atracdownload-with-keycalculation
please read this quite terse commented log together with the more detailed explanations of the commands at atracdownload-wiki
Log of the upload of a short track that is saved as DRM'ed OMA on the PC. Content ID: 010F50000004000000B792F6F9318C20FFF1AAD8 DES encryption key: 3E8AB6C3C32C35EB DES encryption IV: 4CAD6BD3BD7BBEE5 The encrypted music data is not reencrypted before transfer. 6.737139 => 00180008 0046f003 010380ff 8.101696 <= 09180008 0046f003 01038000 80 -> Start NetMD session 8.117905 => 00180008 0046f003 010311ff 8.180608 <= 09180008 0046f003 01031100 01000009 c7160000 11 -> Get leaf ID -> 01000009c7160000 8.193922 => 00180008 0046f003 010312ff 00380000 00380000 00010000 00090001 000a0000 00002545 064deaca 14f996bd c8a406c2 2b816886 9089b724 181ee860 041d2eb3 fddbe74c 7ccdb1e3 06c0 8.242539 <= 09180008 0046f003 01031201 00380000 0038 12 -> Transfer EKB (EKB 0001000a; root key 7F38BCB0A80795C134F9DCAA8CE415B8 known) 8.470557 => 00180008 0046f003 010320ff 000000eb 03ac802b 632d98 8.539199 <= 09180008 0046f003 01032000 00000023 a360239f 2d445a 20 -> Nonce exchange. Catenated nonces: eb03ac802b632d9823a360239f2d445a Generate key (using "Retail MAC") from that: `echo eb03ac802b632d9823a360239f2d445a | xxd -r -p | openssl enc -des-cbc -K 7F38BCB0A80795C1 -iv 0 -nopad | tail -c 8 | openssl enc -d -des -K 34F9DCAA8CE415B8 -iv 0 -nopad |openssl enc -des-cbc -K 7F38BCB0A80795C1 -iv 0 -nopad |xxd -p | tr [a-z] [A-Z]` D1260009CE8B3EEB 8.584921 => 00180008 0046f003 010322ff 0000b71b abc29aee f9d21e7e a1f1e191 9f44e6c8 18ef0994 c910df57 4c4bc96d 7d31 8.632089 <= 09180008 0046f003 01032200 0000 22 -> Transfer content ID & encryption key Decrypting that stuff: `echo b71babc29aeef9d21e7ea1f1e1919f44e6c818ef0994c910df574c4bc96d7d31 | xxd -r -p | openssl enc -d -nopad -des-cbc -K D1260009CE8B3EEB -iv 0 | xxd -p | tr [a-z] [A-Z]` magic -> 01010101 content ID -> 010F50000004000000B792F6F9318C20FFF1AAD8 DES key encryption key -> 3E8AB6C3C32C35EB 8.645355 <= 00180008 0046f003 010328ff 00010010 01ffff00 94020000 00ac0000 8148 10.883583 => 0f180008 0046f003 01032800 00010010 01000400 94020000 00ac0000 8148 28 -> Do download 9402 -> LP2; 000000ac frames; 00008148 bytes in packet stream 10.941276 BULK=> 00000000 00003f00 cfce9591 d055b35b e784ba61 e5797640 4cad6bd3 bd7bbee5 first 8 bytes: length next 8 bytes: DES block key `echo cfce9591 d055b35b | xxd -r -p | openssl enc -nopad -des-cbc -K 3E8AB6C3C32C35EB -iv 0 | xxd -p` 3e8ab6c3c32c35eb (equals KEK here) third 8 bytes: IV from OMG file encrypted content follows. `echo 4cad6bd3bd7bbee5 | xxd -r -p | openssl enc -d -nopad -des-cbc -K 3E8AB6C3C32C35EB -iv e784ba61e5797640 | xxd -p` a15646328329c1a6 - this is correct. [...] 11.243738 BULK=> [...] 20f8d28b 14c4cb9a 00000000 00003f00 cfce9591 d055b35b 20f8d28b 14c4cb9a e86161b1 a8d840c2 e18df0d8 fc5edfd2 Block transition shown here, starting with the encrypted last 8 bytes from the previous block. No footer present. Next block starts with 64 bit length, encrypted block key and IV. As this is stream-cbc, the IV for the next block is just the last encrypted 8 bytes from the previous block. [...] 14.570476 <= 09180008 0046f003 01032800 00010010 01000400 94020000 00ac0000 814845f8 50f15fad 0546bb6c 3a7a9bde cdbcb7ca 031b0bc9 0685f29e 550676fe f5d6 final reply, includes an encrypted status info: `echo 45f850f15fad0546bb6c3a7a9bdecdbcb7ca031b0bc90685f29e550676fef5d6 | xxd -r -p | openssl enc -d -nopad -des-cbc -K D1260009CE8B3EEB -iv 0 | xxd -p | tr [a-z] [A-Z]` 88318AACF80DF7FB - Track UUID/MAC 01010101 - padding? Has also been observed as 00000000 on a different device 010F50000004000000B792F6F9318C20FFF1AAD8 14.585337 => 00180810 18020300 14.617410 <= 09180810 18020300 Start titling 14.628425 => 00180702 20180200 0430000a 00500000 04000000 00746164 61 14.710323 <= 09180702 20180200 0430000a 00500000 04000000 00 Set title "tada" 14.723417 => 00180810 18020000 14.758251 <= 09180810 18020000 End titling 15.213829 => 00180008 0046f003 010348ff 00100100 04726a2e 3f11b8c7 16 23.007058 <= 09180008 0046f003 01034800 00100100 04 48 -> Commit track 4. Last 8 bytes are authorization: `echo 0000000000000000 | xxd -r -p | openssl enc -des -nopad -K D1260009CE8B3EEB -iv 0 | xxd -p | tr [a-z] [A-Z]` 726A2E3F11B8C716 23.017410 <= 00180008 0046f003 010321ff 000000 23.055991 => 09180008 0046f003 01032100 000000 21 -> Forget key 23.417116 <= 00180008 0046f003 010381ff 23.477526 => 09180008 0046f003 01038100 81 -> Terminate session
atracdownload-with-keycalculation.txt · Last modified: 2010/06/10 19:42 by megadiscman