content key is in .ckf file just as usual , scrambled
and am again away...
denny
@ 00b6e994 R5 = _ZN18RpspContentKeyFile18SetEncryptedStgKeyEPhj(* R6, R4, 0x80, R3); ; key is here .....!!!!
Code: Select all
00b6e7f8 /* push LR */
00b6e7f8 /* push R10 */
00b6e7f8 /* push R8 */
00b6e7f8 /* push R7 */
00b6e7f8 /* push R6 */
00b6e7f8 /* push R5 */
00b6e7f8 /* push R4 */
00b6e800 R7 = & dest;
00b6e804 R4 = 0x10;
00b6e808 R6 = R0;
00b6e810 R8 = R1;
00b6e81c R3 = 0x7e0;
00b6e820 var_28 = R3;
00b6e824 memcpy(R7, off_23C39F4, R4);
00b6e834 Cond = _ZN10RpspCrypto3RNGEPhj(* (R6 + 0x20c), 4, R2, R3);
00b6e838 if (Cond == 0) goto loc_B6E890;
00b6e83c loc_B6E83C:
00b6e844 R0 = _ZN18RpspContentKeyFile10SetVersionEh(* R6, 1, R2, R3);
00b6e848 Cond = R0 - 0;
00b6e848 R5 = R0 - 0;
00b6e84c if (Cond == 0) goto loc_B6E85C;
00b6e850 loc_B6E850:
00b6e850 R0 = R5;
00b6e858 /* pop */
00b6e858 /* pop */
00b6e858 /* pop */
00b6e858 /* pop */
00b6e858 /* pop */
00b6e858 /* pop */
00b6e858 return R0;
00b6e85c loc_B6E85C:
00b6e864 R0 = _ZN18RpspContentKeyFile6SetCCIEh(* R6, * (R6 + 0x21c), R2, R3);
00b6e868 Cond = R0 - 0;
00b6e868 R5 = R0 - 0;
00b6e86c if (Cond != 0) goto loc_B6E850;
00b6e870 R3 = * (R6 + 4);
00b6e874 R1 = * (R3 + 4);
00b6e878 Cond = R1 - 1;
00b6e87c if (Cond == 0) goto loc_B6EA6C;
00b6e880 Cond = R1 - 2;
00b6e884 if (Cond == 0) goto loc_B6E8DC;
00b6e888 R5 = 0xff000010;
00b6e88c goto loc_B6E850;
00b6e890 loc_B6E890:
00b6e898 _ZN10RpspCrypto3RNGEPhj(* (R6 + 0x214), R4, R2, R3);
00b6e8ac memcpy(* (R6 + 4) + 0x20, * (R6 + 0x214), R4);
00b6e8bc Log4DRM_SetFileInfo(RpspLogCTX, "/home/dblee/Valencia_DVB_EU_Prj/AP_PVRSS/AP_PvrDRM/Src/RpspRecordManager.cpp", 0x18f, R3);
00b6e8d0 var_68 = R4;
00b6e8d4 Log4DRM_LogByte(RpspLogCTX, 2, "RecordManager->ContentKey", * (R6 + 0x214));
00b6e8d8 goto loc_B6E83C;
00b6e8dc loc_B6E8DC:
00b6e8dc R1 = R1 + 15;
00b6e8e0 loc_B6E8E0:
00b6e8e4 R0 = _ZN18RpspContentKeyFile14SetAlgorithmIdEh(* R6, R1, R2, R3);
00b6e8e8 Cond = R0 - 0;
00b6e8e8 R5 = R0 - 0;
00b6e8ec if (Cond != 0) goto loc_B6E850;
00b6e8fc R0 = _ZN18RpspContentKeyFile8SetStgIdEPhj(* R6, * (R6 + 0x224), 5, R3);
00b6e900 Cond = R0 - 0;
00b6e900 R5 = R0 - 0;
00b6e904 if (Cond != 0) goto loc_B6E850;
00b6e914 R0 = _ZN18RpspContentKeyFile9SetHostIdEPhj(* R6, * (R6 + 0x210), 5, R3);
00b6e918 Cond = R0 - 0;
00b6e918 R5 = R0 - 0;
00b6e91c if (Cond != 0) goto loc_B6E850;
00b6e92c R0 = _ZN18RpspContentKeyFile17SetManufacturerIdEPhj(* R6, key_hearder_0x00_0xEC, 2, R3);
00b6e930 Cond = R0 - 0;
00b6e930 R5 = R0 - 0;
00b6e934 if (Cond != 0) goto loc_B6E850;
00b6e944 R0 = _ZN18RpspContentKeyFile12SetContentIdEPhj(* R6, * (R6 + 0x20c), 4, R3);
00b6e948 Cond = R0 - 0;
00b6e948 R5 = R0 - 0;
00b6e94c if (Cond != 0) goto loc_B6E850;
00b6e95c R0 = _ZN18RpspContentKeyFile13SetContentKeyEPhS0_(* R6, * (R6 + 0x220), * (R6 + 0x214), R3);
00b6e960 Cond = R0 - 0;
00b6e960 R5 = R0 - 0;
00b6e964 if (Cond != 0) goto loc_B6E850;
00b6e970 R0 = calloc(R0 + 0x80, 1);
00b6e97c R4 = R0;
00b6e980 memset(R0, 0xaf, 0x80);
00b6e994 R5 = _ZN18RpspContentKeyFile18SetEncryptedStgKeyEPhj(* R6, R4, 0x80, R3); ; [b]key is here .....!!!![/b]
00b6e99c free(R4);
00b6e9a0 Cond = R5;
00b6e9a4 if (Cond != 0) goto loc_B6E850;
00b6e9b4 R0 = _ZN18RpspContentKeyFile11SetStgNonceEPhj(* R6, R7, 0x10, R3);
00b6e9b8 Cond = R0 - 0;
00b6e9b8 R5 = R0 - 0;
00b6e9bc if (Cond != 0) goto loc_B6E850;
00b6e9c8 R0 = _ZN18RpspContentKeyFile12GenerateCMACEPh(* R6, * (R6 + 0x220), R2, R3);
00b6e9cc Cond = R0 - 0;
00b6e9cc R5 = R0 - 0;
00b6e9d0 if (Cond != 0) goto loc_B6E850;
00b6e9d4 R4 = & var_48;
00b6e9d8 R7 = & var_21;
00b6e9dc R10 = & var_60;
00b6e9e0 var_48 = R5;
00b6e9e4 var_44 = R5;
00b6e9e8 var_40 = R5;
00b6e9ec var_3C = R5;
00b6ea00 _ZN11RpspUsbInfo13CreateUsbInfoEP17_usbInfoEx_in_ckfPK10_usbUniquePh(R7, R10, R8, R4);
00b6ea10 _ZN11RpspUsbInfo9GetUsbKeyEPhPK10_usbUnique(R7, R4, R8, R3);
00b6ea20 _ZN18RpspContentKeyFile10SetUsbInfoEPK17_usbInfoEx_in_ckfPh(* R6, R10, R4, R3);
00b6ea2c var_3C = R5;
00b6ea30 var_48 = R5;
00b6ea34 var_44 = R5;
00b6ea38 var_40 = R5;
00b6ea3c R0 = calloc(0x7e0, 1);
00b6ea44 R7 = R0;
00b6ea54 Cond = _ZN18RpspContentKeyFile12SerializeAllEPhPj(* R6, R0, & var_28, R3);
00b6ea58 if (Cond == 0) goto loc_B6EA8C;
00b6ea5c loc_B6EA5C:
00b6ea60 free(R7);
00b6ea64 R5 = -2;
00b6ea68 goto loc_B6E850;
00b6ea6c loc_B6EA6C:
00b6ea6c R3 = * (R3 + 8);
00b6ea70 Cond = R3 - 1;
00b6ea74 if (Cond == 0) goto loc_B6E8E0;
00b6ea78 Cond = R3 - 2;
00b6ea7c if (Cond != 0) goto loc_B6EA80;
00b6ea7c R1 = R4;
00b6ea80 loc_B6EA80:
00b6ea80 if (Cond == 0) goto loc_B6E8E0;
00b6ea84 R5 = 0xff000010;
00b6ea88 goto loc_B6E850;
00b6ea8c loc_B6EA8C:
00b6ea8c R3 = var_28;
00b6ea90 Cond = R3 - 0x7e0;
00b6ea94 if (Cond != 0) goto loc_B6EA5C;
00b6eaa4 Log4DRM_SetFileInfo(RpspLogCTX, "/home/dblee/Valencia_DVB_EU_Prj/AP_PVRSS/AP_PvrDRM/Src/RpspRecordManager.cpp", 0x219, R3);
00b6eaa8 R4 = R6 + 12;
00b6eabc Log4DRM_Log(RpspLogCTX, 2);
00b6ead4 R5 = _ZN8RpspUtil11WriteToFileEPKcPhjh(R4, R7, var_28, 0x11);
00b6eadc free(R7);
00b6eae0 goto loc_B6E850;