Oh noes another Conax thread !
This one will be a little different, I promise.
After I start let me introduce myself, I'm from Portugal, I know a 'few' things and cracking is my hobby, I have this small project that I want to finish.
Here in Portugal there is one provider that uses Conax CAS7, unfortunately they paired it since 2008.
I start digging and searching and I found old methods of recovering the bk key or rsa key (thanks sega24 :thum, but most of them are outdated and don't work for this kind of box.
So, I started from the beginning.
The box is a Kaon G3 (DVB-C) with 2 processors (BCM3255 and BCM7401), 256MB RAM, 64MB ROM and the most important part it runs linux
This distribution to be more exact:
So after messing with the box I could connect using telnet and have root shell.
I dumped the RAM, the file system but there is no evidence of RSA keys.
I found one binary that is executed in the beginning and is responsible for everything. I'm analyzing it right now (size 8MB).
So I started this thread in hope that anyone with experience with conax could help me because if I have code execution must be easy, right?
Thanks
This one will be a little different, I promise.
After I start let me introduce myself, I'm from Portugal, I know a 'few' things and cracking is my hobby, I have this small project that I want to finish.
Here in Portugal there is one provider that uses Conax CAS7, unfortunately they paired it since 2008.
I start digging and searching and I found old methods of recovering the bk key or rsa key (thanks sega24 :thum, but most of them are outdated and don't work for this kind of box.
So, I started from the beginning.
The box is a Kaon G3 (DVB-C) with 2 processors (BCM3255 and BCM7401), 256MB RAM, 64MB ROM and the most important part it runs linux
This distribution to be more exact:
Code:
Linux (none) 2.6.12-4.2-brcmstb #3 Fri Aug 14 18:53:18 KST 2009 7403a0
So after messing with the box I could connect using telnet and have root shell.
I dumped the RAM, the file system but there is no evidence of RSA keys.
I found one binary that is executed in the beginning and is responsible for everything. I'm analyzing it right now (size 8MB).
So I started this thread in hope that anyone with experience with conax could help me because if I have code execution must be easy, right?
Thanks
Last edited: