Can't read AACS VID from disc - most likely current AACS hos

The place to discuss linux version of MakeMKV
Wookie
Posts: 11
Joined: Sat Jun 29, 2013 11:21 pm

Can't read AACS VID from disc - most likely current AACS hos

Post by Wookie »

Hi

Just started using this program and I'm getting this error...

Can't read AACS VID from disc - most likely current AACS host certificate is revoked by your drive

I can post the complete log if you want, I'm using a Matshita BD-MLT UJ260 drive that I bought second hand.

I think the drive is the problem ? Am I right ?

thanks
wookie
Woodstock
Posts: 10323
Joined: Sun Jul 24, 2011 11:21 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Woodstock »

Would be helpful if we had additional information, such as the version of MakeMKV you're using.

Check the link in my signature for how to enable debugging, and post the results of trying to rip the disk.
Wookie
Posts: 11
Joined: Sat Jun 29, 2013 11:21 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Wookie »

MakeMKV 1.8.3

I've tried running as root just to make sure it's not a permission issue.

I was trying to rip Batman Begins, which is only AACS v7. I have successfully ripped other blu's but only those who's VUK is known.

I bought the drive off fleaBay, supposedly 'New/Unused' and I'm beginning to think it's been used and it's locked itself and the guy has now flogged it to me... hmmmm!
Attachments
MakeMKV_log.txt
Log File
(12.33 KiB) Downloaded 732 times
Wookie
Posts: 11
Joined: Sat Jun 29, 2013 11:21 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Wookie »

Any ideas or should I try and get a refund ?
Woodstock
Posts: 10323
Joined: Sun Jul 24, 2011 11:21 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Woodstock »

There is a line in your log that might be of help:
Highest AACS version is v7 , MKB saved as /root/.MakeMKV/MKB_v7_BATMAN_BEGINS.tgz
Do you have that file still? Fan you forward it to Mike at svq@makemkv.com ?

Are you having problems with any other BD titles?
Wookie
Posts: 11
Joined: Sat Jun 29, 2013 11:21 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Wookie »

Woodstock wrote:There is a line in your log that might be of help:
Highest AACS version is v7 , MKB saved as /root/.MakeMKV/MKB_v7_BATMAN_BEGINS.tgz
Do you have that file still? Can you forward it to Mike at svq@makemkv.com ?

Are you having problems with any other BD titles?
Sent.

Yes I'm seeing the same error when trying multiple BD titles, of the 30 or so I've tried only 6 have worked.

I'm looking forward to getting to the bottom of this....
Wookie
Posts: 11
Joined: Sat Jun 29, 2013 11:21 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Wookie »

I've been busy this afternoon, I installed a newer version of Ubuntu on my laptop so I could setup VLC 2.05 which can play BD's.

I get the following error trying to play ANY BD, even the ones I've been able to rip with MakeMKV.....

Blu-Ray error:
AACS Host certificate revoked.


Any Ideas ? I need to get to the bottom of this asap so I can return the drive if it is faulty.

Cheers
Wookie
Woodstock
Posts: 10323
Joined: Sun Jul 24, 2011 11:21 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Woodstock »

When you start MakeMKV, what does it say under "Drive Information" for the AACS version your drive has been exposed to in the graphic interface? For example, mine shows:
Drive Information
OS device name: \Device\CdRom0
Manufacturer: HL-DT-ST
Product: BDDVDRW UH08LS10
Revision: 2.00
Serial number: H9M9B395441
Firmware date: 2009-10-26 12:34:56
Highest AACS version: 36

No disc inserted
What this means is that my particular drive has had a disk with AACS version 36 inserted into it at some point, and the drive will no longer talk to any APPLICATION that has a key that was revoked in the AACS update. It doesn't matter what version of AACS is on the disk you're trying to rip - the drive itself is enforcing the lock down.

Version 1.8.3 of MakeMKV should be able to talk to drives that have been "infected" by AACS 36, unless something wasn't right in the install. VLC 2.0.5 is probably not new enough to have a working Bluray key for AACS 36. I know that v2.0.6 doesn't work with encrypted BDs on my system anymore.... but that isn't a factor, since I rarely even tried to do that.
Wookie
Posts: 11
Joined: Sat Jun 29, 2013 11:21 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Wookie »

Drive Information
OS device name: /dev/sr1
Manufacturer: MATSHITA
Product: BD-MLT UJ260
Revision: 1.00
Serial number: HN27 002976
Bus encryption flags: 1B
Highest AACS version: 28

No disc inserted
But I've noticed that if I go into .MakeMKV directory and delete the MKB_v28_TOTAL_RECALL.tgz file, when I re-run MakeMKV it claims the Highest AACS version is now only 20 because MKB_v20_NEXT3DAYS.tgz is the next highest file.

