BD-Video Key Extraction

From Redump Wiki

(Difference between revisions)
Jump to: navigation, search
Line 193: Line 193:
'''3. Dump with a libredrive compatible drive, like ribshark's modified ASUS firmware, after having opened MakeMKV once with that drive, and said drive not having been unpowered long enough to clear its memory. While BEE is still enabled in ribshark's firmware, the libredrive microcode stuff isn't patched out, and so as long as you open makemkv, it'll (among other things) disable the drive's BEE.'''
'''3. Dump with a libredrive compatible drive, like ribshark's modified ASUS firmware, after having opened MakeMKV once with that drive, and said drive not having been unpowered long enough to clear its memory. While BEE is still enabled in ribshark's firmware, the libredrive microcode stuff isn't patched out, and so as long as you open makemkv, it'll (among other things) disable the drive's BEE.'''
-
- FindVUK will still tell you that your drive has BEE, but will still give you proper AACSkeys dumps as long as you've disabled BEE via makeMKV before running it. DiC/redumper/etc will also still give you good dumps as long as you've disabled BEE via makeMKV before running them. If you want to be sure, it's always good to test BEE dumps via VLC, as described later.
+
- FindVUK will still tell you that your drive has BEE, but will still give you proper AACSkeys dumps as long as you've disabled BEE via makeMKV before running it. DiC/redumper/etc will also still give you good dumps as long as you've disabled BEE via makeMKV before running them. If you want to be sure, it's always good to test BEE dumps via VLC, as described below.
In order to ensure your dump is good, it's recommended to set up VLC to play back AACS-encrypted bluray .iso files directly, via the necessary steps involving libaacs. If you don't mind the lack of BD-J menus, you might want to disable them in VLC, as it can be difficult to configure Java properly for BD-J, and it'll make it harder to tell if your dump is good if you're trying to figure out if a disc isn't playing because of AACS issues or because of Java issues. If you have set that up already, you can just try playing your dumped .iso in VLC, provided the AACS keys are in your aacs KEYDB.cfg. If they aren't there, but you've dumped your AACS keys via FindVUK already, you can copy the relevant line from FindVUK's VUKbackup cfg file into your KEYDB.cfg. If the disc plays in VLC, you've dumped your disc image and AACSkeys properly. If the disc does not play in VLC, and instead it throws aacs errors in the logs, assuming you've set up VLC to play back AACS-encrypted bluray .iso files properly (test with a non-BEE bluray first to make sure), then you've dumped your disc image or AACSkeys improperly.  
In order to ensure your dump is good, it's recommended to set up VLC to play back AACS-encrypted bluray .iso files directly, via the necessary steps involving libaacs. If you don't mind the lack of BD-J menus, you might want to disable them in VLC, as it can be difficult to configure Java properly for BD-J, and it'll make it harder to tell if your dump is good if you're trying to figure out if a disc isn't playing because of AACS issues or because of Java issues. If you have set that up already, you can just try playing your dumped .iso in VLC, provided the AACS keys are in your aacs KEYDB.cfg. If they aren't there, but you've dumped your AACS keys via FindVUK already, you can copy the relevant line from FindVUK's VUKbackup cfg file into your KEYDB.cfg. If the disc plays in VLC, you've dumped your disc image and AACSkeys properly. If the disc does not play in VLC, and instead it throws aacs errors in the logs, assuming you've set up VLC to play back AACS-encrypted bluray .iso files properly (test with a non-BEE bluray first to make sure), then you've dumped your disc image or AACSkeys improperly.  

Revision as of 17:59, 12 August 2024

This guide is only for Dumping Keys from Blu-Ray Video discs, for dumping the discs see Disc Dumping Guide (MPF).

Multiple methods for dumping BD-Video below, each with their own benefits and drawbacks.

Contents

Method 1: FindVUK (AACSkeys mode)

This method is the easiest, and works on Media Key Block (MKB) versions past 68, but past version 68 (v69 skipped, v70 in 2019-07) it can only extract the UnitKey (UK). It works as long as the drive has not yet revoked the host certificate (it's only valid until mkbv71 and got revoked in 72).

