Hacking CA system challenge *Tandberg [ NO Keys Allowed in Chat Section/s ]*

dale_para_bajo said:

I do not understand uglylove comments. But it does not matters. I already express my personal concern about providers with high value content.

In particular 42E has shown us that is the source of Software Upgrades that in days propagates to all regions of the world. At the moment we where lucky that anubis_ir found a solution for last software upgrade. But that can be consider an exception as in the past we has seen how ECM developers improve their skills and new software upgrades become unbreakable. We have a few, just the latest like I-cable and MTN are good sample.

Now a key takes long time to be found. And as soon as it is release in PRIVATE, one of our high rank user will post key on other public forum. Then two days later key is change. Making all effort lost, including burning a GPU/PC for days, electric bill and not able to use the PC for days. And that is just for 1 key/channel.

Just my personal opinion. I know others may think different. Finally, the World is not making a coup against Turkey. I know you are good people. But it just happens 42E main foot print belongs to that country.

Click to expand...

You are working hard to find keys, we know and we are very grateful for it.Also we want find too it. Is it possible to you tell us the method of find correct key?

Thanks dale_para_bajo :thum:

@uglylove.
My joke on Turkey is just to try making you guys to relax. I am from the Carribean Sea. People here are for the most part fine will ALL People, religion, razes and gender. I personal have a few friend but as far a Palestina. Do not know personally people from Turkey. But we see many Movies and soup opera made in Turkey.

@kebien
"I Understand you are saying the encryption is applied to pid 0x1000,and not to audio and video directly." YESSSSS.

Then the unencrypted 0x1000 PID is pass true T2-Mi decpsulation. Just to show then the whole Transponder.

"This system requires to decrypt first the mux,in order to build the channel list,in a 2 phases channel scan process."

Something like that if you intent to do some sort of scanning in a Sat Main APP.

"This also imply that a DVB T2 receiver that has no conditional access (like a PC tuner card),would not be able to scan a build a channel list off this transponder."

Yes the reason is that this signal is NOT intended to be received my USERS/ Citizens of a Country. But to be receive by a OTA T2 REMOTE(Far away) repeater Tower. Where the satellite signal is process first before it is sent FREE to all Citizen of a Country. I guess this is for Colombia.

"How do you think the people that posted in Lyngsat their channel PID's knew where they were if PID 0x1000 is encrypted and cannot get to the PMT?
Such an enigma,huh?"

I do not know exactly as this is my 1rst Contact with this Signal. For That I Thanks Drhans who pointed out this transponder and how a nice project it could be.

I had read about 30W and I saw some colibri papers that I can not find now where he explained some weird process on the encryption. I think using CSA.

But after searching the web I found tons of info like if many people do this on the daily basic. You see I even did not have to create a program for de-encapsulation as it was already made.

And I know I read on a previous poster that he let us know that 1 enigma firmware do this de-encapsulation as is.

I was contact in PM by sanabriajosi. As I speak spanish. But I do not do Feeds as I do not have a C antenna. He like to help with Tandberg keys on Feeds. But he ask what he needs. He actualy uses a PCSAT for now.

So looking at your post I can easily see

added by OSEmu Sat Feb 11 18:41:26 2017

Click to expand...

So I ask you guys. Do you have a win7 version of Osemu that can be use for that porpoise. If you do. Then what program you use to pass the trasnponder data to Osemu.

Now I do ask too. Becouse if you notice it is the same thing I need to assemble the T2-MI pipe. A main programn that reads from PCSAT, pas a Tune data to Osemu ( Tanger decryption) then we only need to unpack T2-MI. See the similar use.

So thanks ahead for the info from sanabriajosi and my self.

dale_para_bajo said:

I do not understand uglylove comments. But it does not matters. I already express my personal concern about providers with high value content.

In particular 42E has shown us that is the source of Software Upgrades that in days propagates to all regions of the world. At the moment we where lucky that anubis_ir found a solution for last software upgrade. But that can be consider an exception as in the past we has seen how ECM developers improve their skills and new software upgrades become unbreakable. We have a few, just the latest like I-cable and MTN are good sample.

Now a key takes long time to be found. And as soon as it is release in PRIVATE, one of our high rank user will post key on other public forum. Then two days later key is change. Making all effort lost, including burning a GPU/PC for days, electric bill and not able to use the PC for days. And that is just for 1 key/channel.

Just my personal opinion. I know others may think different. Finally, the World is not making a coup against Turkey. I know you are good people. But it just happens 42E main foot print belongs to that country.

Click to expand...

You are working hard to find keys, we know and we are very grateful for it.Also we want find too it. Is it possible to you tell us the method of find correct key?

Thanks dale_para_bajo :thum:

Here read this, this is not a secrete! Right from JimBizkit words

http://www.sat-universe.com/showpost.php?p=2036683781&postcount=447

JimBizkit said:

if you want to brute force:
(1) brute force the cw with the rainbow table tool (like BISS) -> this gives you the cw
(2) get the E1 nano tag from the 83 table, that was sent during the brute forced cw period -> this will give you the encrypted cw
(3) you now have cw and (des-)encrypted cw, you can assume that the last byte of the des key is 00. now brute force the des key -> this is the ecm key

Click to expand...

About binaries please read this old post I made
http://www.sat-universe.com/showpost.php?p=2036742307&postcount=1

Now a few month latter. We have even a worst condition. If you guys keep putting pressure over Fox for only 7 channels not Only Turkey will not have its 7 Fox Tanberg channels but a new Software Upgrade will be issue and the Rest of the WORLD will lose any possibility of having Tanberg! I guess you do not want to be the responsible for such a thing!

That is my personal opinion.

How did you find?

K2TSET said:

ECM: A4 C7 10 DF 23 9B 4A 7A by DES algo

To be honest I did use FPGA for the CW

Click to expand...

see please
http://www.sat-universe.com/showpost.php?p=2036680910&postcount=12

What is the value DES?

Info please

Thanks

ViaHussun
the people who bruteforced this keys were using their own implementation of FPGA,you could never do it without the knowledge they have,and the hardware they have.
Telling you how would lead nowhere because just by the fact you are asking,is clear you do not have the means to do it,knowledge wise.
But if you are really interested,there is a lot of information in the net about DES and in this thread about how to bruteforce DES.

kebien said:

ViaHussun
the people who bruteforced this keys were using their own implementation of FPGA,you could never do it without the knowledge they have,and the hardware they have.
Telling you how would lead nowhere because just by the fact you are asking,is clear you do not have the means to do it,knowledge wise.
But if you are really interested,there is a lot of information in the net about DES and in this thread about how to bruteforce DES.

Click to expand...

ok
See please kebien
http://www.sat-universe.com/showpost.php?p=2036755249&postcount=50

so,you have the means and knowledge...are you looking for confirmation of your results?

kebien said:

so,you have the means and knowledge...are you looking for confirmation of your results?

Click to expand...

ok
I wanted to make sure
But no tool FPGA

Thanks kebien

Listen I know Kebien said "FPGA"

FPGA is not a Tool but a type of device ( Integrated Circuit )

See
https://en.wikipedia.org/wiki/Field-programmable_gate_array

But kebien means really:

https://en.wikipedia.org/wiki/Custom_hardware_attack
Click to enlarge
_http://www.sciengines.com/copacobana/index.html
_http://www.sciengines.com/copacobana/gallery.html

There you have it something to keep you busy & learn.

But those are expensive in the old time is card was $100-$200 I guess with limited quantities today and popularity they will cost a lot more.

Most of us we only use plain GPU.

thank you

I need update my tandberg.

ecm:
81 70 28 ED 26 00 00 26 BC 22 D5 74 D7 8C B4 BA A2 5F 56 68 49 96 C5 DF 10 55 82 FE 4B 53 CD A2 2E 04 85 4A B2 DB 58 8A 82 40 20
(emu) Active entitlement 26BC
ecm:
80 70 28 ED 23 20 00 22 BC 58 F2 94 5F 76 16 55 D5 61 B0 B5 FF A6 DB 5C 34 DF C1 82 6C B9 D8 37 08 CA 28 86 94 94 F3 EC 7B 94 63
(emu) WARNING: nanoType ED length (35) != 38
(emu) ECM failed: ECM not supported
ecm:
81 70 2A E5 26 00 00 26 BC 80 ED ED F4 2F 96 41 57 89 98 26 B3 12 88 D5 FF F6 3E 1B 53 8C 4D EE AF CE B6 73 8A B2 4C 56 18 96 77 F6 FF
(emu) WARNING: nanoType E5 not supported
(emu) ECM failed: ECM not supported
ecm:
81 70 2C 6D 26 00 00 36 BC 84 FE ED 74 2F 14 41 64 01 18 26 B3 52 CA D7 FB AE 3F 1B 43 0C 4D E7 AF C2 B6 5D 0A 32 5C 46 B8 96 67 B7 FF DB DF
(emu) WARNING: nanoType 6D not supported
(emu) ECM failed: ECM not supported

T 26BB 01 FF...FF ; 24 Kitchen HD (42E/12461H)
T 26B7 01 FF...FF ; FOX CRIME HD (42E/12461H)
T 26BC 01 FF...FF ; FOX LIFE HD (42E/12461H)
T 2619 01 FF...FF ; FOX SPORTS (42E/12461H)
T 26B9 01 FF...FF ; FX HD (42E/12461H)
T 26B8 01 FF...FF ; NAT GEO HD (42E/12461H)
T FFFF 01 FF...FF ; NAG GEO PEOPLE HD (42E/12461H)
T 26BD 01 FF...FF ; NAT GEO WILD HD (42E/12461H)

Here is latest ecm + emm

It just mean the latest firmware has more than a single new obfuscation,looks like it has multiple Nanos,probably different treatment each.
I do not understand their tactic using them all without a public hack in sight,kind of a waste,if the firmware ever get dissected.

Friends I'm trying to get the key out of a channel but I get this ... what should I do next? Thank you

chelo_py said:

Friends I'm trying to get the key out of a channel but I get this ... what should I do next? Thank you

Click to expand...

These are emm search different ecm & produce final ecm keys
In the transponder mode all channels get ecm are very hard
new system add [ED] that is problem
only single channel in transponder mode using [EE] searching ecm are very easy...

fiji said:

These are emm search different ecm & produce final ecm keys
In the transponder mode all channels get ecm are very hard
new system add [ED] that is problem
only single channel in transponder mode using [EE] searching ecm are very easy...

Click to expand...

Okay, thank you, so I can not get that key right now? I have to wait until they get a new version of the poc?

chelo_py said:

Okay, thank you, so I can not get that key right now? I have to wait until they get a new version of the poc?

Click to expand...

Only two Masters can update new poc version
Colibri.DVB
Anubus_IR
A long time no appear in this forum no update yet here .

I want to make sure i am not spending a week wasting my time. I am recording a mux for 1 week. I verified the tandberg EMM pid is 500 for this particular mux. That is the only PID i need to record???

Is that correct? or do i need to record the EMM and ECM pids?

The EMM PID 500 is recording at about 100 megs per 24 hours.