Differences

This shows you the differences between two versions of the page.

--- netmdocm [2010/06/08 06:28] – add info to netmd(0) megadiscman
+++ netmdocm [2024/05/21 14:50] (current) – nopsled
@@ Line 166: / Line 166: @@
 ASN.1 Sequence with a data structure that is setup and manipulated by functions called through DICT 187 (these functions are in DICT 188).
 80
 02 03E9
 14 43EA428F71EE7B665D10752E85AB16E5A50C6249 ; MAC
 14 638163B82C4E31810FBEE01B2E7FC25B879586E3 ; Enc(CKEY) ? Offset 0x1E according to Jan (// key is at offset 0x1E! (OMGDecrypter.cpp)
+80 02 01 6B ; 17 (some time stamp)
-80 02 01 6B ; 17 (some time stamp)
+04 48C2298F
-04 48C2298F
+01 07 ; 7 == creation time of structure
-01 07 ; 7 == creation time of structure
+04 48C2298F
-04 48C2298F
+01 6D ; 109
-01 6D ; 109
+01 00
-01 00
+01 65 ; 101
-01 65 ; 101
+14 C04B513EDE54342D709D0CB8621E646FDDCB345E
-14 C04B513EDE54342D709D0CB8621E646FDDCB345E
+01 00 ; 0 == scrambled form of the maclist id == SalOmgId
-01 00 ; 0 == scrambled form of the maclist id == SalOmgId
+14 010F50000004000000EFF3C3244C602635178457
-14 010F50000004000000EFF3C3244C602635178457
+01 68 ; 104
-01 68 ; 104
+02 1FD7
-02 1FD7
+01 06 ; 6 == source name
-01 06 ; 6 == source name
+15 72617720636F6E74656E7420696D706F7274696E67
-15 72617720636F6E74656E7420696D706F7274696E67
+                     r a w   c o n t e n t   i m p o r t i n g
-                   r a w   c o n t e n t   i m p o r t i n g
+01 67 ; 103 == flags?
-01 67 ; 103 == flags?
+01 02
-01 02
+01 01 ; 1 == max checkout?
-01 01 ; 1 == max checkout?
+01 03
-01 03
+01 08 ; 8 == checkout count?
-01 08 ; 8 == checkout count?
+01 03
-01 03
+01 05 ; 5 == flags (1|2|4)
-01 05 ; 5 == flags (1|2|4)
+01 04
-01 04
+; End array
-; End array
+80 0000 ; Empty array
-80 0000 ; Empty array
+; End array
-; End array
 ===== maclist1.dat =====
@@ Line 203: / Line 202: @@
 unsigned char maclist1_dat[72] =
 {
-x4D, 0x41, 0x43, 0x4C, 0x49, 0x53, 0x54, 0x00, 0x01, 0x0F, 0x50, 0x00, 0x00, 0x04, 0x00, 0x00,
+    <0x4D, 0x41, 0x43, 0x4C, 0x49, 0x53, 0x54, 0x00>,
-x00, 0x00, 0x00, 0xC3, 0x24, 0x4C, 0x60, 0x26, 0x02, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00,
+    salomgid <0x01, 0x0F, 0x50, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC3, 0x24, 0x4C, 0x60, 0x26>,
-x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00,
+    <0x02>,
-x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x03, 0x00, 0x00, 0x00,
+    number-of-mac-ops <0x00, 0x00, 0x00, 0x03>,
-x02, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
+    number-of-macs <0x00, 0x00, 0x00, 0x00>,
+    macs-data <0x00, 0x00, 0x00, 0x00>,
+    extension-type <0x00, 0x00, 0x00, 0x00>,
+    extension-size <0x00, 0x00, 0x00, 0x18>,
+    leaf-id <0x00, 0x00, 0x00, 0x02, 0x00, 0x00>, status-code <0x00, 0x01>,
+    leaf-id <0x00, 0x00, 0x00, 0x01, 0x00, 0x01>, status-code <0x00, 0x03>,
+    leaf-id <0x00, 0x00, 0x00, 0x02, 0x00, 0x01>, status-code <0x00, 0x01>,
+    <0x00, 0x00, 0x00>,
 } ;
-There is a 40-byte header (MACLIST\0, followed by 4 DWORDs with unknown meaning, followed by (DWORD)2, followed by the number of operations done on the maclist (in this case 3), followed by the number of MACs (here: 0), followed by 0 (unknown field).  Then come the 8-byte macs, but in this case there are none.  Then follow extensions, which have this structure: a DWORD with the type of the extension, and a DWORD with the length (excluding this 8 byte extension header).  In this case, there is only an extension of type 0 which contains 0x18 bytes.  The extension 0 maps ekb device/leaf IDs to status codes in a yet to be determined manner, in this case: 0x00000002 -> 1, 0x00010001 -> 3, 0x00010002 -> 1.
