Differences

This shows you the differences between two versions of the page.

--- windowsdlls [2009/05/04 22:50] – fix syntax marcus
+++ windowsdlls [2010/04/29 14:48] (current) – megadiscman
@@ Line 124: / Line 124: @@
 </code>
+===== OpenMG Secure Module - Implementation Architecture =====
-===== The ocm-files =====
+* References:
+Sony Patent EP1 496 439 A1, Fig.6 there is a diagram illustrating the functional structure of the client.
-OCM-Interpretor:
+Note: Patent diagram says following:
-  * [[http://users.physik.fu-berlin.de/~glaubitz/linux-minidisc/ocm.tgz]]
+Security Module:
-  * [[http://users.physik.fu-berlin.de/~glaubitz/linux-minidisc/dis-09-02-01.rar]] - latest version as of May, 2nd 2009
-The OCM files (except for init.ocm which contains an extra layer of packing) are interpreted as [[OCMBytecode]]
+[0047] A security module 53 performs processing relating
+to data security, such as encryption of the modules.
+A request for the security-related processing generated
+in the modules is sent to the security module 53,
+and the security module 53 performs encryption or the like
+in response to the request.
-Here is a decode for native code blocks from OCM files. It is severe works-for-me-quality, having at least the following issues:
+DRM Module:
-  * It does not name imports from salwrap, it just puts offsets into the import table into a generic name. Check here for some name [[OCMSalwrapExports]]
-  * It is unable to parse named exports
-  * It does only support the relocation types (mostly direct imports of compiler helper functions) I needed.
-The output of the program is an assembler source file (completely unreadable) that is intended to be compiled by the GNU assembler (Win32 port or cross-assembler in linux) and then loaded into a good disassembler, like IDA 4.9 Freeware for example.
+[0043] Fig. 6 shows an example of the functional
+structure of the client 1. A DRM (Digital Right Management)
+module 51 communicates the content, right data,
+etc., or manages the right data.
-[[codeblockparser]]
+Comparision with the implementation:
-Some info about analysing an OCM file can be found in this part of chat log:
+Playback module, write module, read module, lcm module all communicate directly to
+the DRM module or Security Module. These modules would be OmgNetMD.dll, MemStick.dll, omgconv2.dll etc, they have connectors to pfcom/salwrap using DLL linkage.
-[[ocmchatlog1]]
+Modules in the plugin-layer at the top would communicate with these "Content using" modules. In the implementation
+they never directly communicate with salwrap/pfcom. Plug-in modules uses these modules using COM.
+There are tough, exceptions, a couple of functions can be used in pfcom trough COM. Its also possible to use SAL (salExec0) using COM (omgmisc.dll DLL link to salwrap.dll salExec0).
-These new pages could be created (internal access only)
+<code>
+....................................................................................................	+ UI
+				SonicStage                                                              omgjukebox.exe
+....................................................................................................
+	^			   ^
+	|			   |
+	| COM			   | COM
+	v			   v
+.................................................................................................... Plug-in layer (AVLib)
+     + CheckOut			+Playback		    + PlayBack
+     + CheckIn			+Convert		    + Convert
+ ---------------------     ------------------------	------------------------
+ |  NetMD.dll        |     |	OpcOmg.dll	  |     |      OpcWMA.dll      |
+ ---------------------	   ------------------------     ------------------------
+ ---------------------
+    NetMDAPI.dll
+ ---------------------
+ ---------------------
+    NetMDUSB.dll
+ ---------------------
+.................................................................................................... OpenMG
+				    ^
+				    | COM
+			DLL	    v                 DLL
+-----------------------	    -----------------------	   --------------------------------------------
+    pfcom.dll	      | <->     OmgNetMD.dll	      <->  |    salwrap.dll
+		      |     -----------------------	   |
+		      |	   -----------------------	   |  - EkbCapabilityTable
+ createInstanceForMp3 |	<->     omgconv2.dll          <->  |  - OmgEkb
+   		      |	   -----------------------	   |
+		      |	   -----------------------	   |  - salExec0
+ 		      |	<->     MemStick.dll          <->  |      ----------------------
+		      |	   -----------------------	   |          SAL VM
+                      |					   |      ----------------------
+-----------------------	   				   --------------------------------------------
+	^
+        |
+	v
+   +++++++++++++++++++++++++++++++++++++   +++++++++++++++++++++++++++++++  +++++++++++++++++++++++++++++++++++
+   License repository/Management Area      song file storage section              icv.dat
+                                                                                  maclist1.dat, maclist2.dat
+    [License information]                   [header | music data ]                ekb\version.ekb
+                                                                                  OMGKEY\salomgid.dat
+    <OMGDIR>\procfile\	                     <APPDATA DIR>\Sonicstage	          OMGRIGHT\<value>.icv
+   +++++++++++++++++++++++++++++++++++++   +++++++++++++++++++++++++++++++  +++++++++++++++++++++++++++++++++++
-  * Netmd.ocm: [[netmdocm]]
-  * Device.sal: [[devicesal]]
-Start for device.sal (arguments as on stack, last one top of stack):
+.................................................................................................... Secure Applications
+ ------------------  -----------------	 -------------------  ------------------  ------------------
+   device.sal		init.ocm	   netmd.ocm		icv.ocm		     maclist.ocm             ...
