Archives January 2009

It was only just 10 years ago that some of the first USB Flash Drive storage solutions became available in the form of highly expensive sticks that only had a capacity of upwards to 32MB (yes, Megabytes) and had transfer speeds that were slower than molasses on sandpaper.

Today, we now have 32GB USB Flash Drives that go for a paltry AUD$95, and this is a review of Transcend’s offering.

I have to admit I’m a bit of sucker for Transcend. They make good products that perform well at a reasonable price, and I have bought several of their USB Flash Drive products over the last 5 years from 1GB through to 8GB. Sure, there are solutions that are much faster than Trancend, such as Corsair, but along with that comes a larger price tag. The Transcend product is competitively priced and performs more than acceptably to be used even as a boot device.

So today I obtained a 32GB stick. The package is simple – along with some catalogue advertising material, the stick itself is roughly 10mm x 50mm in size and is about 6mm deep, comes with a Transcend-branded lanyard, a removable thin clear plastic layer on the burgundy-coloured part of the stick to protect it from scratches and that’s pretty much it. The non-retractable USB connector is protected by a removable plastic cap. Refreshingly, the cardboard insert from the packaging actually makes reference to Linux as a supported platform, citing a requirement of kernel 2.4.2 or later.

Like all sticks these days, this USB 2.0 unit is pre-formatted to FAT32 thus allowing it to work with pretty much every major platform out there. Personally I rarely use my sticks on Windows PC’s, though I keep an 8GB stick handy with FAT32 just in case. Most of the time, however, I reformat them to EXT2 or EXT3.

So, let’s plug this guy in. It’s always interesting to see how they implement the activity LED (well OK, it’s hardly anything to write home about, but I’ve got to generate some excitement somehow…!). Previous Transcend sticks had an obvious dot on the top, usually sporting a blue LED as has been the trend for the last few years, but this time they’ve gone different. There is no obvious hole on the stick for an activity light and upon connecting it to my PC’s front USB ports, the end of the stick suddenly lit up in bright roadwork-vest-orange. Well, that’s a welcome change. I can leave it plugged in a dark room without it becoming distracting! The LED remains on all the time to show that it is active and flashes HDD-style when there is activity.

Nautilus popped up its usual “what do you want to do” prompt and I elected to open a window. As typical with most USB Flash Drives, this one came up imaginatively titled “disk” which is Ubuntu’s way of telling you that the stick has no actual label. The stick itself is completely empty – no promotional software or funky one-touch-backup applications are included.

First thing was first – relabel that stick. There’s nothing worse than having several USB Flash Drives and not knowing what’s on them at a glance. I fired up Ubuntu’s Partition Editor (GParted) and had a look at the stick. The stick’s actual storage space is 29.92GB and I observed that the leading 4MB were not allocated. Usually you find most Windows-formatted devices have the last few MB unallocatable, not that it actually matters.

Anyway, I quickly unmounted the stick and renamed it and remounted it. For those that are interested, this is what the dmesg output for it looks like:

usb 8-3: new high speed USB device using ehci_hcd and address 8
usb 8-3: configuration #1 chosen from 1 choice
scsi19 : SCSI emulation for USB Mass Storage devices
usb-storage: device found at 8
usb-storage: waiting for device to settle before scanning
usb-storage: device scan complete
scsi 19:0:0:0: Direct-Access     JetFlash Transcend 32GB   8.07 PQ: 0 ANSI: 2
sd 19:0:0:0: [sdf] 62750720 512-byte hardware sectors (32128 MB)
sd 19:0:0:0: [sdf] Write Protect is off
sd 19:0:0:0: [sdf] Mode Sense: 03 00 00 00
sd 19:0:0:0: [sdf] Assuming drive cache: write through
sd 19:0:0:0: [sdf] 62750720 512-byte hardware sectors (32128 MB)
sd 19:0:0:0: [sdf] Write Protect is off
sd 19:0:0:0: [sdf] Mode Sense: 03 00 00 00
sd 19:0:0:0: [sdf] Assuming drive cache: write through
 sdf: sdf1
sd 19:0:0:0: [sdf] Attached SCSI removable disk
sd 19:0:0:0: Attached scsi generic sg6 type 0

Exciting stuff. 

With my now-properly-named stick, it was time to do some read/write tests. The stick comes preformatted as FAT32, so we’ll use that, but at the same time I will also conduct some tests using Linux-native filesystems. In this case, EXT3. Our test data will be a series of 15,645 thumbnail images, each averaging about 18K in size. We will also do a large file copy test using a compressed high-definition video file at 3.1GB in size. We will time how long it takes to copy this data to the USB Flash Drive and calculate the transfer speed from that. Then we will reboot the machine, to ensure no data is cached, and copy that data back from the USB stick to measure the read speed.

For comparison, we will also do the EXT3 tests with an older (6 month old) 8GB USB Flash Drive, also made by Transcend, to see if there has been a notable change in read or write speed between products.

First up, the small file copy test. Our test data is 15,645 thumbnail files from our host PC’s hard-drive, each averaging about 18K in size (total 281MB).

• Using the FAT32 filesystem on the 32GB stick, copying the small files took 12 minutes to copy at approximately 345K per second. Ouch – slow.
• Using the Ext3 filesystem on the 32GB stick, copying the same files took only 2 minutes and 53 seconds at a rate of approximately 1.6MB per second. Much better.
• And using the EXT3 filesystem on the older 8GB stick, copying the same data took only 2 minutes and 40 seconds, just edging out the 32GB stick.

Now for the large file copy test. Our test data is a single 3.1GB high-definition video file being copied from the host PC’s hard-drive.

• Using the FAT32 filesystem on the 32GB stick, copying the large file took a pathetic 69 minutes and 24 seconds to transfer, or about 780K per second. It really shows that FAT32 really does not like large files at all.
• Using the Ext3 filesystem on the 32GB stick, copying the same file took a far more respectable 6 minutes and 16 seconds to complete at approximately 8.4MB per second.
• Finally, the Ext3-formatted 8GB stick copied the file in 5 minutes and 55 seconds, which beats the 32GB stick, but only by about 20 seconds and half a megabyte per second (8.9MB/s).

To be fair, Windows’ NTFS filesystem should show reasonably similar figures to Ext3, but I did not test that as this article is about Ubuntu, not Windows! 

Finally, we have the read-test. We rebooted the host PC to clear any cached data and copied only the 3.1GB large file from the USB stick to the host PC’s hard-drive.

• The FAT32-formatted 32GB stick copied the file in 3 minutes and 13 seconds. Exponentially faster than its write action.
• The EXT3-formatted 32GB stick took 2 minutes and 32 seconds to copy the file.
• The EXT3-formatted 8GB stick by comparison did the same copy in 3 minutes and four seconds. Interesting that it’s a slow reader compared to the 32Gb stick, but a slightly faster writer.

So transfer speeds have largely remained unchanged between generations, which is a Good Thing(TM) – if there is any faster speed, then that’s a bonus, but the last thing you want is greater capacity at a tragic expense of transfer speed, and whilst we do have that discrepancy here, it’s negligible at best.

Conclusion

Trancend’s 32GB USB Flash Drive is not the largest currently-available on the market, but it is certainly one of the most affordable and has good performance to boot. Aesthetically, the white plastic looks and feels a little cheap, but the stick as a whole feels robust and could probably take a few knocks without having a fit. The lanyard included is more than adequate to hang around your neck with, and the overall size of the stick means you could also comfortably add it to your keyring or hip pocket without it getting in the way, though the separate USB cap could probably be easily lost in that instance.

Review score: 8 out of 10

OpenOffice.org 3.0.x has been out for awhile now, but unfortunately did not get released in time to be included with Ubuntu Intrepid 8.10 back in October 2008, so Intrepid shipped with OpenOffice.org 2.4.1 instead. Bummer.

OpenOffice.org 3.0.x will be included in Ubuntu Jaunty 9.04 in April 2009, but as some people have noticed, there are some useful features in OpenOffice.org 3.0.x (such as much improved Word doc importing) that can make waiting another four months seem like a bloody long time to upgrade. You want 3.0 now, not in four months!

So for the impatient among you, here’s the most painless and easiest way to upgrade your OpenOffice.org to 3.0.1 without having to deal with downloading individual packages or TAR archives from the OpenOffice.org website, or manually having to satisfy the extra dependencies that OpenOffice.org 3.0.1 requires.

1. First up, open a terminal.
   
2. Now type in:
   
   $ sudo gedit /etc/apt/sources.list.d/openoffice.list
   
   …and your text editor will appear with a blank new file to type into.
   
3. Copy & paste or type in the following line into the editor:
   
   deb http://ppa.launchpad.net/openoffice-pkgs/ubuntu intrepid main
   
   
   
4. Save your file and close the text editor.
   
5. Now type in at the terminal:
   
   $ sudo apt-get update
   
6. You should observe that a warning message regarding NO_PUBKEY will appear after the update has completed as follows:
   
   W: GPG error: http://ppa.launchpad.net intrepid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 60D11217247D1CFF
   
   This is because you don’t yet have the public key for this OpenOffice.org repository to be able to authenticate anything from it, so we need to add it with the following command at the $ prompt:
   
   $ gpg --keyserver keyserver.ubuntu.com --recv 60D11217247D1CFF
gpg: requesting key 247D1CFF from hkp server keyserver.ubuntu.com
gpg: key 247D1CFF: public key "Launchpad PPA for OpenOffice.org Scribblers" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
$
   
   Right, that downloaded the key from the Ubuntu keyserver to your PC. Now we need to tell Apt to use that downloaded key to authenticate with. Do do this, type in:
   
   $ gpg --export --armor 60D11217247D1CFF | sudo apt-key add -
OK
$
   
7. If you now run Step 5’s command again (sudo apt-get update), you will no longer have the NO_PUBKEY warning at the end of it.
   
8. Anyway, once Apt has finished updating itself with a new list of packages, within a few seconds, your Update Manager will pop up the red arrow in the system tray advising that there are new updates to download.
   
   .
   
9. When you open Update Manager, you will find that they are all upgrades to OpenOffice.org 3.0.x including the extra dependencies required! Sweet!
   
   
   
10. Hit the “Install Updates” button. If you are presented with a dialog box warning you that some of the packages cannot be authenticated, then you have not got the Public Key from the Ubuntu Keyserver to authenticate the new OpenOffice.org packages. This is because this OpenOffice.org 3.0.1 repository is not official nor permanent and was only setup to satisfy the impatient ones out there (ie: you!). It is not critical that the packages be authenticated, but that is up to you to decide. If you’d rather not install unauthenticated packages, then just click the Cancel button and stop following these instructions. If you followed Step 6 properly, then you will not get this warning message because the public key you downloaded in Step 6 will authenticate the packages properly and the download of updates will commence immediately as per Step 11.
    
    .
    
11. Hit the Apply button and allow the system to download and install as normal.
    
12. When completed, start up OpenOffice.org as normal and you will see that the splash loader and the Help->About page show that you now have OpenOffice.org 3.0.1!
    
    .
    
13. Pat yourself on the back. You’re done.

How is this possible anyway? Well, seems that demand for OpenOffice.org 3.0.x has been so great that the nice guys at OpenOffice.org Scribblers decided to put together a quick little dedicated repository for it on the Launchpad site, so all kudos and credit go to them. The repo only works for Ubuntu Intrepid, so for users of earlier versions of Ubuntu, you will still need to download the .debs and install them manually from the OpenOffice.org website.

Credit goes to stmok from Overclockers Australia for advising of the public key solution used in Step 6 – thanks!

Optical storage certainly has come a long way, and with each new advance brings new affordable hardware to help nudge it along. The HD-DVD and Blu-ray disc formats brought along with it the ability to store and distribute high-quality, full high-definition 1080p movies.

Unlike when DVD first appeared, and probably thanks to the battle that was waged between the HD-DVD and Blu-ray formats, the provision of high-definition media and associated players has dropped in price rather dramatically to drive acceptance. I have a fairly large original DVD collection, but I am a quality freak and in light of high-definition releases, I loathed the idea of buying a DVD version of a given movie knowing that for about the same price I can buy a high-definition version.

So I decided to buy a Blu-ray drive. One of the cheapest options on the market is LG’s internal drive option called the “Super Multi Blue Blu-ray Disc & HD DVD-ROM Drive”, model GGC-H20L for about AUD$150. This review is my experience using the drive under Ubuntu 8.10, Intrepid Ibex.

My unit came packaged in a slightly larger-than-usual box with attractive print on it. I normally prefer to buy an OEM drive since this packaging generally always ends up in the bin, so I’d rather save some money. Unfortunately my retailer didn’t have any, so I had to buy the retail box.

