B*SS Auto-Roll Keys

T

thefatty

I see that there are some boxes that simulate an auto key roll by connecting to a server, getting the keys (or computing them if not yet known based on a c8 packet) and then updating the key files automatically. I was wondering if anyone with one of these boxes has monitored there network with wireshark to see what server they are sending to and what is actually being sent? Surely these server farms could be useful for the rest of us without one of these boxes? I have downloaded the firmware for a Skysat V20 and am looking through the hex for an identifiable url string, but as of yet have not seen anything (only channel names + keys). provided its not using SSL, it would be a lot easier to just look at the packets in wireshark.
 

ViVA_MTV

Registered
Messages
69
I think that the packets will be encrypted and there will be no possibility to analyze with wireshark
 
T

thefatty

I think that the packets will be encrypted and there will be no possibility to analyze with wireshark

even if they are encrypted, it would reveal the server address / port number, which would make it easier to find in the firmware. We should try.
 
T

thefatty

Alternatively if someone can open there box and see what chip it has, we can disassemble the firmware back into c/c++.
 

kebien

Registered
Messages
1,329
I see that there are some boxes that simulate an auto key roll by connecting to a server, getting the keys (or computing them if not yet known based on a c8 packet) and then updating the key files automatically. I was wondering if anyone with one of these boxes has monitored there network with wireshark to see what server they are sending to and what is actually being sent? Surely these server farms could be useful for the rest of us without one of these boxes? I have downloaded the firmware for a Skysat V20 and am looking through the hex for an identifiable url string, but as of yet have not seen anything (only channel names + keys). provided its not using SSL, it would be a lot easier to just look at the packets in wireshark.

A different view of that situation.
They setup the server to sell receivers and produce a customer database,the moment the setup stop being profitable it will be removed.
Meanwhile,since they own it and created it,they could simple change everything in this system and render your hack useless,ton of work for nothing.
I understand the personal desire to understand how this work,which is commendable,but time after time people tried to "use" this commercial ventures without any benefits.
You might never find a plaintext URL in firmware,and most probably there is an array of relays that protects the server from provider's prosecution.
I assume you understand authorities would also want to know where this servers are and been working at it way before you even knew about CSA encryption.
Is not a shot down from me,go ahead,but I'll be surprised if this work produce any benefit.
Given this forum gives you a control word needed in less than 3 minutes of posting a cypt8,the need for an autoroll from a hacked server seem not that important.
 
T

thefatty

Is not a shot down from me,go ahead,but I'll be surprised if this work produce any benefit.
Given this forum gives you a control word needed in less than 3 minutes of posting a cypt8,the need for an autoroll from a hacked server seem not that important.

But how do the people on this forum generate the keys so fast? I have asked a few people and they all say they have these boxes. I have tried cudabiss, CWFinder and CW Lookup, the latter two only work if the key is present in the list files. Cudabiss takes a very long time to compute, like days. So just how are the elite of the forum finding the keys so fast?
 

barney115

Donating Member
Staff member
Administrator
Messages
24,681
Chain tables very large with fast GPU and a good size cache
V2 Table search is only 35-40secs with decent equipment
Auto Roll receivers find CW's only 85% - 90% success it is quite good but it still is far from perfect i still find plenty of feeds where Auto Roll receiver is an utter useless piece of scrap ,
BISS is still far from a fully broken or hacked system
take for example Last Sunday WWE Network Feed is prime example BISS Auto Roll Generates Zero Success , Feed is Sending only Fake Crypt8's making it pretty much impossible to find a valid BISS Key and also making these cheap China Auto Roll boxes look like pure garbage which most are in reality , luckily key was found somehow after 1 hour of failed attempts to find a valid C8 , possibly broadcaster had to expose the Feed data momentarily and key somehow got eventually found .
This is good example that broadcaster can still control what gets shown and if they wish for security to be increased to prevent anyone watching the feed and stop keys being found or not .
Also BISS2 has yet to be introduced but is being tested and important feeds have already begun long ago broadcasting via Fiber instead of satellite , which leaves the lesser important feeds being broadcast via Satellite TV or via C Band these days .
So that is main reason why it is very likely a pointless task to find how China box gets keys from their servers because it does not seem too much longer until a vast majority of feeds will just not broadcast via Satellite anymore that is just a reality fact and we have to just deal with it : )

good luck !
 

satelitindonesia

Registered
Messages
336
2 server methods that i know, for Skysat i have never unpacked, because i don't know the application.

DVBfinder

Code:
_http://iptvbiss.cronus.name/autobiss?[quesystring]

receiver sends data every 20 seconds.

example

Code:
ve=h264&au=00000000&c8=e9b067bf56ccfbd4&s8=45a27bb2890e256f&i8=0dca0f1b00011c20&id=474f58961fb2d6a3&time=5c1854dc&code=1f266bd4

Hippopatc

Code:
_http://172.104.99.93/demo/ci_demo/index.php/hipopatch/[select biss, powervu or tandberg]/[pid channel]

send data when opening channel
 
Last edited:

boyet05

Registered
Messages
245
We as hobbyist and enthusiast who help in finding the key to help by posting it online contributes to their server. . .
And we as feed hunter have the talent to make our own server if we need it if you have clients that need keys to auto open the channels. But then to each is own. . . .
 
T

thefatty

2 server methods that i know, for Skysat i have never unpacked, because i don't know the application.

DVBfinder

Code:
_http://iptvbiss.cronus.name/autobiss?[quesystring]

receiver sends data every 20 seconds.

example

Code:
ve=h264&au=00000000&c8=e9b067bf56ccfbd4&s8=45a27bb2890e256f&i8=0dca0f1b00011c20&id=474f58961fb2d6a3&time=5c1854dc&code=1f266bd4

Hippopatc

Code:
_http://172.104.99.93/demo/ci_demo/index.php/hipopatch/[select biss, powervu or tandberg]/[pid channel]

send data when opening channel


Thank you very much for this information! From that first link, it looks like the box is authenticated with the server first, so i guess it could block an abused connection. The second link seem to be more generic. I cant seem to get either to produce anything though, anyone else have any luck?
 
Last edited:

kebien

Registered
Messages
1,329
But how do the people on this forum generate the keys so fast? I have asked a few people and they all say they have these boxes. I have tried cudabiss, CWFinder and CW Lookup, the latter two only work if the key is present in the list files. Cudabiss takes a very long time to compute, like days. So just how are the elite of the forum finding the keys so fast?

I get keys in 5 minutes using rainbow tables,and I am far from being fast at all.
I also run cudabiss and helped a bit the development,so I am privy of non published versions,and with friends and shared resources is possible to get a valid key in decent time.

Some people in this forum with the right rig can get keys in under a minute.
The people that have this chinese boxes are not really into finding keys at all,so you are asking the wrong people.

Expend some money in an Nvidia card,an SSD,and you have all you need to search for keys,unless you think this hobby needs no expending.
This is the only way to stay alive when all servers go down.
I assure you this community have spent tons of money in gear for decades just as a hobby,and they know nothing is as worth it.

Time for you to start doing it,you'll get nothing done unless you invest time and money wisely.
 
T

thefatty

Time for you to start doing it,you'll get nothing done unless you invest time and money wisely.

I think I have spent way too much time and money already, my wife will not be happy with me haha. As you can see form my profile I have been on here since 2008, but just kept quite. I started spending back in the days when Sky One was FTA on 19.2e and D/D2-MAC was the encryption getting broken with 'wafer' cards (my very first buy was a Rediffusion, dont think they are around anymore)! Just been out of the game since 2014 due to health issues so just trying to get back up to speed and help with what i can in the process :thum:
 

BLACKCRUSADER

Senior Member
Messages
1,977
I get keys in 5 minutes using rainbow tables,and I am far from being fast at all.
I also run cudabiss and helped a bit the development,so I am privy of non published versions,and with friends and shared resources is possible to get a valid key in decent time.

