Difference between revisions of "BD Drive Reverse Engineering"
(→Establish Secure Communication Channel)
|Line 1:||Line 1:|
=Information about EID4=
=Information about EID4=
Revision as of 20:37, 14 August 2012
- The follwing information was reverse engineered from Storage Manager which runs in LPAR1 and from sv_iso_spu_module.self.
Information about EID4
- EID4 contains 2 128bit keys which are necessary to establish a secure communication channel to BD drive for sending vendor specific security commands.
- EID4 is encrypted with AES-CBC-256 algorithm.
- EID4 is of size 0x30 bytes: 0x0-0xf bytes = 1st key, 0x10-0x1f - 2nd key, 0x20-0x2f - CMAC-OMAC1 of EID4
- The first key is used for encrypting data sent from host to BD drive.
- The second key is used for decrypting data sent from BD drive to host.
Dumping EID4 IV and Key
- I modified sv_iso_spu_module.self to dump EID4 IV and key.
- I used spuisofs kernel module and the below SPU program to dump EID4 IV key.
- After dumping EID4 key use CMAC-OMAC1 algorithm to check the CMAC of EID4. If the EID4 key you got is correct then the CMAC should match.
My program to dump EID4 AES-CBC-128 IV and key to PPU memory:
/* * Dump EID4 IV and key to EA with MFC * * Copyright (C) 2012 glevand <firstname.lastname@example.org> * All rights reserved. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published * by the Free Software Foundation; version 2 of the License. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License along * with this program; if not, write to the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ .text start: ila $2, 0x3dfa0 lr $sp, $2 ila $80, 0x3e000 lr $81, $3 stqd $7, 0($80) stqd $8, 0x10($80) # store EID4 IV stqd $9, 0x20($80) # store upper 16bytes of EID4 key stqd $10, 0x30($80) # store lower 16bytes of EID4 key stqd $11, 0x40($80) stqd $12, 0x50($80) lr $3, $80 lr $4, $81 il $5, 0x60 il $6, 0x7 il $7, 0x20 brsl $lr, 0x10 # mfc_dma_xfer il $3, 0x7 brsl $lr, 0x28 # mfc_dma_wait stop 0x666 # our evil stop code :) /* * r3 - LSA * r4 - EA * r5 - size * r6 - tag * r7 - cmd */ mfc_dma_xfer: wrch $ch16, $3 wrch $ch17, $4 shlqbyi $4, $4, 4 wrch $ch18, $4 wrch $ch19, $5 wrch $ch20, $6 wrch $ch21, $7 bi $lr /* * r3 - tag */ mfc_dma_wait: il $2, 0 nop $127 hbra 2f, 1f wrch $ch23, $2 1: rchcnt $2, $ch23 ceqi $2, $2, 1 nop $127 nop $127 nop $127 nop $127 nop $127 2: brz $2, 1b hbr 3f, $lr rdch $2, $ch24 il $2, 1 shl $2, $2, $3 wrch $ch22, $2 il $2, 2 wrch $ch23, $2 rdch $2, $ch24 nop $127 3: bi $lr
Establish Secure Communication Channel
- With both keys from EID4 we are now able to establish a secure communication channel with BD drive and send vendor-specific ATAPI commands to it.
- ATAPI commands SEND_KEY and REPORT_KEY are used to exchange random number between host and BD drive.
- Exchanged random numbers are used to derive the session key which is used later to send vendor-specific ATAPI commands (0xE0 and 0xE1) to BD drive.
- The same procedue is folled e.g. by Storage Manager which runs in LPAR1.