Unbricking a BluRay Drive

All BluRay player, devices, and drives contain a key that unlocks the encryption and DRM present on BluRay discs. Since 2007, the consortium responsible for this DRM scheme has been pushing updates and revocation lists on individual BluRay releases. Putting one of these discs in your drive will brick the device, and this is the situation [stephen] found himself in when he tried to watch Machete Kills. Not wanting to update his software, he searched for a better solution to unbrick his drive.

Every time [stephen] played or ripped a disc, the software he was using passed a key to the drive. This key was compared to the revocation list present on the drive. When a match was found, the drive bricked itself. Figuring the revocation list must be stored on a chip in the device, [stephen] broke out the screwdriver and started looking around inside the drive.

There aren’t many chips inside a modern BluRay drive, but [stephen] did manage to find a few Flash chips. These Flash chips can be dumped to a computer using a BusPirate, and comparing the dump to a publicly available ‘Host Revocation List Record’, [stephen] was able to find the location on the Flash chip that contained the revocation list.

The next task was to replace the revocation list currently on the drive with an earlier one that wouldn’t brick his drive. [stephen]’s MakeMKV install made this very easy, as it keeps a record of all the revocation lists it runs across. Updating the Flash in the drive with this old list unbricked the drive.

This is only a temporary fix, as [stephen] still can’t put a new disc in the drive. A permanent fix would involve write protecting the Flash and preventing the drive from ever updating the revocation list again. This would be a very complex firmware hack, and [stephen] doesn’t even know what architecture the controller uses. Still, the drive works, saved from terrible DRM.

76 thoughts on “Unbricking a BluRay Drive

  1. and this is why I never have bought a bd drive or a bd disc.

    the concept of playing a movie and having that DISABLE (possibly permanetly) some of your hardware is so obnoxious to me, I refuse to play along with their little game.

    1. yea, it looks like the datasheet spells out how to do “all” protection (BP2, BP1, BP0 set to 1 and it specifies that the block protect bits are non-volatile)

      Of course, what the firmware will do is anyone’s guess.

    1. it’s one of the reasons ppl pirate. buy a game, fight bad drm for a week, then maybe play it. pirate the same game, play immediately cause the drm was circumvented. really, you’d think these companies would catch on.

      1. Yeah. I find myself buying physical things only when I want to support the creators…..but then still pirating it as well as its just easier.
        The exception being GoG.com and most HumbleBundles which work just fine without fuss.

      2. Literally the only DRM that has given me any difficulty with a legitimately acquired game is Games for Windows Live and whatever the original Crysis used. The latter wouldn’t install until I completely removed optical drive emulation software, while the former can’t authenticate unless I update a system setting that seems to get reset every time Windows updates.

        If it’s actually common for you to have problems, you’re either doing something wrong/dumb or there’s something wrong with your hardware.

        Not saying DRM is good or anything, just suggesting that you might want to look at other solutions if it commonly gives you problems. It’s possible you’re looking at the wrong part of the equation.

    1. Well, it sure *seems* like that’s what “they” want us to do. :-)

      Seriously, if *all* the media companies were to get together and put *all* their stuff on Netflix for $20/month, I’d be there in a flash. But for some reason, they don’t want to do that. So Pirate Bay exists to fill the void.

  2. If my player gets bricked, could I legally sue the maker for making “defective” disc that damaged my player? I have never attempted hack or mod of BD player, there is no reason for it to be bricked unless there’s a bad list, a typo on the disc’s list, a spat between consortium and manufacture, or some hidden hard to get feature that BD consortium doesn’t like.

    1. I reckon someone should try. There is probably some small print in microtext like on a bank note that says that you can’t sure them for damages and they need the blood of you unborn firstborn as a sacrifice to get your drive unbricked

    2. it’s in the user agreement, you that back page of a instruction manual that no one looks at let alone is able to read before hand when buying the thing automatically means you agree to it. next thing you know they’ll be hiding programs to automate monthly payments to them for owning the device, and only able to stop them if you return the thing to them and fill out a crap ton of paperwork.

