aacskeys 0.4.0
--------------
aacskeys is a program to decrypt all required keys from an AACS protected
HD-DVD / Blu-Ray to decrypt it (Sequence Keys aren't supported currently).
aacskeys has been written by arnezami and is now maintained by me, KenD00.
It runs under Windows (32 bit and 64 bit), Linux (32 bit and 64 bit) and
Mac OS X (quad universal).

Homepage: http://forum.doom9.org/showthread.php?t=123311



Using aacskeys
--------------
aacskeys requires the file ProcessingDeviceKeysSimple.txt to be in the current
working directory. This file must contain a processing key / device key which
can decrypt the MKB of the source disc. Furthermore aacskeys must be
able to retrieve the Volume ID / Binding Nonce off the disc, it supports 4 ways
to do this:

AACSAUTH  : This is the "offical" way to get the Volume ID / Binding Nonce off
            the disc, this does only work if your drive is still in the MKBv1
            state because the used host certificate was revoked later. If this
            method is used, the file HostKeyCertificate.txt must be in the
            current working directory. In this file the first line must contain
            the Host Private Key and the second line must contain the
            corresponding Host Certificate.
AACSBYPASS: This works with patched drives that allow to read the Volume ID /
            Binding Nonce without beeing authenticated
XBOX      : The XBox hack works with the XBox 360 HD-DVD addon and the Toshiba
            SD-H802A drive, this method can only retrieve a Volume ID
EXTERNAL  : The Volume ID / Binding Nonce is given on the command line

Executable version:
Just execute the binary file, if its started without parameters a help screen is
displayed.

Library version:
Copy the library appropriate for your operating system along with the files
ProcessingDeviceKeysSimple.txt and HostKeyCertificate.txt into the directory of
DumpHD 0.4 or later. During the next start of DumpHD it should detect the
library and use it if the disc is not present in the key database.



Building aacskeys
-----------------
aacskeys is written in C++, it can be build under Windows, Linux and Mac OS X
(maybe other OS too, not tested). Premade Visual Studio 2008 project files and
makefiles (for Linux) are included. These files were generated using PreMake
(http://premake.sourceforge.net), if you need to make changes to these files
don't edit them but edit the PreMake script premake.lua and regenerate the
files.

NOTE: Due to limitations of PreMake the generated project files for Visual
      Studio do only include the win32 platform, the win64 platform must be
      added manually.

Requirements:
- C++ compiler (Visual Studio or g++, others not tested)
- OpenSSL 0.9.8 or later
- JDK 1.5.0 or later (to build the library version)
- Windows SDK (to build under Windows)
- Mac OS X 10.5 or later (to build under Max OS X)


Generating project files / makefiles:
When executed in the direcory that contains the premake.lua file you usually
have to specify the target only, e.g. to create makefiles for Mac OS X
(assuming you are doing this under Mac OS X) you have to execute
   premake --target gnu

The script supports two custom command line switches:
   --static-crypto: Links statically against OpenSSL. This requires at least the
                    variable OPENSSL_LIB properly set in the script. This
                    switch is at most useful under Mac OS X because the standard
                    SDK's include OpenSSL dylibs which will be automatically
                    used, if your Linux distribution does not include OpenSSL
                    and you install only the static libs OpenSSL will be linked
                    static automatically. This switch is ignored under Windows.
   --no-ecdsa     : Does not compile code that requires ECDSA, this disables
                    the AACSAUTH function, nothing else uses ECDSA currently.
                    This is useful if you want to compile aacskeys under
                    Mac OS X with the default platform SDK, the included
                    OpenSSL lacks ECDSA support.


Building under Windows:
Use the included project files to compile the binary or library version. You
need to setup the visual studio search paths to include the location of the
OpenSSL include and lib directories and, to build the library version, the
include directory of the JDK (including the win32 subdirectory!), or you can
edit premake.lua to include these paths in the project files.

The project files assume that you use the precompiled OpenSSL binaries from
http://www.slproweb.com/products/Win32OpenSSL.html, if you use a compiled
version from the official tarball you need to adjust the library names in the
project file.


Building under Linux:
A makefile is included, it assumes that the OpenSSL tarball is installed in its
default location and that you have the JDK 6 from Ubuntu installed. If not, you
need to edit the premake.lua file to adjust the paths. Make should regenerate
the makefiles after you have edited the PreMake script automatically, for this
to work need to have premake installed in the systems search path.

The makefile defines four targets: all, aacskeys, libaacskeys and clean.
To build a debug build you have to start make this way:
   make "CONFIG=Debug" <target>


Building under Mac OS X:
First you have to generate makefiles using PreMake. The script assumes that you
have installed OpenSSL from MacPorts (www.macports.com) in its default location.
If you want to use OpenSSL from the Mac OS X SDK you have to clear the
OPENSSL_INCLUDE and OPENSSL_LIB variables in the script (the proper lines are
already present but commented out) and supply the --no-ecdsa script to premake.

The makefile defines four targets: all, aacskeys, libaacskeys and clean.
To build a debug build you have to start make this way:
   make "CONFIG=Debug" <target>

To build universal binaries you have to set the varibale TARGET_ARCH properly.
Make sure that your OpenSSL library is present in the required architectures,
the MacPorts version is installed at most as 32 bit universal binary currently
(but can be installed as quad universal binary manually, the patches are already
present but disabled). To compile a quad universal binary you have to call make
this way:
   make "TARGET_ARCH=-arch i386 -arch x86_64 -arch ppc -arch ppc64"



KenD00



History
-------
0.4.0: 2009-01-22
- Mac OS X support. Big thanks to yukiyuki for sending his initial Mac OS X
  patch
- New command line switch --exclusive-io to use exclusive access to access the
  drive. This is used under Mac OS X only
- Full path resolval under Linux. Now paths containing ./, ../, multiple
  symlinks or relative paths are supported as mountpath
- New command line switch --dump-vid, retrieves only the Volume ID / Binding
  Nonce from the disc
- Some smaller bugfixes
- The debug build outputs some additional debug information now

0.3.6: 2008-12-12
- Decrypts ACA content of HD-DVD's with both content types by default now
- New option --prefer-sca to decrypt SCA content of HD-DVD's with both content
  types
- The library now returns all retrieved keys (MEK, VID, VUK, TUK's)

0.3.5: 2008-09-20
- Experimental Blu-Ray Recordable support (BDMV and BDAV)
- New option --pa-lba (currently this must be used with Blu-Ray Recordables if
  the Binding Nonce is not given on the command line)
- The Host Private Key and Host Certificate is now loaded from the external file
  HostKeyCertificate.txt
- Diplays more information about the drive and inserted disc
- Fixed an endianess problem

0.3.1: 2008-08-30
- Fixed to run correctly under 64 bit
- Detects if the given mountpoint is a symlink and handles it correctly (Linux)
- Accepts mountpoints with a trailing "/" (Linux)
- Uses the Title Key file with the lowest number if VTKF000.AACS isn't present
  (HD-DVD Advanced Content)
- Displays version of MKB
- New option --no-preinval to disable invalidation of all AGIDs before
  requesting a new one
- Added missing includes to avoid compilation errors on some machines
  (thanks Oopho2ei)
- Lots of small fixes to avoid buffer overruns and null pointers

0.3.0: 2008-07-24
- New AACSBYPASS authentication method
- New command line interface, authentication method can be selected now
- Lots of small bugfixes
- Statically linked against OpenSSL
- Precompiled Linux 64 bit binaries / libraries included
