CSA Brute Force
- Thread starter K2TSET
- Start date
- Messages
- 7,379
This CW in this post by Autoroll Biss 
http://www.sat-universe.com/showpost.php?p=2036797510&postcount=1517
http://www.sat-universe.com/showpost.php?p=2036797510&postcount=1517
ViaHussun
Donating Member
- Messages
- 4,098
This CW in this post by Autoroll Biss
http://www.sat-universe.com/showpost.php?p=2036797510&postcount=1517
how much time cw found?
which receiver?
Is internet connection required?
C0der, if you look on the sample ts file I uploaded and do a decrypt by the CW I posted (it will decode like the first 6 sec)
If you then search for some 00 00 00 00 00 00 00 you will find like 5-6 ts-packets all 00's
Then you will see a ts-packet starting 47 03 FF 30 87 00 FF FF FF FF FF
this is an Adaption packet length of 0x87 after there you will have 00 00 of length 0x30 which just would not work for Residue bytes and SC-only
If you now search a bit more for 00 00 00 00 00's you will in offset 389414 find 47 03 FF 38 43 00 FF FF FF FF length 0x43 and now you will have length 0x74 = dec 116 /8 of 00 00 00 dec 116 /8 giver a rest of 4 bytes so here the SC-only should work
So in the encrypted file you will see on this location a repeated pattern for a few lines starting 10 30 30 AF 3F 4A 20 66 BF due to all the 00 encrypted by CW
since we have a repeated pattern we can find that as looking for C8's
So while we have a repeated pattern of C8's and a Adaptionfield where the Residue apply (div 8 non zero) it should be possible to use SC-only.
If I search with RBT tool I get the same repeated pattern (expected)
Searching ...
Using payload size: 184
PID: 3FFh B8h-Crypt8:10 30 30 AF 3F 4A 20 66 [E] Count:492
PID: 3FFh B8h-Crypt8:2C E2 F4 3B E5 62 45 5A [O] Count:406
So the next test must be to try to see it's it normal to have a non div 8 adaption field in the middle of those stuffing bytes
If so the SC-only BF should be tested in speed, and compared to a RBT search, it will properly be way slower than RBT
What do you think?
If you then search for some 00 00 00 00 00 00 00 you will find like 5-6 ts-packets all 00's
Then you will see a ts-packet starting 47 03 FF 30 87 00 FF FF FF FF FF
this is an Adaption packet length of 0x87 after there you will have 00 00 of length 0x30 which just would not work for Residue bytes and SC-only
If you now search a bit more for 00 00 00 00 00's you will in offset 389414 find 47 03 FF 38 43 00 FF FF FF FF length 0x43 and now you will have length 0x74 = dec 116 /8 of 00 00 00 dec 116 /8 giver a rest of 4 bytes so here the SC-only should work
So in the encrypted file you will see on this location a repeated pattern for a few lines starting 10 30 30 AF 3F 4A 20 66 BF due to all the 00 encrypted by CW
since we have a repeated pattern we can find that as looking for C8's
So while we have a repeated pattern of C8's and a Adaptionfield where the Residue apply (div 8 non zero) it should be possible to use SC-only.
If I search with RBT tool I get the same repeated pattern (expected)
Searching ...
Using payload size: 184
PID: 3FFh B8h-Crypt8:10 30 30 AF 3F 4A 20 66 [E] Count:492
PID: 3FFh B8h-Crypt8:2C E2 F4 3B E5 62 45 5A [O] Count:406
So the next test must be to try to see it's it normal to have a non div 8 adaption field in the middle of those stuffing bytes
If so the SC-only BF should be tested in speed, and compared to a RBT search, it will properly be way slower than RBT
What do you think?
- Messages
- 7,379
The key is found and really fast already !!
No REC Now use CSA-Rainbow For C8 & search CW
All you have to do is wait for the channel just a few second,s and it will work with you
This makes us ask
What mechanism does it do for this ??
I thought you just had old keys stored but not
Anyhow I think you will circulate soon and know how to get there
anyway We may see the encryption BISS as a Tandberg encryption
But in fact this loses a lot of fun, excitement and passion to find the Feed,s & keys (for me)
maybe We need @Colibri.DVB Explains us
No REC Now use CSA-Rainbow For C8 & search CW
All you have to do is wait for the channel just a few second,s and it will work with you
This makes us ask
What mechanism does it do for this ??
I thought you just had old keys stored but not
Anyhow I think you will circulate soon and know how to get there
anyway We may see the encryption BISS as a Tandberg encryption
But in fact this loses a lot of fun, excitement and passion to find the Feed,s & keys (for me)
maybe We need @Colibri.DVB Explains us
Last edited:
@m_fadel:
Just RBT. Only difference is that the search is done by a server (if you payed for the box). But they will most likely switch off that server of sooner or later anyway.
@K2TSET:
Yes, sounds correct.
And of course way slower than RBT, but faster than full CSA.
Just RBT. Only difference is that the search is done by a server (if you payed for the box). But they will most likely switch off that server of sooner or later anyway.
@K2TSET:
Yes, sounds correct.
And of course way slower than RBT, but faster than full CSA.
The key is found and really fast already !!
No REC Now use CSA-Rainbow For C8 & search CW
All you have to do is wait for the channel just a few second,s and it will work with you
This makes us ask
What mechanism does it do for this ??
I thought you just had old keys stored but not
Anyhow I think you will circulate soon and know how to get there
anyway We may see the encryption BISS as a Tandberg encryption
But in fact this loses a lot of fun, excitement and passion to find the Feed,s & keys (for me)
maybe We need @Colibri.DVB Explains us
i am sorry mohamed but I think there not is any device that does this work
- Messages
- 24,736
The Real Test will be if it open Feed that uses only Payload 8 or refuses to send any valid crypt8 with Rainbow Tool
quite a few feeds do this like ATL , Arqiva HD3,HD4 etc..
this will be very interesting if indeed this method will open difficult feeds .
quite a few feeds do this like ATL , Arqiva HD3,HD4 etc..
this will be very interesting if indeed this method will open difficult feeds .
- Messages
- 7,379
@barney2222 absolutely yes
I was waiting for one of the complex Feed known like Arqiva HD3,HD4
And Feed TNA
So far succeeded by a large percentage in TNA
But the opening of these Feed,s remains until we say that we are right in front of big surprises
I was waiting for one of the complex Feed known like Arqiva HD3,HD4
And Feed TNA
So far succeeded by a large percentage in TNA
But the opening of these Feed,s remains until we say that we are right in front of big surprises
digi_knarf
Banned
- Messages
- 119
There are no difficult feeds! There are only other hardware configs.
When do you finally understand that? If you continue to spread everything here ... other providers will also react! There are already device series ... there is nothing with c8. The spirits divorced at the Rainbow Table on c8. With paylod 8 has nothing to do - there is great table.
This topic is not discussed openly! Others can also read.
dale_para_bajo
Registered
- Messages
- 646
I like to go back here from time to time just to check on you guys.
This thread got hijack and move away of its intention. I may have been part of the problem sorry.
But once Coder said
At the time I laght as is it out of my current modest inteligence. Sorry.
But I had try to ilustrate my self. I found that many cryptomathematician use a tecnique called SAT Solver. Let me be honest I have no Idea what is this. HEHEHEHE. but here we go.
Boolean satisfiability problem Quote from Wikie
https://en.wikipedia.org/wiki/Boolean_satisfiability_problem
Now Imagine the "X Power Factor" we can add to just GPU or FPGA if we indroduce this method!!!
Some Usefull links
I sugest looking into youtube and see if there is a Introductory Tutorial.
In God we Trust. But do not put to much faith on me. HEHEHEHE
This thread got hijack and move away of its intention. I may have been part of the problem sorry.
But once Coder said
At the time I laght as is it out of my current modest inteligence. Sorry.
But I had try to ilustrate my self. I found that many cryptomathematician use a tecnique called SAT Solver. Let me be honest I have no Idea what is this. HEHEHEHE. but here we go.
Boolean satisfiability problem Quote from Wikie
https://en.wikipedia.org/wiki/Boolean_satisfiability_problem
Now Imagine the "X Power Factor" we can add to just GPU or FPGA if we indroduce this method!!!
Some Usefull links
Code:
https://en.wikipedia.org/wiki/Boolean_satisfiability_problem
https://www.msoos.org/cryptominisat2/
http://polybori.sourceforge.net/
https://github.com/vegard/clsat
http://www.eavise.be/papers/parallelsatsolvingwithopencl.pdf
http://doc.sagemath.org/html/en/reference/index.htmlI sugest looking into youtube and see if there is a Introductory Tutorial.
In God we Trust. But do not put to much faith on me. HEHEHEHE
Last edited:
Thanks for bringing up new idea's
While ago I found this on SAT and CSA
From the pdf:
Also have a look on page 16
I have not understood how you Know if you did break it to a certain round number?
You will have no idea until both the Block and the Stream part are done over all rounds.
But if you can break the first 20 rounds of BC you have an output and I guest you could do it again for the next 20 rounds and so
From the pdf:
Guess it should be "CSA" also 20 Hours are not fast
While ago I found this on SAT and CSA
Code:
https://www.cdc.informatik.tu-darmstadt.de/reports/reports/Ahmed_Charfi.bachelor.pdfFrom the pdf:
Also have a look on page 16
I have not understood how you Know if you did break it to a certain round number?
You will have no idea until both the Block and the Stream part are done over all rounds.
But if you can break the first 20 rounds of BC you have an output and I guest you could do it again for the next 20 rounds and so
From the pdf:
Guess it should be "CSA" also 20 Hours are not fast
dale_para_bajo
Registered
- Messages
- 646
I did spent some time trying to figure out this SAT thing.
To get an idea you have to stop thinking like normal been. Where you have a problem and you only care about the solution. For example like many here.
Problem: Want to watch Dog Razing.
Solution: Give me the Key. HEHEHEHE
Instead think like a mathematician. Now the Solution is not the goal but to create a set of Laws that can help. And sudently the question is:
Can this be true?
Can this be False?
How long it took me to prove it is Valid.
How Long it took me to prove it is false.
Then suddenly your new mathematician geek have not the Answer!!!
But How long can it take to compute a solution. HEHEHEHE.
So many hours to understand a concept but have 0% Idea how it is done.
I will look in to your new doc. But thinking that a mathematician geek wrote it and he will probe only it can be done in so many hours without showing the problem, his computes and the solution. HEHEHEHE.
And this is call Meet at the Middle.
here is what I know. When you do things like it should be done with all the steps. You still find you self calculating many FALSE Keys solution. In our full step computational, this FALSE keys are annoying but doable.
Now you start working with concepts that to speed up think do ONLY a few of the steps. In the hope to get final solution on X less time. As mathematician you prove that that solution is feasible, not the correct one necessary. And as result you suddenly get a bunch of unwanted FALSE Keys that stop becoming annoying and become your new problem. HEHEHEHE.
Let me rephrase for the lazy.
Full Cudabiss takes 2 month to find a solution.
Now new process X find a possible in 20 hours!! But for only half of the problem. So instead of having 1 solution you may get:
2^32 = 4294967296 possible solutions as you only have 2^32 of the possible key.
Now for couch potato #1 this is a probolem as he ONLY want 1 key to enter. UPSS! but couch potato #2 will not accept anything more than AU BISS HEHEHE not even 1 key.
And you are proposing to provide them instead the possibility of having 4294967296 possible keys!!!!
But you and me know that we can get an answer, while they watch ONLY their FREE server solution if available.
To get an idea you have to stop thinking like normal been. Where you have a problem and you only care about the solution. For example like many here.
Problem: Want to watch Dog Razing.
Solution: Give me the Key. HEHEHEHE
Instead think like a mathematician. Now the Solution is not the goal but to create a set of Laws that can help. And sudently the question is:
Can this be true?
Can this be False?
How long it took me to prove it is Valid.
How Long it took me to prove it is false.
Then suddenly your new mathematician geek have not the Answer!!!
But How long can it take to compute a solution. HEHEHEHE.
So many hours to understand a concept but have 0% Idea how it is done.
I will look in to your new doc. But thinking that a mathematician geek wrote it and he will probe only it can be done in so many hours without showing the problem, his computes and the solution. HEHEHEHE.
And this is call Meet at the Middle.
here is what I know. When you do things like it should be done with all the steps. You still find you self calculating many FALSE Keys solution. In our full step computational, this FALSE keys are annoying but doable.
Now you start working with concepts that to speed up think do ONLY a few of the steps. In the hope to get final solution on X less time. As mathematician you prove that that solution is feasible, not the correct one necessary. And as result you suddenly get a bunch of unwanted FALSE Keys that stop becoming annoying and become your new problem. HEHEHEHE.
Let me rephrase for the lazy.
Full Cudabiss takes 2 month to find a solution.
Now new process X find a possible in 20 hours!! But for only half of the problem. So instead of having 1 solution you may get:
2^32 = 4294967296 possible solutions as you only have 2^32 of the possible key.
Now for couch potato #1 this is a probolem as he ONLY want 1 key to enter. UPSS! but couch potato #2 will not accept anything more than AU BISS HEHEHE not even 1 key.
And you are proposing to provide them instead the possibility of having 4294967296 possible keys!!!!
But you and me know that we can get an answer, while they watch ONLY their FREE server solution if available.
Last edited:
I think you are wrong,with a single card cudabiss can go through the whole range in less than a month.
But you never go through the whole range unless they use the last possible key.
Beside,cudabiss has tons of shorcuts,I rarely went over a week to find a key,more like 2 or 3 days,using common sense.
Between 5 guys you almost guarantee to find it in a day.
Stop separating yourself from the pack,we are all in the same boat.
This type of threads is what helped wizzard (and countless others) to start his business (now defunct),and autoroll biss is just another example.
There is people that "think" they can get and answer,and there are those who know it already.
Once you make good and valuable information in public,there is always someone that will make it a business.
But you never go through the whole range unless they use the last possible key.
Beside,cudabiss has tons of shorcuts,I rarely went over a week to find a key,more like 2 or 3 days,using common sense.
Between 5 guys you almost guarantee to find it in a day.
Stop separating yourself from the pack,we are all in the same boat.
This type of threads is what helped wizzard (and countless others) to start his business (now defunct),and autoroll biss is just another example.
There is people that "think" they can get and answer,and there are those who know it already.
Once you make good and valuable information in public,there is always someone that will make it a business.
The way I understand it, they mean:
ONLY IF the BC would have been designed to have only 20 rounds, it would be breakable.
dale_para_bajo
Registered
- Messages
- 646
HEHEHE
What did I said wrong again? I thought I did make a nice representation of a crypt mathematician geek and a common forum user.
Cudabiss. I do not have a Cuda Card, I guess I never will. So you all are correct I do not have a decent Idea of what is the correct time it takes. I am sorry for that, can not do anything about it.
Ok so not the 40 days I was told in the other thread, Nor 1 month, nor even weeks. Now is 4 day for the complete search. To me it is unimportant. The point was not how long it realy realy reallyyyy takes cudabiss.
1) Instead the proposal of having CSA equations ( again 3000 or 100 or what ever ) and finding a solution for it by resolving the simultaneous equations.
2) That even when we can find short analisys in the net, most are build by mathemetician geeks. The the result proposed solution in the conclusion of those papoers are in fact more encrypted than the proposed crack of the decryption process that they are offering.
3) That only a few here may understand the significance of the papers. As the common coach potato here just want the Key, the tool or now not even those as they only want AU BISS. Automayic or nothing.
Now how that gets to
Or what BOSS or Wizzard has to do with this? No matter how many times I said I have nothing to do with those people, I have to pay for what they did or not.
@C0der
Now back to objective.
I have not read the paper offered by K2TSET. But I can asume it is same thing.
The hack process call Meet in the Middle is known and had been used. As all it only apply under certain conditions. There are a couple of papers that claim CSA is a candidate. I personally have not done any investigation. But I will.
"20 rounds will not break the key" You are 100% correct.
Now read. Most of this thesis do not say here is how you crack TV. Instead they propose and evaluate methods to attack a crypto. They never give you final concrete answer.
Instead they say you can do N amount of rounds to try to guess X amount of bits of the key. The rest is up to you. I aready told you that at moust you will get is "2^32 = 4294967296 possible solutions as you only have 2^32 of the possible key. "
See this mathematician think in general that you either get TRUE or FALSE( for Is that the key?). Well experience tell us the searching for key we also get "Maybe" or False Keys.
What did I said wrong again? I thought I did make a nice representation of a crypt mathematician geek and a common forum user.
Cudabiss. I do not have a Cuda Card, I guess I never will. So you all are correct I do not have a decent Idea of what is the correct time it takes. I am sorry for that, can not do anything about it.
Ok so not the 40 days I was told in the other thread, Nor 1 month, nor even weeks. Now is 4 day for the complete search. To me it is unimportant. The point was not how long it realy realy reallyyyy takes cudabiss.
1) Instead the proposal of having CSA equations ( again 3000 or 100 or what ever ) and finding a solution for it by resolving the simultaneous equations.
2) That even when we can find short analisys in the net, most are build by mathemetician geeks. The the result proposed solution in the conclusion of those papoers are in fact more encrypted than the proposed crack of the decryption process that they are offering.
3) That only a few here may understand the significance of the papers. As the common coach potato here just want the Key, the tool or now not even those as they only want AU BISS. Automayic or nothing.
Now how that gets to
Or what BOSS or Wizzard has to do with this? No matter how many times I said I have nothing to do with those people, I have to pay for what they did or not.
@C0der
Now back to objective.
I have not read the paper offered by K2TSET. But I can asume it is same thing.
The hack process call Meet in the Middle is known and had been used. As all it only apply under certain conditions. There are a couple of papers that claim CSA is a candidate. I personally have not done any investigation. But I will.
"20 rounds will not break the key" You are 100% correct.
Now read. Most of this thesis do not say here is how you crack TV. Instead they propose and evaluate methods to attack a crypto. They never give you final concrete answer.
Instead they say you can do N amount of rounds to try to guess X amount of bits of the key. The rest is up to you. I aready told you that at moust you will get is "2^32 = 4294967296 possible solutions as you only have 2^32 of the possible key. "
See this mathematician think in general that you either get TRUE or FALSE( for Is that the key?). Well experience tell us the searching for key we also get "Maybe" or False Keys.
Last edited:
dale_para_bajo
Registered
- Messages
- 646
Ok I did 1 quick reading on the proposed paper by K2TSET. An guess what just as I said. There are comments that prommest heaven, just as it was mention.
But quickly you see that this one REAL objective is only compare speed of diferent SAT solvers.
As I mention conclusion is more encrypted that the crypto they are trying to break. I ignore none CSA crypto analisys.
But even when it mention
"we were able to break 20 rounds of the CSA block cipher"
"We run the experiments on a Computer with 4 Six-Core AMD Opteron Processors 8435 operating at
2.6 GHZ. This Computer has 64 GB RAM and runs a 64 bit Linux (Ubuntu 13.10) as operating system."
it does not describe the Full Method, tools and file used. In particular set of equation used. on page 41 it show description on "5.1.1 CSA Equation Generator"
Is this python?
There is also mention to "5.1.2 Converter of Non-linear Equations to Linear Equations"
Now let me show you my understanding of results from page 43.
I know you focus in:
"In test case20, we notice that Minisat was not able to solve the problem even within 2 weeks. This was
also the case for Cryptominisat3, Lingeling, Glucose and Riss3g. On the other hand Cryptominisat2 was
the fastest sat solver and it needs only 12 hours."
"In fact, we were able in our tests to solve only 20 rounds out of 55 and all 20 cases were
satisfiable."
So you think WAO got the Key on 12 Hours. Let me tell you YOU ARE WRONG. You still do not understand what this is about.
What it said is (satisfiable):
"In fact, we were able in our tests to solve only 20 rounds out of 55 and all 20 cases were
satisfiable."
For them "satisfiable" means a solution. For us "satisfiable" means a "Posible Solution". And a Posible Solution means in reality a FAKE solution with 0.000........0000000000x posibiity that you find the correct one.
PD: important to convince you. YOU will expect that less rounds means less chance to get results. Now look at table in page 43. Lets take MIN column just as an example.
1 round about .009 hours
5 round about .025 hours
10 round about .087 hours
15 round about 9.345 hours
See how it ONLY goes up. You could even conclude 1 round is better!
Conclusion finding a "satisfiable" solution does not mean finding the REAL one.
But quickly you see that this one REAL objective is only compare speed of diferent SAT solvers.
As I mention conclusion is more encrypted that the crypto they are trying to break. I ignore none CSA crypto analisys.
But even when it mention
"we were able to break 20 rounds of the CSA block cipher"
"We run the experiments on a Computer with 4 Six-Core AMD Opteron Processors 8435 operating at
2.6 GHZ. This Computer has 64 GB RAM and runs a 64 bit Linux (Ubuntu 13.10) as operating system."
it does not describe the Full Method, tools and file used. In particular set of equation used. on page 41 it show description on "5.1.1 CSA Equation Generator"
Code:
def encodelinear (p):
if p. deg () != 1: raise ValueError ( " polynomial must be of degree 1" )
if
len (p) == 1: #raise ValueError (" polynomial must have length > 1")
v = p. vars_as_monomial (). variables ()[0]
r = str (v. index()+1)+" 0"
if not p. has_constant_part ():
r = "-"+r
return r
var = l i s t (p. vars_as_monomial (). variables ())
idx = [v. index()+1 for v in var ]
if not p. has_constant_part (): #idx [-1] = -idx [-1]
return "x"+("+x" . join (map(lambda x: str (x) , idx )))
else :
return "x"+("+x" . join (map(lambda x: str (x) , idx)))+ "+1"
return pIs this python?
There is also mention to "5.1.2 Converter of Non-linear Equations to Linear Equations"
Now let me show you my understanding of results from page 43.
I know you focus in:
"In test case20, we notice that Minisat was not able to solve the problem even within 2 weeks. This was
also the case for Cryptominisat3, Lingeling, Glucose and Riss3g. On the other hand Cryptominisat2 was
the fastest sat solver and it needs only 12 hours."
"In fact, we were able in our tests to solve only 20 rounds out of 55 and all 20 cases were
satisfiable."
So you think WAO got the Key on 12 Hours. Let me tell you YOU ARE WRONG. You still do not understand what this is about.
What it said is (satisfiable):
"In fact, we were able in our tests to solve only 20 rounds out of 55 and all 20 cases were
satisfiable."
For them "satisfiable" means a solution. For us "satisfiable" means a "Posible Solution". And a Posible Solution means in reality a FAKE solution with 0.000........0000000000x posibiity that you find the correct one.
PD: important to convince you. YOU will expect that less rounds means less chance to get results. Now look at table in page 43. Lets take MIN column just as an example.
1 round about .009 hours
5 round about .025 hours
10 round about .087 hours
15 round about 9.345 hours
See how it ONLY goes up. You could even conclude 1 round is better!
Conclusion finding a "satisfiable" solution does not mean finding the REAL one.
Last edited: