Category: Computing

Recently I picked up a bluray drive for my PC. As I use Ubuntu as my desktop it would be nice to be able to play back (or rip & convert) movies I own. There is documentation on this, but it is somewhat non-trivial and didn’t work for me.

The model drive I have is the LG CH12LS28 Black 12x Blu-ray Read 16x DVD+/-R/RW Write Combo Drive LightScribe SATA, an amazing amount of technology for the price. Plug it in and away I go. Bluray discs show up just fine (but I lack the software on Ubuntu to play them back), and the other attributes of the drive all appear to check out just fine.

I started out looking into DumpHD. There are multiple bits of software to install to get things to the point where they should work, but I kept hitting the error:

The given Host Certficate / Private Key has been revoked by your drive.

After banging my head on this particular problem for a bit, I then decided to try out makemkv. Installing it takes a bit of doing, but no more than 5 minutes later I was ready to try it out. The end of the error log looked very similar:

Can't read AACS VID from disc - most likely current AACS host certificate is revoked by your drive
The volume key is unknown for this disc - video can't be decrypted
Failed to open disc


However, what I didn’t notice right away was what made it actually fail – this was dumped near the top of the error log:

Drive 'HL-DT-ST BDDVDRW CH12LS28 1.00' requires AACS bus encryption, disc decryption may fail.
Error 'Scsi error - ILLEGAL REQUEST:COPY PROTECTION KEY EXCHANGE FAILURE - AUTHENTICATION FAILURE' occurred while issuing SCSI command

You’d think I’d remember this cardinal rule of debugging – always look at the very first error! So it turns out that the main issue I’m having is AACS bus encryption.

I found a good description of the problem which I’ll rephrase here. AACS bus encryption is a new twist in the story. Bluray has DRM to protect the contents of the media, to access the contents you need to unlock the DRM. Previous to AACS bus encryption the player software would have the key, pass it to the drive, and the content would stream decoded over the sata bus to the player. This let all sorts of traffic ‘sniffing’ attacks happen to the data on the bus. Newer drives (mine include) support additional encryption of the data over the sata bus to block these sniffing attacks. Both makemkv and DumpHD (currently) depend on these sniffing attacks. There is a thread on makemkv on this topic.

As with any DRM scheme, it can be broken for the simple reason that decoding the disc on a computer is a legitimate thing to do using licensed software. Thus all of the magic to decode the disc can be stored on your computer, it is just a matter of knowing the secret to the trick. Sadly, today there is no licensed software for Linux.

Off to windows I went (the same PC I run Linux on, also has a licensed Windows XP install). I dutifully installed the software that came with my new bluray drive – a free copy of PowerDVD 9. I was very sad to see this as the result:

I’m running a fairly economical setup on a core i3 using onboard graphics. What’s burning me here is the lack of suitable graphics drivers from Intel to support HDCP (yes, more DRM). I can either buy a graphics card that supports the right kind of drivers, or upgrade to Windows Vista (or beyond). While I could use this as the excuse to buy a graphics card, I’m certain there is a way to do this in software.

The solution ended up being a combination of three elements:

1. AnyDVD HD
2. UDF 2.5 Filesystem viewer
3. DAUM POTPlayer

AnyDVD HD solves both the AACS bus encryption and DRM issue. It is a driver that accesses the bluray drive directly (avoiding the bus encryption) and can unlock the DRM. There is a free trial.

Since Windows XP can’t read a UDF 2.5 filesystem, which is how the data on a bluray is stored, we need a utility that allows this to be done.

The DAUM POTPlayer can manage to play back bluray content, assuming it has been decrypted (thanks to AnyDVD HD) and is visible as files on disk (UDF 2.5 filesytem). The result you can see evidence of in the screen capture at the top of this post. The experience isn’t very user friendly, but it works well enough.

Most of us have a multitude of online systems we connect to, some on a regular basis and others from time to time. Each of these systems usually has a unique user ID and password. How many of these can we reasonably remember? Many, many people attempt to keep at least the passwords aligned across systems and often user name as well. The risk is that one of these systems is compromised (or worse, malicious) and suddenly someone other than you has the keys to the castle.

There is also the challenge of picking a strong password. There are several online password generators, and tools that help verify the strength of a password. For a while I was relying on my browser to remember my password (via a cookie) and using randomly generated passwords, when the cookie expired I’d use the “I lost my password” feature to fix it (or just recreate a user). This works ok for throw-away sites (web forums) but really sucks for a site like PayPal.

So I was guilty of password re-use across a number of sites. No longer now that I’ve moved to KeePass. Of course, now I need to ensure that I have one password (for KeePass) that I will not forget and is secure enough. To help in creating one I’ll reference a great article on the usability of passwords, I encourage everyone to read this.

You can get versions of KeePass for almost any platform. For my needs I needed to cover Windows, Linux and Android. On first launch you’ll be asked to create a database (to store passwords) and assign it a password and/or a keyfile.

From the documentation “Key files provide better security than master passwords in most cases. You only have to carry the key file with you, for example on a floppy disk, USB stick, or you can burn it onto a CD. Of course, you shouldn’t lose this disk then.” This is a neat option, but not very practical on my NexusOne.

Once you’ve created your .kdb database on one of your systems, in my case an Ubuntu box – you can move that DB to other systems you’ve got KeePass on. The Android app KeePassDroid happily consumed the (1.x) database created by KeePassX. You need to figure out a method for synchronizing that database across your systems, some people use dropbox or just simply scp.

By using KeePass it is easy to create strong passwords (a generator is built into the app) and track your unique user id and password for all sites you access. Giving yourself a rule that says you’ll switch to a KeePass based password on your next visit to the site will help you move over relatively quickly.

If you need any more encouragement to rethink how you handle passwords and account, just do a quick google search. Better to lose control of one account than all.