User Tools

Site Tools


atracdownload-with-keycalculation

please read this quite terse commented log together with the more detailed explanations of the commands at atracdownload-wiki

Log of the upload of a short track that is saved as DRM'ed OMA on the PC.

Content ID: 010F50000004000000B792F6F9318C20FFF1AAD8
DES encryption key: 3E8AB6C3C32C35EB
DES encryption IV: 4CAD6BD3BD7BBEE5
The encrypted music data is not reencrypted before transfer.

 6.737139 => 00180008 0046f003 010380ff
 8.101696 <= 09180008 0046f003 01038000
80 -> Start NetMD session

 8.117905 => 00180008 0046f003 010311ff
 8.180608 <= 09180008 0046f003 01031100 01000009 c7160000
11 -> Get leaf ID -> 01000009c7160000

 8.193922 => 00180008 0046f003 010312ff 00380000 
             00380000 00010000 00090001 000a0000
             00002545 064deaca 14f996bd c8a406c2
             2b816886 9089b724 181ee860 041d2eb3
             fddbe74c 7ccdb1e3 06c0
 8.242539 <= 09180008 0046f003 01031201 00380000 0038
12 -> Transfer EKB (EKB 0001000a; 
      root key 7F38BCB0A80795C134F9DCAA8CE415B8 known)

 8.470557 => 00180008 0046f003 010320ff 000000eb
             03ac802b 632d98
 8.539199 <= 09180008 0046f003 01032000 00000023
             a360239f 2d445a
20 -> Nonce exchange. Catenated nonces: eb03ac802b632d9823a360239f2d445a
      Generate key (using "Retail MAC") from that:
      `echo eb03ac802b632d9823a360239f2d445a | xxd -r -p | openssl enc -des-cbc -K 7F38BCB0A80795C1 -iv 0 -nopad | tail -c 8 | openssl enc -d -des -K 34F9DCAA8CE415B8 -iv 0 -nopad |openssl enc -des-cbc -K 7F38BCB0A80795C1 -iv 0 -nopad |xxd -p | tr [a-z] [A-Z]`
      D1260009CE8B3EEB

 8.584921 => 00180008 0046f003 010322ff 0000b71b
             abc29aee f9d21e7e a1f1e191 9f44e6c8
             18ef0994 c910df57 4c4bc96d 7d31
 8.632089 <= 09180008 0046f003 01032200 0000
22 -> Transfer content ID & encryption key
      Decrypting that stuff:
      `echo b71babc29aeef9d21e7ea1f1e1919f44e6c818ef0994c910df574c4bc96d7d31 | xxd -r -p | openssl enc -d -nopad -des-cbc -K D1260009CE8B3EEB -iv 0 | xxd -p | tr [a-z] [A-Z]`
      magic -> 01010101
      content ID -> 010F50000004000000B792F6F9318C20FFF1AAD8
      DES key encryption key -> 3E8AB6C3C32C35EB


 8.645355 <= 00180008 0046f003 010328ff 00010010
             01ffff00 94020000 00ac0000 8148
10.883583 => 0f180008 0046f003 01032800 00010010
             01000400 94020000 00ac0000 8148
28 -> Do download
      9402 -> LP2; 000000ac frames; 00008148 bytes in packet stream

10.941276 BULK=> 00000000 00003f00 cfce9591 d055b35b
                 e784ba61 e5797640 4cad6bd3 bd7bbee5
first 8 bytes: length
next 8 bytes: DES block key
  `echo cfce9591 d055b35b | xxd -r -p | openssl enc -nopad -des-cbc -K 3E8AB6C3C32C35EB -iv 0 | xxd -p`
  3e8ab6c3c32c35eb (equals KEK here)
third 8 bytes: IV from OMG file
encrypted content follows.
  `echo 4cad6bd3bd7bbee5 | xxd -r -p | openssl enc -d -nopad -des-cbc -K 3E8AB6C3C32C35EB -iv e784ba61e5797640 | xxd -p`
  a15646328329c1a6 - this is correct.

[...]
11.243738 BULK=> [...] 
                 20f8d28b 14c4cb9a 00000000 00003f00
                 cfce9591 d055b35b 20f8d28b 14c4cb9a
                 e86161b1 a8d840c2 e18df0d8 fc5edfd2
Block transition shown here, starting with the encrypted last 8 bytes from the
previous block. No footer present. Next block starts with 64 bit length,
encrypted block key and IV. As this is stream-cbc, the IV for the next block
is just the last encrypted 8 bytes from the previous block.
[...]
14.570476 <= 09180008 0046f003 01032800 00010010
             01000400 94020000 00ac0000 814845f8
             50f15fad 0546bb6c 3a7a9bde cdbcb7ca
             031b0bc9 0685f29e 550676fe f5d6
final reply, includes an encrypted status info:
    `echo 45f850f15fad0546bb6c3a7a9bdecdbcb7ca031b0bc90685f29e550676fef5d6 | xxd -r -p | openssl enc -d -nopad -des-cbc -K D1260009CE8B3EEB -iv 0 | xxd -p | tr [a-z] [A-Z]`
     88318AACF80DF7FB - Track UUID/MAC
     01010101         - padding? Has also been observed as 00000000 on a different device
     010F50000004000000B792F6F9318C20FFF1AAD8

14.585337 => 00180810 18020300
14.617410 <= 09180810 18020300
Start titling

14.628425 => 00180702 20180200 0430000a 00500000 
             04000000 00746164 61
14.710323 <= 09180702 20180200 0430000a 00500000
             04000000 00
Set title "tada"

14.723417 => 00180810 18020000
14.758251 <= 09180810 18020000
End titling

15.213829 => 00180008 0046f003 010348ff 00100100 
             04726a2e 3f11b8c7 16
23.007058 <= 09180008 0046f003 01034800 00100100
             04
48 -> Commit track 4. Last 8 bytes are authorization:
    `echo 0000000000000000 | xxd -r -p | openssl enc -des -nopad -K D1260009CE8B3EEB -iv 0 | xxd -p | tr [a-z] [A-Z]`
    726A2E3F11B8C716


23.017410 <= 00180008 0046f003 010321ff 000000
23.055991 => 09180008 0046f003 01032100 000000
21 -> Forget key


23.417116 <= 00180008 0046f003 010381ff
23.477526 => 09180008 0046f003 01038100
81 -> Terminate session
atracdownload-with-keycalculation.txt · Last modified: 2010/06/10 19:42 by megadiscman

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki