ |
1485 char psz_info[128]; | 1500 char psz_info[128]; |
1486 snprintf( psz_info, sizeof(psz_info), | 1501 snprintf( psz_info, sizeof(psz_info), |
1487 "%d of %d attempts successful, %d of %d blocks scrambled", | 1502 "%d of %d attempts successful, %d of %d blocks scrambled", |
1512 ****************************************************************************** | 1527 ****************************************************************************** |
1513 * Tries to find a repeating pattern just before the encrypted part starts. | 1528 * Tries to find a repeating pattern just before the encrypted part starts. |
1514 * Then it guesses that the plain text for first encrypted bytes are | 1529 * Then it guesses that the plain text for first encrypted bytes are |
1515 * a contiuation of that pattern. | 1530 * a contiuation of that pattern. |
1516 *****************************************************************************/ | 1531 *****************************************************************************/ |
1517 static int AttackPattern( uint8_t const p_sec[0x800], | 1532 static int AttackPattern( uint8_t const p_sec[ DVDCSS_BLOCK_SIZE ], |
1518 int i_pos, uint8_t *p_key ) | 1533 int i_pos, uint8_t *p_key ) |
1519 { | 1534 { |
1520 unsigned int i_best_plen = 0; | 1535 unsigned int i_best_plen = 0; |
1521 unsigned int i_best_p = 0; | 1536 unsigned int i_best_p = 0; |
1522 unsigned int i, j; | 1537 unsigned int i, j; |
1572 * Encrypted Padding_stream attack. | 1587 * Encrypted Padding_stream attack. |
1573 ****************************************************************************** | 1588 ****************************************************************************** |
1574 * DVD specifies that there must only be one type of data in every sector. | 1589 * DVD specifies that there must only be one type of data in every sector. |
1575 * Every sector is one pack and so must obviously be 2048 bytes long. | 1590 * Every sector is one pack and so must obviously be 2048 bytes long. |
1576 * For the last pice of video data before a VOBU boundary there might not | 1591 * For the last pice of video data before a VOBU boundary there might not |
1577 * be exactly the right amount of data to fill a sector. They one has to | 1592 * be exactly the right amount of data to fill a sector. Then one has to |
1578 * pad the pack to 2048 bytes. For just a few bytes this is doen in the | 1593 * pad the pack to 2048 bytes. For just a few bytes this is done in the |
1579 * header but for any large amount you insert a PES packet from the | 1594 * header but for any large amount you insert a PES packet from the |
1580 * Padding stream. This looks like 0x00 00 01 be xx xx ff ff ... | 1595 * Padding stream. This looks like 0x00 00 01 be xx xx ff ff ... |
1581 * where xx xx is the length of the padding stream. | 1596 * where xx xx is the length of the padding stream. |
1582 *****************************************************************************/ | 1597 *****************************************************************************/ |
1583 static int AttackPadding( uint8_t const p_sec[0x800], | 1598 static int AttackPadding( uint8_t const p_sec[ DVDCSS_BLOCK_SIZE ], |
1584 int i_pos, uint8_t *p_key ) | 1599 int i_pos, uint8_t *p_key ) |
1585 { | 1600 { |
1586 unsigned int i_pes_length; | 1601 unsigned int i_pes_length; |
1587 /*static int i_tries = 0, i_success = 0;*/ | 1602 /*static int i_tries = 0, i_success = 0;*/ |
1588 | 1603 |
1589 i_pes_length = (p_sec[0x12]<<8) | p_sec[0x13]; | 1604 i_pes_length = (p_sec[0x12]<<8) | p_sec[0x13]; |
1590 | 1605 |
1591 /* Coverd by the test below but usfull for debuging. */ | 1606 /* Coverd by the test below but usfull for debuging. */ |
1592 if( i_pes_length == 0x800 - 0x14 ) return 0; | 1607 if( i_pes_length == DVDCSS_BLOCK_SIZE - 0x14 ) return 0; |
1593 | 1608 |
1594 /* There must be room for at least 4? bytes of padding stream, | 1609 /* There must be room for at least 4? bytes of padding stream, |
1595 * and it must be encrypted. | 1610 * and it must be encrypted. |
1596 * sector size - pack/pes header - padding startcode - padding length */ | 1611 * sector size - pack/pes header - padding startcode - padding length */ |
1597 if( ( 0x800 - 0x14 - 4 - 2 - i_pes_length < 4 ) || | 1612 if( ( DVDCSS_BLOCK_SIZE - 0x14 - 4 - 2 - i_pes_length < 4 ) || |
1598 ( p_sec[0x14 + i_pes_length + 0] == 0x00 && | 1613 ( p_sec[0x14 + i_pes_length + 0] == 0x00 && |
1599 p_sec[0x14 + i_pes_length + 1] == 0x00 && | 1614 p_sec[0x14 + i_pes_length + 1] == 0x00 && |
1600 p_sec[0x14 + i_pes_length + 2] == 0x01 ) ) | 1615 p_sec[0x14 + i_pes_length + 2] == 0x01 ) ) |
1601 { | 1616 { |
1602 fprintf( stderr, "plain %d %02x:%02x:%02x:%02x (type %02x sub %02x)\n", | 1617 fprintf( stderr, "plain %d %02x:%02x:%02x:%02x (type %02x sub %02x)\n", |
1603 0x800 - 0x14 - 4 - 2 - i_pes_length, | 1618 DVDCSS_BLOCK_SIZE - 0x14 - 4 - 2 - i_pes_length, |
1604 p_sec[0x14 + i_pes_length + 0], | 1619 p_sec[0x14 + i_pes_length + 0], |
1605 p_sec[0x14 + i_pes_length + 1], | 1620 p_sec[0x14 + i_pes_length + 1], |
1606 p_sec[0x14 + i_pes_length + 2], | 1621 p_sec[0x14 + i_pes_length + 2], |
1607 p_sec[0x14 + i_pes_length + 3], | 1622 p_sec[0x14 + i_pes_length + 3], |
1608 p_sec[0x11], p_sec[0x17 + p_sec[0x16]]); | 1623 p_sec[0x11], p_sec[0x17 + p_sec[0x16]]); |
1609 return 0; | 1624 return 0; |
1610 } | 1625 } |
1611 | 1626 |
1612 /* If we are here we know that there is a where in the pack a | 1627 /* If we are here we know that there is a where in the pack a |
1613 encrypted PES header is (startcode + lenght). It's never more | 1628 encrypted PES header is (startcode + length). It's never more |
1614 than two packets in the pack, so we 'know' the length. The | 1629 than two packets in the pack, so we 'know' the length. The |
1615 plaintext at offset (0x14 + i_pes_length) will then be | 1630 plaintext at offset (0x14 + i_pes_length) will then be |
1616 00 00 01 e0/bd/be xx xx, in the case of be the following bytes | 1631 00 00 01 e0/bd/be xx xx, in the case of be the following bytes |
1617 are also known. */ | 1632 are also known. */ |
1618 | 1633 |