  1. Download and unzip the latest version of FindVUK
  2. Double click "FindVUK - Synchronize.bat". The window will automatically close once the process is complete.
  3. Now you will dump the keys. You do one of either two methods:
    1. Drag and drop the drive icon where the disc is inserted to the file "FindVUK - AACSkeys.bat" (NOTE: This requires no spaces being anywhere in the file path where your FindVUK folder is).
    2. OR open up the command line and "cd" (change directory) to the location to inside your FindVUK folder, then run this command: FindVUK.exe AACSkeys=X (where "X" is the drive letter).
  4. In your FindVUK folder, go into the OnlineDB_Backup subfolder. You will find an xml file with your key info to submit to redump!

Method 2: FindVUK + DVD Fab

Method 2 is believed to have similar dumping compatibility to Method 1. The only thing unknown / untested is that whether Method 1 can also extract UnitKey (UK) v70 (circa 2019-07), which Method 2 can. If Method 1 can also do this, then Method 2 should be considered deprecated as it's a more convoluted / difficult process.

Software

Some versions of FindVUK and DVDFab don't play well together. Your experience may vary.

  • FindVUK (unzip FindVUK in a folder with write-access)
  • DVDFab (install)

Dumping

  • DVDFab should be closed.
  • Insert Blu-Ray disc.
  • Launch FindVUK.exe, this will automatically launch DVDFab.
  • Select "Try" to use DVDFab as a trial.
  • A progress bar window should appear as DVDFab is processing the disc, which takes a few seconds. FindVUK should report that it found the key.
  • Eject the disc, close FindVUK, close DVDFab (you may have to forcibly kill the process, for me it frequently hangs at that time).
  • In your FindVUK folder, go into the OnlineDB_Backup subfolder. You will find an xml file with your key info to submit to redump!

Submitting .XML / Key info

Now we'll discuss how to submit the XML file info from FindVUK's OnlineDB_Backup subfolder.

Let's have a look at this XML output:

<?xml version="1.0" encoding="UTF-8"?>
<Bluray>
 <FileType>BlurayMetaXML</FileType>
 <DiscId Date="2008-04-30">D6630E5AA891CE4164A44E627E5672F092D0D717</DiscId>
 <VolumeId>FC3AAC79EA225AE1448C983C98259319</VolumeId>
 <MediaKey>D3A5957A0219001AB62D31EAC9A10E5A</MediaKey>
 <VolumeUniqueKey>F283D691673583569819F114460A6BF7</VolumeUniqueKey>
 <VolumeLabel>BDROM</VolumeLabel>
 <BDplus>0</BDplus>
 <BusEncryptionEnabled>0</BusEncryptionEnabled>
 <MKBrev>7</MKBrev>
 <MainPlaylist/>
 <UnitKeys>
   <UnitKey Nr="1">562D5AC9EF5925866D7F07BBDC8ADFEF</UnitKey>
 </UnitKeys>
 <MetaTitles>
   <MetaTitle Language="" Manual="1">Metal Gear Solid 4 Bonus Disc</MetaTitle>
 </MetaTitles>
 <Hashes>
   <Hash Type="MD5" File="MKB_RO.inf" Size="1048576">BF8D213F679D3423526B1185B30C63D2</Hash>
 </Hashes>
 <Application>FindVUK 1.09</Application>
 <VolumeSize>24395972608</VolumeSize>
</Bluray>

This information should be submitted to the Redump entry's "Protection" section as follows:

BD-Video Protection: AACS (MKB version 7)
Media Key: D3A5957A0219001AB62D31EAC9A10E5A
Volume ID: FC3AAC79EA225AE1448C983C98259319
Volume Unique Key: F283D691673583569819F114460A6BF7
Unit Key File Hash (DiscID): D6630E5AA891CE4164A44E627E5672F092D0D717
  • "BD-Video Protection" comes from this line of the XML: "<MKBrev>7</MKBrev>"
  • "Media Key" comes from this line of the XML: "<MediaKey>D3A5957A0219001AB62D31EAC9A10E5A</MediaKey>"
  • "Volume ID" comes from this line of the XML: "<VolumeId>FC3AAC79EA225AE1448C983C98259319</VolumeId>"
  • "Volume Unique Key" comes from this line of the XML: "<VolumeUniqueKey>F283D691673583569819F114460A6BF7</VolumeUniqueKey>"
  • "Unit Key File Hash (DiscID)" comes from this line of the XML: "<DiscId Date="2008-04-30">D6630E5AA891CE4164A44E627E5672F092D0D717</DiscId>"

Here's the entry so you can see for yourself [1].

