Can you tell me what do you mean by modified UHD folder structure ? I've tried Arrival UHD (Sony) on my Oppo and it indeed detected cinavia protection.
-
AnyStream is having some DRM issues currently, Netflix is not available in HD for the time being.
Situations like this will always happen with AnyStream: streaming providers are continuously improving their countermeasures while we try to catch up, it's an ongoing cat-and-mouse game. Please be patient and don't flood our support or forum with requests, we are working on it 24/7 to get it resolved. Thank you.
DeUHD Tool can rip UHD Blu-Ray discs
- Thread starter TheEmpathicEar
- Start date
Can you tell me what do you mean by modified UHD folder structure ? I've tried Arrival UHD (Sony) on my Oppo and it indeed detected cinavia protection.
B
Badnews
Guest
Which Oppo, How did you copy and playback the movie?. Your in the wrong sub forum asking me this or you would know the answer.
BTW: I'm in the USA if your OPPO player is not for USA, Europe versions have differences also.
Last edited by a moderator:
happyguy82
Well-Known Member
- Joined
- Jan 18, 2017
- Messages
- 268
- Likes
- 24
Yup 50 discs now. And they've also changed their payment page to a secure HTTPS one with new design.
Damn. Disc support seems to get better day by day.
So, do you think that the different "groups" and people behind the DeUHD have method to decrypt all the UHD disc released so far or is this still limited to "small" amount of disc suffering from some unspecified AACS2 flaw. To me it seems that every disc can be decrypted but extracting those disc specific keys is very arduous and slow task. I think we are getting to the point when AACS LA will act and revoke/change some compromised keys. Or is it already too late? Revoking and changing keys won't help?
So, do you think that the different "groups" and people behind the DeUHD have method to decrypt all the UHD disc released so far or is this still limited to "small" amount of disc suffering from some unspecified AACS2 flaw. To me it seems that every disc can be decrypted but extracting those disc specific keys is very arduous and slow task. I think we are getting to the point when AACS LA will act and revoke/change some compromised keys. Or is it already too late? Revoking and changing keys won't help?
ANYDVD-HD-FAN
Member
- Joined
- Feb 27, 2016
- Messages
- 10
- Likes
- 2
Think they are using brute force methods (perhaps a massive cloud compute net) & or someone has a HDMI splitter to strip the DRM then they look at the difference & that is the data DEUHD downloads. Another method could be spoof the hardware with clever device driver level software emulation on a Windows PC & PowerDVD17. I just cannot see AACS LA carry on releasing UHD discs if the DRM gets cracked either they will just stop until its fixed or altered. One way they can do this is put the key on the actual disc in a place you cannot copy like the gaps between layers where the barcode resides near the spindle. That's how they used to protect certain physical media in the past make it readable but uncopyable.
However DEUHD works they are not likely to publish the exploit to let AACS LA close it so they will probably have already bought the program & are trying to reverse engineer. At the end of the day the discs only cost £24.99 each or 2 for £30 right now vs TB's of HD space so the discs are cheaper overall than any backup solution!
However DEUHD works they are not likely to publish the exploit to let AACS LA close it so they will probably have already bought the program & are trying to reverse engineer. At the end of the day the discs only cost £24.99 each or 2 for £30 right now vs TB's of HD space so the discs are cheaper overall than any backup solution!
happyguy82
Well-Known Member
- Joined
- Jan 18, 2017
- Messages
- 268
- Likes
- 24
I think that machine readable part of the disc method is still used by gaming consoles today. I could be wrong though.
Sent from my iPhone using Tapatalk Pro
happyguy82
Well-Known Member
- Joined
- Jan 18, 2017
- Messages
- 268
- Likes
- 24
If this is the method can AACS LA do anything to stop them?