      1. Thanks to the Supreme Court, in the US it is legal (and legally binding) for service contracts to have a “binding arbitration” clause to prevents you from suing, or to specifically forbid class action suit. I don’t know if this applies to software EULAs, but if there’s enough money behind it it easily could.

        Point is, you SHOULD be able to sue for this, but I’m not sure you actually can.

  3. There’s a software solution to this that beats the system using the system and unbricks bluray players permanently, but I can’t remember where I saw that. It involves a specially formulated disc that contains some sort of master key. Have to google it later.

        1. That’s not the same thing. There’s a way to use the HDCP master key or similiar to “update” the bricking list of the player and/or television or any other HDCP enabled device connected to the point that it will no longer accept new updates to the list and is therefore for all intents and purposes permanently unlocked.

        1. How difficult is it to make a noise generator to purposely false trigger Cinavia? Deploy one where amateur video recording is common and soon you’ll have all sorts of players falling over while playing a YouTube video, causing a lot of anger over this DRM mechanism.

        2. Cinavia is something completely different yet again. But for once (and I feel sick saying this) fartface is right. It doesn’t make financial sense to use anything other than AnyDVD.

          I bought a PC bluray player. It came with PowerDVD. But lo and behold my current version of PowerDVD can’t get a new patch to play the latest content. They wanted me to upgrade from PowerDVD 10 or whatever it was to the latest version so that I could do something that I’ve been doing since the begning and something that the software is already capable of (playing the damn disk).

          Anyway AnyDVD HD was much cheaper than PowerDVD so that was a very easy choice.

    1. That 8 mega chip is a form of serial EEPROM, it doesn’t have a separate enable pin. There may be drives that used parallel version such as 28xxx that can have write disabled. It is possible the newer disc would refuse to work if it can’t update the list but you won’t have to un-brick the drive to play older discs.

        1. And if it doesn’t work, what about some emulation? A fast-enough microcontroller that emulates the flash’s interface and acts as a filtering proxy, or a FPGA/CPLD chip doing the same?

  4. For all of the people crying “I THINK OF THE CHILDREN^H^H^H^H^H^H^H HACKERS” consider this one line from the post:

    >Not wanting to update his software,

    So he has the choice of updating the software on the drive and making it work again right?

    1. Take the PS3 as an example, you can optionally upgrade (say 3.21) and loose things (linux) or stay at your current revision and loose things (network games and any new blurays/games). upgrading can be like a shotgun held to your head, you will loose if you do and even if you don’t.

  5. so the movie he bought litterally broke his blue ray player?
    SO DRM IS A VIRUS NOW?

    bring both back and get refunds!
    then SUE the _______s! they tricked you.

    it’s not like you shoplifted the damm thing.
    does one not have a legal right to use something legally paid for???
    PAYING CUSTOMERS GET TREATED LIKE CRIMINALS AND CRIMINALS GET FREE REIGN, THE LAW MUUUST BE AS PERVERSE AS POSSIBLE!!?!?!!?

    if thats the way it’s going to be, i dont want to be within 30 meters of blueray, let alone PAY for one! (disc OR drive)

    i was going to pay, but illegal downloads *MIGHT* not damage my laptop, this will.

    WARNING; this player is only for new releases, if you attempt to watch a movie youve paid for but already watched several times, this unit will no longer function, this is not covered by warranty.

    what next, attempting to play an outdated movie will catch your house on fire!?!?

    CONTACT THE CONSUMER PROTECTION AGENCY OF YOUR LOCAL COUNTRY!

    1. And they will say, “this can be fixed by updating the bluray playback software you have. just download the update. Oh wait, you are running a cracked copy and that is why you refuse to update?

      1. sshhh don’t go being logical and/or rational.. this is obviously the entertainment industry that are comprised of evil old white guys with lots of money trying to oppress the rest of us! Twitter will be ablaze with outrage!

          1. >They

            You know those right yeah? You know “they” eat babies right. All of them.

