Codicrypt

abra26 · Mar 16, 2017

Hello. I looked to ECM for this encryption and I think I found something interesting.
It looks like they broadcast encrypted CW keys right in the ECM so it looks like it's just some chipher text.
For example, this ECM is from radio channel Paddy Power on 4.8E 12303 H 25547. CAID is 2200. Red parts are (probably) active encrypted CWs:

Code:

80F0190080 DB 0000 [COLOR="Red"][B]20712A0EB22AF6D9[/B][/COLOR]_EAF2D5B6A9E61FA1 3DCE0FDE
80F0190080 DD 0000 236F4CED1AA77876_[COLOR="Red"][B]EAF2D5B6A9E61FA1[/B][/COLOR] 4083AF0E
80F0190080 DF 0000 [COLOR="Red"][B]236F4CED1AA77876[/B][/COLOR]_459EB9854DB45FB7 FE4A2D71
80F0190080 E1 0000 9A82920F83A7D540_[COLOR="Red"][B]459EB9854DB45FB7[/B][/COLOR] 6E9DAA5F
80F0190080 E3 0000 [COLOR="Red"][B]9A82920F83A7D540[/B][/COLOR]_F26DE9FFE203B161 E3549F98

Another channels with this encryption are on 23.5E and ECM looks the same as on 4.8E radio channel.
Another interesting thing is that one CW key is valid only around 4 seconds and CSA Rainbow Table Tool gave me a lot of fake crypt8s, so MAYBE it is DES algo instead of CSA algo and MAYBE this encryption is similar as PowerVu, so MAYBE it is "crackable". Last interesting thing is that ECM index is "80" and it's still the same. As we know, normal channels are changing this index - "80" for CW0 and "81" for CW1, but maybe this is only small detail. EMM is broadcasting too.

All of this infos are only my theories and it can be all wrong, but I think that this encryption is worth seeing.

PS: No popular channels are encrypted with this encryption. It's only for studying another encryption.

...and sorry for my bad English.

kebien · Mar 16, 2017

ECM carry BOTH CW,even and odd all the time,regardless the table they use (80 or 81)
Your posted ECM tells you that to

ne change and the other remains the same.
Your ECM also tells you they are "counted",sequentially sent,apparently (DB..DD..DF..E1..E3).This in regard about the selection of a new packet sent,without using a different table.

The problems you will face is the same as any encryption...must determine the algorithm used,plus you need to know the keys used.
The only way to brute force keys would be knowing the algorithm used,but you cannot really guess or brute force the algorithm without any information,could be simple,of course,but process can be convoluted.....
CA id 0X2200 is for HARMONIC ....

dale_para_bajo · Mar 24, 2017

I been busy that is why I did not post earlier. Plus as Always kebien is correct without inside knowledge in the crypto it is almost impossible. SO PLEASE no hopes. But ViaHussun just remind me of this old post and I think it is good to give it a look.

I will love if you abrakadabra26 could post a 20 second record of the full transponder. I will like to look at it.

I always suggest to disable all other plug ins, Log with TSWrriter2.

Thanks in advance.

dvlajkovic · Mar 24, 2017

4.9E - 12303 H - 25541
Paddy Power (Radio) > LOG

23.5E - 11934 V - 27500
Ch2 BKP (TV) > LOG

ooOO_SORGOS_OOoo · Jun 5, 2017

any news?

paytv · Aug 6, 2017

Its cryptosystem codicrypt hacked?

2expert · Nov 29, 2017

any news ?

paytv · Nov 30, 2017

Codicrypt version codico 500 firmware is hacked or non-public.

paytv · May 8, 2018

Hi@all it is Paddy power pay Radio in codicrypt cloused?

paytv · Dec 13, 2018

Codicrypt Amy News? Cards?

paytv · Jan 12, 2020

@all what encryption on codicrypt system?

paytv · Jan 12, 2020

www.lyngsat.com/Koreasat-6.html you smartcards and cams vor this paytv Provider

Codicrypt

abra26

Registered

kebien

Registered

dale_para_bajo

Registered

dvlajkovic

Member

ooOO_SORGOS_OOoo

paytv

Registered

2expert

paytv

Registered

paytv

Registered

paytv

Registered

paytv

Registered

paytv

Registered