Table of Contents
SCSI for DRM stuff on HiMD
Commands
Command A3: Write Crypto Stuff
(This is officially "Send Key", but only on CD/DVD devices…)
00: BYTE Command byte A3 01: BYTE unused (might contain LUN) 02: DWORD Object Number 06: BYTE unused 07: BYTE Key class - For Sony DRM: BD 08: WORD Size of cryptographic data 0A: BYTE key type 0B: BYTE unused
Command A4: Read Crypto Stuff
(This is officially "Report Key", but only on CD/DVD devices…)
00: BYTE Command byte A4 01: BYTE unused, send as Zero (might contain LUN) 02: DWORD Object Number 06: BYTE unsused 07: BYTE Key class - For Sony DRM: BD 08: WORD Size of cryptographic data 0A: BYTE key type 0B: BYTE unused
Data formats
even key types imply data transfer to device (using A3 command), whereas odd key types imply data transfer from device (using A4 command)
Generally, all unused fields are sent as zero.
Key type 30: Authentication Token 1
This data packet is sent from the Host to the HiMD device
00: WORD Length, must be 0012 02: WORD unsused 04: BYTES 8 bytes "Leaf ID of Host" 0C: BYTES 8 bytes "Nonce from Host"
Key type 31: Authentication Token 2
This data packet is sent from the HiMD device to the Host, the expected length is 43C (i.e. header + 64 keys?)
00: DWORD unknown, maybe length in first WORD 04: BYTES 16 bytes "Disc ID" 14: BYTES 8 bytes "MAC from Device" 1C: BYTES 8 bytes "Leaf ID of Device" 24: BYTES 8 bytes "Nonce from Device" 2C: BYTES The "local EKB of the Device" Starts with its length in 16 byte units - 1
Key type 32: Authentication Token 3
This data packet is sent from the Host to the HiMD device
00: WORD Length, must be 41A 02: WORD unused 04: BYTES 8 bytes "MAC from Host" 0C: BYTES The "local EKB of the Host"
Key type 33: ICV from device
This data packet is sent from the HiMD device to the Host (expected length 404) While this packet is never explained in the HiMD Transfer Tool for MAC, it looks suspiciously like the next one, just the other transfer direction.
00: DWORD unknown, length? 04: BYTE unknown, must be zero 05: BYTE bit flags. Bits 6,7: encryption type (0=plain, 2=des ecb, 3=des cbc) Bit 5: MAC flag Bit 4: DIR flag 06: WORD length of following data 08: DWORD generation number 0C: BYTES data, length from field 6. ..: BYTES MAC, only present if MAC bit is set. NOT included in length
Key type 34: ICV data to device
This data packet is sent from the Host to the HiMD device
00: WORD length (must be 404) 02: WORD unused 04: BYTE ICV slot number (must be between 0 and 31) 05: BYTE bit flags, same bits used as in Type 33 06: WORD length of ICV data 08: DWORD Generation number 0C: BYTES ICV data XX: BYTES 8 Bytes MAC
Key type 38: secure clock
This data packet is sent to the device
00: BYTE unused 01: BYTE constant 0 02: WORD unused 04: BYTE unused 05: BYTE constant 20 06: BYTE unused 07: BYTE constant 8 08: DWORD unused 0C: BYTE unused 0D: BYTE Seconds 0E: BYTE Minutes 0F: BYTE Hour 10: BYTE Day 11: BYTE Month 12: BYTE Year 13: BYTE unused 14: BYTES MAC
Key type 39: Unique ID
This data packet is sent from the HiMD device to the host (expected length 192 bytes)
00: DWORD unknown, maybe length in first two bytes 04: WORD "UidCode" 06: BYTE Version 07: BYTE Length 08: BYTES Uid Data
Key type 3B: Leaf ID
This data packet is sent from the HiMD device to the host
00: WORD unknown, length? 02: BYTES 8 Bytes leaf ID
Key type 3D: Disc ID
00: WORD unknown, length? 02: BYTES 16 bytes disc ID