Sent from my iPhone using Tapatalk Pro
gereral1
Well-Known Member
- Joined
- Mar 3, 2013
- Messages
- 968
- Likes
- 265
Yep get Intel to release a new kaby lake CPU lol and pull the current chips off the market
happyguy82
Well-Known Member
- Joined
- Jan 18, 2017
- Messages
- 268
- Likes
- 24
Hahahaha cool. Btw, AACS is run by Intel
Intel started it along with a few other big manufacturers.Sent from my iPhone using Tapatalk Pro
gereral1
Well-Known Member
- Joined
- Mar 3, 2013
- Messages
- 968
- Likes
- 265
This is how they did it ......
Quote
Using Intel's SGX to Attack Itself
Researchers have demonstrated using Intel's Software Guard Extensions to hide malware and steal cryptographic keys from inside SGX's protected enclave:
Malware Guard Extension: Using SGX to Conceal Cache Attacks
Abstract:In modern computer systems, user processes are isolated from each other by the operating system and the hardware. Additionally, in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine. However, the hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel SGX provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers.
In this paper, we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves. Our attack is the first malware running on real SGX hardware, abusing SGX protection features to conceal itself. Furthermore, we demonstrate our attack both in a native environment and across multiple Docker containers. We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive. The attack works although in SGX enclaves there are no timers, no large pages, no physical addresses, and no shared memory. In a semi-synchronous attack, we extract 96% of an RSA private key from a single trace. We extract the full RSA private key in an automated attack from 11 traces within 5 minutes.
Quote:
Boffins show Intel's SGX can leak crypto keys
Software Guard Extensions are supposed to hide data. But the 'Prime+Probe attack' fixes that
By Richard Chirgwin
Posted in Security, 7th March 2017 05:58 GMT
A researcher who in January helped highlight possible flaws in Intel's Software Guard Extensions' input-output protection is back, this time with malware running inside a protected SGX enclave.
Instead of protecting the system, Samuel Weiser and four collaborators of Austria's Graz University of Technologywrite that the proof-of-concept uses SGX to conceal the malware – and that within five minutes, he can grab RSA keys from SGX enclaves running on the same system.
It's the kind of thing SGX is explicitly designed to prevent. SGX is an isolation mechanism that's supposed to keep both code and data from prying eyes, even if a privileged user is malicious.
Weiser and his team created a side-channel attack they call “Prime+Probe”, and say it works in a native Intel environment, or across Docker containers.
The PoC is specifically designed to recover RSA keys in someone else's enclave in a complex three-step process: first, discovering the location of the victim's cache sets; second, watch the cache sets when the victim triggers an RSA signature computation; and finally, extracting the key.
As the paper puts it:
We developed the most accurate timing measurement technique currently known for Intel CPUs, perfectly tailored to the hardware. We combined DRAM and cache side channels, to build a novel approach that recovers physical address bits without assumptions on the page size. We attack the RSA implementation of mbedTLS that is used for instance in OpenVPN. The attack succeeds despite protection against sidechannel attacks using a constant-time multiplication primitive. We extract 96 % of a 4096-bit RSA private key from a single Prime+Probe trace and achieve full key recovery from only 11 traces within 5 minutes.
The attack even works across different Docker containers, because the Docker engine calls to the same SGX driver for both containers.
Docker containers share the same SGX driver
Timing: A cryptography side-channel attack needs a high resolution timer, something forbidden in SGX. Weiser and his collaborators combed Intel's specs, and settled on the inc and addinstructions, because these have “a latency of 1 cycle and a throughput of 0.25 cycles/instruction when executed with a register as an operand”.
To emulate the forbidden timer, the researchers used these x86 instructions:
mov &counter , %rcx
1: inc %rax
mov %rax , (%rex)
jmp lb
”Eviction set" generation: This step is designed to discover virtual addresses “that map to the same cache set”: we scan memory sequentially for an address pair in physical proximity that causes a row conflict. As SGX enclave memory is allocated in a contiguous way we can perform this scan on virtual addresses.”
With those two steps completed, Weiseret al worked out how to monitor vulnerable cache sets, looking for the characteristic signature of RSA key calculation.
