Hacking CA system challenge *Tandberg [ NO Keys Allowed in Chat Section/s ]*

[BLACKCRUSADER]

This is the new `bin\.mdl` file for vPlug (+ full source code) and supports the new nanoEC. You should copy it to vModules folder.
Notes: It requires a DES key and also an AES key (included too, in the bin folder). Without these `2 keys`, it won't work.

So ...
- Good news: we know how nanoEC works.
- Bad news: It requires 2 keys. 1 DES key and 1 of 32 AES keys which won't be transmitted by the EMMs. Also I'm not sure about the included AES keys. The first byte seems to be the index of the key and probably the rest needs to be decrypted ... ?

Will that mean STB firmwares can be upgraded in the future even if we have to manually enter keys?

 

[Anubis_Ir]

Based on the posted image, AES keys start from index 01 to 20 and not 00 to 1F. Use the attached file.

 

[Wilb]

So I guess these AES keys are the ones that are rumoured to have been distributed offline and entered manually? In which case the risk is they're rotated weekly and it's impossible to get them in time for a feed...

Sent from my MI 5 using Tapatalk

 

[achilefu]

Tangberg V3 can decrypt by Poc.exe?

 

[siawoosh]

For some reasons post removed!

 

[Anubis_Ir]

Will that mean STB firmwares can be upgraded in the future even if we have to manually enter keys?

Yes. The posted file includes the source code of nanoEC handling too. They just need to add this section.

 

[BLACKCRUSADER]

Yes. The posted file includes the source code of nanoEC handling too. They just need to add this section.

Thank you very much.

 

[ViaHussun]

Tangberg V3 can decrypt by Poc.exe?

Where's the new version poc.exe?

 

[abed1988]

hello i test the new v3 vplug with file ts recored in
7.0E_11020,132_V_7198_(2017-10-03 18.26.29)_dump

 

[achilefu]

I still waiting new poc.exe

 

[morgon]

Where's the new version poc.exe?

Do not worry about bread

 

[abra26]

Can I ask some master, why there are 3 "extra" bytes in AES key?

 

[Anubis_Ir]

About poc.exe
There will be no update for that, because regarding the EMM handling, the old modes are in use and your DES keys should work the same as before.

 

[abed1988]

About poc.exe
There will be no update for that, because regarding the EMM handling, the old modes are in use and your DES keys should work the same as before.

thanks of course it will be like first poc.exe

tahnks

 

[orangebirds]

About poc.exe
There will be no update for that, because regarding the EMM handling, the old modes are in use and your DES keys should work the same as before.

I haven't try the poc.exe for the new Tandberg, but is this means the DES key is still searchable using poc 1.2?

 

[ARA$H]

You can not find AES KEYE by POC.EXE
DES KEYS Found with the latest version POC
You do not need to new ver poc

Our problem with EMM ,AES KEYS .........

 

[orangebirds]

You can not find AES KEYE by POC.EXE
DES KEYS Found with the latest version POC
You do not need to new ver poc

Our problem with EMM ,AES KEYS .........

Yes, the AES keys have to be leaked first, then we can watch it

 

[ahmed990]

NOW feed tandbang V3 7E 12545 H 7120 id:ARQ-PL9CLIPS

 

[ARA$H]

Yes, the AES keys have to be leaked first, then we can watch it

AES KEYs.....
It is possible They change every week, maybe every game

 

[abed1988]

NOW feed tandbang V3 7E 12545 H 7120 id:ARQ-PL9CLIPS

i try with it but not worked
must get the aes key

T 01 00 xxxxxxxxxxxxxxxxxxxxxxxxxxxx