atracdownload-wiki
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
atracdownload-wiki [2010/06/08 08:37] – created from the FreeMD document about recording megadiscman | atracdownload-wiki [2010/06/10 08:40] – Explain Commit authorization value megadiscman | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | This document is based on [[atracdownload]] from the FreeMD repository | + | This document is based on [[atracdownload]] from the FreeMD repository. Also compare http:// |
====== Downloading an ATRAC track to a NetMD unit ====== | ====== Downloading an ATRAC track to a NetMD unit ====== | ||
Line 25: | Line 25: | ||
- | ==== 1. REQUEST TO START AUTHENTICATION (?) ==== | + | ==== 1. UNKNOWN PURPOSE |
=> 00 18 00 08 00 46 f0 03 01 03 2b ff 00 01 00 00 01 | => 00 18 00 08 00 46 f0 03 01 03 2b ff 00 01 00 00 01 | ||
Line 31: | Line 31: | ||
- | ==== 2. SPIN UP DISK (?) ==== | + | ==== 2. START AUTHENTICATED SESSION |
=> 00 18 00 08 00 46 f0 03 01 03 80 ff 00 00 00 00 00 | => 00 18 00 08 00 46 f0 03 01 03 80 ff 00 00 00 00 00 | ||
Line 61: | Line 61: | ||
So the DNK of a device is: | So the DNK of a device is: | ||
+ | < | ||
Leaf ID | Leaf ID | ||
Leaf Key, eg | Leaf Key, eg | ||
Line 66: | Line 67: | ||
Encrypted node keys, eg: | Encrypted node keys, eg: | ||
E(K0010, KR), E(K0010, K0), E(K0010, K00), E(K0010, K001) | E(K0010, KR), E(K0010, K0), E(K0010, K00), E(K0010, K001) | ||
+ | </ | ||
More details on the tree is contained in the EKB. | More details on the tree is contained in the EKB. | ||
Line 73: | Line 75: | ||
- | ==== 4. TRANSFER | + | ==== 4. TRANSFER |
=> 00 18 00 08 00 46 f0 03 01 03 12 ff 00 38 00 00 | => 00 18 00 08 00 46 f0 03 01 03 12 ff 00 38 00 00 | ||
Line 83: | Line 85: | ||
00 38 00 00 | 00 38 00 00 | ||
- | Enabling Key Block. | + | Part of the Enabling Key Block used by the device. Same for all PCs and all devices as far as I know. |
- | "parts of this data is also found in a file in C:\Program Files\Common | + | "parts of this data is also found in a file in C:\Program Files\Common Files\Sony Shared\OpenMG\Ekb The 16-byte block starting with 01 ca be .. is identical to the contents of bytes 0x58-0x67 in file 00010001.ekb. The 24-byte block starting with 0f f4 7d .. is identical to the contents of bytes 0x08-0x1f in file 00010001.ekb." |
- | Files\Sony Shared\OpenMG\Ekb The 16-byte block starting with 01 ca be | + | |
- | .. is identical to the contents of bytes 0x58-0x67 in file | + | |
- | 00010001.ekb. The 24-byte block starting with 0f f4 7d .. is identical | + | |
- | to the contents of bytes 0x08-0x1f in file 00010001.ekb." | + | |
- | (http:// | + | |
- | The EKB is simply a content-specific root key KR', encrypted by a key | + | The EKB is simply a content-specific root key KR', encrypted by a key from the DNK set, ie, one of the keys known by the device (for example K0). The further up the key is in the hierarchy, the more devices can decrypt the EKB and use the content-specific root key. |
- | from the DNK set, ie, one of the keys known by the device (for example | + | |
- | K0). The further up the key is in the hierarchy, the more devices can | + | |
- | decrypt the EKB and use the content-specific root key. | + | |
- | In this case: 01ca... is Enc(K000000010, | + | In this case: 01ca... is Enc(K000000010, |
- | unknown thing from the EKB 00010001.ekb. Maybe the encrypted version | + | |
