Karaoke File Unlock Help

classic Classic list List threaded Threaded
23 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Karaoke File Unlock Help

Carlos Barcellos
Hi Folks,

I just bought a small karaoke player in my country (Brazil). This uses a regular SD card to store the songs. A friend of mine also bought the same player, but.... If I try to copy one song from his player and put on my SD card, the player refuses to play this song. I've been looking inside the files to try to find something that is similar in my files and different from his, no luck at all.

Here some examples:

song1 (my player):myplayer_003001.MUK
song1 (his player):hisplayer_003001.MUK

song2 (my player):myplayer_003020.MUK
song2 (his player):hisplayer_003020.MUK


The player model is "Mini 8162", I'm pretty sure this is not the real model name. This player can also record the songs you play. I've looked inside the recorded file and saw that this points to the original ".MUK" file, and at the begin of the file I could see the words "multak", so, I guess this player is from the multak chinese company. Here is a link to the player image along with its portuguese features description.

Any suggestions will be very welcome.

Carlos
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help

bigboss97
Administrator
Carlos,
As far as I know Multak is involved in many players, e.g. Arirang. Try to search "multak" in this forum and you can see how Multak encode their songs in Arirang.

Can you please also provide the song name as well? The best way to provide samples is to pick a more popular and short song e.g. "Happy Birthday"  the most frequently sung song :-)

What do you mean by record song? Record your voice or the music tunes? Can you play a song from an external MIDI keyboard? or how does the input work?

If you can record notes can you please do some experiments, like...
1. One very long single note song
2. very short (same) note song
3. Two notes song

You might be able to dick deeper in that way.

Good luck
Phuoc


Carlos Barcellos wrote
Here some examples:

song1 (my player):myplayer_003001.MUK
song1 (his player):hisplayer_003001.MUK

song2 (my player):myplayer_003020.MUK
song2 (his player):hisplayer_003020.MUK


This player can also record the songs you play. I've looked inside the recorded file and saw that this points to the original ".MUK" file, and at the begin of the file I could see the words "multak", so, I guess this player is from the multak chinese company.
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help

Carlos Barcellos
Hi Phuoc, thanks for the reply. I've searched for other occurrences in this forum, and I also tried other search engines, no luck. The encoding in this player is different from the one in Arirang.

I'm attaching the "Happy Birthday to You", at least the brazilian version of it (a little bit longer than the English one).

My player: myplayer_003205.MUK
My friend's player: hisplayer_003205.MUK

The song names of this one and the other files can be seen at the bottom of the file, I could see that after the ".LST" magic number, there are 4 bytes (little endian) with the footer size (including the .LST magic number) which is 0x198.

I'm almost sure that the header that starts with ".AUT(" has 0x828 bytes (including the .AUT itself). The first 3 bytes after the ".AUT(" seems to not be used, they are always zero. I've changed these 3 bytes to some garbage and my song still works, but if I change some byte after it, this song cannot be played. I've tried to get one chunk of a second file after this 0x828 bytes and put on the first one. The player acts estrange but this works. I guess this header is based on my player serial number + the song name and size. This is not a massive digest of any sort.

About the MIDI keyboard, unfortunately I don't have it. I can only sing my voice, but the generated file is yet another encoding, this is completely different from the .MUK files. Inside of this file you can see in plain text that this is pointing to the .MUK file and after it this is saving my voice in some general encoding (probably encrypted MP3).

Thanks for your time...

Carlos.
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help

bigboss97
Administrator
I don't think I would have a chance to look at them very soon. But it's also good if you can attach an English song. Some one else might get a chance to help you. The break through usually starts from the lyrics. So, we have to know the lyrics of a song.

Can you try to mask (XOR) ".AUT" and force it to "MThd" because standard MIDI starts with that? See how you go. If it's MIDI then you should also be able to see "MTrk" somewhere.

Patching is a good start, but only patch one single byte at a time (a song) or many bytes but the value only slightly changed. If small changes can break a song that means you have patched into a mask. Since it's a mini player I don't believe it's carrying too much data in each song.

Don't experiment with the header. Say, patch at 1/4 or 1/3 of the song. Try to change ~3 consecutive bytes. So, increase the chance to patch into a lyric letter beause if you patch into timestamp you can't hear it. btw, check the suggested tools in this forum.

If it's voice recording then it's not useful for us.

Carlos Barcellos wrote
I'm attaching the "Happy Birthday to You", at least the brazilian version of it (a little bit longer than the English one).

I'm almost sure that the header that starts with ".AUT(" has 0x828 bytes (including the .AUT itself). The first 3 bytes after the ".AUT(" seems to not be used, they are always zero. I've changed these 3 bytes to some garbage and my song still works, but if I change some byte after it, this song cannot be played. I've tried to get one chunk of a second file after this 0x828 bytes and put on the first one. The player acts estrange but this works. I guess this header is based on my player serial number + the song name and size. This is not a massive digest of any sort.

