T
thefatty
As title. Is there a program/script to find the ecm/emm keys from a ts stream? How come bulsat is cracked but no other packages (like beIN)?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
no... this encryption isn't a "light" one, like biss ,where a script is enough to decode channels...
bulsat is in an old irdeto2 and already cracked system(and not full package,just a few only channels)and those k*eys are already found once,and just rolling.
in the past, a few more packages (like n*va and YES in 7W) were cracked,but they upgraded their encryption to a newest and more safe...
and of course,the same happens to the other encryptions,like nagra,conax etc...
bulsat is in an old irdeto2 and already cracked system(and not full package,just a few only channels)and those k*eys are already found once,and just rolling.
in the past, a few more packages (like n*va and YES in 7W) were cracked,but they upgraded their encryption to a newest and more safe...
and of course,the same happens to the other encryptions,like nagra,conax etc...
The general idea is all important keys to decrypt comes from the cards they use.
The keys to decrypt ECM and global EMM are the same in all cards, generally, but irdeto always used some group targeting.
And of course also the only way to know the decryption algorithm is to open the cards.
The keys to decrypt ECM and global EMM are the same in all cards, generally, but irdeto always used some group targeting.
And of course also the only way to know the decryption algorithm is to open the cards.
T
thefatty
no... this encryption isn't a "light" one, like biss ,where a script is enough to decode channels...
bulsat is in an old irdeto2 and already cracked system(and not full package,just a few only channels)and those k*eys are already found once,and just rolling.
in the past, a few more packages (like n*va and YES in 7W) were cracked,but they upgraded their encryption to a newest and more safe...
and of course,the same happens to the other encryptions,like nagra,conax etc...
So if the encryption was upgraded, why is it not called Irdeto3? Irdeto2 would indicate it is still using the same system/algorithm? Most of bulsat is down because they are using a different encryption method (there own proprietary system as I understand it).
If an encrypted TS stream was compared against a time-accurate decoded version of the stream, would pattern searching help reveal the encoding sequence and thus ecm keys could be found?
Who cracked it last time and how was it done?
I am fascinated by the ability people have to figure this stuff out. I would consider myself quite knowledgeable (i'm a c++/c# programmer, electrical engineer and work with arm/pic mcu's), but the though of reverse engineering an encryption algorithm blows my mind!
If it were that simple.......So if the encryption was upgraded, why is it not called Irdeto3? Irdeto2 would indicate it is still using the same system/algorithm? Most of bulsat is down because they are using a different encryption method (there own proprietary system as I understand it).
If an encrypted TS stream was compared against a time-accurate decoded version of the stream, would pattern searching help reveal the encoding sequence and thus ecm keys could be found?
But no,this algorithms are not reversible in principle (meaning given you know the decyrpted packet,you could never encrypt it since you do not know the encryption key or the encryption algorithm) ,and are convoluted in a way it shield no patterns or clues to find hints of the encryption algorithm by looking at it,No system have ever been broken that way.
Apparently someone dumped their cards or security elements.I have not seen any system broken without opening their cards.Who cracked it last time and how was it done?
People figure out a way to dump the content of their security chip,then analyzing the content/code to understand how it worksI am fascinated by the ability people have to figure this stuff out. I would consider myself quite knowledgeable (i'm a c++/c# programmer, electrical engineer and work with arm/pic mcu's), but the though of reverse engineering an encryption algorithm blows my mind!
That's the only way this works.
Of course you understand what kind of equipment is necessary for the task and how many people is in position to use it,and come up with a successful dump.
Reading and writing cards have generally been made by glitching the chip looking for a fault that allow to write code that enables the reading of sectors,after that the analysis would determine if there is a way to write to it,and the possibility to extract deeper information in its hardware (rom,sysrom,maprom,others)
And more importantly,if the system can be emulated by software,which some cannot.
it is indeed amazing what some guys did ( a very few),that allowed for whole communities to develop to what's today.
Of course,the hacking also helped security companies to develop better security.
Last edited:
T
thefatty
Apparently someone dumped their cards or security elements.I have not seen any system broken without opening their cards.
Does that mean whoever dumped their eeprom/nand would have been traceable at the time?
Does that mean whoever dumped their eeprom/nand would have been traceable at the time?
Traceale in the way they could find who have done it?
No,because even though the card has unique information and could be traced to the account the card belongs to,eeprom is easily redacted to hide or remove the information.
Irdeto always used group and unique addresses to target their customers (basically,ECM is globally decrypted,same keys for all cards,but since they changed EMM keys several times a day,and for this you need to have keys from an active account to be "targeted" or "hit" with updates) ,so in fact you need specific account information,that might need to be also active,in order to have a working emulation.
Many rival companies started by hacking their competitors and released the card dumps to the public,so,is not just about people doing it for a hobby.
Many providers coding Irdeto 2&3 hacked, and for a long time.
From the publication of hacks all stops that the owner-developer of the CAS publicly threatened violators with all possible penalties up to criminal prosecution through Interpol.
If anyone remembers (or knows) the person who hacked Irdeto 1 and posted on the public the results of the break-in, died in his apartment under mysterious circumstances.
P. S.
On many sites dedicated to hacking, still write: "Discussion bypass Irdeto encoding on our site is prohibited!"
From the publication of hacks all stops that the owner-developer of the CAS publicly threatened violators with all possible penalties up to criminal prosecution through Interpol.
If anyone remembers (or knows) the person who hacked Irdeto 1 and posted on the public the results of the break-in, died in his apartment under mysterious circumstances.
P. S.
On many sites dedicated to hacking, still write: "Discussion bypass Irdeto encoding on our site is prohibited!"
Last edited:
thats right they are completly crazy... btw. theres another example young kid has been busted and prosecuted in case of hacking crap denuvo encryption used for secure games by irdeto > _https://kotaku.com/renowned-hacker-arrested-for-cracking-denuvo-anti-pirac-1827874582Many providers coding Irdeto 2&3 hacked, and for a long time.
From the publication of hacks all stops that the owner-developer of the CAS publicly threatened violators with all possible penalties up to criminal prosecution through Interpol.
If anyone remembers (or knows) the person who hacked Irdeto 1 and posted on the public the results of the break-in, died in his apartment under mysterious circumstances.
P. S.
On many sites dedicated to hacking, still write: "Discussion bypass Irdeto encoding on our site is prohibited!"
On many sites dedicated to hacking, still write: "Discussion bypass Irdeto encoding on our site is prohibited!"
i dont understand something there.. is the speaking about encryption systems on forums is ilegall ? or maybe they can do "magic" things with prosecutions to bypass govermency rules etc. and prosecute whoever they want ?!
Last edited:
Traceale in the way they could find who have done it?
No,because even though the card has unique information and could be traced to the account the card belongs to,eeprom is easily redacted to hide or remove the information.
Irdeto always used group and unique addresses to target their customers (basically,ECM is globally decrypted,same keys for all cards,but since they changed EMM keys several times a day,and for this you need to have keys from an active account to be "targeted" or "hit" with updates) ,so in fact you need specific account information,that might need to be also active,in order to have a working emulation.
Many rival companies started by hacking their competitors and released the card dumps to the public,so,is not just about people doing it for a hobby.
Yes the providers do play them games, Direct TV paid to get the Dish Network Nagra 2 cards hacked and made public, that is a fact.