In a nutshell, this unit is able to read HD-DVD and Blu-Ray media as well as DVD and CD media, but it can only write to DVD and CD media (all the usual formats you expect, so I won’t detail them here). This suits me fine as these days I rarely write any discs except for giving someone a copy of Ubuntu on disc, and I just needed the ability to read Blu-ray movies that I buy.

Out of the box, the package contains the drive itself, a program disc for Windows only with disc burning software, a backup application, a simple DVD authoring application and PowerDVD for movie playback (this disc was promptly thrown in the bin – I don’t need it). There is also a printed manual, four mounting screws and a serial ATA (SATA) cable and a serial ATA Molex-to-SATA power adapter cable provided.

This is my first optical drive with a SATA interface – everything before this used the usual IDE cable, so it was a pleasure to connect the drive and banish the last of my parallel cables to the cable bucket. General installation was a breeze – as typical as any other optical drive.

Powering up, the system recognised the drive straight away and Ubuntu started booting. Ubuntu saw the drive right away and mounted it as my CDROM drive. It still gets referred to as /media/cdrom which I could change, but honestly, there’s little point to that (and maybe I’m being just a bit lazy because typing “cdrom” is faster and easier than typing “blu-ray”.

The tray of the drive ejects very quietly which is a nice change from my old Sony DVD-RW unit and upon closing makes that satisfying deep “ker-klump” noise akin to the quiet closing of a door on an expensive luxury car.  The activity light on the front of the unit is a lone bright-blue LED. Of course, a Blu-ray capable unit with a blue light – brilliant…

To do some basic testing, I stuck in a regular CD. The drive detected the disc within seconds and Ubuntu popped up the icon for it on my desktop. No faster or slower than my Sony drive. I was able to read the CD without any issue.

I repeated the test with a DVD disc. Again, no issues. The disc was identified and opened within seconds.

I don’t have any HD-DVD discs handy, so I was unable to test this feature (not that you can buy any of these discs out there anymore anyway).

I then inserted one of my newly purchased Blu-Ray movie discs. Again, the disc was detected within seconds and an icon appeared for it on my desktop (note that reading Blu-ray discs requires the UDF 2.5 filesystem which Ubuntu Intrepid thankfully has already).

The Autorun had no idea what to do with the disc:

I was half expecting the laser to spend a few extra seconds determining whether or not the disc was Blu-ray or HD-DVD, but clearly a delay is not needed, despite using a different laser. I was impressed. Again, I was able to read and navigate the Blu-ray disc and I was also able to copy files from it without any issue. The drive transferred data at approximately 8.8MB per second. I was able to read off 500MB worth of data in about 1 minute. In the case of the movie disc I inserted, the actual feature is a 21GB file which would have taken approximately 40 minutes to copy.

Burning discs was completed with usual success. I burnt an Ubuntu ISO to a CD using Brasero without any issue. Burning a DVD was effortless also. Again, burn time seemed to be no different to my old Sony unit.

The drive has Lightscribe ability as well, to burn funky labels onto Lightscribe-compatible discs, but as I did not have any such discs handy, I was unable to test this feature.

In operation, the drive is very quiet. Any noise it does make is certainly being overshadowed by the noise of my PC’s fan and the room air-conditioning I’m using right now.

Predictably I was unable to PLAY any of the Blu-ray movies I purchased due to the fact that the DRM used on these movies is vastly different to that on DVD’s, and that Linux has no official support for Blu-ray – both Totem and MPlayer certainly had no idea what the media was.

Instead, my primary use of this drive will be to make file backups of decrypted Blu-ray movies I purchase and watch them that way instead (because I’m a sucker for high-definition). I have written up a separate post detailing how I did this, the results of which are playable in both Totem and MPlayer – you can read it here.

All up, I think this is a good value for money drive. It’s cheap, cheerful and does the job as advertised. At the moment, it appears the only widespread use of the Blu-ray medium is for movies (and PlayStation3 titles). Outside of that, my drive will ultimately still spend most of its time reading DVD and CD mediums. Who knows, maybe PC games and Linux distros will eventually be released on Blu-ray?

Outside of that, the drive is reasonably future-proof with the ability to be updated via firmware updates, although such updates are Windows-only executables on the LG website, which is a shame. Still, it’s better than having to deal with a DOS boot floppy of old, and it is possible to run the firmware update through a virtual Windows session or via Wine. At the time of writing, my drive was delivered with version 1.03 of the firmware.

