Is it possible to decrypt biss channel without vpid ??

[asoom_jamjom]

Hello all
1st I want to ask is there a way to decrypt a channel that in ts analyzer don't show video streaming but only pmt stream type !!
so it does not give crypt8 but on vplug it shows that its encrypted in biss
could I use cudabiss or other bruteforce ways to decrypt the channel with only pmt pid ??
in cudabiss if pmt pid was put instead of vpid it start searching but will it give me a true biss cw for the channel ??
any ideas appreciated:clapping:

 

[asoom_jamjom]

not even 1 reply

 

[barney115]

AS Far as im aware TS Analyzer is only for looking at feed info and stream data its unlikely that you can decrypt anything with it .
Which channel or feed are you talking about ?
You say it is Encrypted in BISS but it dont give any Video Pids ?? how strange ..it may then perhaps be a DATA Channel/Feed
That may explain why you did'nt get a Crypt8
There is a reason why you did not try CSA Rainbow Tool ?
or CW Finder to try obtain a Crypt8 and KEY ?
Your questions really do not make a lot of sense without at least some usefull info regarding exactly what your trying to achieve and exactly what Feed/Channels your trying to Decrypt this is most likely why your not getting any response i would imagine ?

 

[asoom_jamjom]

oh sorry
maybe I didn't explain enough
so I will say what I got
This feed is on azerspace 46 east 4050 30000 V
feed 1 and feed 2 and other channels (feed 1 sometime it send video and audio stream and give crypt8 and already biss broken and put on this forum)
but feed 2 never gave any video or audio streaming as I can remember
on transport stream analyzer I can see that the feed2 is only giving pmt pid with channel name but no mpeg2 or 4 stream or any audio stream
the strange thing that channel on any dvb player it shows that is encrypted with biss
so when recording a ts and I know how to record a good ts file it doesn't give any crypt 8
and in cw finder it shows that no scrambling data is available so cannot search
The question is
1- is this normal for some biss encrypted feed ??
2- can I use cudabiss or cwfinder with the pmt pid to search for key?? and will it work
I hope you got me right now
btw the feed2 is football feed and could be belong to bein Arabic commentary as said by other people who claim that have the key !!

 

[rustantenna]

Please understand that some time the forum audience gets low. Some time no one has come in due to DDOS attack or similar. Etc.

As barney2222, I guess you should supply details of transponder.

Even better, record 2-4 minutes of FULL Transponder in TSWriter2. And post link here.

...is there a way to decrypt a channel that in ts analyzer don't show video streaming but only pmt stream type !! so it does not give crypt8 but on vplug it shows that its encrypted in biss

If you get ONLY PID for pmt stream type.
Then the question is more like what you expect you could gain decrypting this transponder? Nothing I guess. No Audio, No Video no Data on it?

Now it is possible that Vplug did in fact saw some useful PIDs but when look with your "ts analyzer" nothing show up! Like the end of the FEED. This is only a suggestion. Your future post for FULL transponder TS Record can show more on it.

...could I use cudabiss or other bruteforce ways to decrypt the channel with only pmt pid ??
in cudabiss if pmt pid was put instead of vpid it start searching but will it give me a true biss cw for the channel ??
any ideas appreciated:clapping:

Wao I do not know for sure cudabiss is an old program that NOBODY here seems to know much DETAILS about. I had ask on it my self without luck. It will be beautiful to at least speak with the author. Source Code will be even better.

But from CSA Brute Force Theoretical Implementations"

packet start code prefix: This is a 24 Bit value, which is always set to 0x000001. It marks the beginning of a PES packet.
***
payload unit start indicator: This one-bit flag marks the begin of a Primary Elementary Stream packet
***
first three bytes of an PES packet are always 0x000001. So, there are three known bytes in every transport stream
packet which transports encrypted data and has its payload unit start indicator

And in general up to 3 TS lines contains PES headers are required.

You see, in my limited knowledge I believe that PES are independent of Video/Audio or DATA Pids. So my limited understanding tells me that BISS can still be applied even when there is no Data/Audio/Video Pid but any other PID.

But for the most part if you do not have Data/Audio/Video Pid then what you expect then to decode and received? What is the use for?

 

[rustantenna]

oh sorry
...
btw the feed2 is football feed and could be belong to bein Arabic commentary as said by other people who claim that have the key !!

I guess you answer while I was writing. Sorry I am slow typer.

But you see you may be giving the response. "bein Arabi commentary"

Yes maybe they just send TEXT, a Pid like Closed caption!