+There is a 40-byte header (MACLIST\0, followed by 16 bytes of the  SalOmgID (omg_id.dat), followed by (DWORD)2, followed by the number of operations done on the maclist (in this case 3), followed by the number of MACs (here: 0), followed by 0 (unknown field).  Then come the 8-byte macs, but in this case there are none.  Then follow extensions, which have this structure: a DWORD with the type of the extension, and a DWORD with the length (excluding this 8 byte extension header).  In this case, there is only an extension of type 0 which contains 0x18 bytes.  The extension 0 maps ekb device/leaf IDs to status codes in a yet to be determined manner, in this case: 0x00000002 -> 1, 0x00010001 -> 3, 0x00010002 -> 1.
 ===== maclist2.dat =====
@@ Line 906: / Line 912: @@
 ===== maclist(1) =====
-/*
+XOR the SalOmgId with a constant key, expand that to a symmetric key and apply to the SHA-1 hash of MACLIST.  Compare the result with param3 and return 1 if they are equal.  In other words, param3 is a complicated hash of the MACLIST.
-Procedure prototype:
- maclist(01)
-Input:
-SalNonConstPointer const &,
-SalPointer const &,
-SalOmgId const &,
-long,
-SalExtrinsicsProg const &
-Output:
-long
-*/
 ===== Sample input: =====
@@ Line 948: / Line 938: @@
 } ;
-XOR the SalOmgId with a constant key, expand that to a symmetric key and apply to the SHA-1 hash of MACLIST.  Compare the result with param3 and return 1 if they are equal.  In other words, param3 is a complicated hash of the MACLIST.
 ===== maclist(8) =====
@@ Line 956: / Line 944: @@
 In other words, this extracts the 0-extension of a MACLIST and an encrypted hash of that.
+See pcmaclist(6)
 /*
@@ Line 1104: / Line 1094: @@
 ===== querycif(09) - Get KEK encrypted content key =====
-/*
-Procedure prototype:
- querycif(09)
-Input:
-SalPointer const &,
-SalPointer const &,
-long,
-long,
-SalPointer const &,
-SalOmgId const &,
-SalPointer const &,
-long,
-SalExtrinsicsProg const &,
-Output:
-SalAsnSeqBegin,
-long &,
-OmgString &
-querycif(09)
-Process File, SalOmgId, param3, long (3), long (3), Ekb capability table, 00010001_EKB -> Enc(CKEY, KEK)
-*/
-unsigned char param3[24] =
-{
-x46, 0x73, 0xE4, 0x89, 0x6A, 0xA9, 0x0B, 0x96, 0x69, 0x43, 0xAA, 0x39, 0x99, 0xE2, 0x08, 0xC4,
-xF8, 0xCA, 0x19, 0x2E, 0x38, 0xE2, 0x3E, 0x4C,
-} ;
-unsigned char param6_EkbCapabilityTable[24] =
-{
-x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x03, 0x00, 0x00, 0x00,
-x02, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
-} ;
-/* Return value. TODO: double check */
-unsigned char return_value[11] =
-{
-x30, 0x80, 0x02, 0x01, 0x00, 0x04, 0x08, 0x82, 0x19, 0x23, 0xFD,
-} ;
 <code>
@@ Line 1204: / Line 1146: @@
-function GetKekEncCKEY(blob_t OpfImage (arg_2), blob_t EkbCapTableBody (arg_3))
-{
-	Array ProcessFile[5];
-	dict[4] = EkbCapTableBody;
-	ProcessFile = decode_asn1(opf_image);
