Hacking CA system challenge *Tandberg [ NO Keys Allowed in Chat Section/s ]*

What Anubis said was, similar to PowerVu that can use either CSA or DES as the scrambling method, the new version of Tandberg can, in addition to CSA, use an alternative scrambling method. This could be DES or perhaps a new variant of CSA.
I'm not aware of any compromise on any new CSA variant (does anyone?) and it would seem unlikely in the short term. That is why he suggested closing this thread as it looks like it has no future.

we are need a hardware engineering.

AAh so it is game over :-( well it was a great journey, EPL, Fa Cup, Olympics and Two Wimbledons

X35|93 said:

we are need a hardware engineering.

Click to expand...

We need Colibri

007.4 said:

What Anubis said was, similar to PowerVu that can use either CSA or DES as the scrambling method, the new version of Tandberg can, in addition to CSA, use an alternative scrambling method. This could be DES or perhaps a new variant of CSA.
I'm not aware of any compromise on any new CSA variant (does anyone?) and it would seem unlikely in the short term. That is why he suggested closing this thread as it looks like it has no future.

Click to expand...

Can we at least confirm what this alternative scrambling method is please then I think that’s it.

We need Russian Hackers... and some Put'in...

Well if I remembered well, @dale_para_bajo used to bf-ing DCWs then he was able to find DES key and in the end he got ECM key. But if DCW is 64 bit as Anubis said, it's very difficult to BF...anyway I would like to see what @dale_para_bajo say about this.

Also it would be smart to limit access to this topic to maybe 50 users who can really give serious contribution.Other people could be joined to this topic by invite.This topic is too exposed and I'm sure that people who don't want T@ndberg on our emus reading this and make our life difficult. As we can't see their discussion about counter measures they shouldn't see this.

The problem is it might not even be DES its something else which I dont think has been identified, its a shame really we were really close I think.

Colibri! Where are you?

He was here about two weeks ago so he’s still around hopefully he comes back and breaks this and done new encryption’s

He probably came to take a look at Anubis_Ir's great work in reversing this tag EC's workings

Has anyone actually investigated any of the well known cyphers in place of CSA? I've tried DES in various modes, but my lack of success there shouldn't be relied on to rule that one out.

harshy said:

The problem is it might not even be DES its something else which I dont think has been identified, its a shame really we were really close I think.

Click to expand...

Is just a matter to see what chipset is in use in those tandberg receivers.
The specifications should say what types of video decoders have on board.
Specifications are not under an NDA,is public information,only way to sell them.
But if is a special SOC sold only to Tandberg,then it could be possible a different video decoder than CSA or DES.
I have seen some standard chipsets that have DES-ECB/CBC/OFB ,3DES,AES,as an example most of the STx7000 family have this decoders on board

So we need someone to open up their rx8200 and identify what chipset it’s using to determine what the other scrambling method is?

harshy said:

So we need someone to open up their rx8200 and identify what chipset it’s using to determine what the other scrambling method is?

Click to expand...

Well,they could never do anything different than what the chipset is capable of,right??
Broadcom 74xx chipsets can use 1DES/3DES/DVB/Multi2/AES
and others for copy protection like /CSS/CPRM/CPPM/DTCP.that are not used in satellite video,but in IPTV and streaming.

any new about randberg v3

kebien said:

Well,they could never do anything different than what the chipset is capable of,right??
Broadcom 74xx chipsets can use 1DES/3DES/DVB/Multi2/AES
and others for copy protection like /CSS/CPRM/CPPM/DTCP.that are not used in satellite video,but in IPTV and streaming.

Click to expand...

What is DVB? Do you mean CSA? What version? 1, 2, 3?

Can it still be watched on unauthorised official box by reversing firmware to accept emm key?

nautilus7 said:

What is DVB? Do you mean CSA? What version? 1, 2, 3?

Click to expand...

The 236 page Ericsson manual dosent even mention what chipset it’s using.

nautilus7 said:

What is DVB? Do you mean CSA? What version? 1, 2, 3?

Click to expand...

Is not me saying it,the specs says DVB,and as per ETSI rules,DVB use CSA as encryption.
And the chipsets mentioned have CSA v1 implemented.

And a firmware analysis would never shield any AES key present if the customer is to enter the key manually.
But maybe they use an AES key (or a set of them) that's standard in all receivers in case the customer fails to enter the private key correctly or some major error like that.