AACS 2.0 uses different public keys than AACS 1.0. While public by definition, they are not known. Skip content certificate signature validation so that AACS 2.0 media can be played under certain conditions: - "UHD friendly" drive is used, those are AACS 1.0 drives that can read UHD media - non-revoked AACS 1.0 host certificate is available - disc VUK is available
Official UHD drives, that implement AACS 2.0 will not work. Special drive is needed because AACS 2.0 mandates bus encryption. With bus encryption, even with valid disc VUK data is still encrypted by the drive on the fly. The so called UHD friendly drives bypass that. --- src/libaacs/content_cert.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/libaacs/content_cert.c b/src/libaacs/content_cert.c index 5618ac0..ec0d46d 100644 --- a/src/libaacs/content_cert.c +++ b/src/libaacs/content_cert.c @@ -40,7 +40,7 @@ CONTENT_CERT *cc_parse(const void *data, size_t len) BD_DEBUG(DBG_AACS | DBG_CRIT, "Invalid content certificate (length %zd < 87)\n", len); return NULL; } - if (p[0] != 0) { + if (p[0] != 0 && p[0] != 0x10) { BD_DEBUG(DBG_AACS | DBG_CRIT, "Invalid content certificate type 0x%02x\n", p[0]); return NULL; } @@ -58,9 +58,9 @@ CONTENT_CERT *cc_parse(const void *data, size_t len) return NULL; } - /* check signature */ + /* check signature only for AACS 1.0 content certificates */ - if (!crypto_aacs_verify_aacscc(p + cert_data_len, p, cert_data_len)) { + if (p[0] == 0 && !crypto_aacs_verify_aacscc(p + cert_data_len, p, cert_data_len)) { BD_DEBUG(DBG_AACS | DBG_CRIT, "Invalid content certificate signature\n"); return NULL; } -- 2.15.1 _______________________________________________ libaacs-devel mailing list libaacs-devel@videolan.org https://mailman.videolan.org/listinfo/libaacs-devel