BEE / Bus Encryption Enabled Discs

A relative minority of BD-Video discs have Bus Encryption Enabled, or BEE. You're relatively unlikely to encounter this on BD-Video discs that are redump-eligible, as BEE was mostly used for more traditional movie releases. However, some redump-eligible discs do stll have it; additionally, all UHD discs have BEE, so if any are made that can be submitted to redump, BEE will have to be dealt with as well.

There are various ways to check if your disc has BEE, but the easiest, given this guide already recommends installing FindVUK, is just to run FindVUK - AACSkeys.bat and check what it outputs for the disc you're trying to dump. Example relevant section output of a disc with BEE, on a drive that has BEE:

-------------------------------------------------------------------------------
14:59:05 - Get basic AACS data
-------------------------------------------------------------------------------
14:59:05 - AACS folder on disc is reachable - ValidateVUK is possible
14:59:06 - Different VolumeName detected - most likely the disc has been changed... take the new name
14:59:06 - VolumeName         >FIRST_COW<
14:59:06 - DiscId             >EBEF96426CBB4122E4EAC145FCF343B4043352BB< (2020-04-13)
14:59:06 - DiscType           >BD<
14:59:06 - MKB Revision       >70<
14:59:06 - Disc-BusEncEnabled >1<
14:59:06 - Drve-BusEncCapable >1<
14:59:06 -  ==> Bus Encryption active!
14:59:06 - UnitKeyCount       >1<
14:59:06 -  >>> UnitKeyENC (1) >4B3CFB16D66D3A73CEDC58D3CBC0E493<
14:59:06 - UnitKeyCount >1<
14:59:06 -  >>> UnitKeyDEC (1) >3E9945C8BB657E28AE3F282CB7EB163E<
-------------------------------------------------------------------------------
14:59:06 -  --- PART 2 --- VALIDATE VUK/UNITKEYS ---
-------------------------------------------------------------------------------
14:59:06 - Drive is detected as 'REAL BLURAY' drive

-------------------------------------------------------------------------------
14:59:06 - Can not validate UnitKeys because of BusEncryption (missing ReadDataKey)!!
-------------------------------------------------------------------------------

"Disc-BusEncEnabled >1<" means that your disc has BEE; as seen here, there are various other indications.

If you're not sure if a disc you submitted in the past has BEE, you can also check the .xml generated by FindVUK to see if it has BEE. If the disc does have BE, the xml will contain "<BusEncryptionEnabled>1</BusEncryptionEnabled>". If the disc does not have BEE, the xml will contain "<BusEncryptionEnabled>0</BusEncryptionEnabled>"

To summarize when it comes to dumping purposes; almost all BD-ROM drives have BEE enabled. If the disc you're trying to dump has BEE, and your drive also has BEE, any dumps of that disc will be bad, and any AACSkeys dumped might* be bad as well. You will need to disable BEE before dumping in order to produce a good, working dump of a BEE disc, and to be able to submit your dump to redump.

There are various ways to check if your drive has BEE, but the easiest, given this guide already recommends installing FindVUK, is just to run FindVUK - ShowDriveDetailsForAllDrives.bat and check what it outputs for the drive you're trying to use. Example output of a drive with BEE:

################################################################################
######################
14:56:05 - ShowDriveDetails for Drive >J:\<
################################################################################
######################
14:56:05 - Vendor >ASUS    < ProductId >BW-16D1HT       < ProductRevision >3.10<
 ScsiDeviceType >CD/DVD-ROM device< ConnectedTo >USB< Bus

--COMMON------------------------------------------------------------------------
--------
14:56:05 -   Drive Vendor         : ASUS
14:56:05 -   Drive Model          : BW-16D1HT
14:56:05 -   Drive Revision       : 3.10
14:56:05 -   Drive VendorSpec     : WM01601SIK93G6MA230
14:56:05 -   FirmwareCreationDate : 211901041014
14:56:05 -   Drive Interface      : Serial ATAPI
14:56:05 -   Drive Type           : BLURAY/DVD/CD-WRITER
14:56:05 -   LoadingMechanism     : Tray

