You are not logged in.
Hi,
The current libaacs is broken if a VUK is not known for a particular BR disk, even though the required keys are in place (processing keys). Symptoms: aacs_info fails with the errors below ("Missing item in object"). Any program trying to decrypt the disc using libaacs, will fail with similar errors. The discs are playable if the VUK is known, or VUK is figured out manually with aacskeys and pasted into KEYDB.cfg. The point of this post is the lack of automation.
I'm posting here instead of making a bug report, since I want to rule out the fact I may have something broken in my config. Can anyone here reproduce this? I'm quite certain that this worked before. If this is not a configuration error, I will file the appropriate bug report.
I believe this may have something to do with an incompatible gcrypt library, according to some google results, but that is just a guess and I haven't investigated further (and I'm not sure how to debug this further).
To reproduce: Make sure you are decrypting a disk for which the VUK is not known. You can reproduce the conditions for the bug for any disc, by removing the VUK from libaacs cache files. In any case, if you can decrypt a particular bluray disc, follow these steps to make sure you have not cached the VUK:
If you are lazy, aacs_info fails regardless if you have the VUK cached or not (I believe it is the same issue, that is facing any program using libaacs).
Run 'aacskey /run/media/USERNAME/MOUNTPOINT' and note the VUK
Check that the VUK is not cached in ~/.cache/aacs/vuk/*
Check that the VUK is not cached in ~/.config/aacs/KEYDB.cfg
Re-run aacskey with -v, note MKBv of the particular disc
Make sure you have the processing key required for the MKBv in ~/.config/aacs/KEYDB.cfg
(grep for the VUK in steps 2. and 3. and (temporarily) delete it.
No libaacs-using program (mpv, mplayer, kodi) works automatically, as they should be able to (but aacskeys still works and can retrieve the VUK if you have the correct processing key - libaacs should be able to do the same).
$ aacs_info /[MY_DISC_MOUNTPOINT]
Opening /[MY_DISC_MOUNTPOINT] using libaacs 0.8.1 ...
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
aacs.c:160: invalid drl signature, not using it
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
aacs.c:160: invalid hrl signature, not using it
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
mmc.c:654: Drive does not support reading drive certificate
aacs.c:883: Unable to read drive certificate
libaacs open failed: No valid certificates in configuration file(s)
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
aacs.c:1164: aacs_get_vid() failed
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
Disc ID: 36A8CE3A1A65FC870CA3DA6EF7DB03E9626A1758
VID : ???
MKBv : 28
PMSN : ???
Bus encryption:
Device support: no
Enabled in media: no
Device binding ID: CF45F685C62A211067B13A784D804417
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
aacs.c:1243: invalid signature in cached hrl
Host Revocation List (MKB version 0):
(empty)
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
aacs.c:1243: invalid signature in cached drl
Drive Revocation List (MKB version 0):
(empty)
$ mpv bd://
Playing: bd://
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
crypto.c:516: _aacs_verify: gcry_pk_verify failed. error was: Missing item in object
mmc.c:654: Drive does not support reading drive certificate
aacs.c:883: Unable to read drive certificate
dec.c:208: aacs_open() failed!
[bd] AACS error: no valid certificate
No protocol handler found to open URL bd://
The protocol is either unsupported, or was disabled at compile-time.
Exiting... (Errors when loading file)
$ LANG=C pacaur -Qi libaacs && LANG=C pacaur -Qi libgcrypt
Name : libaacs
Version : 0.8.1-1
Description : Advanced Access Content System
Architecture : x86_64
URL : http://www.videolan.org/developers/libaacs.html
Licenses : LGPL
Groups : None
Provides : None
Depends On : libgcrypt
Optional Deps : None
Required By : None
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 128.00 KiB
Packager : Martin Wimpress <code@flexion.org>
Build Date : Mon Jun 8 18:38:56 2015
Install Date : Wed Mar 2 20:42:09 2016
Install Reason : Explicitly installed
Install Script : No
Validated By : Signature
Name : libgcrypt
Version : 1.7.0-2
Description : General purpose cryptographic library based on the code from GnuPG
Architecture : x86_64
URL : http://www.gnupg.org
Licenses : LGPL
Groups : None
Provides : None
Depends On : libgpg-error>=1.10-2
Optional Deps : None
Required By : afpfs-ng chromium cryptsetup gcr gnome-vfs gnupg gwenhywfar kwallet-pam lib32-libgcrypt
libaacs libgnome-keyring libmicrohttpd libotr libsecret libsystemd libxslt mesa smbclient
systemd telegram-purple xorg-server xorg-server-xephyr
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 1316.00 KiB
Packager : Andreas Radke <andyrtr@archlinux.org>
Build Date : Wed Apr 27 22:08:13 2016
Install Date : Sun May 1 16:52:34 2016
Install Reason : Installed as a dependency for another package
Install Script : No
Validated By : Signature
EDIT: Some typos and minor wording clarifications
Last edited by Wild Penguin (2016-06-04 11:33:25)
Offline
Just FYI, if someone is in the same boat: I installed makemkv-libaacs, as I noticed that some had success with it in this other thread that is somewhat old, though. It seems that is a slightly different libaacs version, that does not seem to cache any VUK's in ~/.cache/aacs nor ~/.config/aacs. That version seemed to work with mplayer on the thread, but it seems it does not work with mplayer nor mpv anymore (they report libaacs is not initialized), but it does work with kodi.
There still a problem with the community/libaacs, so unless there's someone with more insight, I think the behaviour is a real a bug.
Last edited by Wild Penguin (2016-06-04 15:53:21)
Offline
Bug report added (into Arch bugzilla as I believe this may be an incompatibility with some library shipped in Arch).
Offline