djris2
Registered
- Messages
- 320
so if i understand correctly we just need to find faster ways for keys decryption and we broke it
Hacking CA system challenge *Tandberg [ NO Keys Allowed in Chat Section/s ]*
- Thread starter Colibri.DVB
- Start date
so if i understand correctly we just need to find faster ways for keys decryption and we broke it
well the last byte of the 3 ecm keys I see here is always 00
in the 1st ts-file from Colibri with only one program and one EMM-key there are "only" 8 ECM-keys repeating:
Code:
d0 6e 9b 24 xx xx xx 00
31 fb 58 9e xx xx xx 00
7b 4b d5 9b xx xx xx 00
7f 86 af 91 xx xx xx 00
e8 c8 d0 ea xx xx xx 00
df a0 ec ca xx xx xx 00
63 25 f3 df xx xx xx 00
f5 d6 e9 12 xx xx xx 00Edit: Just seen Colibris post, it seems that we have only those 8
Last edited:
Colibri.DVB
VIP
- Messages
- 44
Yes, every of the 8 DES bytes contains 7 bit (and 1 parity bit).
The 7 bits in the last byte are always 0 (for all 8 ECM keys I have seen).
So it looks like they use only a 2^49 key space for the ECM keys.
May be someone has a recorded Tandberg stream (CAID 1010 and EMM tab ID 82 *AND* 83) from an non olympic event. So we can see if the key space is only 2^49 for olympic events or generally.
how long of a recording do you think will be sufficient? ill get on it asap.
Colibri.DVB
VIP
- Messages
- 44
We have 16 entitlements 8 in the first and 8 in the second file:
00 00 16 A9
00 00 16 AA
00 00 16 AB
00 00 16 AC
00 00 16 AD
00 00 16 AE
00 00 16 AF
00 00 16 B0
00 00 17 71
00 00 17 72
00 00 17 73
00 00 17 74
00 00 17 75
00 00 17 76
00 00 17 77
00 00 17 78
I checked only the ECM keys of the active channels (4 from the first and 4 from the second).
16A9 / prg 1
16AA / prg 2
16AB / prg 3
16AC / prg 4
1771 / prg 17
1772 / prg 18
1773 / prg 19
1774 / prg 20
00 00 16 A9
00 00 16 AA
00 00 16 AB
00 00 16 AC
00 00 16 AD
00 00 16 AE
00 00 16 AF
00 00 16 B0
00 00 17 71
00 00 17 72
00 00 17 73
00 00 17 74
00 00 17 75
00 00 17 76
00 00 17 77
00 00 17 78
I checked only the ECM keys of the active channels (4 from the first and 4 from the second).
16A9 / prg 1
16AA / prg 2
16AB / prg 3
16AC / prg 4
1771 / prg 17
1772 / prg 18
1773 / prg 19
1774 / prg 20
Colibri.DVB
VIP
- Messages
- 44
Now I have check also the following 8 inactive entitlements:
16AD
16AE
16AF
16B0
1775
1776
1777
1778
So we have 16 ECM keys with only a key space of 2^49.
16AD
16AE
16AF
16B0
1775
1776
1777
1778
So we have 16 ECM keys with only a key space of 2^49.
I thought that and have already checked. Sorry but none of them work.
Well,Vplug has given me tons of problems over the years,a nightmare or missing libs and failed to load modules.That's the only reason I asked for dvbcore tandberg plugin.
Thanks anyway.
ViaHussun
Donating Member
- Messages
- 4,098
control please
vplug + Tandberg
very good work Anubis_Ir :thum:
plugin for Anubis_Ir thanks :thum:
test video file
video for Colibri.DVB thanks :thum:
- https://mega.nz/#!1ApzARrR!Oq0Mf9VDdJlcwyJidB5jRJ-8QTWLlP7G5FqnmJxx2vc
- https://mega.nz/#!wIpGjZBK!4J0DWbUsOuzkVFeOViEViwHEtshB0lLFPgIX11OVg9k
-------------- 11141 select sid=3 --------------------------------- 12689 select sid=19
vplug + Tandberg
very good work Anubis_Ir :thum:
plugin for Anubis_Ir thanks :thum:
test video file
video for Colibri.DVB thanks :thum:
- https://mega.nz/#!1ApzARrR!Oq0Mf9VDdJlcwyJidB5jRJ-8QTWLlP7G5FqnmJxx2vc
- https://mega.nz/#!wIpGjZBK!4J0DWbUsOuzkVFeOViEViwHEtshB0lLFPgIX11OVg9k
-------------- 11141 select sid=3 --------------------------------- 12689 select sid=19
Last edited:
ViaHussun
Donating Member
- Messages
- 4,098
O
ooOO_SORGOS_OOoo
Active frequences and sats with tandberg encrypted channels?? How to test it '
We need details for sat, frequences??
We need details for sat, frequences??
another tandberg stream from galaxy 16 tp 3812
https://mega.nz/#!N5V3FRxT!WlSn_kaWdjAodtjYB-aN5PGIu_ixsbale1UnfiGCUbM
https://mega.nz/#!N5V3FRxT!WlSn_kaWdjAodtjYB-aN5PGIu_ixsbale1UnfiGCUbM