[MPlayer-users] Re: how does mplayer circumvent region protected (RPC-2) DVD drives?

Jonas Jermann jjermann at gmx.net
Sat Oct 19 16:24:02 CEST 2002


On Sat, Oct 19, 2002 at 03:54:43PM +0200, Arpi wrote:
> [Automatic answer: RTFM (read DOCS, FAQ), also read DOCS/bugreports.html]
> Hi,
> 
> > Thing is that there are several phases of authentication. If I remember
> > correctly:
> > 
> > 1. Player authenticates with player key, gets disc key.
> > 2. Player unlocks ``hidden sectors'' with disc key. Hidden sectors
> > contain title keys for each title on DVD, and sometimes several sectors
> > of the VOB-s themselves.
> > 3. Player requests title key.
> > 4. Read, decrypt using title key and play.
> > 
> > For the reason beyond my knowledge region checks in RPC2 drives are
> > performed only in stage 3. mpdvdkit avoids them by not requesting the
> > key at all, it cracks the key using ,,known plaintext attack'' on VOB
> > contents.
> 
> not completely true.
> libdvdcss 1.x (used in mpdvdkit too - note again it isn't our work, mpdvdkit
> is libdvdcss+livdvdread+some patches together) first try to do the 'legal
> method', what you described (get disc key, then decrypt title key with disc
> key). but, if it fails, then it has 2 other methods:
> 2. crack the title key by knowing the decrypted VOB content (vob has very
> strict file format, so it can be predicted well). probably it's called
> ,,known plaintext attack'', i'm not a crypto expert. slow, and sometimes
> doesn't work.
> 3. crack the disc key, by building a 64MB (16M 32bit entries) hash table.
>  -> very very slow, but afaik always work.

Isn't the disc key methode performed before the title key 
methode?


Regards
    Jonas




More information about the MPlayer-users mailing list