It's not actually reading the highest AACS version the drive itself has seen.

So my next question is 'What is the highest version of AACS in the wild and can MakeMKV decrypt it ?'

also Can a drive be permanently be banned from decrypting BD's ?

My gut feeling is that is what has happened to this drive and the seller has flogged it to me claiming it to be 'new/unused' which it clearly is not. If so I need to try to return it ASAP.
Woodstock
Posts: 10323
Joined: Sun Jul 24, 2011 11:21 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Woodstock »

To read Bluray disks, the drive needs an access key to prove that the software is authorized to access. It maintains a list of keys that have been revoked, and refuses to let those keys access any BD with encrypted content, even if it worked previously.

Simply inserting a disk with a higher AACS version on it updates that list, so you could be ripping disks merrily and hit one that revokes the key in your copy of MakeMKV, and suddenly, you can't rip BDs anymore. This happened when the Total Recall BD came out; if you were running a version of MakeMKV prior to 1.7.8, it simply stopped working for BDs. The newer version of MakeMKV fixed that, by changing to a non-revoked access key.

The Windows version of MakeMKV does not seem to maintain files similar to what you describe. Mine seems to read the AACS level directly from the drive, but I could be wrong on that. And, in any case, version 1.8.3 should work with AACS through version 40.
Fawkes
Posts: 21
Joined: Thu May 30, 2013 9:42 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Fawkes »

hi,

if you know how the bluray aacs "game" is played some of the questions would be ansering itself

> It's not actually reading the highest AACS version the drive itself has seen.

not shure what makemkv shows but if a bluray is inserted in the drive it reads - by the internal firmware of the drive - the media key block (mkb) of the bluray witch contains revoked keys of "players" (host keys) even a hardware bluray player consist of a drive and a player-"board" (witch identyfies itself with the host key when "talking" to the drive), there are also host keys in software players
that MKB thing is part of the bluray/aacs spec and not optional for bluray drives

when trying to rip a bluray makemkv has to identify itself unsing a host key witch is usualy extracted from a real hard- oder softwareplayer, that host ( and the processing) key is the most important thing and if that key is revoked by a new mkb version makemkv will fail and the coder has to put in an new unrevoked key into a new makemkv version
i guess to prevent this the keys inside makemkv are nicely hidden


> also Can a drive be permanently be banned from decrypting BD's ?

imho only by a revocation list inside the "player" (software player update or new firmware of hardware player) can do this, mkb "updates" only revokes host keys, there is no "drive key" (cryptographicly speaking) that can be revoked, only the player could check drive type and firmware version and if the drive (version) is blacklisted the drive could be "renewed" by a new (safe) firmware
but makemkv does not care about drive blacklists, its not a certified bluray player


@Wookie

you said your drive is able to read 6 of 30 disks if this 6 discs are encrypted and still play without the *.tgz files (new tgz is created) then the drive does work in the matter of bluray decryption
because makemkv uses its host key to get the "volume id" (specific id for that encyted disc, drive firmware spills that information only out if the host key is valid and not revoked) and is using the processing key (witch comes together with the matching host key) further to decryt files from the disc to end up with the "volume unique key" with is basicly the universal key for this disc (together with that volume id), i guess volume id and vuk are stored in that tgz file so makemkv does not need to ask the drive for anything and can start decrypting right away by just reading the encrypted files from the disc (just as it would from a iso file)

the most public known keys are from older software players and a older PS3 firmware, most articles about using players like vlc or xbmc for blurays reference to that "older" key files and will only work up to MKB 30 discs, discs newer than that will update the drive via mkb and after that vlc will not be able to use the revoked key, only if using already stored volume id and vuk is still there (libaacs, witch is used by vlc, does cache this valuable data in files so that after such event you can still play the discs you already had played before - but only when the "cached" files are still there)


@Woodstock

> VLC 2.0.5 is probably not new enough to have a working Bluray key for AACS 36.

