mkey dump tool available

[Denny]

maybee that is not all you need.

content key is in .ckf file just as usual , scrambled

and am again away...

denny

@ 00b6e994 R5 = _ZN18RpspContentKeyFile18SetEncryptedStgKeyEPhj(* R6, R4, 0x80, R3); ; key is here .....!!!!

Code: Select all

00b6e7f8   /* push LR */
00b6e7f8   /* push R10 */
00b6e7f8   /* push R8 */
00b6e7f8   /* push R7 */
00b6e7f8   /* push R6 */
00b6e7f8   /* push R5 */
00b6e7f8   /* push R4 */
00b6e800   R7 = & dest;
00b6e804   R4 = 0x10;
00b6e808   R6 = R0;
00b6e810   R8 = R1;
00b6e81c   R3 = 0x7e0;
00b6e820   var_28 = R3;
00b6e824   memcpy(R7, off_23C39F4, R4);
00b6e834   Cond = _ZN10RpspCrypto3RNGEPhj(* (R6 + 0x20c), 4, R2, R3);
00b6e838   if (Cond == 0) goto loc_B6E890;

00b6e83c loc_B6E83C:
00b6e844   R0 = _ZN18RpspContentKeyFile10SetVersionEh(* R6, 1, R2, R3);
00b6e848   Cond = R0 - 0;
00b6e848   R5 = R0 - 0;
00b6e84c   if (Cond == 0) goto loc_B6E85C;

00b6e850 loc_B6E850:
00b6e850   R0 = R5;
00b6e858   /* pop  */
00b6e858   /* pop  */
00b6e858   /* pop  */
00b6e858   /* pop  */
00b6e858   /* pop  */
00b6e858   /* pop  */
00b6e858   return R0;

00b6e85c loc_B6E85C:
00b6e864   R0 = _ZN18RpspContentKeyFile6SetCCIEh(* R6, * (R6 + 0x21c), R2, R3);
00b6e868   Cond = R0 - 0;
00b6e868   R5 = R0 - 0;
00b6e86c   if (Cond != 0) goto loc_B6E850;

00b6e870   R3 = * (R6 + 4);
00b6e874   R1 = * (R3 + 4);
00b6e878   Cond = R1 - 1;
00b6e87c   if (Cond == 0) goto loc_B6EA6C;

00b6e880   Cond = R1 - 2;
00b6e884   if (Cond == 0) goto loc_B6E8DC;

00b6e888   R5 = 0xff000010;
00b6e88c   goto loc_B6E850;

00b6e890 loc_B6E890:
00b6e898   _ZN10RpspCrypto3RNGEPhj(* (R6 + 0x214), R4, R2, R3);
00b6e8ac   memcpy(* (R6 + 4) + 0x20, * (R6 + 0x214), R4);
00b6e8bc   Log4DRM_SetFileInfo(RpspLogCTX, "/home/dblee/Valencia_DVB_EU_Prj/AP_PVRSS/AP_PvrDRM/Src/RpspRecordManager.cpp", 0x18f, R3);
00b6e8d0   var_68 = R4;
00b6e8d4   Log4DRM_LogByte(RpspLogCTX, 2, "RecordManager->ContentKey", * (R6 + 0x214));
00b6e8d8   goto loc_B6E83C;

00b6e8dc loc_B6E8DC:
00b6e8dc   R1 = R1 + 15;

00b6e8e0 loc_B6E8E0:
00b6e8e4   R0 = _ZN18RpspContentKeyFile14SetAlgorithmIdEh(* R6, R1, R2, R3);
00b6e8e8   Cond = R0 - 0;
00b6e8e8   R5 = R0 - 0;
00b6e8ec   if (Cond != 0) goto loc_B6E850;

00b6e8fc   R0 = _ZN18RpspContentKeyFile8SetStgIdEPhj(* R6, * (R6 + 0x224), 5, R3);
00b6e900   Cond = R0 - 0;
00b6e900   R5 = R0 - 0;
00b6e904   if (Cond != 0) goto loc_B6E850;

00b6e914   R0 = _ZN18RpspContentKeyFile9SetHostIdEPhj(* R6, * (R6 + 0x210), 5, R3);
00b6e918   Cond = R0 - 0;
00b6e918   R5 = R0 - 0;
00b6e91c   if (Cond != 0) goto loc_B6E850;

00b6e92c   R0 = _ZN18RpspContentKeyFile17SetManufacturerIdEPhj(* R6, key_hearder_0x00_0xEC, 2, R3);
00b6e930   Cond = R0 - 0;
00b6e930   R5 = R0 - 0;
00b6e934   if (Cond != 0) goto loc_B6E850;

00b6e944   R0 = _ZN18RpspContentKeyFile12SetContentIdEPhj(* R6, * (R6 + 0x20c), 4, R3);
00b6e948   Cond = R0 - 0;
00b6e948   R5 = R0 - 0;
00b6e94c   if (Cond != 0) goto loc_B6E850;

00b6e95c   R0 = _ZN18RpspContentKeyFile13SetContentKeyEPhS0_(* R6, * (R6 + 0x220), * (R6 + 0x214), R3);
00b6e960   Cond = R0 - 0;
00b6e960   R5 = R0 - 0;
00b6e964   if (Cond != 0) goto loc_B6E850;

00b6e970   R0 = calloc(R0 + 0x80, 1);
00b6e97c   R4 = R0;
00b6e980   memset(R0, 0xaf, 0x80);  
00b6e994   R5 = _ZN18RpspContentKeyFile18SetEncryptedStgKeyEPhj(* R6, R4, 0x80, R3);  ; [b]key is here .....!!!![/b]
00b6e99c   free(R4);
00b6e9a0   Cond = R5;
00b6e9a4   if (Cond != 0) goto loc_B6E850;

00b6e9b4   R0 = _ZN18RpspContentKeyFile11SetStgNonceEPhj(* R6, R7, 0x10, R3);
00b6e9b8   Cond = R0 - 0;
00b6e9b8   R5 = R0 - 0;
00b6e9bc   if (Cond != 0) goto loc_B6E850;

00b6e9c8   R0 = _ZN18RpspContentKeyFile12GenerateCMACEPh(* R6, * (R6 + 0x220), R2, R3);
00b6e9cc   Cond = R0 - 0;
00b6e9cc   R5 = R0 - 0;
00b6e9d0   if (Cond != 0) goto loc_B6E850;

00b6e9d4   R4 = & var_48;
00b6e9d8   R7 = & var_21;
00b6e9dc   R10 = & var_60;
00b6e9e0   var_48 = R5;
00b6e9e4   var_44 = R5;
00b6e9e8   var_40 = R5;
00b6e9ec   var_3C = R5;
00b6ea00   _ZN11RpspUsbInfo13CreateUsbInfoEP17_usbInfoEx_in_ckfPK10_usbUniquePh(R7, R10, R8, R4);
00b6ea10   _ZN11RpspUsbInfo9GetUsbKeyEPhPK10_usbUnique(R7, R4, R8, R3);
00b6ea20   _ZN18RpspContentKeyFile10SetUsbInfoEPK17_usbInfoEx_in_ckfPh(* R6, R10, R4, R3);
00b6ea2c   var_3C = R5;
00b6ea30   var_48 = R5;
00b6ea34   var_44 = R5;
00b6ea38   var_40 = R5;
00b6ea3c   R0 = calloc(0x7e0, 1);
00b6ea44   R7 = R0;
00b6ea54   Cond = _ZN18RpspContentKeyFile12SerializeAllEPhPj(* R6, R0, & var_28, R3);
00b6ea58   if (Cond == 0) goto loc_B6EA8C;

00b6ea5c loc_B6EA5C:
00b6ea60   free(R7);
00b6ea64   R5 = -2;
00b6ea68   goto loc_B6E850;

00b6ea6c loc_B6EA6C:
00b6ea6c   R3 = * (R3 + 8);
00b6ea70   Cond = R3 - 1;
00b6ea74   if (Cond == 0) goto loc_B6E8E0;

00b6ea78   Cond = R3 - 2;
00b6ea7c   if (Cond != 0) goto loc_B6EA80;

00b6ea7c   R1 = R4;

00b6ea80 loc_B6EA80:
00b6ea80   if (Cond == 0) goto loc_B6E8E0;

00b6ea84   R5 = 0xff000010;
00b6ea88   goto loc_B6E850;

00b6ea8c loc_B6EA8C:
00b6ea8c   R3 = var_28;
00b6ea90   Cond = R3 - 0x7e0;
00b6ea94   if (Cond != 0) goto loc_B6EA5C;

00b6eaa4   Log4DRM_SetFileInfo(RpspLogCTX, "/home/dblee/Valencia_DVB_EU_Prj/AP_PVRSS/AP_PvrDRM/Src/RpspRecordManager.cpp", 0x219, R3);
00b6eaa8   R4 = R6 + 12;
00b6eabc   Log4DRM_Log(RpspLogCTX, 2);
00b6ead4   R5 = _ZN8RpspUtil11WriteToFileEPKcPhjh(R4, R7, var_28, 0x11);
00b6eadc   free(R7);
00b6eae0   goto loc_B6E850;

[arris69]

...

I thought the same thing. I will do some tests switching the port from debug menu.
The encoder chip is connected using usb not ttyS.

aha, wondered why CONFIG_USB_SERIAL_FTDI_SIO=m was enabled

....