- | number. See tools/ | + | |
- | Note: According to the patent, an EKB can be used to renew device keys | + | Note: According to the patent, an EKB can be used to renew device keys(Key Renewal Block), but I doubt that this is implemented for NetMD devices. |
- | (Key Renewal Block), but I doubt that this is implemented for NetMD | + | |
- | devices. | + | |
- | ==== 5. authentication ??? ==== | + | ==== 5. SESSION KEY NEGOTIATION |
=> 00 18 00 08 00 46 f0 03 01 03 20 ff 00 00 00 | => 00 18 00 08 00 46 f0 03 01 03 20 ff 00 00 00 | ||
Line 113: | Line 103: | ||
!m(1) ... !m(1) | !m(1) ... !m(1) | ||
- | Send and return differ, and differ in each run. | + | $m is a nonce from the host and !m is a nonce from the device. These two 8-byte-values are concatenated to form a 16-byte value. The Retail MAC without padding of that value, using the root key of the EKB transferred as key for the MAC will be the session key. |
- | ==== 6. TRANSFER | + | For " |
+ | |||
+ | ==== 6. TRANSFER CONTENT | ||
=> 00 18 00 08 00 46 f0 03 01 03 22 ff 00 00 | => 00 18 00 08 00 46 f0 03 01 03 22 ff 00 00 | ||
Line 121: | Line 113: | ||
<= 00 18 00 08 00 46 f0 03 01 03 22 00 00 00 | <= 00 18 00 08 00 46 f0 03 01 03 22 00 00 00 | ||
- | ==== 7. End search and start recording | + | $m(1) ... $m(32) is DES encrypted using the session key negotiated in the previous step. The corresponding plain text is |
+ | |||
+ | 01 01 01 01 $c(1) ... $c(20) $k(1) ... $k(8) | ||
+ | |||
+ | where $c(1) ... $c(20) is the Content ID of the track to transfer (a kind of UUID to recognize the copyrighted work) and $k(1) ... $k(8) is the Key Encryption Key. | ||
+ | |||
+ | ==== 7. TRANSFER TRACK DATA ==== | ||
=> 00 18 00 08 00 46 f0 03 01 03 28 ff 00 01 | => 00 18 00 08 00 46 f0 03 01 03 28 ff 00 01 | ||
Line 129: | Line 127: | ||
ffff is a placeholder for the track number (indicated by 10 01). | ffff is a placeholder for the track number (indicated by 10 01). | ||
- | $p$q is the format, 0006 for SP, 9402 for LP2 and a800 for LP4. $r$s | + | $p$q is the format, 0006 for SP, 9402 for LP2 and a800 for LP4. $r$s for LP2 and LP4 is the number of frames (of 96 bytes for LP4 or 192 bytes for LP2); $t$u$v$w is the number |
- | is an unknown value proportional to the file size. | + | |
- | size of bytes transfered. | + | The meaning or $r$s for SP is not yet known. |
The player returns __twice__ from this command. | The player returns __twice__ from this command. | ||
Line 144: | Line 142: | ||
The track number of the recorded track is returned in !t. | The track number of the recorded track is returned in !t. | ||
- | |||
- | NOTE: We don't know how $p$w is calculated. | ||
NOTE: The data is split into blocks of 3f00 bytes each (except the | NOTE: The data is split into blocks of 3f00 bytes each (except the | ||
last one), and each one has a header: | last one), and each one has a header: | ||
- | 00 00 00 00 00 00 $u $v $m(1) ... $m(8) | + | 00 00 00 00 00 00 $u $v $k(1) ... $k(8) $i(1) ... $i(8) |
- | where $u$v is the block size (usually 3f00) and $m(x) is unknown | + | where $u$v is the block size (usually 3f00), $k(1) ... $k(8) is the key for DES CBC encryption of the data in this block, and $i(1) ... $i(8) is the IV for the DES CBC encryption. The key itself is DES **decrypted** by the key encryption key, i.e. you have to **encrypt** it to get the plain key. |