-	dict[3] = OpfImage;
-	//
-	// Calculate HMAC for the opf[3] usage information. Check if it matches with the HMAC value in opf[1]
-        //
-        // ProcessFile[1]:  HMAC(opf[3], saldec(opf[2]))
-	blob_t dec_pf2 = devicesal_220_decrypt_hook_249(ProcessFile[2],  EkbCapTableBody);
-	blob_t serialized_opf3 = BCSerialize(ProcessFile[3]);
-	blob_t key = concat ( dec_pf2, serialized_opf3 );
-	blob_t hasked_key = inline::SHA-1 ( key, 0);
-	blob_t key_pf2 = concat ( dec_pf2, hashed_key );
-	blob_t hashed_key_pf2 = inline:SHA-1 (key_pf2);
-        // if( HMAC(opf[3], saldec(opf[2]) == ProcessFile[1])
-        //
-        //
-	if (compare_blob (hashed_key_pf2, ProcessFile[1])  == 0)	// 0xffff
-									// Test_Small_Int_For_Zero -> 0 (acc)
-	{
-		... todo
-	}
-}
 </code>
@@ Line 1493: / Line 1404: @@
-===== netmd.ocm Decompiled =====
-<code>
-Dict[0xf9] = {0x63, 0x81, 0x63, 0xB8, 0x2C, 0x4E, 0x31,
-x81, 0x0F, 0xBE, 0xE0, 0x1B, 0x2E, 0x7F,
-xC2, 0x5B, 0x87, 0x95, 0x86, 0xE3};
-// CIPHERTEXT must be a serialized and encrypted blob (see dev_0xd8/dev_0xd9).
-// The PLAINTEXT is appended to that blob and the serialized and encrypted result is returned.
-blob_t
-netmd_0x07 (blob_t key, blob_t some_plaintext, blob_t some_ciphertext)
-{
-  static blob_t pad[16] = { 0x33, 0x4a, 0x18, 0x94, 0xc1, 0xf3, 0x83, 0xf6,
-xd3, 0xeb, 0x6a, 0xc2, 0xad, 0x13, 0x07, 0xca };
-  blob_t data = dev_0xd8 (some_ciphertext, XOR (key, pad));
-  data = CONCAT (data, some_plaintext);
-  return dev_0xd9 (data, XOR (key, pad));
-}
-</code>
-===== icv.ocm Decompiled =====
-<code>
-//
-// Generate a SalOmgId
-//
-//   Example: 30 80 0410010F5000000400000000006E2B2A75BA 00 00
-//
-//   <OMG Directory>\OMGKEY\omg_id..dat
-//
-// Note: When OpenMG is used (trough the UI) for the first time this value is generated,
-//       by calling the salwrap function getSalOmgId.
-//
-//                   const unsigned __int8 *__cdecl getSalOmgId()
-//
-blob_t icv(07)
-{
- blob_t SalIdPRNG  = BCX_1C_GetPRNGBytes(5);
- static blob_t PrefixSalOmgId[8] = {0x01,0x0F,0x50,0x00,0x00,0x04,0x00,0x00};
- data = BCX_01_Concat(PrefixSalOmgId, SalIdPRNG);
- Push 1
- Pack_To_Array
- Create_Array
-}
-</code>
-===== maclist.ocm  =====
-// maclist(1)
-//
-// work in progress
-<code>
-int
-maclist_0x01(blob_t SalOmgId, blob_t maclist2dat, blob_t OmgIcvCache)
-{
-  static blob_t pad[16] = {0x20, 0xBE, 0xDE, 0x72, 0xA3, 0xB8, 0x62, 0x60,
-x71, 0x44, 0x3A, 0x33, 0xE9, 0xAC, 0x69, 0xCE};
-  static SHA1state, hash_maclist, hash_maclist_salomgid, xor_SalOmgId;
-  SHA1state             = BCX_19_InitSHA1();
-  BCX_1A_SHA1AddData(maclist, 0, SHA1state);
-  hash_maclist	        = BCX_1B_SHA1Finish(SHA1state);
-  xor_SalOmgId          = BCX_06_XorBlobs(SalOmgId, pad);
-  hash_maclist_salomgid = salenc_sha1(SalOmgId_xor, hash_maclist);
-  hash_maclist == hash_xorSalOmgId? TRUE: FALSE
-}
-</code>