atracdownload-wiki
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| atracdownload-wiki [2010/06/08 09:10] – megadiscman | atracdownload-wiki [2011/08/10 22:04] (current) – alex | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | This document is based on [[atracdownload]] from the FreeMD repository | + | This document is based on [[atracdownload]] from the FreeMD repository. Also compare http:// |
| ====== Downloading an ATRAC track to a NetMD unit ====== | ====== Downloading an ATRAC track to a NetMD unit ====== | ||
| Line 25: | Line 25: | ||
| - | ==== 1. UNKNOWN PURPOSE | + | ==== 1. DISABLE TRACK PROTECTION FOR NEXT SESSION |
| => 00 18 00 08 00 46 f0 03 01 03 2b ff 00 01 00 00 01 | => 00 18 00 08 00 46 f0 03 01 03 2b ff 00 01 00 00 01 | ||
| <= 09 18 00 08 00 46 f0 03 01 03 2b 00 00 01 00 00 01 | <= 09 18 00 08 00 46 f0 03 01 03 2b 00 00 01 00 00 01 | ||
| + | This instruction tells the MD unit to not set the " | ||
| ==== 2. START AUTHENTICATED SESSION ==== | ==== 2. START AUTHENTICATED SESSION ==== | ||
| - | => 00 18 00 08 00 46 f0 03 01 03 80 ff 00 00 00 00 00 | + | => 00 18 00 08 00 46 f0 03 01 03 80 ff |
| - | <= 09 18 00 08 00 46 f0 03 01 03 80 00 00 00 00 00 00 | + | <= 09 18 00 08 00 46 f0 03 01 03 80 00 |
| NOTE: You hear head movement (disc spinning up). | NOTE: You hear head movement (disc spinning up). | ||
| Line 41: | Line 42: | ||
| ==== 3. REQUEST FOR LEAF ID ==== | ==== 3. REQUEST FOR LEAF ID ==== | ||
| - | => 00 18 00 08 00 46 f0 03 01 03 11 ff 00 00 00 00 00 | + | => 00 18 00 08 00 46 f0 03 01 03 11 ff |
| <= 09 18 00 08 00 46 f0 03 01 03 11 00 01 00 00 21 cf 06 00 00 | <= 09 18 00 08 00 46 f0 03 01 03 11 00 01 00 00 21 cf 06 00 00 | ||
| Line 101: | Line 102: | ||
| $m(1) ... $m(8) | $m(1) ... $m(8) | ||
| <= 09 18 00 08 00 46 f0 03 01 03 20 00 00 00 00 | <= 09 18 00 08 00 46 f0 03 01 03 20 00 00 00 00 | ||
| - | !m(1) ... !m(1) | + | !m(1) ... !m(8) |
| - | $m is a nonce from the host and !m is a nonce from the device. These two 8-byte-values are used to create | + | $m is a nonce from the host and !m is a nonce from the device. These two 8-byte-values are concatenated |
| - | ==== 6. TRANSFER | + | For " |
| + | |||
| + | ==== 6. TRANSFER CONTENT | ||
| => 00 18 00 08 00 46 f0 03 01 03 22 ff 00 00 | => 00 18 00 08 00 46 f0 03 01 03 22 ff 00 00 | ||
| $m(1) ... $m(32) | $m(1) ... $m(32) | ||
| <= 00 18 00 08 00 46 f0 03 01 03 22 00 00 00 | <= 00 18 00 08 00 46 f0 03 01 03 22 00 00 00 | ||
| + | |||
| + | $m(1) ... $m(32) is DES encrypted using the session key negotiated in the previous step. The corresponding plain text is | ||
| + | |||
| + | 01 01 01 01 $c(1) ... $c(20) $k(1) ... $k(8) | ||
| + | |||
| + | where $c(1) ... $c(20) is the Content ID of the track to transfer (a kind of UUID to recognize the copyrighted work) and $k(1) ... $k(8) is the Key Encryption Key. | ||
| ==== 7. TRANSFER TRACK DATA ==== | ==== 7. TRANSFER TRACK DATA ==== | ||
| Line 119: | Line 128: | ||
