Idea: The ultimate CD/DVD auditing tool
Pondering. Vast majority of the CD/DVD "protection" methods is based on various deviations from the standards, or more accurately, how such deviations are (or aren't) handled by the drive firmware. However, we can sidestep the firmware. The drive contains the moving part with the head assembly. There is an important output signal there: the raw analog signal bounced from the disk and amplified. We can tap it and connect it to a highspeed digital oscilloscope card. And sample obscene amount of data from it. In comparison with fast-enough ADCs, disk space is cheap. The problem can be in bandwidth, but for the drive speed set up to possible minimum (or for "normal" players) the contemporary machines should be sufficient. Real-time operating system (maybe RTOS-Linux) may be necessary. We get the record of the signal captured from the drive's head - raw, with everything - dirt, drop-outs, sector headers, ECC bits. The low-level format is fairly well documented; now we have to postprocess the signal. Conversion from analog to digital data and then from the CD representation to 8-bit-per-byte should be fairly straightforward (at least for someone skilled with digital signal processing). Now we can identify the individual sectors on the disc and extract them to a disc image file that we can handle later by normal means. We can push the idea a step further, making a stripped-down CD/DVD drive that would be able basically just to follow the spiral track with its head in constant linear velocity (easier to analyze than CAV) mode, with the ability to control the speed in accordance with how fast (and expensive) ADC, bus, and disks we have, and the possibility to interrupt/resume scanning anytimes in accordance with how much disk space we have (or to scan just a small area of the disc). As a welcomed side effect, not only we'd get a device for circumvention of just about any contemporary (and possibly a good deal of the future ones) optical media "protections", but we would also get a powerful tool for retrieving data from even very grossly damaged discs, for audit of behavior of CD/DVD writers and CD vendors (eg, if they don't attempt to sneak in something like a hidden serial number of the writer), and for access to all areas of the discs - including the eventual ones unreachable through the drive's own firmware. If we'd fill this idea with water, would it leak? Where? Why?
On Saturday, July 5, 2003, at 07:13 PM, Thomas Shaddack wrote:
Pondering. Vast majority of the CD/DVD "protection" methods is based on various deviations from the standards, or more accurately, how such deviations are (or aren't) handled by the drive firmware.
However, we can sidestep the firmware.
The drive contains the moving part with the head assembly. There is an important output signal there: the raw analog signal bounced from the disk and amplified.
We can tap it and connect it to a highspeed digital oscilloscope card. And sample obscene amount of data from it. In comparison with fast-enough ADCs, disk space is cheap. The problem can be in bandwidth, but for the drive speed set up to possible minimum (or for "normal" players) the contemporary machines should be sufficient. Real-time operating system (maybe RTOS-Linux) may be necessary.
No RTOS/Linux is needed for fast sampling, which has been happening for several decades now. Nor is a digital oscilloscope needed. (FWIW, I used a Nicolet digital oscilloscope, and also a LeCroy CAMAC digitizer, for some high-speed single-shot event capture--the strike of an alpha particle--nearly 25 years ago. The OS for our data collection computers were, variously, RSX-11M and VMS.) Video ADC cards are already vastly capable at sampling video streams.
We get the record of the signal captured from the drive's head - raw, with everything - dirt, drop-outs, sector headers, ECC bits. The low-level format is fairly well documented; now we have to postprocess the signal. Conversion from analog to digital data and then from the CD representation to 8-bit-per-byte should be fairly straightforward (at least for someone skilled with digital signal processing). Now we can identify the individual sectors on the disc and extract them to a disc image file that we can handle later by normal means.
So? Yes, this is all possible. Any moderately well-equipped lab can do this. So?
If we'd fill this idea with water, would it leak? Where? Why?
I have no idea what you mean by "fill this idea with water," but by all means go ahead and rig up such a machine. Personally, I already make about 1-2 recordable DVDs per day, on average, without any hint of copy protection or Macrovision. I usually use the 3-hour speed on my DVD recorder, and can put one high-quality movie on the first part and then, by using a slightly slower speed, another movie on the remaining part. If "DVD quality" is needed, I record at the 2-hour setting. If "better than DVD quality" is needed, as from a DV camcorder source, I record at the 1-hour speed. If you build a machine which has even higher digitization rates, taken ahead of any DVD spec circuitry, you will get about what I am getting at the 1-hour setting. A very limited market for consumers to buy such machines. Video pirate labs very probably already have such rigs set up. --Tim May "Extremism in the pursuit of liberty is no vice."--Barry Goldwater
On 2003-07-06, Thomas Shaddack uttered to cypherpunks:
If we'd fill this idea with water, would it leak? Where? Why?
It wouldn't leak, and I've never really understood why standard ATAPI drives don't allow access to the raw data. As you say, that sort of tool would have quite a number of applications besides piracy. For example, taking MP3 backups of my CD's, I already would have needed error concealment, a feature CD-ROM's do not implement when ripping audio. You can't implement that well without knowing where the error correction step failed, and that data isn't easily available. Also, I've always been fascinated by the fact that there's really no reason to follow the CD specs beyond 8/14 modulation other than compatibility. A writing drive capable of working at such a low level could be used to experiment with new encodings beyond what standard CD's can do -- say, substituting CIRC with RSBC and gaining some extra room on the disc, getting rid of the subchannels, a more intelligent coding of disc addresses... Breaking compatibility wouldn't be too useful, but it sure would be fun. Now you simply can't do it. -- Sampo Syreeni, aka decoy - mailto:decoy@iki.fi, tel:+358-50-5756111 student/math+cs/helsinki university, http://www.iki.fi/~decoy/front openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
participants (3)
-
Sampo Syreeni -
Thomas Shaddack -
Tim May