afaik vlc does not contain any keys for bluray and "only" uses libaacs, even libaacs only provides the procedures to decrypt bluray, for decoding the user has to provide a file (KEYDB.cfg) with the needed host and processing key (or alternativly the same file with different structure containing volume id and vuk for the discs - a key database)
Fawkes
Posts: 21
Joined: Thu May 30, 2013 9:42 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Fawkes »

woodsock was faster and replyed while i was still writing, so a little redundent information in my reply

@woodstock

> and refuses to let those keys access any BD with encrypted content, even if it worked previously.

imho not correct, it denys to get the volume id (witch is not stored in the normal file system of the disc), to read just files (encrypted) from disc you dont need anything, but the encrypted files are useless without the "hidden" volume id and the keys (mainly processing key) to decrypt
Wookie
Posts: 11
Joined: Sat Jun 29, 2013 11:21 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Wookie »

Fawkes wrote:if you know how the bluray aacs "game" is played some of the questions would be ansering itself
We'll I've been reading as much as I can find on the net about AACS, any good links I should read ?
Fawkes wrote:you said your drive is able to read 6 of 30 disks if this 6 discs are encrypted and still play without the *.tgz files (new tgz is created) then the drive does work in the matter of bluray decryption
So far I've been able to rip the following... all are UK versions... Blade Runner Final Cut, Blood Diamond, Goodfellas, Hancock, Shooter, The Dark Knight.

Some of the discs I've tried without success... Batman Begins, Shawshank Redemption, Casino, Total Recall (Original) (US Disc), Inception, Kill Bill 1 & 2... etc

I have the *.tgz files for successful discs and for ones that won't work, are they any good to you ?

I've just tried TDK again and I can still access the disc as long as I have the following line in KEYDB.txt...

Code: Select all

2637E7A1C88E2DA3C35C6D4E3B0EE065DFB2F6D0 = THE DARK KNIGHT | D | 2008-10-17 | M | 71FBE7643F4B597D45E729686B99C700 | I | 11D38EF64E8BBE6328B97E11BE30DA03 | V | 3CAE8D854859B9277DD4D6A53585A8F4
If I delete it I get the following error messages...

Code: Select all

Can't read AACS VID from disc - most likely current AACS host certificate is revoked by your drive
Highest AACS version is v28 , MKB saved as /home/wookie/.MakeMKV/MKB_v28_TOTAL_RECALL.tgz
The volume key is unknown for this disc - video can't be decrypted
If the the line is in KEYDB.txt I get ...

Code: Select all

Can't read AACS VID from disc - most likely current AACS host certificate is revoked by your drive
Highest AACS version is v28 , MKB saved as /home/wookie/.MakeMKV/MKB_v28_TOTAL_RECALL.tgz
Title #00007.mpls has length of 340 seconds which is less than minimum title length of 1800 seconds and was therefore skipped
Title #00008.mpls has length of 30 seconds which is less than minimum title length of 1800 seconds and was therefore skipped
File 00201.mpls was added as title #0
<snip>
Operation successfully completed
I hope this sheds some light...
Fawkes
Posts: 21
Joined: Thu May 30, 2013 9:42 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Fawkes »

> We'll I've been reading as much as I can find on the net about AACS, any good links I should read ?

just in case, that was no critics from my part, i for myself found it helpfull to know the rough theory how the process works
try those limks
http://en.wikipedia.org/wiki/Advanced_A ... ent_System
http://forum.doom9.org/showthread.php?p ... post955660
https://wiki.archlinux.org/index.php/Bl ... ertificate
http://www.serenux.com/2009/09/howto-de ... ng-ubuntu/
the last link about bd+ is only good for knowledge, the method/programm used there was not developed further so it does not work for actual bd+ discs


the recent version of libaacs use this format for keydb.cfg
0x... = TITLE | D | xxxx-xx-x | V | 0x... | M | 0x... | I | 0x...
when using it as key database (vid/vuk, every disc needs a entry)
libaacs can not be used at the same time with host und processing keys inside the file
| PK | 0x...
| HC | HOST_PRIV_KEY 0x...
| HOST_CERT 0x...
| HOST_NONCE 0x...
| HOST_KEY_POINT 0x
it has to be a file either with vid/vuk OR host and processing keys