 

[asoom_jamjom]

Thank you for your informative replies, both of you

Yes maybe the feed isn't broadcasting any data/video or audio
but maybe on the day of Spanish league it gives
i will try on the next Saturday,
as someone on other forum put a picture of the feed showing last Spanish la liga match and won't give the cw

Sorry i have only 512 kb/s upload speed here
i will try to upload full ts from the transponder
I don't know but was wondering if cw was found then the ts analyzer or the tswriter2 would show the pid for video or audio (is that even possible)??
another thing is when scanning the transponder it shows that it has 4 audio track !!!

btw : now the channel feed1 is giving crypt8 as it usually give from time to another
but not the channel feed2

 

[rustantenna]

asoom_jamjom

...I don't know but was wondering if cw was found then the ts analyzer or the tswriter2 would show the pid for video or audio (is that even possible)??
...

Having the BISS Key will not make Video/Audio Pids appear from no where like magic. Do not expect that.


I had only read on the subject. So I do lack on experience. So it is very easy I am really wrong. keep that in mine.

Now in the other hand I really like to learn. So I am willing to do the assignment with you.

This is your situation.
1) You are interested in a Feed that normally have no Video/Audio. This is the reason there is no Crypt8. But Vplugs show it is Biss.

2) So you wonder if we can use Cudabiss to brute-force what ever is been transmitted now as it is. If any?

3) The idea is to be able to have that key for the future when the Feed may come alive.

My best answer I do not know. But I will expect that there is a big possibility that a few PES packets are been sent encrypted with something else. If this is the case in theory you only need 3 of those PES to do brute force.

Now another story is of cudabiss will look at any PES. Not even if it carry Video or Audio. My best guess is it does. But I do not know for sure.

So
1) 1rst step Record the transponder.
Ok you think you can not upload. But just make the record. Maybe there is so litle that you can then upload. Just do the record.

2) I do not know what Ts Analyzer you are using. Please Download TransEdit=>

http://www.sat-universe.com/showthread.php?p=1025145#post1025145

In that way we All see the same result.

3) Let me know if you need help with
TransEdit>Menu>Scan>Analyse TS File

Do not forget to set up working directory.
TransEdit>Menu>Analyser>Output Directory

 

[asoom_jamjom]

I recorded Ts file but not from the whole transponder because it will be so large in size
so I recorded ts for selected channel i.e: feed2
the selected pid is pmt :1007

cudabiss inputfile.txt for pid 1007

000000000000
FFFFFF000000
4743EF1E0002B02E0007C50000E7D7F0
4743EF1F0002B02E0007C50000E7D7F0
4743EF100002B02E0007C50000E7D7F0
1
1

it find alot of keys as confirmed !! when changing the range for search
upload for ts file about 5 min recording is here :
https://mega.nz/#!xVRm2T5Q!_uDdE3BFkd6XTkmiwCjKTyjklmnKavA71r0DaTvt4Mg

I will try later if I can to upload full transponder ts

 

[rustantenna]

Ok from the data you posted and from your coment we are talking about:


TransEdit.exe TS Analyser show


So the Pid we are interested are

0000 PAT
1007 PMT
2007 H.264Video
3007 Mpeg Audio
4007 Mpeg Audio

Listen We understand you can not upload big files. That is OK. Do not worry you do the work at home.
But Tomorrow when you try to Record You WILL Record The FULL Transponder with TSWriter2.

Then using "TransEdit.exe TS Analyzer" I will show you how to split and from Full record only the Pids you are interested.
For now looks like PIDS: 0000, 1007,2007,3007 &4007.
But having the Full Transponder may show tomorrow that there is more or even different PIDS!
You do not want to miss data you did not record. Yes be prepare to record a Big File. Remember if you are lucky you will get crypt8 so try to record at least at from 5 minutes before the Hour to past 5 minutes. Or Mid Time Break of the Game. Comercial time seems to produce crypt8

Now do not confuse me. I do not have a CUDA Card but may be I can come up with another approach or Just CPU Power.

 

[asoom_jamjom]

today I will try as you said

so try to record at least at from 5 minutes before the Hour to past 5 minutes.

but to be clear do you mean that I will record for 1 hour the whole transponder every time then to search it for selected pid

 

[rustantenna]

I hope it is not late. I was busy.

What to record?
Listen, I am not trying to imposed you to believed that my method is the BEST!.

Nope, At the moment we ONLY learning. So I am suggesting you that if you have the space in the HDD you should record as much as you can. In that way you will not regret in the future not having a missing piece of information!

So if you know that an event is been FEED. Go ahead and record as much as you can.

Yes you end up with 1 or many gigabytes of TS File. But That is OK. As we can latter after we inspect the FULL Tranmision trim to get only what we need.

I show you with a posted Big TS of 42E-12468 H. Please Note that you do not need to download this. I am providing info just in case you like to see yourself.
42E_12460H20800_05082016.zip
https://mega.co.nz/#!5Q9RwYbR!A0SOeSfJq2GeCKVttizBcwyjXXlCFT_2zFnwaEtz3pg

Using TransEdit you can see


Then you select what you want, sample FXHD


See as the bottom there are buttons to do a trim record on this big file.

So you do your analysis and decide what PIDs you need for new record.

So once proceed you end up with what you need, see



Lets resume. That transponder seems to have LOTS of data per second.

Lets then do the following. 2 Step approach.

Tell TSWriter to record a maximum of lets say 2 GigBytes. Depending on the data rate this may be 5,10 or ?? minutes.

After you see that the record Stop. Then use transedit to analyze what you got. What are the interesting Pids.

Then do a Long record on the selected pids.

How is that?

 

[rustantenna]

...

cudabiss inputfile.txt for pid 1007

000000000000
FFFFFF000000
4743EF1E0002B02E0007C50000E7D7F0
4743EF1F0002B02E0007C50000E7D7F0
4743EF100002B02E0007C50000E7D7F0
1
1

it find a lot of keys as confirmed !! when changing the range for search ....

I had little time to learn here with you. Sorry.

But while you get USEFUL TS data I decided to go back to your original question.

You posted a TS file:
https://mega.nz/#!xVRm2T5Q!_uDdE3BFkd6XTkmiwCjKTyjklmnKavA71r0DaTvt4Mg

And you wonder if we can brute force that. I know that I said innocently that it is possible!!! But truth is I do not know but willing to learn.

TransEdit shows It only contains: PAT & PMT.

Now I look at the data under Hex editor. And as expected only PID 0x00 & 0x3EF.

You did posted cudabiss inputfile.txt for pid 1007

...
4743EF1E0002B02E0007C50000E7D7F0
4743EF1F0002B02E0007C50000E7D7F0
4743EF100002B02E0007C50000E7D7F0
...

We can analice those lines

47 => it a TS file it has synchronization

4  => It in fact is has Lots of "payload unit start indicator" (4) bit is set.

3EF => Our PID 1007

and Innocently conclude that it seems to have the basic structure to be able to do brute force.

Now lets see what is against. File has a lot of data but it only repeats to same 2 lines:

PAT

47 40 00 17 00 00 B0 3D 00 02 F1 00 00 00 00 E0 10 00 01 E0 66 00 06 E3 EE 00 07 E3 EF 00 0A E3 F2 00 0B E3 F3 00 14 E3 FC 00 15 E3 FD 00 16 E3 FE 00 17 E3 FF 00 18 E4 00 0F A1 E1 91 FF FE E2 71 5A D0 FB FD FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

PMT

47 43 EF 1E 00 02 B0 2E 00 07 C5 00 00 E7 D7 F0 06 09 04 26 00 FF FF 1B E7 D7 F0 06 28 04 64 00 1F 3F 04 EB BF F0 06 0A 04 65 6E 67 00 04 EF A7 F0 00 6D DE 7D 82 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

Now see all those 0xFF filling the end!! That is evidence that the line is NOT BISS Encrypted. A true encrypted data will contain what seems to be random bytes. So No encryption Data no Brute Force.

Also this is all an innocent mistake from my part. PMT can not be Encrypted as it is an Important part of the stream. Without this many Receivers can Not Decode those programs. As they will not be able to Identify the Pid associated to the program nor what they contain(Audio/Video...).

I was given an example in 27.5W-11495-V there are a bunch of BBC Biss encrypted Channels. That for many time people could not tune because the PMT was some what Encrypted.

What all this Bla Bla Bla means. That while I study the problem found my self I was wrong. And I had learn that PAT & PMT should NOT be enough to have the information required for Brute Force. Yes we need another True encrypted PID that we can use. So keep on Fishing that Feed until you record something we can use.

 

[rustantenna]

I forgot I had one more thing to say.

Your post: cudabiss inputfile.txt for pid 1007

...
4743EF1E0002B02E0007C50000E7D7F0
4743EF1F0002B02E0007C50000E7D7F0
4743EF100002B02E0007C50000E7D7F0
...

That is wrong.... I had no experience on cudabiss.

I know it should look at 3 different lines with "payload unit start indicator". That part is correct.

But what is wrong is that those lines Need to be DIFFERENT!!!! And the ones selected by the program are equal!. Clearly there are no more lines.

As they are supposed to be used to fine detect if the Key is valid on different lines.

So cudabiss was supposed to let you know that under the circumstances your data is no good and Failed