--DRIVE FEATURES----------------------------------------------------------------
--------
14:56:05 -   Drive Features       :
14:56:05 -     Profile List, Core, Morphing, Removeable Medium, Write Protect, R
andom Readable,
14:56:05 -     Multi-Read, CD Read, DVD Read, Random Writeable, Incremental Stre
aming Writeable,
14:56:05 -     Formattable, Hardware Defect Management, Restricted Overwrite, CD
-RW CAV Write,
14:56:05 -     DVD+RW, DVD+R, Rigid Restricted Overwrite, CD Track at Once, CD M
astering,
14:56:05 -     DVD-R/-RW Write, Layer Jump Recording, CD-RW Media Write Support,
 BD-R POW,
14:56:05 -     DVD+R Dual Layer, BD Read Feature, BD Write Feature, Hybrid Disc,
 Power Management,
14:56:05 -     SMART, CD Audio External Play, Microcode Update, Timeout, DVD-CSS
, Real Time Streaming,
14:56:05 -     Drive Serial Number, Media Serial Number, DCBs, DVD CPRM, Firmwar
e Information,
14:56:05 -     AACS

--DRIVE PROFILES----------------------------------------------------------------
--------
14:56:05 -   Drive Profiles       :
14:56:05 -     BD-RE, BD-R RRM, BD-R SRM, BD-ROM, DVD+R Dual Layer, DVD+R, DVD+R
W, DVD-R Dual Layer Jump Recording,
14:56:05 -     DVD-R Dual Layer Sequential Recording, DVD-RW Sequential Recordin
g, DVD-RW Restricted Overwrite,
14:56:05 -     DVD-RAM, DVD-R Sequential Recording, DVD-ROM, CD-RW, CD-R, CD-ROM
, Removeable disk

--AACS--------------------------------------------------------------------------
--------
14:56:05 -   FeatureDescriptor    : 01 0D 08 04 1F 01 02 01
14:56:05 -   AacsVersion          : 1
14:56:05 -   AacsActive           : 0
14:56:05 -   BindingNonceGenSupp  : 1
14:56:05 -   BindingNonceBlockCnt : 1
14:56:05 -   BusEncryptionSupport : 1
14:56:05 -   ReadDriveCertificate : 1
14:56:05 -   AgidCount            : 2
14:56:05 - Drive is detected as 'REAL BLURAY' drive
14:56:05 - Drive is already in the KnownDrivesList

As seen here, "BusEncryptionSupport : 1" indicates your drive has BEE.

Disabling BEE on your drive is achieved one of three ways:

1. Dump with a drive old enough that the firmware doesn't have BEE in the first place.

- I do not know the exact date drives started being produced with BEE, but it may have been around 2011. Regardless, just check whether your drive has BEE via the above method to be sure.

2. Dump with a libredrive firmware drive, as these drives have BEE disabled in firmware already.

- Self explanatory.

3. Dump with a libredrive compatible drive, like ribshark's modified ASUS firmware, after having opened MakeMKV once with that drive, and said drive not having been unpowered long enough to clear its memory. While BEE is still enabled in ribshark's firmware, the libredrive microcode stuff isn't patched out, and so as long as you open makemkv, it'll (among other things) disable the drive's BEE.

- FindVUK will still tell you that your drive has BEE, but will still give you proper AACSkeys dumps as long as you've disabled BEE via makeMKV before running it. DiC/redumper/etc will also still give you good dumps as long as you've disabled BEE via makeMKV before running them. If you want to be sure, it's always good to test BEE dumps via VLC, as described below.

In order to ensure your dump is good, it's recommended to set up VLC to play back AACS-encrypted bluray .iso files directly, via the necessary steps involving libaacs. If you don't mind the lack of BD-J menus, you might want to disable them in VLC, as it can be difficult to configure Java properly for BD-J, and it'll make it harder to tell if your dump is good if you're trying to figure out if a disc isn't playing because of AACS issues or because of Java issues. If you have set that up already, you can just try playing your dumped .iso in VLC, provided the AACS keys are in your aacs KEYDB.cfg. If they aren't there, but you've dumped your AACS keys via FindVUK already, you can copy the relevant line from FindVUK's VUKbackup cfg file into your KEYDB.cfg. If the disc plays in VLC, you've dumped your disc image and AACSkeys properly. If the disc does not play in VLC, and instead it throws aacs errors in the logs, assuming you've set up VLC to play back AACS-encrypted bluray .iso files properly (test with a non-BEE bluray first to make sure), then you've dumped your disc image or AACSkeys improperly.

- *I was able to get bad AACSkeys dumps when first discovering this, but I have not been able to reproduce that since. To be safe, though, just re-dump your AACSkeys after disabling BEE via any of the options described.

Personal tools