gereral1
Well-Known Member
Thread Starter
- Joined
- Mar 3, 2013
- Messages
- 968
- Likes
- 265
There is no way to back up a bluray to get past the encryption. The problem is the hidden watermark that is used as part of the encryption. A computer bluray burner cannot copy the watermark onto the disk. Everything else is a perfect copy.
Protection:
Load disk, check watermark key, if exists check for hdcp devices
If encrypted material comprimised black list components *tv*bluray pl
You will notice when you look at the bluray structure after anydvdhd is done it makes a backup of the disks content. This is where another layer of protection is added called screenpass. Screenpass checks the bluray structure for altercations and if it sees that the file structure has been changed the screen pass kicks in scrambling your movies playback order. This is part of the bluray java. This has caused many headaches for users using slysoft software forcing the devs to patch each movie as they come out requesting logs to fix movies that do this. Once screen pass has been overcome then and only then can you extract or use the movie. The encryption removed and the correct playlist found then hdcp is disabled and you can play this content in players. So the companies came out with cinavia audio protection of whatever they call it as a final check to stop users with unprotected material to play in hardware players or licence software players. No one to date has had a good way of removing this. The best way was to use mpc vlc or a patch to cyberlink with slysoft to ignore the routine that checks for this protection. Hardware players are still subject to this protection with the audio but some have come up with ways to degrade or speed up and slow down audio to bypass but it screws up the sound. How this works is every so many minutes the protection checks the audio for a certain pattern hidden in the audio stream and if it sees this after many minutes it will mute the audio or black out the video and stop the playback.
You can use a hdmi splitter like fury or cheap splitter to keep all encryption but copy a movie with hdcp as it strips it allow you to backup the video and audio on the disk. This is how gammers record the gameply on their ps3 on youtube videos.Once HTCP is bypassed the audio and video is like good old vcr material that you can record.
History of breaking the key routine of a program:
A beakpoint set on a call address can take you step by step to the key being revealed or the formula to make the key. This is what slysoft has done using a debugger to follow the encryption routine of a bluray to find where it checks for a good key and simply bypasses the check sending an ok. This is usually by an XOR or JMP or JMP if not equal command in the machine code. Returning EAX register or 1 or 0 can change the flow of the following line of code in the next line of code. Not to teach you guys about registers that a chip uses for 32bit and 64bit but math is done is each one controlling the flow, adding bits together and shifting bits in addresses. Using a push pop command can change the stack flow and control the way a program functions and also control the data and where is gets stored. There is multi layers of checks called flags that check again and again in may other calls to the same routine of others. Sometimes a bit in a address is set to F or 0 telling the code if the first check has been bypassed to check this flag so if the flag is incorrect the check will default to a encrypted routine. If you find the encoded routine you can actually isolate after the key and watch the data step by step be decrypted then encrypted. This is a routine that programmers use to hide the key to a program. They can also use the windows registry to store the key like slysoft does and gets called in the program to check if you have a certain licence. I'm not a hacker but have taken programs that I buy and tear them apart to see how they work at the assembly level.
Some programs use the pe header to scramble so even if you use a debugger the program cannot be read until the pe header is rebuilt correctly. This is a way of the program to hides its content from a degugger. Also after the pe header is built the program uses a if debugger is present code to check if your spying on the code. If it sees this it can send a program shutdown or even worse reboot the pc. Crazy stuff.
Problem is the stripping of hdcp breaks the drm aacs=la law. As you know fury company has been taken to court because they have a breakout box (adapter) that can overcome the new 2.0 4k protection. How these devices work is there is a key stored in the chip on the splitter same as an hdtv has a key in its motherboard chip. So when hdcp sends encrypted data over the hdmi cable the tv at the other end it unscrambles the data and puts it on your screen as video. They the companies that make splitters use the same tv chips to decode the hdcp and leave it out so it allows you to feed to any device allowing copying thru hdmi ports and the end source. If hdcp detects a compromise it will blacklist the device or degrade the video to a lower quality. It cannot detect a compromised signal at the end of the playback past the tv chip because it thinks the signal is going to a tv to view. The handshake as many call it takes place and the signal is decoded.
The new 4k protection adds an extra step sending out confirmation over the internet and return a key to play the 4k uhd disk. If you do not have an internet connection you will not be able to play any uhd disks even though you buys them. This is why fury is taken to court as these boxes are only concerned with the weakest link the end of the decoded process before the content is placed on your screen. Fury does not care if the disk has a key or not. Its just like I mentioned about the security of programs and serial numbers when you buy programs.
The thing I like about hdcp removal is if you have an older tv, stereo av receiver and such. Why should the user have to buy a hdcp 2.0 compliant audio receiver,tv, and player to watch a movie. You should be able to use your 5.1 amp with hdmi inputs and outputs with your new 4k player and tv. This system will force the user to buy an new amp that is hdcp compliant. This is where people get pissed. Because of the control over the market and companies telling users you cannot use your older tv or amp to watch newer content. Our rights are being stripped from us daily. This is why companies like slysoft, dvdfab, fury come out with these things to give power and our rights back to the end user.
This article is for education purposes only for users who want to learn what goes on behind the scenes.