About the MIDI keyboard, unfortunately I don't have it. I can only sing my voice, but the generated file is yet another encoding, this is completely different from the .MUK files. Inside of this file you can see in plain text that this is pointing to the .MUK file and after it this is saving my voice in some general encoding (probably encrypted MP3).
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help

Carlos Barcellos
Thanks Again!

I'll trying the XOR'ing and tools and post the results.

2 more songs:

Imagine (John Lennon):
my player: myplayer_004523.MUK
my friends player: hisplayer_004523.MUK

You've lost that lovin' feelin' (Elvis Presley):
my player: myplayer_004810.MUK
my friends player: hisplayer_004810.MUK

Best regards.

Carlos
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help

Carlos Barcellos
Hello my friend. I've tried the XOR but I had no luck.

Just to see if I'm doing this correctly:

I XOR'd the .AUT to become MThd. This gave me the conversion hex key "63 15 3d 30". Then I looped the entire file applying this key as follows:

sz = [size of the file]
buf = [file contents]
key = "\x63\x15\x3d\x30";

for(x=0;x < sz;) {
    for(y=0;y < strlen(key) && x < sz;y++,x++) {
         buf[x] ^= key[y];
    }
}

I'm not sure if that is what you told me to try, if this is the tip, this didn't work.

I don't want to bug you, but can you point me some tool to try out? I've tried to search on the forum and could not find it.

Regards!

Carlos.

Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help

bigboss97
Administrator
You are right, but we are wrong  :-)  I was only hoping that there's a single byte mask like Arirang. Based on your test, if it's MThd then we don't know the length of the mask. That's also possible. That's was the case in California Electronics. The mask is embedded in each song. There were even double mask. My great respect to woid, he found the variable length double dynamic mask. We basically had a discussion about our patch results. That's how we got the masks.

Just like any spy work, we are "waiting" for a mistake of the opponent  :-)
Have a look in:
http://www.nabble.com/Understanding-the-files-on-the-DVD-of-Arirang-Karaoke-%28hk2---midi0%29-tp16219545p18103770.html

If the mask is variable length only patching could help. Collect results of different songs and patch new songs according to your speculations.

I can do some speculations here (without looking in your data)  :-)
It's highly possible they are using MIDI format because each song is a single file and no offset info for music/lyric address required.
Possible static mask, based on the first few characters.

Good luck in patching  :-)

Carlos Barcellos wrote
I'm not sure if that is what you told me to try, if this is the tip, this didn't work.
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help - If mask, then more than one?

bigboss97
Administrator
In reply to this post by Carlos Barcellos
I simply ran (Beyond) compare on the files. The last sections in 4523 are almost the same. But the entire files of 4810 are different. Conclusion (speculation)  :-) Two different masks may be used in one song.

Carlos Barcellos wrote
Imagine (John Lennon):
my player: myplayer_004523.MUK
my friends player: hisplayer_004523.MUK

You've lost that lovin' feelin' (Elvis Presley):
my player: myplayer_004810.MUK
my friends player: hisplayer_004810.MUK
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help - Not compressed (zip'ed)?

bigboss97
Administrator
In reply to this post by Carlos Barcellos
I ran zip on the files:


It doesn't look like they are compressed. Lucky!   :-)
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help - 2 Equations for 2 Masks

bigboss97
Administrator
In reply to this post by Carlos Barcellos
Fact, they have EXACT the same size:


i.e. they possibly end up binary identical.
Let's assume the mask are different on the machines (MASKmy and MASKhis):
  VALUEmy xor MASKmy = MIDI
  VALUEhis xor MASKhis = MIDI
So, you can try to run through 256x256 MASK's to find the common value MIDI. At the moment, I can't tell out of my head whether it has only one solution for each pair of VALUE's.

Don't worry about the MASK's for the moment. Try to use the above logic to generate a file with all MIDI values. We have to see whether the output MIDI's really look like MIDI  :-)
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help - 2 Equations for 2 Masks

Carlos Barcellos
Hi my friend,

I didn't understand the logic you mentioned.
I'm not sure how to apply that 256x256 tries. The only way I could think of is I knowing some part of the file.

eg: If i knew some part of the decrypted file is "hello", I could match the 2 files trying to find the key or the algol that generated that, is this you are mentioning?

I'll start patching the file to try to reach some word in the song lyrics, if I can find at least the "h" for the "hello", then we are going to have a lot of new variables to play! ;-)

Thanks for all the help!

Regards,

Carlos.
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help - 2 Equations for 2 Masks

bigboss97
Administrator
You won't be able to understand that because it's crap (I noticed that last night in bed) sorry :-)
I started with the assumption of an unknown length mask. That will lead to thousands of possibilities. But... If it's a single byte mask (which I don't believe, due to the fact I found with Beyond compare) then the method will work.

Don't forget my suggested patches:
http://www.nabble.com/Karaoke-File-Unlock-Help-tp23023704p23049810.html

My question:
You were saying his song can't be added to your device. But what about replace a song with his?
I guess that won't work neither, right?
Have you tried to swap the SD cards? If that works...
there must be some hidden system files preventing swapping songs.
Am I talking about crap again?  :-)


Carlos Barcellos wrote
Hi my friend,

I didn't understand the logic you mentioned.
I'm not sure how to apply that 256x256 tries. The only way I could think of is I knowing some part of the file.

eg: If i knew some part of the decrypted file is "hello", I could match the 2 files trying to find the key or the algol that generated that, is this you are mentioning?

I'll start patching the file to try to reach some word in the song lyrics, if I can find at least the "h" for the "hello", then we are going to have a lot of new variables to play! ;-)

Thanks for all the help!

Regards,

Carlos.
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help - 2 Equations for 2 Masks

Carlos Barcellos
Yes, I'll try exactly the patch you suggested me, I'll start this night, since this is going to be a big holiday in Brazil the next 4 days. (Just bought lots of coke's can :)

I've tried may things with the SD cards: (Notice I've copied all the contents from the original SD card to my own backup SD card to play with. The original format of the SD card was HFS (macos), mine is FAT32 and still works).

1 - just get the SD from his player and put on mine. All the songs appear in the player list, when I try to play it, nothing happens.

2 - I've then tried to copy only some of his songs over my SD card. I can play all my songs but the ones I've copied.

3 - I've tried to copy some of my songs to his SD card and put it on my player. I can play only the songs I've copied. (my original songs)

4 - I've also tried to copy his entire song list along with the TOC file that is one directory above in the tree. None.

This lead to the one conclusion. The blocking it is the song itself, I'm not sure if the key is stored in the song or this is using the player's serial number as the key. I did a bitwise comparison of the files to try to find the same information hidden in them, no luck. I can find 2 or 3 bits in a universe of 10 files, if I try something above this number, all the bits get distinct.

This is getting interesting! :)

Regards,

Carlos.
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help - Happy patching holidays!

bigboss97
Administrator
Based on 1 & 3, the key is binded to the hardware. 3 shows, only the right songs in the right player enough to make it work, regardless of other files. If it's using a key in the song then the song would run on any player.

Of course, it's possible that there are 2 keys, see California Electronics. They have one static key and one variable carried with the song. We had never found where the static key is hidden. We "re-make" the key and hard code it in our program  :-) btw, the static key isn't really static. Song in different language has another static key. As I said, it was almost a wonder that the keys were found  :-)

Carlos Barcellos wrote
1 - just get the SD from his player and put on mine. All the songs appear in the player list, when I try to play it, nothing happens.

2 - I've then tried to copy only some of his songs over my SD card. I can play all my songs but the ones I've copied.

3 - I've tried to copy some of my songs to his SD card and put it on my player. I can play only the songs I've copied. (my original songs)

4 - I've also tried to copy his entire song list along with the TOC file that is one directory above in the tree. None.

This lead to the one conclusion. The blocking it is the song itself, I'm not sure if the key is stored in the song or this is using the player's serial number as the key. I did a bitwise comparison of the files to try to find the same information hidden in them, no luck. I can find 2 or 3 bits in a universe of 10 files, if I try something above this number, all the bits get distinct.

This is getting interesting! :)

Regards,

Carlos.
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help - 2 Equations for 2 Masks

LittleNibble
In reply to this post by Carlos Barcellos
Dear Carlos,

I am also studying this file format. What is your email or how can I contact you?

Regards,

LittleNibble
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help - 2 Equations for 2 Masks

Carlos Barcellos
Hello my friend, my e-mail is carlosbar@gmail.com

Regards!

LittleNibble wrote
Dear Carlos,

I am also studying this file format. What is your email or how can I contact you?

Regards,

LittleNibble
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help

bigboss97
Administrator
It would be nice if you can discuss in the forum. There might be more people interested.
(as long as no copy righted material is posted) :-)

Carlos Barcellos wrote
Hello my friend, my e-mail is *

Regards!

LittleNibble wrote
Dear Carlos,

I am also studying this file format. What is your email or how can I contact you?

Regards,

LittleNibble
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help

HitNow_68
In reply to this post by Carlos Barcellos
Hi Guys,
I've similar Karaoke which plays .MUK Files from SD Card. I've copied all files from one SD-card to another same sized SD-Card (Just to keep Backup) and tried to play from New-one. I was able to see the list/browse through list but can't play. So I guess it has some system/hardware dependency..
If anyone can help me keep backup as if the original get corrupt, I need to buy from them which is expensive.
Thanks
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help

bigboss97
Administrator
HitNow_68 wrote
I've copied all files from one SD-card to another same sized SD-Card (Just to keep Backup) and tried to play from New-one. I was able to see the list/browse through list but can't play.
Have you turned on show hidden files when you were copying?
Reply | Threaded
Open this post in threaded view
|

Re: Karaoke File Unlock Help

HitNow_68
Hi Bigboss,
I tried everything, show hidden-files, even tried disk-copy onto other SD-card. Is still not working.
It copies/shows same size/files on both cards but when put it into Karaoke player, it shows up all songs list, can scroll but when play, it's not working!
Thank you
12