This part of the attack has to happen offline – that is, separately to the cache monitoring that collects the data – because you end up with lots of data that has lots of noise in it (from timing errors, context switching, non-RSA-key activity in the victim's enclave, and CPU timing changes due to power management, and so on).
Key recovery comes in three steps. First, traces are preprocessed. Second, a partial key is extracted from each trace. Third, the partial keys are merged to recover the private key.
On an SGX-capable Lenovo ThinkPad T460s running Ubuntu 16.10, they found:
Quote
Using Intel's SGX to Attack Itself
Researchers have demonstrated using Intel's Software Guard Extensions to hide malware and steal cryptographic keys from inside SGX's protected enclave:
Malware Guard Extension: Using SGX to Conceal Cache Attacks
Abstract:In modern computer systems, user processes are isolated from each other by the operating system and the hardware. Additionally, in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine. However, the hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel SGX provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers.
In this paper, we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves. Our attack is the first malware running on real SGX hardware, abusing SGX protection features to conceal itself. Furthermore, we demonstrate our attack both in a native environment and across multiple Docker containers. We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive. The attack works although in SGX enclaves there are no timers, no large pages, no physical addresses, and no shared memory. In a semi-synchronous attack, we extract 96% of an RSA private key from a single trace. We extract the full RSA private key in an automated attack from 11 traces within 5 minutes.
Quote:
Boffins show Intel's SGX can leak crypto keys
Software Guard Extensions are supposed to hide data. But the 'Prime+Probe attack' fixes that
By Richard Chirgwin
Posted in Security, 7th March 2017 05:58 GMT
A researcher who in January helped highlight possible flaws in Intel's Software Guard Extensions' input-output protection is back, this time with malware running inside a protected SGX enclave.
Instead of protecting the system, Samuel Weiser and four collaborators of Austria's Graz University of Technologywrite that the proof-of-concept uses SGX to conceal the malware – and that within five minutes, he can grab RSA keys from SGX enclaves running on the same system.
It's the kind of thing SGX is explicitly designed to prevent. SGX is an isolation mechanism that's supposed to keep both code and data from prying eyes, even if a privileged user is malicious.
Weiser and his team created a side-channel attack they call “Prime+Probe”, and say it works in a native Intel environment, or across Docker containers.
The PoC is specifically designed to recover RSA keys in someone else's enclave in a complex three-step process: first, discovering the location of the victim's cache sets; second, watch the cache sets when the victim triggers an RSA signature computation; and finally, extracting the key.
As the paper puts it:
We developed the most accurate timing measurement technique currently known for Intel CPUs, perfectly tailored to the hardware. We combined DRAM and cache side channels, to build a novel approach that recovers physical address bits without assumptions on the page size. We attack the RSA implementation of mbedTLS that is used for instance in OpenVPN. The attack succeeds despite protection against sidechannel attacks using a constant-time multiplication primitive. We extract 96 % of a 4096-bit RSA private key from a single Prime+Probe trace and achieve full key recovery from only 11 traces within 5 minutes.
The attack even works across different Docker containers, because the Docker engine calls to the same SGX driver for both containers.
Docker containers share the same SGX driver
Timing: A cryptography side-channel attack needs a high resolution timer, something forbidden in SGX. Weiser and his collaborators combed Intel's specs, and settled on the inc and addinstructions, because these have “a latency of 1 cycle and a throughput of 0.25 cycles/instruction when executed with a register as an operand”.
To emulate the forbidden timer, the researchers used these x86 instructions:
mov &counter , %rcx
1: inc %rax
mov %rax , (%rex)
jmp lb
”Eviction set" generation: This step is designed to discover virtual addresses “that map to the same cache set”: we scan memory sequentially for an address pair in physical proximity that causes a row conflict. As SGX enclave memory is allocated in a contiguous way we can perform this scan on virtual addresses.”
With those two steps completed, Weiseret al worked out how to monitor vulnerable cache sets, looking for the characteristic signature of RSA key calculation.