| ffff is a placeholder for the track number (indicated by 10 01). | ffff is a placeholder for the track number (indicated by 10 01). | ||
| - | $p$q is the format, 0006 for SP, 9402 for LP2 and a800 for LP4. $r$s | + | $p$q is the format, 0006 for SP, 9402 for LP2 and a800 for LP4. $r$s for LP2 and LP4 is the number of frames (of 96 bytes for LP4 or 192 bytes for LP2); $t$u$v$w is the number |
| - | is an unknown value proportional to the file size. | + | |
| - | size of bytes transfered. | + | The meaning or $r$s for SP is not yet known. |
| The player returns __twice__ from this command. | The player returns __twice__ from this command. | ||
| Line 132: | Line 141: | ||
| <= 09 18 00 08 00 46 f0 03 01 03 28 ff 00 01 | <= 09 18 00 08 00 46 f0 03 01 03 28 ff 00 01 | ||
| 00 10 01 00 !t 00 $p $q 00 00 $r $s $t $u $v $w | 00 10 01 00 !t 00 $p $q 00 00 $r $s $t $u $v $w | ||
| + | $m(0) ... $m(32) | ||
| The track number of the recorded track is returned in !t. | The track number of the recorded track is returned in !t. | ||
| - | NOTE: We don't know how $p$w is calculated. | + | $m(x) is DES CBC encrypted by the session key (IV zero), and after decryption contains the concatenation of |
| + | - An 8 byte value identifying the track (needed on check-in to verify which copyrighted work will be deleted and adjust the check-out counter) | ||
| + | - Four padding bytes (seen as 00 00 00 00 or 01 01 01 01) | ||
| + | - The 20-byte Content ID | ||
| NOTE: The data is split into blocks of 3f00 bytes each (except the | NOTE: The data is split into blocks of 3f00 bytes each (except the | ||
| last one), and each one has a header: | last one), and each one has a header: | ||
| - | 00 00 00 00 00 00 $u $v $m(1) ... $m(8) | + | 00 00 00 00 00 00 $u $v $k(1) ... $k(8) $i(1) ... $i(8) |
| - | where $u$v is the block size (usually 3f00) and $m(x) is unknown | + | where $u$v is the block size (usually 3f00), $k(x) is the key for DES CBC encryption of the data in this block, and $i(x) is the IV for the DES CBC encryption. The key itself is DES **decrypted** by the key encryption key, i.e. you have to **encrypt** it to get the plain key. |
| - | (possibly a key). | + | |
| - | This means for the total nr of bytes: len + (len/3f00)*16 + 16 | + | This means for the total nr of bytes: len + ((len+0x3eff)/3f00)*24 |
| ==== 8. TOC Edit ==== | ==== 8. TOC Edit ==== | ||
| Line 164: | Line 176: | ||
| 10 01 00 $t | 10 01 00 $t | ||
| - | $t is the track number. | + | $t is the track number. |
| ==== 10. FORGET SESSION KEY ==== | ==== 10. FORGET SESSION KEY ==== | ||
| Line 173: | Line 185: | ||
| ==== 11. END AUTHENTICATED SESSION ==== | ==== 11. END AUTHENTICATED SESSION ==== | ||
| - | => 00 18 00 08 00 46 f0 03 01 03 81 ff 00 00 00 | + | => 00 18 00 08 00 46 f0 03 01 03 81 ff |
| - | <= 09 18 00 08 00 46 f0 03 01 03 81 00 00 00 00 | + | <= 09 18 00 08 00 46 f0 03 01 03 81 00 |
atracdownload-wiki.1275988255.txt.gz · Last modified: 2010/06/08 09:10 by megadiscman