I wanted to finish LAB002 with how tsdec can be used to Encrypt and Decrypt. But there is some bug I need to repair. So I will do it later.
LAB003
Analyzing a Full Transponder the Windows GUI way. There are many programs that can be used. But I prefer simple TransEdit from DVBViewer.
1rst of ALL Using you File Explore go to
C:\Apps\Home\man_help_chm\ and Open TransEdit.chm Using Left Side Menu select
Analyzer Window And PLEASE Study the Info here.
Lets create some working directory and copy example_biss.ts
Code:
[WINKEY]+R CMD [ENTER]
> mkdir "C:\Apps\Home\cryptodir\Labs\003"
> cd C:\Apps\Home\cryptodir\Labs\003
> copy C:\Apps\Home\ts_examples\example_biss.ts
Now lets create some symlink to bin so that we can call Transedit and Hexworshop from anyware.
Code:
> MKLINK "TransEdit.exe" "C:\Apps\Home\programs\TransEdit\TransEdit.exe"
> MKLINK "HexWorkshop.exe" "C:\Apps\Home\programs\Hex_Workshop_v6.0.1\Hex_Workshop_v6.0.1.exe"
> TransEdit.exe
You should see
The 1rst thing we should do is set the directory where all our output files are going to be save. I will select
C:\Apps\Home\cryptodir\Labs\003
For this we Click on Menu > Settings > Analyser. And type or Browse to the directory. And select
C:\Apps\Home\cryptodir\Labs\003
We want ALSO to Check mark
High Speed File Analysis
This is what mine looks like
Now Save with
[SAVE] then exit with
[Close].
Using FileExplorer browse to
C:\Apps\Home\cryptodir\Labs\003
To Analise a TS file is as easy as to Drag and Drop the TS over TransEdit.exe.
So with mouse Pick example_biss.ts and Drag and Drop it over TransEdit.
Using you mouse you can expand the Menu in the Left Side and you will see
Now In the Right Side we can see all the Pids included in this File.
On the Left Side you see the SI Tree. Transedit digest all the PID files to make this nice resume.
I will describe on my own words what each Pid is. Please ignore my comments if you disagree. The process of organizing the table information, many programs called
TS Table Decode
0x0000 : PAT - This table is the 1rst one we should read. It specify all the possible Channels(ServiceID) this transponder contain.
ServiceID = 1
PMT PID = 0X0100
0x0011 : SDT - This provide The name of the Services and the name of the Provider. If you look in the left menu you can read
ServiceID = 1
ServiceName=IMG3 EU
ProviderName=CM5000
0X0100 : PMT - PMT Holds the amount and number of all the PIDS that are part of a Service. And Holds also the CAPID
0x0200 H.264 Video
0x1010 MPEG Audio
0x1020 MPEG Audio
0x1030 MPEG Audio
0x1040 MPEG Audio
CAID 0x2600
Where
Conditional Access : 0x2600 is Name "BISS"
Now look again to the Right you can see that
0x0200 H.264 Video is in RED. This mean it is
Encrypted
Now lets say we want to look at the Hex values of a PID. Normally we do this for ECMs. If we try to find this pid in the original TS it will be too difficult. It will be easier if a new file ONLY contains ECM Pids.
Here we do not have an ECM but we can simulate with PAT.
Click on top of 0x0000 PAT, it change color. You can see at the bottom
[Start Recording] Button, Please Click on it. As soon as you click Same button will be shown as
[Stop Recording]. Do not Click yet on STOP. We need to click 1rst on
[Restart]. This mean to the program like if it saying Read again while saving!
Since we originally mark in Settings
High Speed File Analysis then this job is done in a second. You will see the screen blink. Finally you have to Click on
[Stop Recording]. And a new file should be save in our output Folder.
In my case I got
example_biss 10-14 11-34-52.ts
See how its name start with the original name. The it adds date and time of the saving. But no info of what PID. So I go to File Explorer and rename it
example_biss_0x0000_PAT.ts as this is more appropriate name for the new file.
Lets Exit Transedit.
You can look at the file using HexWorkshop and since we made a symlynk we can called inspect the file with:
Code:
HexWorkshop.exe example_biss_0x0000_PAT.ts
If you have a BIG Screen you can expand HexWorkshop so that it can show from byte position 0 to 0x2E. Where 0x2E = 46. Why? because if you take TS length and divide by 4 = 188 / 4 = 46.
In this way you can see the start of next TS every 4 lines. Easier to read. Exit HexWorkshop.
A Simple way is using OD
Code:
> busybox.exe od -t x1 --width=47 -N 188 example_biss_0x0000_PAT.ts
0000000 47 40 00 11 00 00 b0 0d 43 21 d1 00 00 00 01 e1 00 22 2f 77 f9 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
0000057 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
*
0000274
where
-t x1 means print in Hex i byte at a time
--width=47 mean 46 char peer line, I know weird...
-N 188 means number of bytes ti print
Up to here we have been introduce you in the process to how we get Hex data from a TS log file.