            >Saying only pirates want to live without drm

            Where did I say that? To be honest I don’t really care about DRM either way. I’d rather have DRM and lose the “DID YOU KNOW A SACK OF KITTENS IS DROWNED EVERY TIME YOU EVEN THINK ABOUT PIRACY!” warnings on everything. I don’t mind people being petty over the stuff they have produced but I do dislike being called a criminal (piracy isn’t a criminal offence in a lot of places anyhoo) when I bought their stuff. Having super-duper DRM and still threatening people that have done nothing wrong is retarded.

      2. Or maybe you don’t have a fixed wired network in the house? Last I checked my bluray player doesn’t accept my 3G stick so because I didn’t take the obvious step of providing an ethernet connection to a device which has no business being on the internet I must be the stupid one right?

  6. Wonder if writing an old revocation list to the flash, with a version number edited to be artificially high, would prevent loading updates. The firmware may check the contents of a disc thoroughly, but assume data in flash is pre-checked and therefore trustworthy. Sometimes things are just that simple.

    Failing that, I’d look into the possibility setting up a virtual machine for the purpose of using the drive. It could be kept updated with the latest version of MakeMKV (and dependencies), without disrupting the rest of the setup. I have a couple of VMs used for dealing with quirky hardware and software, and they save me a ton of trouble.

    1. Why not just burn a bluray with a blank (no revocation data) list with a high version number? Insert the disc, list is copied to firmware, drive is unlocked and no need to whip out the screwdriver. Oh and just as an aside maybe the drive just killed itself so it didn’t have to play Machete Kills, I mean I could totally understand that.

      1. I assume the revocation list has a signature/checksum, which would be hard to generate on your own, and checked for validity before accepting new one from a disc. This check is probably even an explicit requirement for Bluray certification. Otherwise it would be Way Too Easy, allowing the revocation list on virtually ANY drive to be cleared without any special skills or hardware other than a special disc. Which would soon be widely available if anyone figured out how to do it.

        But data that has already been checked, and then stored on internal flash where it’s nontrivial to modify, is more likely not to be checked again. The screwdriver is our friend.

  7. Everything about DRM makes me laugh. The Only people that don’t have to worry about it are the pirates.
    If it can be played, it can be pirated. It’s that simple. Why cripple your customers product to stop piracy when it doesn’t (clearly!) even work?
    Surely a better method would be to give your customers a BETTER experience than the pirates and thus make them not want to copy the product.

    Then again, BD is a product of Sony. I have boycott all Sony products since the PS3 and will never again in my life purchase anything from Sony. I suggest others do the same. It’s only when enough people vote with their wallets that this sort of thing will stop.

    1. >Why cripple your customers product to stop piracy
      >when it doesn’t (clearly!) even work?

      It obviously does work in this situation. The casual consumer in this case would be forced to upgrade their device with a firmware version that isn’t blacklisted. Copy protection isn’t there to stop people that can reverse engineer the copy protection. It’s there to stop your average Joe from thinking “you know what, I bet Bob would love this film. I’ll run him off a copy”.

      1. So Joe will try to rip it, will not succeed and will download the movie from TPB.
        OR, even simpler, it will succed by using AnyDVD HD (either bought or cracked) since average Joe is using Windows anyway.

        It might actually take 30 minutes more but Bob will actually get a copy.

        Meanwhile [stephen], who doesn’t actually want to make a copy for Bob, still can’t play the videos he payed for with the hardware he payed for.

        Basically only Bob is winning: not Joe, which has to waste more time to make/download a copy that he will anyway do, not [stephen] (obviously), not Sony/the movie producer.

        1. >It might actually take 30 minutes more but Bob will actually get a copy.

          The reason BluRay has this key management stuff built in is so that publishers can be slightly ahead of the rippers. They’ve realised from the mess with DVDs they aren’t going to make something that is unbreakable. If the key management forces Joe onto a torrent or usenet to get a rip instead they’ve won as he’s no longer anonymously making a backup of the disc.

