Thats a very good point - the decryption of SD contect on the HDR happens when you move a file from the internal hard drive to an external one. on the HD box its already on an external hard drive, and you would then copy it to another location. i wonder what would happen if we could somehow trick the code into thinking the external hard drive was infact an internal one connected to a dummy SATA controler for example?
Humax recording encryption
- Thread starter af123
- Start date
Drutt
Active Member
It would be good if someone with an HDR could report what happens if an encrypted video on an external drive (copied there with ftp/telnet), was copied via the Humax interface to another drive / volume. That would test whether the source drive just has to be the internal one, or whether the code to decrypt really only exists on the HDR...
Thanks!
Steve
Thanks!
Steve
I suspect that the latter is the case. While testing Foxy I determined that the source drive does not need to be the internal one. Decryption works in both directions.
Trevor Jasper
Member
Steve,
Recorded a few minutes of an HD prog and in telnet copied it to a cifs-mounted share. Then I used the un-protect feature of hmt and then used the Humax on-screen opt+ feature to copy that recording (now not showing the "enc" icon) from the "USB" cifs-mounted drive to the "My Videos" on the internal HDD. I then copied the file off the drive to my PC and it played fine in vlc.
So it appears that it doesn't matter which drive it is from/to, as long as the opt+ facility is used to copy it and does the decrypting.
Trevor
Drutt
Active Member
Thanks for that Trevor and Raydon - It is quite curious that the copy code doesn't do the same thing on the HD - I'm assuming the bulk of the code must be shared with the HDR, as the behaviour is otherwise so similar (including the recently added "copy in the background") - for some reason they must have put a "#ifdef HRD" round it! Maybe the next step would be to compare the Humax code binaries of the two platforms. I imagine it would be pretty hard to isolate the the copy code though.
Steve
Steve
OP
Does anyone have an HDR and another HD or HDR? From what I've read on AVForums it seems that with the new firmware it is possible to stream HD content from an HDR to another Humax. It is either decrypting before streaming in which case it should be possible to work out how the HD is identifying itself to the HDR, or it is passing the encryption keys across so that the HD can do the decryption.
If anyone has two and can test streaming a small portion of HD content, then a packet trace would be very useful! The HDR 1.02.20 firmware actually has tcpdump built in for some reason so the requisite command is just
The file will get big quickly so once streaming has started you can ^C the tcpdump process as the useful information will already be in the output file...
If anyone has two and can test streaming a small portion of HD content, then a packet trace would be very useful! The HDR 1.02.20 firmware actually has tcpdump built in for some reason so the requisite command is just
Code:
humax# tcpdump -w /mod/tcpdump.outThe file will get big quickly so once streaming has started you can ^C the tcpdump process as the useful information will already be in the output file...
Black Hole
May contain traces of nut
Those are the lines I was thinking along (but without the facility or skills to do anything about it).
I never figured I would be management material, thought I was an engineer to the core, but I guess I have discovered there comes a time when one has the experience to "direct" and "suggest" but no longer the skills and energy to "do"
I never figured I would be management material, thought I was an engineer to the core, but I guess I have discovered there comes a time when one has the experience to "direct" and "suggest" but no longer the skills and energy to "do"
I believe the HD content is sent protected with DTCP-IP which I guess is not the same as the on-disk encryption. I believe any product which supports this should work as a client (not sure many exist though). I guess the box waits for the link to be negotiated and then removes the files encryption and then encrypts/protects with DTCP-IP before streaming. Just guessing though!
https://secure.wikimedia.org/wikipedia/en/wiki/Digital_Transmission_Content_Protection
https://secure.wikimedia.org/wikipedia/en/wiki/Digital_Transmission_Content_Protection
OP
Yes, looks like DTCP is what's used:
Code:
humax# sqlite3 /mnt/hd2/dms_cds.db
sqlite> select localUrl, protection from tblMedia join tblResource using (mediaID);
localUrl = /mnt/hd2/My Video/Children/Postman_Pat's_Pirate_Treasure.ts
protection = (NULL)
localUrl = /mnt/hd2/My Video/Children/Films/TMNT_ Teenage Mutant Ninja Turtles_20110313_1710.ts
protection = (NULL)
…
localUrl = /mnt/hd2/My Video/Family Guy/12.18._The_Hand_That_Rocks_the_Wheelchair.ts
protection = DTCP
…Can this database be altered to remove the DTCP flag? Will that allow all content to be shared?
OP
More investigation is definitely warranted. I tried removing the protection column values and then restarting humaxtv but it didn't seem to make a difference.
ratx
New Member
Just got a HDR-FOX-T2, installed af123's mod and have been looking into decrypting content on the box without having to use the remote opt+ copy method - I need an automated way of syncing onto my main file server...
I found a way to decrypt standard content using the built in DNLA server and wget - eg
but HD stuff doesn't work obviously.. so I've just had a look in dms_cds.db and wonder if we need to change more than "protection" eg
The flags seem to be different? I'm a bit of a sqlite3 noob so before I do more googling has anyone tried changing the flags for a HD file to match SD?
I found a way to decrypt standard content using the built in DNLA server and wget - eg
Code:
wget http://127.0.0.1:9000/web/media/$mediaID.TS -O /some/path/filename.tsbut HD stuff doesn't work obviously.. so I've just had a look in dms_cds.db and wonder if we need to change more than "protection" eg
Code:
sqlite> select * from tblResource where mediaID = 79;
55|79|media/79.TS|(NULL)|(NULL)|(NULL)|video/ts|http-get:*:video/ts:*;DLNA.ORG_OP=01;DLNA.ORG_CI=0;DLNA.ORG_FLAGS=01118000000000000000000000000000|6252740608|-1|-1|-1|6589|2|DTCP|-1|-1|32000|12|67108864|(NULL)
sqlite> select * from tblResource where mediaID = 5;
2|5|media/5.TS|(NULL)|(NULL)|(NULL)|video/ts|http-get:*:video/ts:DLNA.ORG_PN=MPEG_TS_SD_EU_ISO;DLNA.ORG_OP=01;DLNA.ORG_CI=0;DLNA.ORG_FLAGS=01100000000000000000000000000000|1285189632|128000|-1|-1|4309|2|(NULL)|-1|-1|48000|0|0|(NULL)The flags seem to be different? I'm a bit of a sqlite3 noob so before I do more googling has anyone tried changing the flags for a HD file to match SD?
ratx
New Member
Just further to this I've found setting protocol, protection, dtcp_emi + dtcp_pcplength to the SD values allow you to wget HD files off the box unencrypted but sadly without a sound stream. Need to do some further experimentation but its progress..
Code:
Stream #0.0[0xc9]: Video: h264, yuv420p, 1440x1080 [PAR 4:3 DAR 16:9], 25 tbr, 90k tbn, 50 tbc
Stream #0.1[0xcd](eng): Subtitle: dvbsubSam Widges
Active Member
Ratx - that's really interesting, keep up the good work!
ratx
New Member
Turns out the lack of audio stream must be a problem with the old version of ffmpeg I use on my linux box - files play with audio in VLC on win7. So we can now get files off the box in HD without having to use the remote or copying it onto a USB/virtual disk - woop!
The HD files still don't appear in the DNLA clients I've tried unfortunately but you can get them using wget / http download etc or just eg point VLC at the URL once you've made the relevant changes and you know the media ID.. So to summarise:
- The file has to have the enc flag removed - I'm using the "auto-unprotect" script to do that - or you can do it via the web interface I think
- You need to make some updates for the HD files in the dms_cds.db database - I am thinking I'll mod the auto-unprotect script to do this shortly but the script I'm using atm is below
- Download the file using the media ID and url eg http://192.168.0.X:9000/web/media/95.TS
To get the list of media ID's remotely I've got a noddy script that logs in and does
Then wget's the files that don't exist on localdisk - uses's rsync to replicate the directory tree on the humax. Really annoyed that you can't use rsync to do it all - but if you decrypt the ts files on the box replacing the originals the humax can't play them back any more
The HD files still don't appear in the DNLA clients I've tried unfortunately but you can get them using wget / http download etc or just eg point VLC at the URL once you've made the relevant changes and you know the media ID.. So to summarise:
- The file has to have the enc flag removed - I'm using the "auto-unprotect" script to do that - or you can do it via the web interface I think
- You need to make some updates for the HD files in the dms_cds.db database - I am thinking I'll mod the auto-unprotect script to do this shortly but the script I'm using atm is below
- Download the file using the media ID and url eg http://192.168.0.X:9000/web/media/95.TS
Code:
#!/bin/sh
export PATH=/mod/bin:/mod/usr/bin:/mod/bin/busybox:/bin:/sbin
if [ -e $1 ]
then
echo "pass mediaID to script";
exit
fi
sqlite3 /mnt/hd2/dms_cds.db "update tblResource set protocol = 'http-get:*:video/ts:DLNA.ORG_PN=MPEG_TS_HD_EU_ISO;DLNA.ORG_OP=01;DLNA.ORG_CI=0;DLNA.ORG_FLAGS=01100000000000000000000000000000' where mediaID = $1";
sqlite3 /mnt/hd2/dms_cds.db "update tblResource set protection = NULL where mediaID = $1";
sqlite3 /mnt/hd2/dms_cds.db "update tblResource set dtcp_emi = 0 where mediaID = $1";
sqlite3 /mnt/hd2/dms_cds.db "update tblResource set dtcp_pcplength = 0 where mediaID = $1";
exit 0
Code:
sqlite3 /mnt/hd2/dms_cds.db 'select localUrl, mediaID, protection from tblMedia join tblResource using (mediaID)'Then wget's the files that don't exist on localdisk - uses's rsync to replicate the directory tree on the humax. Really annoyed that you can't use rsync to do it all - but if you decrypt the ts files on the box replacing the originals the humax can't play them back any more
Black Hole
May contain traces of nut
Let me see if I understand: you make some changes to the recording's properties file (upgrade auto-unprotect), and then by tapping into the Humax' media server interface you can either stream the file decrypted by bypassing DLNA discovery and providing the URL yourself, or copy it decrypted at network speed? Excellent.
What is wget? Are we talking Linux?
What is wget? Are we talking Linux?
ratx
New Member
Yup that's pretty much it in a nutshell
Wget is a unixy utility for downloading files via http/ftp - you can get it for windows though.
All of the the decryption tricks for HD files could be done via the web interface I think - you can already remove the "enc" flag there so should be trivial to make the database updates and provide the link to download the un-encrypted HD file.
Wget is a unixy utility for downloading files via http/ftp - you can get it for windows though.
All of the the decryption tricks for HD files could be done via the web interface I think - you can already remove the "enc" flag there so should be trivial to make the database updates and provide the link to download the un-encrypted HD file.
Black Hole
May contain traces of nut
A "download" button on the web interface? That would be superb!
Owen Smith
Well-Known Member
This thread was about how the encryption itself works on the HDR Fox T2. I was told on Digital Spy to look on hummy.tv for a description of how the crypto works (eg. algorithm and where the key is) and this seems the most appropriate thread, but there are no details. Did anyone get any further than what is in the first half of this thread?
Black Hole
May contain traces of nut
I've not seen any progress on this, no. There was some searching for keys and assumptions about the encryption, but nothing conclusive. It has developed into finding ways to hood-wink the Humax to doing the decryption itself, without having to use the Opt+ menu.