This part of the attack has to happen offline – that is, separately to the cache monitoring that collects the data – because you end up with lots of data that has lots of noise in it (from timing errors, context switching, non-RSA-key activity in the victim's enclave, and CPU timing changes due to power management, and so on).
Key recovery comes in three steps. First, traces are preprocessed. Second, a partial key is extracted from each trace. Third, the partial keys are merged to recover the private key.
On an SGX-capable Lenovo ThinkPad T460s running Ubuntu 16.10, they found:
- With 340 trials, their malware was able to find a vulnerable cache set from the 2048 cache sets available;
- Capturing a trace from the vulnerable cache set took 72 seconds, on average;
- A single cache trace provided access to 96 per cent of a 4096-bit RSA key, and with 11 traces, the full RSA key is available.
Last edited:
you are speculating that this is how they did it.
fascinating all the same and good people figure this out so it can be hardened in the future. regardless whether we want our backups or not we need better computer security in this day and age.
i think they probably found something weaker and have been exploiting it. the drive specific nature of this leads me to believe they have a hack similar to the oppo sacd exploit on mediatek chipsets of a particular version
since we dont need sgx to do the ripping, as long as deuhd does not patch their own hardware and or software, the liklihood intel can close the hole mentioned in the whitepaper remains small. assuming that is how they are doing it.
the more likely scenario to stop this is that the movie studios will go after lawsuit and or attack their domain and or go after hosting companies who serve what is likely the keys needed for us to derypt and rip. those are the standard responses and i am surprised at this point it hasnt been done. in this case their presence in russia is probably good for customers
fascinating all the same and good people figure this out so it can be hardened in the future. regardless whether we want our backups or not we need better computer security in this day and age.
i think they probably found something weaker and have been exploiting it. the drive specific nature of this leads me to believe they have a hack similar to the oppo sacd exploit on mediatek chipsets of a particular version
since we dont need sgx to do the ripping, as long as deuhd does not patch their own hardware and or software, the liklihood intel can close the hole mentioned in the whitepaper remains small. assuming that is how they are doing it.
the more likely scenario to stop this is that the movie studios will go after lawsuit and or attack their domain and or go after hosting companies who serve what is likely the keys needed for us to derypt and rip. those are the standard responses and i am surprised at this point it hasnt been done. in this case their presence in russia is probably good for customers
- Joined
- Oct 22, 2005
- Messages
- 21,802
- Likes
- 3,787
Come on... You are kidding, aren't you?
happyguy82
Well-Known Member
- Joined
- Jan 18, 2017
- Messages
- 268
- Likes
- 24
Yeah my thoughts exactly. There must be an easier way.
Sent from my iPhone using Tapatalk Pro
manixx2020
Well-Known Member
- Joined
- Mar 22, 2009
- Messages
- 242
- Likes
- 21
They are flashing the drives as well, uninstall the full version & install the unpaid version the drives Still sees the UHD disc that were copied, still allows u to recopy, all the same disc the full version allowed.
There software tells the drives what to do,
& ofcourse imageburn sees the UHD as a bdr
Reboot PC that info is now gone from the drives lol
So the info the smart guys need do remain on your system/drive so James should be able to locate.
Last edited:
Tourist
Well-Known Member
- Joined
- Sep 21, 2016
- Messages
- 335
- Likes
- 51
Next version will have a great speed improvement: https://club.myce.com/t/arusoft-ult...ee-amazing-speed-improvement-next-week/399398
Balthazar2k4
Well-Known Member
- Joined
- Nov 26, 2013
- Messages
- 207
- Likes
- 90
Version 1.0.0.5 dropped today and speed is indeed well improved. Along with newly supported titles, I am ripping Wonder Woman in just over an hour versus the normal 5-6 or more. Very welcomed change. Now if they would just drop the two rips per day limit.
RedFox 1
Forum Admin
- Joined
- Jan 28, 2007
- Messages
- 19,532
- Likes
- 9,707
I read some your stuff at the other forum, you are really an expert on this.