          >still can’t play the videos he payed for with the hardware he payed for.

          Nothing is stopping him from upgrading the firmware to a version that isn’t blacklisted unless he has reasons for keeping the older firmware…

          >not Sony/the movie producer.

          You have to realise that Sony etc aren’t comprised of one single guy that sits in a really nice chair in an office with a nice view that makes all of the calls. Even if the DRM stuff provides zero benefit to anyone you can be sure that shareholders, rights holders etc all want DRM. Can you imagine laying down a new spec that you want to be the only spec for HD quality video on a disc in this day and age and saying “Hey guys, we have this spec, it’s awesome! it’s totally DRM free.” and actually getting anyone to support it?

          You guys are all talking like he has been wronged by disc locking out his player until he upgrades the firmware. I agree it would be nice if it just barred newer discs instead of totally locking out the player but he does have the possibility to have a working player and watching the new film. If he wants to keep the old firmware for some reason he’s within his rights to do so but it’s within the publisher of the film right’s to say they don’t want it playing on a player that they know is exploitable.

          1. > You guys are all talking like he has been wronged by disc locking out his player until he upgrades the firmware.

            He is. The only one who has the right to alter the hardware’s config is the user/owner. Anything else counts as an attack. I would go as far as considering it a declaration of cyberwar.

          2. @Thomas
            He doesn’t own the Blu-ray that he bought. He has licensed it from the MPAA and movie manufacturers. They have revoked his license until he upgrades to new firmware.

            Anything that has a EULA you do not own. That’s why it has a EULA.

          3. @Leithoa
            He owns the disc. What he doesn’t own is the data on it. On the other hand, I don’t remember ever seeing an agreement of any kind when buying a DVD or BD (though I don’t do so often).

    2. Did you even read the post? He is himself a pirate, it’s why he can’t play that movie. He was using MakeMKV, which is made to illegally copy bluray. The key got banned, he didn’t wan’t to update MakeMKV (the beta is free as long as you update it every 60 days…).

      If he was using a legitimate bluray player he wouldn’t have that issue. A legitimate player won’t get his key on a revocation list, they are not that dumb.

      1. Did YOU even read the article? He’s using MakeMKV to make a video file that he can stream on any screen in his house using MythTV.

        Oh wait, I see your point. Either you use the blu-ray exactly as you bought it or you’re a pirate, right?
        ——————————————–

        @cantido
        > If he wants to keep the old firmware for some reason he’s within his rights to do so but it’s within the publisher of the film right’s to say they don’t want it playing on a player that they know is exploitable.

        Sure! Move it to another domain. Let’s say that one day your car will lock you out if you try to install a second-hand (but original) aftermarket mod that was sold to you by someone whose car was sent to the scrapyard. They are just protecting their investment on r&d right? Even better: any mod which is not original can lock you out (just protecting their own right… and your safety, too!).

        Is it a right of the company to lock you out of a good that you own? I think not. But if you’re happy, go on.

      2. No, he’s not. It’s perfectly legal to make a backup copy, or transform the format of the data into something more useful to him. He’s not a pirate unless he gives a copy to someone else who hasn’t purchased the content.

        And did YOU read the post? The reason he’s not updating MakeMKV is because it requires update of dependent libraries, which would mess with a lot of other software as well.

      1. While it _might_ be a valid agreement from the legal point of view (but I guess this could not be true for every Country on the planet), this does not imply it is right, which is exactly what most of us are stating here…

  8. It’s funny how the only winners in these scenarios are “Big DRM”

    The average consumer loses and so do the media companies if they pay to use this rubbish. Meanwhile the pirates are laughing and drinking rum all the way to the Caribbean – what a joke! I still don’t own a BluRay player. Probably never will either, unless the Chinese release a reverse-engineered DRM-free one that can play any disc and is immune to this self-destruct feature.

  9. I can just see the folks who wrote Cryptolocker getting their hands on this.
    “If you don’t pay up, not only are your hard drives trashed but you can’t even restore your Bluray backups”

    Grr….

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s