if makemkv is using a keydb.cfg (older format without the leading 0x before keys) and a valid enty (vid and vuk) is present then makemkv does not use the own hostkey and processing key (mainly key a player needs to decrypt every bluray - as long as those keys are not revoked), with vid and vuk everythink what is needed to decode is there (you could even take a iso drive emulator with the encrypted files of the bluray)
if a actual makemkv version (1.8.3, with the newest host and processing key inside) and no additional files present it will "ask" the drive for the vid with its host key from inside makemkv and it should get the vid back

if the 6 titels you counted as working are titels with "known" vid/vuk then makemkv did no of the "magic" it can do (aacs), it just reads the encrypted files (as any programm can do) and used the documented decrytion path in the same way libaacs could do, the "magic" are the well hidden "ripped" keys for aacs that can be revoked with newer MKB versions (ok, makemkv can do much more then decrypt, other tools can handle m2ts files too but can not rip/decrypt aacs/bd+)
that was not what i meant, was i meant was that if one disc works without the help of any additional file/key (just plain makemkv) then the drive and decryption does work
if the drives does not accept the host key to spill out the vid then the first guess would be that you use an older version of makemkv, you log showed 1.8.3 so that does not seem to be the case and the used disc had MKB 28 (witch should even work with the later revoked ps3 host key's)

>Can't read AACS VID from disc - most likely current AACS host certificate is revoked by your drive

well, no answer with vid from drive, no vid means no further steps in decoding
that there was no vid COULD mean the host key was not valid but makemkv 1.8.3 has a volid hsot key so it has to be something else

if the drive shows an older MKB version then the disc in the drive then something is wrong, the MKB should be read from disc and written to the drives firmware witout the user or a programm (firmware internal function)
maybe you try first with a disc that has a lower MKB number and if that works (host key -> vid -> ...) then put in a disc with a higher MKB and just wait a minute to give the drive time to "chew" the new MKB, after that the drive should show the newer MKB, if not the drive is not working properly (I'm just ruling out the option that makemkv does not show the correct information)
there are drive firmware mod's with the intentsion that the drive alway spills out the vid, even if the host key is not valid but they seem only to exist for older drives
you could try to reflash the original firmware just to rule out that the drive has a badly modyfied firmware (unlikely but possible)

ps: making the drive spill ou the vid "for free" with a firmware mod does not help so much, you still need a valid processing key and those are hidden in the player as well as the host key
Wookie
Posts: 11
Joined: Sat Jun 29, 2013 11:21 pm

Re: Can't read AACS VID from disc - most likely current AACS

Post by Wookie »

Fawkes wrote:if makemkv is using a keydb.cfg (older format without the leading 0x before keys) and a valid enty (vid and vuk) is present then makemkv does not use the own hostkey and processing key (mainly key a player needs to decrypt every bluray - as long as those keys are not revoked), with vid and vuk everythink what is needed to decode is there
That's what is happening in my case, makemkv is using the vuk from keydb.cfg to decode the disc, if the vuk isn't there I can't read the disc.
I've checked the keydb.cfg file, all 6 films I've been able to read have vuk codes. Does anyone have a better keydb.cfg file than the one I'm using ? It's in the older format without the leading 0x before the keys....
Fawkes wrote:if a actual makemkv version (1.8.3, with the newest host and processing key inside) and no additional files present it will "ask" the drive for the vid with its host key from inside makemkv and it should get the vid back
I understand that, but it isn't working for me.
Fawkes wrote:if the drive shows an older MKB version then the disc in the drive then something is wrong, the MKB should be read from disc and written to the drives firmware witout the user or a programm (firmware internal function)
maybe you try first with a disc that has a lower MKB number and if that works (host key -> vid -> ...) then put in a disc with a higher MKB and just wait a minute to give the drive time to "chew" the new MKB, after that the drive should show the newer MKB, if not the drive is not working properly (I'm just ruling out the option that makemkv does not show the correct information)
I think you have misunderstood me, If I put a disc with a higher MKB number then the highest MKB number MakeMkv has seen does go up.

However if I go into .makemkv directory and delete the highest number ".tgz" files and then re-run MakeMkv it then claims to have only seen a lower MKB number i.e. the new highest number ".tgz" file. Try it yourself :-)

So it is only quoting the highest MKB number the program has seen, not necessary the highest MKB the drive has seen.
Post Reply