Some people in this forum with the right rig can get keys in under a minute. The people that have this chinese boxes are not really into finding keys at all,so you are asking the wrong people.

Expend some money in an Nvidia card,an SSD,and you have all you need to search for keys,unless you think this hobby needs no expending.
This is the only way to stay alive when all servers go down.
I assure you this community have spent tons of money in gear for decades just as a hobby,and they know nothing is as worth it.

Time for you to start doing it,you'll get nothing done unless you invest time and money wisely.

Yup my rig is fast 4tb SSD for V1 tables and 1080TI Nvidea and good PC.
For V2 I use a 6tb HDD and get the key pretty quick if its there but often need V1 this year.

I also have the hellobox which has wifi to server but unless someone puts in the new crypt and gets the CW to their online server then the box will not open channels. I have seen this by not putting in the crypt to their server after finding crypt and CW from my biss key server. Sometimes I even put the crypt in and got the CW hellobox still slow to update.

The Hellobox is good if existing CW but for new ones which a lot of sports are using this year the hellobox will not update.
 
Last edited:

BLACKCRUSADER

Senior Member
Messages
1,977
But how do the people on this forum generate the keys so fast? I have asked a few people and they all say they have these boxes. I have tried cudabiss, CWFinder and CW Lookup, the latter two only work if the key is present in the list files. Cudabiss takes a very long time to compute, like days. So just how are the elite of the forum finding the keys so fast?

I make my own CW file lists for certain sports. Asian Champions league AFC Cup, China Basketball, Australia Basketball, etc.

So by creating your own CW list with a few years of CW for some sports will help you a lot. Some sports like A league and NFL Major League Soccer do not use previous CW so you won't find in CW lists. For that you need to have your own Biss Server.

Cudabiss you can scan a range but yes takes time.

A V1 scan needs both a fast SSD drive Mine is 4th holding 3.6tb of data and a fast GPU mine is GTX 1080 TI 24gb RAM and I7 CPU.

TS file: C:\Users\NET MEDIA\Desktop\100.5E_3733.211_H_7200_(2019-04-15 15.58.25)_dump.ts
Using PID: 33 Using file limit: 4096 MByte File length: 420 MByte
UsingFileLen: 440754720 bytes
Reading file ... Searching ...
Using payload size: 184
PID: 21h B8h-Crypt8:75 35 2A 95 1A 61 85 B6 [E] Count:7729

Time for searching Crypt8 = 1 sec.
Search CW Start
RBT file: F:\Biss V1 file\B8hxFFh\B8hxFFh_table2\CSA_B8hxFFh_10000h.rbt
Calc all 10000h end values for this crypt ... (using file cache)
Search end values in RBT ...
Searching CW in RBT ...
Found 215184 possible chains (harddisk only search time = 75 sec.)

Analysing chains ... (will be 10 times slower if an other thread is keeping the GPU busy)
found CW: ( cannot post CW here )
Search CW done (108 sec.)

CW list found this in 1 second. V2 also a few seconds as this is a known CW. V1 is always brute force on the crypt so takes time.
 

kebien

Registered
Messages
1,329
I think I have spent way too much time and money already, my wife will not be happy with me haha. As you can see form my profile I have been on here since 2008, but just kept quite. I started spending back in the days when Sky One was FTA on 19.2e and D/D2-MAC was the encryption getting broken with 'wafer' cards (my very first buy was a Rediffusion, dont think they are around anymore)! Just been out of the game since 2014 due to health issues so just trying to get back up to speed and help with what i can in the process :thum:

Hey,is a my opinion, but historically,no commercial venture lasted or helped the freeware community like the approach of uninterested people that willingly supplied the right information to make things work,many university professors,high level chemists,some people with access to sophisticated advanced grade tools helped over time to make a long lasting situation for freeware developers,since the mid 90's.
That's the real help,and on top of this, commercial ventures starting to flourish.
But they do not help,they just develop something and run it to the ground,and when no more profit there is abandonment.
Millions of boxes sold and thrown away.
Is going to happen to this chinese boxes too,and their servers.
Just imagine,one guy posted here a fast approach to bruteforce keys,gave the way to simple people to get keys on their own,without this help,no server could have been possible,but clearly they exploited the situation,now you want to depend on them for finding your keys,kind of going backwards.
Same with emulation,oscam code is plastered all over the receivers firmware,exploiting freeware.
Again,my view,I tend to chose freeware and the people that support it,that's all.
 
T

thefatty

Hmm Ok. Thats your opinion, in the nicest possible way, im not sure I agree with that. Freeware is free for use as you like for no cost, possibly with he requirement of credit to the developer, hence the term freeware. And often something that starts off small is developed further by other people. Take Unix/Linux as an example. Its not shareware. Also I think you will find a lot of developments steps forward were from people like me working from there 'garage' - as an example, one of the biggest companies in the world is spawned from garage development - Apple! Also I see no reason for the boxes to be thrown away, they work perfectly fine as a normal receiver, and custom firmware could be built no problem. I built some custom firmware for my Nokia 9600S back in the day as the stock firmware was rubbish. Also don't agree with you use of the term 'simple people', theirs no need to belittle people because they don't understand cryptography; they might be a surgeon for all you know. As another example, i'm not brilliant in the mathematics of cryptography, but I do know a lot about distributed processing and can very easily write a server-less p2p program to split the computation over thousands of computers automatically, building on the technology that is already there. I dont believe expensive nvidia graphics cards are the way forward, distributed processing is over thousands of nodes, essentially free processing power.
 
Last edited:

kebien

Registered
Messages
1,329
Ahh,the times of Dr Overflow....had my first Nokia 9200 back in 95' still have couple of them,motorola based units.
DVB98/2000 and Rod hewitt's DVBedit was top back then.
Old school.

I am not against development,in fact i support it,only when the development become something that do not benefit and people have to pay for everything (updates,access,others) is when collides.
Not saying simple people as to belittle people,just people that can simply use some inexpensive gadgets to get what they are after,without the deep knowledge,not disrespecting anyone.
And surely you have your own idea about how things can be based on your experience.
Again,carry on,any mass benefit is always welcome.
 
Last edited:
T

thefatty

As with anything written on the web, it can be sometimes hard to judge someones real intention/meaning. Sorry for that.

Yes I agree, when something that was developed with good intentions and released freely, but then gets sold by someone else, that's disgusting behavior. But that's also part of my reasoning behind making use of their servers/web services (if they actually are doing some sort of distributed processing to get the keys), because they are actually using someone else's work as the main selling point for their product/boxes. So my thinking was, lets give it back to the people freely and have a program that updates the softcam.key file automatically, or even a mobile app to get the keys quickly without interruption to other people.
 

iq180

Registered
Messages
235
As with anything written on the web, it can be sometimes hard to judge someones real intention/meaning. Sorry for that.

Yes I agree, when something that was developed with good intentions and released freely, but then gets sold by someone else, that's disgusting behavior. But that's also part of my reasoning behind making use of their servers/web services (if they actually are doing some sort of distributed processing to get the keys), because they are actually using someone else's work as the main selling point for their product/boxes. So my thinking was, lets give it back to the people freely and have a program that updates the softcam.key file automatically, or even a mobile app to get the keys quickly without interruption to other people.

The fact of the matter is we do that now, we use there 40 USD box to find new keys then we extract them from there receiver and post them to be used on other receivers, it's a win win any way you look at it we still win.
 
Top