+ ------------------  -----------------   -------------------  ------------------  ------------------
-<code>
+ -------------------
-int
+  SAL Runtime
-dev_0x01 (blob_t someblob, bool_t somebool)
+ -------------------
-{
-  int res;
-  if (somebool == 1)
+....................................................................................................
-    {
+</code>
-      res = dev_0x00 (someblob);
-      if (res != 0)
-        return res;
-    }
-  int some_nr = (unsigned) SubBlob (someblob, 0, 4);
-  int some_nr2 = (unsigned) dev_0xd1 (some_nr);
-  res = "localekb" (some_nr2);
-  // FIXME: Don't know the stack layout after this.
-  if (res != 0)
+===== The ocm-files =====
-    return;  // but what?
-  blob_t someblob2;  // probably from localekb
+OCM-Interpretor:
-  int some_nr3 = (signed) SubBlob (someblob2, 0, 4) + 1;
+  * [[http://users.physik.fu-berlin.de/~glaubitz/linux-minidisc/ocm.tgz]]
-  vector<blob_t> vec;
+  * [[http://users.physik.fu-berlin.de/~glaubitz/linux-minidisc/dis-09-02-01.rar]] - latest version as of May, 2nd 2009
-  do
-    {
-      vec.append (SubBlob (some_nr3 * 16, 24));
-    }
-  while (some_nr3-- >= 0);
+OCM handling code is stored in a private git repository (run using [[http://eagain.net/gitweb/?p=gitosis.git|gitosis]]). Access is only possible by ssh with public key authentication. To get access, your need to have your ssh public key (either a role-specific one or your standard personal key, doesn't matter) added into the list of authorized keys, just ask in the IRC channel. When your key is added, and you use a role-specific key, add something like this to your .ssh/config
-  int some_nr3 = (signed) SubBlob (someblob2, 0, 4);
+<code>
-  res = dev_0xc1 (some_nr3);
+Hostname z6.physik.fu-berlin.de
-  if (res != 0)
+    IdentityFile ~/.ssh/id-rsa-minidisc
-     return res;
+</code>
-  int some_nr4 = (signed) SubBlob (someblob2, 16, 4);
+After that, you can clone the repo by using
-  if (some_nr3 == some_nr4)
+<code>
-    return 0;
+git-clone gitosis@z6.physik.fu-berlin.de:/ocm
-  else
+</code>
-    return 8;
-  // is vec returned as well?  it's still on the stack.
+The OCM files (except for init.ocm which contains an extra layer of packing) are interpreted as [[OCMBytecode]]
-}
+Here is a decoder for native code blocks from OCM files. It is severe works-for-me-quality, having at least the following issues:
+  * It does not name imports from salwrap, it just puts offsets into the import table into a generic name. Check here for some name [[OCMSalwrapExports]]
+  * It is unable to parse named exports
+  * It does only support the relocation types (mostly direct imports of compiler helper functions) I needed.
-int
+The output of the program is an assembler source file (completely unreadable) that is intended to be compiled by the GNU assembler (Win32 port or cross-assembler in linux) and then loaded into a good disassembler, like IDA 4.9 Freeware for example.
-dev_0xb7 (any_t thing)
-{
-  if (get_type (thing) != TYPE_BLOB)
-    return 0;
-  if (thing[2] == 0x31)
-    return 2;
-  else
-    {
-      if (! strncmp (thing, "\x31\x31", 2))
-        return 1;
-      else
-        return 0;
-    }
-}
-block_t
+[[codeblockparser]] (the format of the codeblocks is in [[codeblockformat]])
-dev_0xd1 (int nr)
-{
-  if (nr > 1)
-    {
-x80 ("Invalid version...");
-      return 0;
-    }
-  else
-    {
-      return 00 81 00 00 00 00 00 00;
-    }
-}
+Some info about analysing an OCM file can be found in this part of chat log:
-// Some decrypt function.
+[[ocmchatlog1]]
-any_t
-dev_0xd8 (blob_t data1, blob_t data2)
-{
-  blob_t data3 = data2 XOR concat (dict[0xfc], dict[0xfc]);
-  dict[0xdb] = data3;
-  blob_t shasum = SHA1 (data3[0..1f]);
+These pages show internals of some modules (internal access only)
-  blob_t iv = shasum[0..7];
-  blob_t key = shasum[8..15]
-  blob_t dec_data1 = DES_CBC_Decrypt (data1, iv, key, 0xd8_DESDecrypt);
+  * Netmd.ocm: [[netmdocm]]
+  * Device.sal: [[devicesal]]
-  int len = blob_length (dec_data);
+  * Trkinf: [[trkinfocm]]
-  // Round up to multiple of 8.
-  len = (len + 7) / 8 * 8;
-  blob_t out = repeat_nul (len);
+===== Links =====
-  // Modifies OUT.  1 means that length is provided.
-  out = native::ocmmod (dec_data1, out, shasum, len, 1);
-  return decode_asn1 (out);
-}
-</code>
-<code>
-// Do something.
-// If use_len is TRUE, the provided LEN parameter is used, otherwise LEN is determined
-// from DATA.  Modifies OUT and returns it.
-blob_t
-native::ocmmod (blob_t data, blob_t out, blob_t shasum, int len, bool_t use_len);
-</code>
+  * [[http://newgre.net/antire]] - Anti-Reverse Engineering Techniques in DRM Code