- | (possibly a key). | + | |
- | This means for the total nr of bytes: len + (len/3f00)*16 + 16 | + | This means for the total nr of bytes: len + ((len+0x3eff)/3f00)*24 |
==== 8. TOC Edit ==== | ==== 8. TOC Edit ==== | ||
Line 167: | Line 162: | ||
<= 09 18 08 10 18 02 00 00 | <= 09 18 08 10 18 02 00 00 | ||
- | ==== 9. Commit | + | ==== 9. COMMIT |
=> 00 18 00 08 00 46 f0 03 01 03 48 ff 00 | => 00 18 00 08 00 46 f0 03 01 03 48 ff 00 | ||
Line 174: | Line 169: | ||
10 01 00 $t | 10 01 00 $t | ||
- | $t is the track number. | + | $t is the track number. |
- | ==== 10. ??? ==== | + | ==== 10. FORGET SESSION KEY ==== |
=> 00 18 00 08 00 46 f0 03 01 03 21 ff 00 00 00 | => 00 18 00 08 00 46 f0 03 01 03 21 ff 00 00 00 | ||
<= 09 18 00 08 00 46 f0 03 01 03 21 00 00 00 00 | <= 09 18 00 08 00 46 f0 03 01 03 21 00 00 00 00 | ||
- | ==== 11. ??? ==== | + | ==== 11. END AUTHENTICATED SESSION |
=> 00 18 00 08 00 46 f0 03 01 03 81 ff 00 00 00 | => 00 18 00 08 00 46 f0 03 01 03 81 ff 00 00 00 | ||
Line 189: | Line 184: | ||
===== Deleting a track (or checking it into the computer) ===== | ===== Deleting a track (or checking it into the computer) ===== | ||
- | ==== 1. START ==== | + | ==== 1. START AUTHENTICATED SESSION |
=> 00 18 00 08 00 46 f0 03 01 03 80 ff 00 00 00 00 00 | => 00 18 00 08 00 46 f0 03 01 03 80 ff 00 00 00 00 00 | ||
Line 201: | Line 196: | ||
<= 09 18 00 08 00 46 f0 03 01 03 11 00 01 00 00 21 cf 06 00 00 | <= 09 18 00 08 00 46 f0 03 01 03 11 00 01 00 00 21 cf 06 00 00 | ||
- | ==== 3. TRANSFER | + | ==== 3. TRANSFER |
=> 00 18 00 08 00 46 f0 03 01 03 12 ff 00 38 00 00 | => 00 18 00 08 00 46 f0 03 01 03 12 ff 00 38 00 00 | ||
Line 211: | Line 206: | ||
00 38 00 00 | 00 38 00 00 | ||
- | ==== 4. Get hash id for a track ==== | + | ==== 4. GET TRACK DRM INFO/ |
=> 00 18 00 08 00 46 f0 03 01 03 23 ff 10 01 00 $t | => 00 18 00 08 00 46 f0 03 01 03 23 ff 10 01 00 $t | ||
Line 217: | Line 212: | ||
$t is the track to check in or delete. | $t is the track to check in or delete. | ||
- | ==== 5. Key negotiation? | + | ==== 5. SESSION KEY NEGOTIATION |
=> 00 18 00 08 00 46 f0 03 01 03 20 ff 00 00 00 | => 00 18 00 08 00 46 f0 03 01 03 20 ff 00 00 00 | ||
Line 224: | Line 219: | ||
!m !n !o !p !q !r !s !t | !m !n !o !p !q !r !s !t | ||
- | ==== 6. ==== | + | ==== 6. TWO-STAGE DELETE |
=> 00 18 00 08 00 46 f0 03 01 03 40 ff 00 | => 00 18 00 08 00 46 f0 03 01 03 40 ff 00 | ||
10 01 00 $t | 10 01 00 $t | ||
- | |||
- | $t is the track to check in or delete. | ||
- | |||
<= 00 18 00 08 00 46 f0 03 01 03 40 00 00 | <= 00 18 00 08 00 46 f0 03 01 03 40 00 00 | ||
10 01 00 $t $m(1) ... $m(8) | 10 01 00 $t $m(1) ... $m(8) | ||
+ | $t is the track to check in or delete. | ||
=> 00 18 00 08 00 46 f0 03 01 03 40 ff 01 | => 00 18 00 08 00 46 f0 03 01 03 40 ff 01 | ||
Line 240: | Line 233: | ||
10 01 ff fe $m(1) ... $m(8) | 10 01 ff fe $m(1) ... $m(8) | ||
- | ==== 7. ??? ==== | + | ==== 7. FORGET SESSION KEY ==== |
=> 00 18 00 08 00 46 f0 03 01 03 21 ff 00 00 00 | => 00 18 00 08 00 46 f0 03 01 03 21 ff 00 00 00 | ||
<= 09 18 00 08 00 46 f0 03 01 03 21 00 00 00 00 | <= 09 18 00 08 00 46 f0 03 01 03 21 00 00 00 00 | ||
- | ==== 8. ??? ==== | + | ==== 8. END AUTHENTICATED SESSION |
=> 00 18 00 08 00 46 f0 03 01 03 21 ff 00 00 00 | => 00 18 00 08 00 46 f0 03 01 03 21 ff 00 00 00 |
atracdownload-wiki.txt · Last modified: 2011/08/10 22:04 by alex