Aside from its enforcement of DRM, the Windows-only firmware upgrades and its decidely Volvo-like aesthetics (it’s boxy, but it’s good), there’s nothing really to fault this drive. I give it a hearty thumbs up.

Review score: 8 out of 10

The Blu-ray disc format has brought with it the ability to easily provide the next generation of High-Definition 1080p movie content. There’s just one problem – Ubuntu and Linux in general has no official support for Blu-ray, and its encryption scheme is vastly different to that of DVD – it’s not just a simple case of installing a library like the libdvdcss2 library for decrypting DVD’s – the protection is done both at a software and hardware level.

This article discusses how I used my recently purchased LG GGC-H20L Blu-ray ROM drive to successfully read and watch movies using Ubuntu Intrepid.

DISCLAIMER: This article describes decrypting BD titles using an Intel or AMD based PC with Ubuntu Linux. While you can use a PlayStation3’s BD drive to read and decrypt a title using known decryption keys using the PS3 version of Ubuntu, at this time of writing you cannot use Ubuntu installed on a PlayStation3 console to identify unknown decryption keys of a given BD title because the application used to derive those keys from the disc is not available for the PPC processor used by the PS3. You must use a consumer BD-ROM drive on an Intel or AMD based PC instead.

Hang on, you say – if there is no support for playback of Blu-ray movies on Linux, then why buy a Blu-ray drive if you can’t watch the movies? Well, I might not be able to watch them directly, but I can certainly rip the little buggers and watch a file version of it instead. But wait again, you say, if there’s no official Blu-ray support, and you can’t watch the discs directly, then how on earth do you rip them?? I’m glad you asked, and even if you didn’t ask, I’m about to tell you anyway. 

First up, a little Blu-ray 101.

Blu-ray movies feature Digital Rights Management (DRM). Like DVD’s before it, most Blu-ray movies are encrypted. This is to stop those naughty pirate types from making illegal backups of the movie and giving or selling it to their mates. In the case of DVD’s, however, there was only one decryption key which was eventually discovered and from then on allowed all DVD’s to be easily decrypted using a simple library (called libdvdcss2). The movie industry as a whole were not impressed by this and insisted that the next format be more difficult (preferably impossible) to decrypt, so Blu-rays (and HD-DVD’s, but I’ll concentrate on Blu-ray for this article) each have a different decryption key now. But to complicate this further, this key is kept hidden from you by an authentication mechanism to ensure that there isn’t a repeat of the De-CSS scandal that brought the DVD encryption scheme undone.

Each and every player out there, hardware or software, has a unique player authentication key which is passed to the Blu-ray optical drive, essentially like giving your passport to Customs at the country border, to validate whether or not you are legally authorised to  playback a movie. If the drive has not got a blacklisted record of your authentication key, and the key is accepted as a generally valid key that has been paid for, THEN the drive will give up the movie’s decryption key and movie playback can commence.

Blacklist?? What blacklist? Well, like DVD players, it’s not difficult to pick up a Blu-ray player’s authentication key that is used to prompt the drive for the disc’s decryption key, after all, it has to be held in memory somewhere. Once an industry authority discovers that an authentication key has been compromised, it is added to a blacklist so that it will not work anymore. This is why hardware Blu-ray players need to be firmware-upgradable, and why software players need to be upgraded to the next version periodically with patches, etc, so that new, non-blacklisted authentication keys can be provided.

OK, that sounds all well and good, but if the Blu-ray drive itself is doing the blacklisting, how exactly does it know when a given authentication key is no longer valid? Simple – its blacklist will get updated with the next latest-release movie you buy.

Say what?

Every Blu-ray movie you buy has a little file on the disc under the “AACS” folder called “ContentRevocation.lst”. This file contains a complete list of blacklisted authentication keys for the drive to update itself with, and – get this – you can’t stop the drive loading it. Well, actually to be more accurate this file is simply a copy of the same list that is actually hidden in a non-tamperable, non-user-readable area elsewhere on the disc for the drive to read, but basically the instant you stick that movie disc in, the hidden version of this file is read and the drive automatically updates its blacklist right away with any new blacklist data, even before the disc icon appears on your desktop. Sneaky, huh?

So the next time your legal (or more specifically, pirated) copy of PowerDVD or whatever tries to playback a movie, all of a sudden you’ll see an error message instead saying that your player’s authentication key has been revoked – thus the movie is now unplayable. What’s worse is that you won’t be able to watch any of your older discs that worked previously either! It’s this exact reason that many people have called for the Blu-ray (and HD-DVD) formats to be boycotted.

But not all is lost. Remember, this is an encryption technology created by Man, and therefore can be broken by Man with a bit of help from the Open Source Community at large.  With a little help from a few external resources including the Ubuntu Community Documentation and the Doom9 forums, I discovered a plethora of projects by various people, from dumping discs to breaking the encryption and authentication.

On the surface are general applications to dump the movie, decrypted, to a file. One of the best projects is DumpHD which is a Java app that provides a nice easy to use GUI that can rip a movie with a minimum of fuss (see detail about how to use it later in this article), however it requires that you already know what the decryption key for a given movie is which you can only obtain if you have authenticated with the drive. If you have the decryption key already, however, then authentication is not necessary and you can rip the movie right away without a problem, so this project is heavily supported by people posting up various decryption keys for all sorts of movie releases. The problem with this approach, however, is that different countries usually get different releases of the same movie, so for example a release of “Batman Begins” in Australia might have a completely different decryption key to the release of “Batman Begins” in America or Europe. This is not always the case of course, a good example being the Ewan McGregor movie “The Island” – the Australian release is actually the UK release, right down to the age-rating and film-office classification markings on the disc itself – only the box bears any Australian ratings markings!

So, how do you find out the decryption key of your locally purchased movie then? You don’t want to keep buying a commercial player, especially one that doesn’t run under Ubuntu, just to get a valid authentication key. There’s got to be a better way! Well, there is! How about we just bypass the authentication procedure altogether? How? Again, through another great contribution on the Doom9 forums.

The LG GGC-H20L drive is but one of many Blu-ray/HD-DVD drives which have had their firmware reverse-engineered. Firmware is largely just a computer program that operates the drive. Since the firmware is upgradable to fix bugs and add new features to the drive, it means the program can be altered by a third party. A Doom9 contributor has provided modified firmware for various popular drives, including the GGC-H20L that effectively allow the drive to ignore the authentication procedure no matter what player authentication key is provided, blacklisted or not, thus making the drive give up the decryption key for the Blu-ray movie currently inserted every time!

EDIT 10th Jan 2012: It appears the firmware is no longer available from the Doom9 forums as it has not been updated in quite some time. Here is a mirror of the v1.03 modified firmware to suit the LG GGC-H20L only.

In the case of the LG GGC-H20L that I use, the firmware is provided as a Windows Executable file. There are three ways to run this, either via a native Windows installation on your PC, a virtualised Windows installation on your PC, or via the Wine compatibility layer. I successfully upgraded my drive using the Wine option as follows:

WARNING: The following information can damage or even brick your LG Blu-ray drive if not followed correctly, or if you have a power failure during firmware update. You proceed at your own risk and I will not be held responsible for any damage incurred by your drive, or for loss of hair being torn out, by following these instructions.

1. You need a normal Wine installation. If you’ve never installed it before, then type in:
   
   $ sudo apt-get install wine
   
   …and this will install the Ubuntu-repository version of Wine.
   
2. Since we’ll be modifying a physical device, only root can do that, so we will need to use sudo to execute the firmware upgrade, however Wine will not work as root until we change permissions of your Wine configuration in your Home directory, so type in the following to make root the owner of your Wine configuration:
   
   $ sudo chown -R root:root ~/.wine
   
3. Now execute the downloaded firmware file:
   
   $ sudo wine GGC-H20L_1.03_VolumeID_Patch.exe
   
4. The Upgrade GUI will appear. Click on the button to commence update and let it do its thing. After a minute or two, it will tell you that the drive firmware has been successfully updated. At this point, you will need to reboot your PC, but before you do, remember to change the owner of your Wine installation back to yourself. If your login was “jbloggs”, then you’d type in:
   
   $ sudo chown -R jbloggs:jbloggs ~/.wine

Upon returning from restart, every time you query the drive for the inserted disc’s decryption key, the drive will now happily give it to you without question. Nice.

