How find BISS keys over CWFinder09 of help CW_list_Attack ...
- Thread starter jan55
- Start date
C
campag5242
@sss146 can I assume you gain your speed by slicing many keys / one packet rather than the usual bitslice of many packets / one key as provided by the standard libs?
Thanks work perfect now :thum:
Best Wishes .
The CW posted here thanks , But i need the new frequency
since old one stopped .Today I tested all CWFinder's again and experienced many unpleasant surprises
I tested one same .ts file and one same "CW_Brute_list" ...
.ts file is correct (here):
control and checking (here):
Now results:
1) CWFinder 0.9 & 1.0 (with and without CW_list) did not find the BISS CW key:
continue to follow -->
I tested one same .ts file and one same "CW_Brute_list" ...
.ts file is correct (here):
control and checking (here):
Now results:
1) CWFinder 0.9 & 1.0 (with and without CW_list) did not find the BISS CW key:
continue to follow -->
Last edited:
next:
2) ... and now this is the biggest disappointment and surprise (CWBruteList old & new) is here: :mecry:
3) only the oldest and the slowest CWFinder 0.5 found the CW key (here): :clapping:
Illation:
After these results, I wonder if there is a reason to make "CW_Brute_list" !!!???
Note: Means nothing is perfect but let's go further !!!
Regards :thum:
2) ... and now this is the biggest disappointment and surprise (CWBruteList old & new) is here:
:mecry: 
3) only the oldest and the slowest CWFinder 0.5 found the CW key (here):
:clapping: 
Illation:
After these results, I wonder if there is a reason to make "CW_Brute_list" !!!???
Note: Means nothing is perfect but let's go further !!!
Regards :thum:
Last edited:
"CW Brute Force v0.5" If only I can figure out how to guess the right initial six digit range to input into the "Change" box, this will the best to work with.next:
2) ... and now this is the biggest disappointment and surprise (CWBruteList old & new) is here:
3) only the oldest and the slowest CWFinder 0.5 found the CW key (here):
Illation:
After these results, I wonder if there is a reason to make "CW_Brute_list" !!!???
Note: Means nothing is perfect but let's go further !!!
Regards :thum:
Martin.Wigston
Registered
- Messages
- 973
Today I tested all CWFinder's again and experienced many unpleasant surprises
I tested one same .ts file and one same "CW_Brute_list" ...
.ts file is correct (here):
control and checking (here):
Now results:
1) CWFinder 0.9 & 1.0 (with and without CW_list) did not find the BISS CW key:
continue to follow -->
By the look of the c8s in the RBT tool pic, it looks like some of the packets are corrupt, maybe a weak signal?
Last edited:
Illation:
After these results, I wonder if there is a reason to make "CW_Brute_list" !!!???
Note: Means nothing is perfect but let's go further !!!
Regards :thum:
Unless reporting bugs no fixes .
All data of test:
CW key is located in CW_Brute_list-test:
Here is link of .ts file-test: https://cloud.mail.ru/public/Cm5V/5D3jEkuQu
Here is link of CW_Brute_list (for test): https://cloud.mail.ru/public/G7UC/fAHMz2NDD
CW key is located in CW_Brute_list-test:
Here is link of .ts file-test: https://cloud.mail.ru/public/Cm5V/5D3jEkuQu
Here is link of CW_Brute_list (for test): https://cloud.mail.ru/public/G7UC/fAHMz2NDD
C
campag5242
Yes I looked at the .ts with dvbsnoop and it's full of packets flagged as containing uncorrectable errors, continuity counter sequence wrong etc etc. Out of 5 supposedly good packets flagged with the PUSI bit, only 2 actually decrypted to 00 00 01....
control and checking (here):
Hi, guys
I noticed this c8 calculator seems to be missing in my biss tools folder and I can't find where to download it in older posts.
Can anyone help me please
Thank you in advance masters for your great work :thum:
C
campag5242
@dahaka If using only your attack list of trial keys, that will be very slow, especially for B8hx crypt8's where you will have to trial encrypt all 13 blocks with the block cypher, first for FFh, then 00h, then 030000h etc payloads. Horribly slow.
You could pre-compute a table of C8s from your attack list... have it sorted, and then the lookup will be very fast, in milliseconds. But what's the point in that when CWBrutList is so blindingly fast at bruting .ts with your typical attack list?
You could pre-compute a table of C8s from your attack list... have it sorted, and then the lookup will be very fast, in milliseconds. But what's the point in that when CWBrutList is so blindingly fast at bruting .ts with your typical attack list?
@ campag5242
In the case of our friend shishmish CWBrutList read wrong C8 although the TS file contain another correct C8 , my suggestion forcing CWBrutList to search with the correct C8 .
In the case of our friend shishmish CWBrutList read wrong C8 although the TS file contain another correct C8 , my suggestion forcing CWBrutList to search with the correct C8 .
L'Algerino
Banned
- Messages
- 10,496
PLZ upload on Mediafire Or MEGA
First i thank to all the participants in the discussion !
I accept the remarks from the participants in this debate but I can not understand negative the results of CWFinder 0.9 & 1.0 and CWBruteList's.
Why? I getting correct c8's for video PID (B8hxFFh) and also for audio PID (B8hx00h) from .ts file (238MB)
Here:
VPID: 200h Crypt8:ED 81 64 65 3B 29 F7 46 [E] Count:8837 (B8hxFFh) - correct
APID:1010h Crypt8:4F 70 4C 4D B4 72 F1 5E [E] Count: 15 (B8hx00h) - correct
APID:1020h Crypt8:4F 70 4C 4D B4 72 F1 5E [E] Count: 25 (B8hx00h) - correct
controls and checking (here):
1)
CWFinder 0.9 & 1.0 (with and without CW_list):
(also same as in both CWBruteList)
... this means that the selected non-correct PES packages ! it certainly exists some bug (???)
because
2)
CWFinder 0.5 (without CW_list):
... this means that the selected correct PES packages !!!
My logical question , if
- we have both c8 correct (B8hxFFh & B8hx00h)
- we have selected PES packages
why only CWFinder 0.5 found the CW key ???
I write about these facts only for the purpose of helping to solve any possible mistakes in further work on CWFinder applications.
I thank again to @ssl146 for making the CWBruteList's application !!! :thum:
Best regards to all
I accept the remarks from the participants in this debate but I can not understand negative the results of CWFinder 0.9 & 1.0 and CWBruteList's.
Why? I getting correct c8's for video PID (B8hxFFh) and also for audio PID (B8hx00h) from .ts file (238MB)
Here:
VPID: 200h Crypt8:ED 81 64 65 3B 29 F7 46 [E] Count:8837 (B8hxFFh) - correct
APID:1010h Crypt8:4F 70 4C 4D B4 72 F1 5E [E] Count: 15 (B8hx00h) - correct
APID:1020h Crypt8:4F 70 4C 4D B4 72 F1 5E [E] Count: 25 (B8hx00h) - correct
controls and checking (here):
1)
CWFinder 0.9 & 1.0 (with and without CW_list):
Code:
Searching for two scrambled payload TS packets ...
[B]First[/B] scrambled payload TS packet [B]found[/B]...
[B]Second[/B] scrambled payload TS packet [B]found[/B]...
[B]Third[/B] scrambled payload TS packet [B]found[/B]...
Ready to search for Control Word (CW)...
[B][COLOR="Red"]CW not found[/COLOR][/B] ...(also same as in both CWBruteList)
... this means that the selected non-correct PES packages ! it certainly exists some bug (???)
because
2)
CWFinder 0.5 (without CW_list):
Code:
Scrambled PES packets (Has no adaptation field) catched from file!
[B]Selected first packet[/B]
[B]Selected second packet[/B]
[B][COLOR="blue"]CW Found[/COLOR][/B] ...... this means that the selected correct PES packages !!!
My logical question , if
- we have both c8 correct (B8hxFFh & B8hx00h)
- we have selected PES packages
why only CWFinder 0.5 found the CW key ???
I write about these facts only for the purpose of helping to solve any possible mistakes in further work on CWFinder applications.
I thank again to @ssl146 for making the CWBruteList's application !!! :thum:
Best regards to all