# How do you get the actual video files off the harddrive?



## Videogamer555 (Jul 17, 2016)

Ok, so I had my DirecTV standard-def receiver/DVR stop working about a year ago. I took out the harddrive and saved it, hoping to eventually recover the video files, and just threw the rest of it out in the garbage. I hadn't done much with it until recently though. Just yesterday, I bought this IDE to USB adapter. This allows me to connect the harddrive up to my computer and should have let me access the drive through normal drive-access in Windows Explorer, but it didn't work. I was however able to view data on the drive with raw-reading off the drive using HxD Hex Editor's physical-drive access capability (you can even see the actual raw data in the first sector, the boot sector). Immediately I knew something was wrong. The first 3 bytes of the boot sector are supposed to be compiled instructions (raw machine-language instructions) for jumping to the boot program. However, the first 3 bytes were all null (contained the hexadecimal value 00). This is obviously wrong, and explains why Windows has NO IDEA how to handle the drive. It appears that the actual DirecTV hardware must have come with firmware that would actually know how to handle such a boot sector, as it certainly is NON STANDARD.

To try to fix this, I downloaded this program called PartitionGuru, which among other things, allows you to recreate the MBR (master boot record) in sector 1. I did this, but Windows still didn't recognize it. Under the "disk management" control panel, I checked to see what it thought it was formated as, and it called it a RAW partition (not FAT32 or NTFS). So Windows still didn't recognize the partition in the drive. Fortunately PartitionGuru did. It was able to tell that it was a FAT32 partition, and was able to read files from it. Interestingly, it was able to read every file BUT the ones I wanted. The ones I wanted all had the file name "stream.str" and are the actual video files themselves. Each recording had its own folder, with metadata files, and the main video file stream.str. I'm guessing this is a copyprotection measure, but it kept saying it had a read-error when trying to read those files. However, I don't know exactly what that copyprotection measure consists of. Do the entries in the FAT (file allocation table) have offsets to the files that are encrypted, so that the offsets listed in the FAT are completely invalid offsets (until properly decrypted)?

What trick are they using to block access to the stream.str files? Is it encryption-based, or do they just use some non-standard filesystem structures? How do I bypass it, so that I can retrieve my lost video recordings? Is it even possible, or would the process require using the secret code that's stored on the electronic access card that normally comes with the DirecTV unit (both the card and the machine have been thrown out a long time ago)? Does anybody here know?


----------



## peds48 (Jan 11, 2008)

DirecTV files in a DVR are encrypted to the access card, without the key, those files are not accessible.


Sent from my iPad Pro using Tapatalk


----------



## Videogamer555 (Jul 17, 2016)

peds48 said:


> DirecTV files in a DVR are encrypted to the access card, without the key, those files are not accessible.
> 
> Sent from my iPad Pro using Tapatalk


That still doesn't explain why they can't be copied from the drive. An encrypted file should look like random bytes of data when viewed in a hex editor, and should not be playable in video player software, but should still be able to be copied. What is going on that prevents it from being copied? Why does attempting to copy a stream.str file result in a disk-read-error?


----------



## James Long (Apr 17, 2003)

It is a pointless exercise since the files cannot be played except on the machine that recorded them. There may have been problems with the drive as well as the receiver or your attempts so far may have corrupted the drive. In any case, the content is not accessible.


----------



## litzdog911 (Jun 23, 2004)

Let us know if you figure out how to do it. In all my years hanging out at various DirecTV forums, nobody ever has.


----------



## James Long (Apr 17, 2003)

There are threads on this site that explain how to copy from one drive to another. But the resulting copy is useless without the machine the recordings are tied to.

How to violate DMCA and break the encryption is NOT a topic for our site.


----------



## Videogamer555 (Jul 17, 2016)

Even if the content is encrypted, and can't be viewed, I would think that successfully copying the correct file would be a big event in itself. It seems that the pointer in the FAT of the drive does NOT point to the correct file, but rather to an unused region (or even completely off the disk entirely). The file pointers in the FAT for all the files seem to be valid, except for the pointers to the "stream.str" files. They seem to be invalid pointers, because the software I'm using (PartitionGuru) can copy all the files BUT the ones that are called "stream.str". Are the pointers to the stream.str files that are stored in the FAT, encrypted pointers? Or are they simply random invalid pointers, and the real pointers lie elsewhere (such as in a proprietary non-standard version of FAT that was invented by DirecTV themselves and is stored elsewhere on the drive, or maybe the pointer is stored in another one of the meta-data type files in the same directory as the stream.str file)? Any hints on how to proceed, to merely EXTRACT the file from the drive, would be greatly welcome. I'm not asking anybody here on help to decrypt it after I have extracted it, as that could potentially violate the DMCA, as the poster above me mentioned.


----------



## trh (Nov 3, 2007)

See post #4.


----------



## Videogamer555 (Jul 17, 2016)

Maybe



trh said:


> See post #4.





James Long said:


> It is a pointless exercise since the files cannot be played except on the machine that recorded them. There may have been problems with the drive as well as the receiver or your attempts so far may have corrupted the drive. In any case, the content is not accessible.


Actually, I have not performed any writing activities to the drive, except to repair the master boot record. The FAT of the drive, and all data remains unaltered. The MBR itself was corrupt, according to the software tool PartitionGuru, and it was able to repair it, writing a valid MBR in its place. I don't believe this could have caused any damage to the drive. The real risk is that if Windows writes to the drive, then it could overwrite some proprietary data that DirecTV uses, but Windows itself doesn't recognize the drive (even after fixing the MBR) because there's some proprietary version of FAT32 in use on the drive, which Windows doesn't recognize (so no possible file access directly in Windows, and also no possibility for Windows to overwrite any important data structures on the drive). In fact, the only way I've been able to access it has been through the software PartitionGuru, which is somehow able to read the FAT entries and read the names and locations of the files (except for stream.str) on the drive. And I'm going on the assumption that these file pointers in the FAT, as read by PartitionGuru, are in fact accurate. Now it's possible that they are not accurate (and that might be why my DirecTV receiver failed in the first place, the drive somehow got corrupted). However, I have no proof that they are bad, nor anything to compare it to for testing.

Here's the directory listing of one of the folders on the drive. Maybe somebody here will be able to tell me what each of these files is for, whether or not it's normally encrypted, and what the structure of the file is (if it's either a publicly documented format, or at least has had the specs for the format somehow leaked out of DirecTV by one of their employees, or possibly revealed at some point by reverse engineering efforts).
META_MAN.XMA
META_MAN.XMB
META_MAN.XMD
META_MAN.XMI
META_MAN.XMJ
META_MAN.XMV
META_MAN.XMW
SIGNLING.DAT
STREAM.EXT
STREAM.STR


----------



## trh (Nov 3, 2007)

So you're trying to recover the files? To what extent? Without the DVR that recorded the files and the access card, the files are encrypted and can't be viewed.

As one of the Mods said in Post #6 "How to violate DMCA and break the encryption is NOT a topic for our site."

I suspect this thread is about to be closed.


----------



## Tom Robertson (Nov 15, 2005)

Steps to copy the files:
1) Learn Linux
2) Read and understand the threads on copying hard drives
3) Learn advanced Linux file systems

To use the files in any meaningful way:
1) All the steps above
2) Learn doctorate level file decryption (and likely grad level encryption)
3) Break the encryption (and be the first [aside from the NSA]...)

Beyond that high level discussion, there ain't much that I can say here. (Or elsewhere, for that matter.)

Peace,
Tom


----------

