Stefan2k16
Registered
- Messages
- 44
The crypt8 is just duplicate packets in the stream or packets that are the same and reoccur in the stream. The rainbow table method is based on an assumption. This assumption is that there will be packets consisting entirely of filling bytes to pad the video or audio streams to a certain bitrate. So searching for the crypt8 is merely a matter of looking for duplicate packets that are repeated in the stream from time to time. As others have already said, you don't need a GPU to do this.
Now for the bad news. The assumption that this whole method is based on does not have to be true and in some transport streams it isn't true. If the video encoders are configured in a certain way and the intended authorized receivers don't have to have fixed bitrate streams, the uplinker doesn't have to include these packets filled with filling bytes to pad the stream and if they are aware of this attack vector and care about it, they probably won't. They'll use variable bitrate video in the program stream and leave the null packets used to pad the transport stream unencrypted. If they do this, the rainbow table is useless because they will either be no crypt8 to find or the ones you do find will not really be a crypt8 but will only be a coincidence instead. In that case only a true brute force method will be able to find the control word and for that you need some pretty serious hardware and about 24 to 48 hours.
Now for the bad news. The assumption that this whole method is based on does not have to be true and in some transport streams it isn't true. If the video encoders are configured in a certain way and the intended authorized receivers don't have to have fixed bitrate streams, the uplinker doesn't have to include these packets filled with filling bytes to pad the stream and if they are aware of this attack vector and care about it, they probably won't. They'll use variable bitrate video in the program stream and leave the null packets used to pad the transport stream unencrypted. If they do this, the rainbow table is useless because they will either be no crypt8 to find or the ones you do find will not really be a crypt8 but will only be a coincidence instead. In that case only a true brute force method will be able to find the control word and for that you need some pretty serious hardware and about 24 to 48 hours.