Protection:
Load disk, check watermark key, if exists check for hdcp devices
If encrypted material comprimised black list components *tv*bluray pl
I believe a key is set for each movie based on the watermark of the disk, and devices that have permission to play encrypted material such as a bluray machine or software player with a registered licence. After this HDCP kicks in and is required to send encrypted data between devices from the source to the video card to the player and tv. If any of these devices are compromised hdcp will blacklist the device and revoke the key and your tv will no longer work in its hdmi port rending the tv garbage. Some put a warning on the screen (ps3game consoles) and some loose the ability to use their hdmi port on their tv. Same as bluray hardware players. So it can be dangerous to mess with the encryption if you do not know what you are doing. This encryption also is embedded in windows os so if you try to take a screen shot or capture of for say Cyberlink playing a bluray the screen remains black. This is hdcp kicking in in windows os. You can take a screen shot in mpc vlc as the program does nto have the hdcp routine. So its impossible to keep encryption and make a backup copy. Now if somehow they could copy the watermark onto a burnable disk (which is impossible because its pressed in) then you could backup your disks. So they have shut all doors to allow the end user to make a backup with encryption left untouched.
You will notice when you look at the bluray structure after anydvdhd is done it makes a backup of the disks content. This is where another layer of protection is added called screenpass. Screenpass checks the bluray structure for altercations and if it sees that the file structure has been changed the screen pass kicks in scrambling your movies playback order. This is part of the bluray java. This has caused many headaches for users using slysoft software forcing the devs to patch each movie as they come out requesting logs to fix movies that do this. Once screen pass has been overcome then and only then can you extract or use the movie. The encryption removed and the correct playlist found then hdcp is disabled and you can play this content in players. So the companies came out with cinavia audio protection of whatever they call it as a final check to stop users with unprotected material to play in hardware players or licence software players. No one to date has had a good way of removing this. The best way was to use mpc vlc or a patch to cyberlink with slysoft to ignore the routine that checks for this protection. Hardware players are still subject to this protection with the audio but some have come up with ways to degrade or speed up and slow down audio to bypass but it screws up the sound. How this works is every so many minutes the protection checks the audio for a certain pattern hidden in the audio stream and if it sees this after many minutes it will mute the audio or black out the video and stop the playback.
You can use a hdmi splitter like fury or cheap splitter to keep all encryption but copy a movie with hdcp as it strips it allow you to backup the video and audio on the disk. This is how gammers record the gameply on their ps3 on youtube videos.Once HTCP is bypassed the audio and video is like good old vcr material that you can record.
History of breaking the key routine of a program:
A beakpoint set on a call address can take you step by step to the key being revealed or the formula to make the key. This is what slysoft has done using a debugger to follow the encryption routine of a bluray to find where it checks for a good key and simply bypasses the check sending an ok. This is usually by an XOR or JMP or JMP if not equal command in the machine code. Returning EAX register or 1 or 0 can change the flow of the following line of code in the next line of code. Not to teach you guys about registers that a chip uses for 32bit and 64bit but math is done is each one controlling the flow, adding bits together and shifting bits in addresses. Using a push pop command can change the stack flow and control the way a program functions and also control the data and where is gets stored. There is multi layers of checks called flags that check again and again in may other calls to the same routine of others. Sometimes a bit in a address is set to F or 0 telling the code if the first check has been bypassed to check this flag so if the flag is incorrect the check will default to a encrypted routine. If you find the encoded routine you can actually isolate after the key and watch the data step by step be decrypted then encrypted. This is a routine that programmers use to hide the key to a program. They can also use the windows registry to store the key like slysoft does and gets called in the program to check if you have a certain licence. I'm not a hacker but have taken programs that I buy and tear them apart to see how they work at the assembly level.
Some programs use the pe header to scramble so even if you use a debugger the program cannot be read until the pe header is rebuilt correctly. This is a way of the program to hides its content from a degugger. Also after the pe header is built the program uses a if debugger is present code to check if your spying on the code. If it sees this it can send a program shutdown or even worse reboot the pc. Crazy stuff.
Problem is the stripping of hdcp breaks the drm aacs=la law. As you know fury company has been taken to court because they have a breakout box (adapter) that can overcome the new 2.0 4k protection. How these devices work is there is a key stored in the chip on the splitter same as an hdtv has a key in its motherboard chip. So when hdcp sends encrypted data over the hdmi cable the tv at the other end it unscrambles the data and puts it on your screen as video. They the companies that make splitters use the same tv chips to decode the hdcp and leave it out so it allows you to feed to any device allowing copying thru hdmi ports and the end source. If hdcp detects a compromise it will blacklist the device or degrade the video to a lower quality. It cannot detect a compromised signal at the end of the playback past the tv chip because it thinks the signal is going to a tv to view. The handshake as many call it takes place and the signal is decoded.
The new 4k protection adds an extra step sending out confirmation over the internet and return a key to play the 4k uhd disk. If you do not have an internet connection you will not be able to play any uhd disks even though you buys them. This is why fury is taken to court as these boxes are only concerned with the weakest link the end of the decoded process before the content is placed on your screen. Fury does not care if the disk has a key or not. Its just like I mentioned about the security of programs and serial numbers when you buy programs.
The thing I like about hdcp removal is if you have an older tv, stereo av receiver and such. Why should the user have to buy a hdcp 2.0 compliant audio receiver,tv, and player to watch a movie. You should be able to use your 5.1 amp with hdmi inputs and outputs with your new 4k player and tv. This system will force the user to buy an new amp that is hdcp compliant. This is where people get pissed. Because of the control over the market and companies telling users you cannot use your older tv or amp to watch newer content. Our rights are being stripped from us daily. This is why companies like slysoft, dvdfab, fury come out with these things to give power and our rights back to the end user.
This article is for education purposes only for users who want to learn what goes on behind the scenes.
Last edited: