himddiskformat

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
himddiskformat [2009/09/30 16:37] – Expanded Codec specific info with data from the ffmpeg oma demuxer (oma files also have this 3-byte-filed) megadiscmanhimddiskformat [2012/01/05 22:55] (current) – Mention that tracks with variable MPEG version and variable MPEG layer can't be played back megadiscman
Line 138: Line 138:
 ==== The file mclist0X.hma ==== ==== The file mclist0X.hma ====
  
-The filename "mclist01.hma" obviuosly derives from "MAClist" which is the name of one of the modules in OpenMG. MAC here stands for "Message authentication code" (see [[http://en.wikipedia.org/wiki/Message_authentication_code]]).+The filename "mclist01.hma" obviuosly derives from "MAClist" which is the name of one of the modules in OpenMG. MAC here stands for "Message authentication code" (see [[http://en.wikipedia.org/wiki/Message_authentication_code]]). In this case, the DRM license info of each track is considered a message, and the authenticity of these messages is confirmed by adding a 8-byte field to the track information. The MAC list contains all the MAC values of the different tracks and a master MAC that ties these together into one bundle. 
 +Furthermore, the MAC list contains a header that ties the MAC list to a specific "generation" of a specific medium. The generation is increased every time the DRM info changes. 
 +The final authentication is done by combining checksums of the medium-specific and the track-specific parts into a master "integrity check value" (ICV) which is stored outside of the FAT file system and only accessible using authenticated and encrypted SCSI commands.
  
-The contents of "mclist01.hma" are mostly zero, the non-zero part looks like this:+The contents of "mclist01.hma" are mostly zero until DRM protected tracks are uploaded, the non-zero part looks like this:
  
 <code> <code>
Line 152: Line 154:
 </code> </code>
  
-It contains information for the DRM system Sony employs (mostly for the ATRAC encoded tracks)Most notablyit contains a copy of the disc ID (a master key to derive further encryption keys) which is stored at offset 40h in this fileProbably this field is used to tie the file system image to a specific mediumAs the disc ID even changes if the medium formatted, a file system image only works until reformatting the medium and only on this medium.+The MAC list file is divided into three parts. The first 16 bytes are the file header, the next 80 bytes are for disc authentication and the remaining part is for track authentication. Both authentication parts start with an encrypted 3DES key used for authentication, followed by the data to authenticateTo decrypt the authentication key, a master key needs to be used. In the Sony DRM system, these master keys are stored in EKBs, in encrypted formThe disc authentication header contains an indication which EKB (that also means which master key) to use. 
 + 
 +<code> 
 +0000 BYTES  magic signature "MLST" 
 +0004 DWORD  unknown purpose 
 +0008 BYTES  8 unknown bytes, always zero, maybe padding. 
 + 
 +0010 BYTES  16 bytes encrypted 3DES key for authenticating the first MAC list part 
 +0020 DWORD  Generation number of the DRM info 
 +0024 BYTES  20 unknown bytes, always zero, maybe padding 
 +0038 DWORD  ID of the EKB used for decrypting the authentication keys 
 +003C DWORD  4 unknown bytesalways zero, maybe padding 
 +0040 BYTES  16 bytes disc ID. This is copy of the real disc ID stored outside of the file system 
 +0050 BYTES  16 unknown bytes, always zero, maybe padding 
 + 
 +0060 BYTES  16 bytes encrypted 3DES key for authenticating the second MAC list part 
 +0070 BYTES  4000 * 8 bytes MAC values of tracks. Intersting count, as Hi-MD only has 2048 tracks. 
 +</code>
  
-The fields at offset 10h and 60h are presumably encryption keys for 3DES. It's not yet confirmed, whether those are the keys in cleartext or those are the keys in an encrypted form themselves. 
  
 ==== The file 00010012.hma ==== ==== The file 00010012.hma ====
Line 160: Line 178:
 This file contains the "EKB", the enabling key block #00010012. This is the standard key block for HiMD audio. It's the string "EKB" followed by 29 null bytes (making a 32 byte header), and then the contents of the EKB that is also provided in OpenMG as 00010012-umd.EKB. It should never change, but if encrypted payware audio with other EKBs are uploaded, further all-numeric .hma files might appear. This file contains the "EKB", the enabling key block #00010012. This is the standard key block for HiMD audio. It's the string "EKB" followed by 29 null bytes (making a 32 byte header), and then the contents of the EKB that is also provided in OpenMG as 00010012-umd.EKB. It should never change, but if encrypted payware audio with other EKBs are uploaded, further all-numeric .hma files might appear.
  
-==== The Audio-Data File ====+==== The Audio Data File ====
  
-The audio-data file contains the raw audio-data.+The audio data file contains the raw audio data.
  
 It is divided into 16k blocks of the following layout It is divided into 16k blocks of the following layout
  
 <code> <code>
-0000 DWORD  Block Type ("LPCM"/"A3D "/"SMPA"+0000 DWORD  Block Type ("LPCM" for PCM,"A3D " for ATRAC3, "ATX " for ATRAC3+, "SMPA" for MPEG
-0004 WORD   Number of frames (audio blocks only, zero for completely filled Atrac/PCM blocks)+0004 WORD   Number of frames (MP3 blocks only, PCM/Atrac blocks have fixed size)
 0006 WORD   "MCode" 0006 WORD   "MCode"
-0008 WORD   Data size in bytes (for MP3)+0008 WORD   Data size in bytes (MP3 blocks only)
 000A WORD   Reserved 000A WORD   Reserved
 000C DWORD  Serial number of block in stream 000C DWORD  Serial number of block in stream
-0010 BYTES  8 bytes "block seed +0010 BYTES  PCM/Atrac: Encrypted DES key for the audio data 
-0018 BYTES  8 bytes initialization vector+0018 BYTES  PCM/Atrac: DES CBC initialization vector for the audio data
  
-0020 BYTES  up to 3FC0 of encrypted audio data+0020 BYTES  up to 3FC0 of encrypted audio data (ATRAC never uses all 3FC0 bytes)
  
-3FE0 BYTES  8 bytes backup of "block seed"+3FE0 BYTES  Backup of encrypted key (offset 0010)
 3FE8 BYTES  8 bytes reserved 3FE8 BYTES  8 bytes reserved
 3FF0 DWORD  backup of Block Type 3FF0 DWORD  backup of Block Type
 3FF4 WORD   reserved 3FF4 WORD   reserved
 3FF6 WORD   backup of "MCode" 3FF6 WORD   backup of "MCode"
-3FF8 DWORD  "Content ID"+3FF8 DWORD  low order 32 bits of the Content ID
 3FFC DWORD  backup of serial number 3FFC DWORD  backup of serial number
 </code> </code>
  
-In case of MP3-audio, the data is XOR encrypted. The key for encryption is created from the DiscID which read/written using special SCSI-commands.+In case of MP3 audio, the data is XOR encrypted. The key for encryption is created from the DiscID which read/written using special SCSI commands. In case of ATRAC/PCM audio, the data is DES CBC encrypted. See below for more info on encryption. 
 +Each audio block contains only complete frames. The space in the audio block after the last complete frame is unused - which is especially wasteful for 352kbit/s ATRAC3+, as the frame size is exactly 2K, so 1984 bytes per frame are ignored, i.e. 12% of the block size.
  
 ==== The _MDHIFI.HMA File ==== ==== The _MDHIFI.HMA File ====
Line 272: Line 291:
 <code> <code>
 0000 DWORD   - date of recording (FAT format, 16 bit date, 16 bit time of day) 0000 DWORD   - date of recording (FAT format, 16 bit date, 16 bit time of day)
-0004 DWORD   "EkbVersion" (Mac MP3: 0, Mac WAV: 10012; upload requirement: == 10012)+0004 DWORD   "EkbVersion" (Mac MP3: 0, Mac WAV: 10012; upload requirement: == 10012)
 0008 WORD    - Title (string number) 0008 WORD    - Title (string number)
 000A WORD    - Artist (string number) 000A WORD    - Artist (string number)
Line 278: Line 297:
 000E BYTE    - Track number (within Album, not on MD) 000E BYTE    - Track number (within Album, not on MD)
 000F BYTE    - "Mode" 000F BYTE    - "Mode"
-0010 8 BYTES MgrCK (upload requirement: completely zero)+0010 8 BYTES MgrCK (upload requirement: completely zero)
 0018 8 BYTES   CMac 0018 8 BYTES   CMac
-0020 BYTE    CodecId (see below) +0020 BYTE    CodecId (see below) 
-0021 3 BYTES Codec specific info +0021 3 BYTES Codec specific info 
-0024 WORD    Part Number (index into Parts Info Table) +0024 WORD    Part Number (index into Parts Info Table) 
-0026 WORD    Track Number +0026 WORD    Track Number 
-0028 WORD    Total time (units of seconds) +0028 WORD    Total time (units of seconds) 
-002A BYTE    "Lt" (Mac MP3: 10, Mac WAV: 1; upload requirement: == 1) +002A BYTE    "Lt" (Mac MP3: 10, Mac WAV: 1; upload requirement: == 1) 
-002B BYTE    "Dest" (upload requirement: == 1)+002B BYTE    "Dest" (upload requirement: == 1)
 002C WORD    + More codec specific info 002C WORD    + More codec specific info
 002E WORD    + reserved 002E WORD    + reserved
 0030 20 BYTE + Content ID (for Mac Transferred Data: 02 03 00 00 + 16 random bytes) 0030 20 BYTE + Content ID (for Mac Transferred Data: 02 03 00 00 + 16 random bytes)
-0044 DWORD   + Start time (FAT format) +0044 DWORD   + Start of playback license validity (FAT format, or 0 for no restriction
-0048 DWORD   + End time (FAT format)+0048 DWORD   + End of playback license validity (FAT format, or 0 for no restriction)
 004C BYTE    + "Xcc" (Mac MP3/WAV: 01; upload requirement: == 03 || == 07) 004C BYTE    + "Xcc" (Mac MP3/WAV: 01; upload requirement: == 03 || == 07)
-004D BYTE    "Ct"  +004D BYTE    "Ct"  
-004E BYTE    "Cc" (Mac MP3: 40, Mac WAV: 44; upload requirement: == 08 || == 48)+004E BYTE    "Cc" (Mac MP3: 40, Mac WAV: 44; upload requirement: == 08 || == 48)
 004F BYTE    + "Cn" (Mac MP3: 00, Mac WAV: 3) 004F BYTE    + "Cn" (Mac MP3: 00, Mac WAV: 3)
 </code> </code>
  
-The +/-/means: "+" this field influences the MAC. "-" this field does not influence the MAC. "?we don't know yet.+The +/-/means: "+" this field is included in MAC calculation. "-" this field does not influence the MAC. "!this field controls the MAC calculation
  
 "upload requirement" means that the HiMD Transfer Tool for Mac checks the given condition before allowing an upload of a track to the PC. These checks are independent from the track format. "Mac MP3"/"Mac WAV" means that these values are set by the HiMD transfer tool if downloading that type of music. Probably the fields annotated that way are involved in copy controlling. The first entry in the track info table is a dummy entry that contains the number of the first free track in its Track number field. All free entries are chained using that field. "upload requirement" means that the HiMD Transfer Tool for Mac checks the given condition before allowing an upload of a track to the PC. These checks are independent from the track format. "Mac MP3"/"Mac WAV" means that these values are set by the HiMD transfer tool if downloading that type of music. Probably the fields annotated that way are involved in copy controlling. The first entry in the track info table is a dummy entry that contains the number of the first free track in its Track number field. All free entries are chained using that field.
Line 310: Line 329:
   * 0021 Bit 1: Set for joint stereo (LP4)   * 0021 Bit 1: Set for joint stereo (LP4)
   * 0022 Bit 7-5: Sample rate   * 0022 Bit 7-5: Sample rate
-  ** 00: 32kHz +    * 00: 32kHz 
-  ** 20: 44.1kHz +    * 20: 44.1kHz 
-  ** 40: 48kHz +    * 40: 48kHz 
-  ** 60: 88.2kHz +    * 60: 88.2kHz 
-  ** 80: 96kHz+    * 80: 96kHz
   * 0023 Bit 5-0: Frame size in 8 bytes units   * 0023 Bit 5-0: Frame size in 8 bytes units
-  ** 18: (Frame size 192 bytes) 66 kbit/s (LP4) +    * 18: (Frame size 192 bytes) 66 kbit/s (LP4) 
-  ** 26: (Frame size 304 bytes) 105 kbit/s +    * 26: (Frame size 304 bytes) 105 kbit/s 
-  ** 30: (Frame size 384 bytes) 132 kbit/s (LP2)+    * 30: (Frame size 384 bytes) 132 kbit/s (LP2)
  
 == Codec specific info for ATRAC3+ == == Codec specific info for ATRAC3+ ==
   * 0022 Bit 7-5: Sample rate (like ATRAC3)   * 0022 Bit 7-5: Sample rate (like ATRAC3)
-  ** 00: 32kHz +    * 00: 32kHz 
-  ** 20: 44.1kHz +    * 20: 44.1kHz 
-  ** 40: 48kHz +    * 40: 48kHz 
-  ** 60: 88.2kHz +    * 60: 88.2kHz 
-  ** 80: 96kHz+    * 80: 96kHz
   * 0022 Bit 4-2: Number of Channels   * 0022 Bit 4-2: Number of Channels
-  ** 04: Mono +    * 04: Mono 
-  ** 08: Stereo+    * 08: Stereo
   * 0023 Frame size in 8 bytes units (-1)   * 0023 Frame size in 8 bytes units (-1)
-  ** 17: (Frame size 192 bytes) 32 kbit/s +    * 17: (Frame size 192 bytes) 32 kbit/s 
-  ** 22: (Frame size 280 bytes) 48 kbit/s +    * 22: (Frame size 280 bytes) 48 kbit/s 
-  ** 2E: (Frame size 376 bytes) 64 kbit/s (Hi-LP) +    * 2E: (Frame size 376 bytes) 64 kbit/s (Hi-LP) 
-  ** 8B: (Frame size 1120 bytes) 192 kbit/s +    * 8B: (Frame size 1120 bytes) 192 kbit/s 
-  ** B9: (Frame size 1488 bytes) 256 kbit/s (Hi-SP) +    * B9: (Frame size 1488 bytes) 256 kbit/s (Hi-SP) 
-  ** FF: (Frame size 2048 bytes) 352 kbit/s+    * FF: (Frame size 2048 bytes) 352 kbit/s
  
 == Codec specific info for MPEG == == Codec specific info for MPEG ==
Line 342: Line 361:
   * 0022 unused, zero   * 0022 unused, zero
   * 0023 bit field   * 0023 bit field
-  ** 80: Always set +    * 80: Always set 
-  ** 40: Variable MPEG version +    * 40: Variable MPEG version (tracks with this bit set cause "cannot play") 
-  ** 20: Variable MPEG Layer +    * 20: Variable MPEG Layer (tracks with this bit set cause "cannot play") 
-  ** 10: Variable bitrate +    * 10: Variable bitrate 
-  ** 08: Variable sample rate +    * 08: Variable sample rate 
-  ** 04: Variable channel mode (Joint stereo/split stereo) +    * 04: Variable channel mode (Joint stereo/split stereo) 
-  ** 02: Variable preemphasis +    * 02: Variable preemphasis 
-  ** 01: Always cleared+    * 01: Always cleared
   * 002C: Bit field:   * 002C: Bit field:
-  ** C0: MPEG version (C0 = MPEG1, 80 = MPEG2, 00 = MPEG2.5, as in MPEG spec) +    * C0: MPEG version (C0 = MPEG1, 80 = MPEG2, 00 = MPEG2.5, as in MPEG spec) 
-  ** 30: MPEG layer (encoded as in MPEG stream) +    * 30: MPEG layer (encoded as in MPEG stream) 
-  ** 0F: Bitrate number (see MPEG spec)+    * 0F: Bitrate number (see MPEG spec)
   * 002D: Bit field:   * 002D: Bit field:
-  ** C0: Sample rate from header (see MPEG spec) +    * C0: Sample rate from header (see MPEG spec) 
-  ** 30: Channel mode (00 = split stereo; 10 = joint stereo; 20 = 2*mono; 30 = mono) +    * 30: Channel mode (00 = split stereo; 10 = joint stereo; 20 = 2*mono; 30 = mono) 
-  ** 0C: Preemphasis (see MPEG spec) +    * 0C: Preemphasis (see MPEG spec) 
-  ** 02, 01: always cleared.+    * 02, 01: always cleared.
  
 === The Part Info Table === === The Part Info Table ===
Line 595: Line 614:
 {{:himd_encryption.png|Encryption scheme of ATRAC and PCM tracks}} {{:himd_encryption.png|Encryption scheme of ATRAC and PCM tracks}}
  
-Red boxes indicate data stored on HiMD, Black boxes indicate "black boxes" - Operations we don't know how they work. For so called "weakly encrypted tracks" the Track key is 0000000000000000, the EKB ID is 00010012 and the fragment keys are 0000000000000000. This information fixes all input parameters to the Track Key Decryption black boxThe output of that black box is known from analyzing the Mac software - it is F2266C6464C0D65C.+Red boxes indicate data stored on HiMD, Black boxes indicate "black boxes" - Operations we don't know how they work. For so called "weakly encrypted tracks" the Track key is 0000000000000000, the EKB ID is 00010012 and the fragment keys are 0000000000000000. This information fixes all input parameters to the Key encryption KeyThis value is nearly known from analyzing the Mac software - it is F2266C6464C0D65C. As it is used as an DES key, the low bits of each bytes are unknown.
  
 ==== Fragment keys ==== ==== Fragment keys ====
himddiskformat.1254328659.txt.gz · Last modified: 2009/09/30 16:37 by megadiscman

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki