Oscam-emu now supports powervu without streamrelay (on dreambox only...)
- Thread starter joeuser
- Start date
OK, very interesting...
Probably that is the reason why Sony Pictures Networks India package on Asiasat 7 @ 105.5° E is opening (PowerVu) but Turner International Asia package on the same satellite is not opening at all (PowerVu).
I mean that I am not using stream relay on my VU+ clone.
In spite of that Sony Pictures Networks India package on Asiasat 7 @ 105.5° E is opening (PowerVu) but Turner International Asia package on the same satellite is not opening at all (PowerVu as well).
That is without stream relay.
Does it mean that probably one of them is using DES while the other one may be using CSA?
In this case how can we possibly find out which one is used: either DES or CSA?
Just curious, how do you know which channel is PowerVu DES encrypted and which one is CSA encrypted?
I believe that's what is making all the difference.
Some PowerVu channels are opening on my VU+ clone without stream relay, others don't.
It's high time to pay more attention to this issue.
If some channels can be opened without stream relay it means that probably oscam patch is responsible for this behaviour.
Improving oscam patch may permit opening all PowerVu channels regardless of whether they are DES encrypted or CSA encrypted.
Please correct me if I am wrong.
What is the limiting factor?
I have a VU+ clone.
Some PowerVu channels are opening without stream relay!
Other PowerVu channels do not open (and yes, the key is not expired).
It is believed to be caused by different encoding algorithms used for different PowerVu channels.
Some of them use CAS while others may use DES encryption.
You need to examine the structure of the ECMs to determine whether CSA or DES is used.
This is what Colbri said about it:-
This is what Colbri said about it:-
Code:
There is an unencrypted flag in the ECM that indicates if DES or CSA must be used to decrypt the video/audio streams.
Each ECM contain nanos. Starting with a two byte long length information (must be masked with FFFh). The next byte is the tag (the type of the nano). Then the data bytes of the nano will follow.
Data byte 0 and 1 of every nano must have the value 0E00h.
Data byte 2 and 3 of every nano must have the value 0000h.
In nano 20h the two msbits of data byte 7 indicates the if DES or CSA must be used to decrypt the video/audio streams:
00xxxxxxb = DES
10xxxxxxb = CSA
Here is an example of an ECM that shows that DES must be used to decode the video/audio stream:
47 41 F4 1B <= TS header
00 81
30 3D <= 303Dh & FFFh = 3Dh section length
30 37 <= 3037h & FFFh = 37h length of the first nano
20 <= tag
0E 00 <= must be 0E00h
00 00 <= must be 0000h
00
8E <= continues counter
A0
00 <= 00000000b the two msbits are relevant (00b means DES / 10b means CSA)
39 09 9C E8 53 75 06 02 9F 4C F0 EF 72 8C 00 00 90 00 00 B9 BD 34 AD A5 02 D6 B5 EE 8A 4D
2B D3 4A EA 67 8E 23 7B 28 A0 8F 95 37 EC 86 B1 <= remaining data of the first nano
5A 9D 67 9D <= CRC32
Here is an example of an ECM that shows that CSA must be used to decode the video/audio stream:
47 57 70 1E
<= TS header
00 80
30 61
<= 30
61
h & FFFh =
61h section length
30 37
<= 3037h & FFFh = 37h length of the first nano
20
<= tag
0E 00
00 00
00
A5 <= continues counter
A0
80 <= 10000000b the two msbits are relevant (00b means DES / 10b means CSA)
94 8A 13 91 B8 1C 89 73 2F FC FD 2D 16 18 00 00 10 00 00 26 18 A5 0F DC EE 2F E4 F5 BA 62
71 88 55 F0 C2 06 D3 53 31 FE 2E 1A 8B 6F 0C 3C
<= remaining data of the first nano
30 10
<= 30
10h & FFFh = 10h length of the second nano
27 <= tag
0E 00 <= must be 0E00h
00 00 <= must be 0E00h
80 <= key type (e.g. 80h is VID key)
00
4D 4A 7D 14 AA 58 69 6B <= convolved CW
82 <= check-sum
30 10 <= 3010h & FFFh = 10h length of the third nano
27 <= tag
0E 00 <= must be 0E00h
00 00 <= must be 0000hI must correct you because you are wrong.
You do not understand the process chain.
DES or CSA video is not decrypted by Oscam,but by the box (it has hardware dedicated to decrypt video CSA,and some also DES,yours only does CSA).
Oscam is in charge to decrypt the ECM (not the video,just the ECM packets) to extract the Control Words and deliver it to the box.
Your box receive this Control Words and use them to decrypt the VIDEO packets,which are encrypted using CSA or DES.
Your box is not able to decrypt video encrypted with DES,this is where stream realy comes into play.
Stream relay is used to decrypt the DES video packets,by sending the video packets out,decrypt them,and receiving the clear video back.
All this stream relay process is done AFTER oscam deliver the Control Words.
The issue,the problem you want to fix lies in your box,not in oscam,there is no way,at the present time to access the DES hardware (if your box has it at all),so you need to decrypt video DES using stream relay.
Oscam developers would need information that might never be available to access this hardware (and still the question of your box having it).
I would suggest you to read and learn how the system you are using work,only then make educated suggestions.
Of course this can be explained over and over..but the more accurate you know how it works,the better the suggestions and ideas you can propose.
I can not open any afn channel , i have dm 800hd se original openpli 4.0 D:\Dreambox\Oscam Emu Patched v11086 Mips-OE2-engineerkhan15
everything in the right place tuxbox config , bin oscam patch ,
and good sofcam keys in usr keys P 000622B0 00 6DADC79AAD00CF ;AFN Guide,9.0E, 11766
P 000622B0 01 9E83D4513F3B23 ;AFN Guide,9.0E, 11766
P 00060010 00 6DADC79AAD00CF ;AFN Sports,9.0E, 11804
P 00060010 01 9E83D4513F3B23 ;AFN Sports,9.0E, 11804
P 00060020 00 6DADC79AAD00CF ;AFN Prime Atlantic Benelux,9.0E, 11804
P 00060020 01 9E83D4513F3B23 ;AFN Prime Atlantic Benelux,9.0E, 11804
P 00060030 00 6DADC79AAD00CF ;AFN Spectrum,9.0E, 11804
P 00060030 01 9E83D4513F3B23 ;AFN Spectrum,9.0E, 11804
P 00060040 00 6DADC79AAD00CF ;AFN Prime Pacific,9.0E, 11804
P 00060040 01 9E83D4513F3B23 ;AFN Prime Pacific,9.0E, 11804
P 00060050 00 6DADC79AAD00CF ;AFN News,9.0E, 11804
P 00060050 01 9E83D4513F3B23 ;AFN News,9.0E, 11804
P 00060060 00 6DADC79AAD00CF ;AFN Sports 2,9.0E, 11804
P 00060060 01 9E83D4513F3B23 ;AFN Sports 2,9.0E, 11804
P 00060070 00 6DADC79AAD00CF ;AFN Guide,9.0E, 11804
P 00060070 01 9E83D4513F3B23 ;AFN Guide,9.0E, 11804
P 00060090 00 6DADC79AAD00CF ;AFN Family,9.0E, 11804
P 00060090 01 9E83D4513F3B23 ;AFN Family,9.0E, 11804
P 000600A0 00 6DADC79AAD00CF ;AFN Movie Channel,9.0E, 11804
P 000600A0 01 9E83D4513F3B23 ;AFN Movie Channel,9.0E, 11804
P 000600B0 00 6DADC79AAD00CF ;AFN Sports HD,9.0E, 11804
P 000600B0 01 9E83D4513F3B23 ;AFN Sports HD,9.0E, 11804
Can somebody help me please im on this all day long .
thanks in advance
everything in the right place tuxbox config , bin oscam patch ,
and good sofcam keys in usr keys P 000622B0 00 6DADC79AAD00CF ;AFN Guide,9.0E, 11766
P 000622B0 01 9E83D4513F3B23 ;AFN Guide,9.0E, 11766
P 00060010 00 6DADC79AAD00CF ;AFN Sports,9.0E, 11804
P 00060010 01 9E83D4513F3B23 ;AFN Sports,9.0E, 11804
P 00060020 00 6DADC79AAD00CF ;AFN Prime Atlantic Benelux,9.0E, 11804
P 00060020 01 9E83D4513F3B23 ;AFN Prime Atlantic Benelux,9.0E, 11804
P 00060030 00 6DADC79AAD00CF ;AFN Spectrum,9.0E, 11804
P 00060030 01 9E83D4513F3B23 ;AFN Spectrum,9.0E, 11804
P 00060040 00 6DADC79AAD00CF ;AFN Prime Pacific,9.0E, 11804
P 00060040 01 9E83D4513F3B23 ;AFN Prime Pacific,9.0E, 11804
P 00060050 00 6DADC79AAD00CF ;AFN News,9.0E, 11804
P 00060050 01 9E83D4513F3B23 ;AFN News,9.0E, 11804
P 00060060 00 6DADC79AAD00CF ;AFN Sports 2,9.0E, 11804
P 00060060 01 9E83D4513F3B23 ;AFN Sports 2,9.0E, 11804
P 00060070 00 6DADC79AAD00CF ;AFN Guide,9.0E, 11804
P 00060070 01 9E83D4513F3B23 ;AFN Guide,9.0E, 11804
P 00060090 00 6DADC79AAD00CF ;AFN Family,9.0E, 11804
P 00060090 01 9E83D4513F3B23 ;AFN Family,9.0E, 11804
P 000600A0 00 6DADC79AAD00CF ;AFN Movie Channel,9.0E, 11804
P 000600A0 01 9E83D4513F3B23 ;AFN Movie Channel,9.0E, 11804
P 000600B0 00 6DADC79AAD00CF ;AFN Sports HD,9.0E, 11804
P 000600B0 01 9E83D4513F3B23 ;AFN Sports HD,9.0E, 11804
Can somebody help me please im on this all day long .
thanks in advance
Last edited:
Thank you for your detailed explanation.
What is this "dedicated DES hardware" in the box? Where is it located?
Is it a separate chip on the PCB?
How can we possibly know for sure if our box in fact has this "dedicated DES hardware"?
How come the cheap closed source box ("Alphabox X4 Mini" available for just $40) does have this "dedicated DES hardware" while the more expensive VU+ Solo clone ("MEELO+ ONE") doesn't have this "dedicated DES hardware"
OK, I do understand know.
Thank you for pointing me to the right direction.
Can I intercept the ECMs with my VU+ Solo clone STB?
I want to find out whether CSA or DES is used for Turner International Asia package on Asiasat 7 @ 105.5° E on 3960 MHz Vertical.
Thank you for your detailed explanation.
What is this "dedicated DES hardware" in the box? Where is it located?
Is it a separate chip on the PCB?
How can we possibly know for sure if our box in fact has this "dedicated DES hardware"?
How come the cheap closed source box ("Alphabox X4 Mini" available for just $40) does have this "dedicated DES hardware" while the more expensive VU+ Solo clone ("MEELO+ ONE") doesn't have this "dedicated DES hardware"
There is a chip inside the box that has the decoders inside,you access them using specific commands,and there is also switches to turn them on or disable them.
Some chips are only CSA capable,some are also DES capable.
Is all about what chip is in your box,some manufacturers never cared to use a chip that decodes DES video,so,they chose a chip without this capability.
But all goes into HOW the chipset is licensed,the box manufacturer might not have disclosed or paid the license to the chip manufacturer in order to receive the tools and drivers to use DES (command set).
So,this is a big chain of events and elements that come into play to use the satellite boxes.
But you are also confused here : the cheap $40 box is able to use hacked firmware in order to decrypt DES.
For dreambox,is known how to access it,in VU is not known how to,this is why you don't get those channels
It is in DES mode. On Spark (sh4), it is decoded by using MCAS but not OSCam.
Can you provide more details about this dedicated chip?
I want to open both of my STB receivers and check if this kind of chip is present on the PCB.
How does it look like?
Furthermore we can possibly use JTAG to obtain RAM memory dumps.
And we can find much useful data stored in RAM.
I have used JTAG debugging interface with Qualcomm MSM chipsets (ARM based) in mobile phones to reverse-engineer the firmware.
I believe JTAG interface is available on all STB boxes.
What kind of access do we need?
What kind of access do we have now?
Can you explain why Oscam Emu is able to open (without stream relay, just with DVB API) some PowerVu channels on my VU+ clone, and cannot open other PowerVu channels on the same satellite?
However the cheap closed source STB is able to open all PowerVu channels on the same satellite!
Does it mean that a dedicated DES / CSA decrypting chip is present in my VU+ clone? It means VU+ is able to decrypt properly at least some PowerVu channels without stream relay, isn't it?
I am sorry, I am a bit confused...
Does it mean that MCAS emulator is better than Oscam Emu?
Or does it mean that Spark system is better than Enigma2 system?
I am sorry, I am a bit confused...
Does it mean that MCAS emulator is better than Oscam Emu?
Or does it mean that Spark system is better than Enigma2 system?
I don't know, but everytime I ask about DES on OSCam-Emu, the answer always about the driver on the box (including the Spark box) which should support DES itself.
On the other hand, I found MCAS is capable of doing DES decryption normally without any problem (except it's missing sbox a0 table).
May be there should be a specific oscam-emu for specific box (as for now the DES only works on Dreambox).
How can I possibly check if my STB is running on Spark system?
The manufacturer doesn't say about this.
Maybe some other closed source system?
This chip is generally a SOC (system on chip),and is the main processor,you can never know anything by looking at it.
You need the chip number and then check available specs online.
You would not even need to open the box,if the box specs are available.
But do something else first,as an advice,otherwise the thread never ends : try to read about satellite and decoders and transport stream and conditional access.
I understand the interest,but there is tons of materials in the net you should read and learn first,then you gain knowledge and many questions will be answered right there by reading..........
I see all this questions you are making numerous times before,in very old threads and some new ones too,I think you should search for this threads before asking the questions.Is going to save you a lot of time
MCAS developer does not include the table (can be checked in the mcas binary file to make sure).
You may check your STB system information, usually every receiver has this menu.
By the way, the Spark is actually a close source, we can never find the source code even on fulan official server.
Oh, let's get back to topic.
Last edited:
Still facing the same problem on dm7080. When powervu channel is decoded once the picture is there and after that when i try to open any other channel from cs server the channel is decoded it shows ecm, but no picture. The same thing is even if i change the cam and try to descramble the channel from cs server there is ecm, but no picture. Looks like the blame for all this is the kernel oe2.2/3.4 which cannot handle picture after powervu channel is once decoded unless the box is restarted completly. On kernel oe2.0/3.2 there's no problem at all. You can change the powervu channels and then go back to channels which are decrypted from cs or vice versa. The picture is there no problem.
My closed source STB receiver has the following menu.
How do I know if it is using Spark system or some other operating system?