So how do we query the drive for that decryption key anyway? A simple tool to do this is aacskeys (version 0.4.0c at this time of writing, but check further along the thread for newer releases) written by another Doom9 member, which queries the drive and tells you its Volume Unique Key and its Disc ID, which you can then copy and paste into DumpHD’s keys config file and happily begin dumping your movie.

$ ./aacskeys /media/cdrom aacskeys 0.3.6 by arnezami, KenD00 Volume Unique Key:              5D9BCD44522B6940F8705400DA612ED9 Unit Key File Hash (Disc ID):   837487B4D6F614D5B4D5F566387B41C2D284F393 $ 

If your drive’s firmware was not patched, instead of seeing the Volume Unique Key and Disc ID, you would get this error message instead: “The given Host Certficate / Private Key has been revoked by your drive.”.

We now need to take the output data and copy it to DumpHD’s “keydb.cfg” file. Each key is placed on its own line in the following format:

DISC ID = Movie Title | D | YYYY-MM-DD | V | VOLUME UNIQUE KEY

Thus in the example above, we would enter:

837487B4D6F614D5B4D5F566387B41C2D284F393 = The Island | D | 2007-03-22 | V | 5D9BCD44522B6940F8705400DA612ED9 

Now technically it appears that the date is largly irelevant, and most people just use 0000-00-00 instead of a real date (which is supposed to be the file date of the “Unit_Key_RO.inf” file in the “AACS” folder of the disc). I have tested this and I can’t see any difference in how DumpHD handles the disc.

Once you have finished editing the keydb.cfg file, save it.

NOTE: DumpHD (below) can now use AACSKeys directly, saving you having to edit to the keydb.cfg file manually, because DumpHD now does all the work for you. See this article for more information.

Since DumpHD is a Java application, you will need Java installed to run it. If you haven’t already got it installed, you can install it with the following command:

sudo apt-get install java-common

…or more realistically you should install it as part of the ubuntu-restricted-extras package which also installs a number of other useful packages:

sudo apt-get install ubuntu-restricted-extras

Once that is done, launch DumpHD by simply running the “dumphd.sh” script by either double-clicking on it and select “Run” when prompted, or in a terminal, change to where you extracted the DumpHD program and type in:

$ sh ./dumphd.sh

When loaded, you will be presented with the following interface:

At the top-right of the window, there is the Source Browse button. Click on it and a new window will appear. In that window, type in or select “/media/cdrom” and then click OK. After a few seconds, the disc should be identified and you will see the window change as follows:

Now all you need to do is click on the Destination Browse button, specify a place to store the decrypted movie and then click the Dump button to start the whole process! Once finished, you will have every video title found on the disc dumped in its originally encoded (video-wise) format, but without DRM. You can then use MPlayer to play these files directly. Generally the movie itself is the largest file, so in the case of my example, it’s the “00000.m2ts” file. I can play it simply with:

$ mplayer -fs 00000.m2ts

The -fs parameter plays the movie full-screen. I can toggle audio tracks using the hash (#) key (as for some reason, English is generally not the first audio track on the disc).

Remember that Blu-ray movies are very large. In my example, “The Island” is a good 21GB! It’s now up to you to decide whether or not you want to provide storage for your rips of this size, or whether or not you want to compress them down to save space. In my case, I was able to compress the movie down to about 4GB with negligible quality loss at a bitrate of 1200 using the x264 codec. I’ll probably increase this bitrate and allow the filesize to go to 8GB so I can maintain as near-perfect image quality to the original Blu-ray as possible. I personally choose to preserve the audio tracks as-is without down-converting them – they really don’t eat up that much space – a few hundred megabytes only.

Happy ripping!

Woah! After I’ve ripped the movie, it plays but it’s all corrupted! What’s going on?

The movie you have ripped is likely protected using BD+ protection. This is where some or much of the movie is deliberately corrupted to annoy you. I have written a guide on how to deal with this and correct the corruption here.

The Secure SHell, or SSH, is a simple but effective tool for encrypted remote login to a Linux-based workstation or server. Not only does it give you secure command-line access to the remote PC, but it can also be used to securely redirect data to be routed or processed on the remote PC’s LAN such as HTTP traffic or perhaps another protocol such as Jabber that is blocked on your local Internet connection. This process is called tunneling.

Creating an SSH tunnel is easy. Say you wanted to forward the local port 2100 to a web server inside your remote network on IP 192.168.0.99. The public hostname of the SSH server you are using to connect to is myserver.com. You can issue the command:

$ ssh jbloggs@myserver.com -L 2100:192.168.0.99:80 -N

…this will redirect local port 2100 to port 80 on the server with LAN IP 192.168.0.99 on the remote network, via the Internet-accessible SSH server on myserver.com, logging into it as the user jbloggs. Everytime you now access http://localhost:2100 with your web browser, your traffic will be redirected to the remote web server, using an encrypted tunnel over the Internet.

Now this is great, but that command line looks a bit convoluted. Isn’t there a more intuitive way to create an SSH tunnel?

There sure is – a neat little Gnome GUI app called the Gnome SSH Tunnel Manager or gSTM for short.

Here’s a diagram to illustrate what we are trying to do.

The Internal LAN web server cannot be accessed from the Internet, only local LAN users. For the workstation on the other side of the Internet to be able to access the LAN web server at 192.168.0.99, we need to tunnel into the SSH server and then pass through it to get to the Internal LAN web server.

First up, we need to install gSTM. It exists in the Ubuntu repository, so all you have to do is enter:

$ sudo apt-get install gstm

Once installed, you will find it in the Applications->Internet->gSTM menu. When you fire it up, you will be presented with the following window (in this case I’ve already setup three tunnels – your list will be empty):

The list shows all the tunnels you have created to various locations. Each tunnel can have multiple ports directed over it. The green light next to the tunnel name indicates an active tunnel. A red light indicates an inactive tunnel.

1. Creating a new tunnel is simplicity itself – just click on the Add button. A new window appears.

2. In this window, we specify an arbitrary name for the tunnel, then the SSH server we’re connecting to, eg: myserver.com in the previous example (or its public IP address), the login name used to access that SSH server, eg: jbloggs, and the port that the remote SSH server is listening to (which by default is 22, but you may have changed it to a non-standard port number above 1000 for greater security).
   
3. These are the only values you need to fill in to establish the basic tunnel. Next, we need to specify which ports we are going to redirect into that tunnel. Click on the “Add” button to add a new port.
   

4. First we specify where the port we’re redirecting is coming from. “Local” means that we’re redirecting a port from the PC you are working on, to the remote PC. In the above example, we are going to redirect an arbitrary port number 32456 to port 80 on the PC 192.168.0.99 on the remote network’s internal LAN (via the remote SSH server). Click OK and then click OK on the previous window to save your Tunnel settings. It now appears in the list of available tunnels.
   
5. Simply click on the Start button and you will be prompted for the password for the account you specified for the tunnel to access the remote SSH server with. Type it in and hit Enter.

6. Once the green light appears next to your tunnel name in the list, you are ready to go. Open your web browser and type in http://localhost:32456 and you will suddenly see the web page of the internal machine on the remote network.

That’s pretty cool, but let’s try something even cooler. Stop your tunnel by clicking on the Stop button, then bring up the Properties for it again.

Let’s say you are at an office or school where the local Internet web access is filtered. There is a website that you’d like to visit, but it is blocked by the local organisation’s filter. Assuming outbound SSH access is allowed, you can effectively bypass the filter by routing all your web traffic via your remote SSH server whose web access is unfiltered. Here’s a diagram to illustrate what we’re doing:

The workstation tries to access the blocked website (indicated by the red line) but fails. By using an SSH tunnel (the green line), we can access the blocked website via the remote SSH server.

1. To do this, add a redirection but change “Local” to be “Dynamic”, and specify an arbitrary port number, eg: 9100. You will notice that you cannot specify a To host or To port. Click OK.

2. Now open up your web browser and bring up the Proxy settings. In Firefox, this is located by going to the Edit->Preferences menu, then click on the Advanced icon, then the Network tab, then finally click on the Settings button. You are presented with the following window:

3. Change the radio selection at the top of the window to Manual proxy configuration and then in the SOCKS Host box ONLY, specify “localhost” and port “9100”.
   

4. Now click OK and then close the Firefox preferences window.
   
5. Start your SSH tunnel again by clicking on the Start button.
   
6. Now try surfing to your blocked website. Instead of it being filtered, you will now find it magically appears because your web traffic is being proxied to your SSH tunnel and retrieved through your unfiltered remote Internet connection!
   
7. When you are done, don’t forget to shutdown your SSH tunnel and change your web browser’s proxy settings back to whatever they were previously.

Happy tunneling!