Hacking CA system challenge *Tandberg [ NO Keys Allowed in Chat Section/s ]*

ViaHussun

ViaHussun

Donating Member
Messages
4,098
satfan_cn said:
91.5E 4000H29700 DHD-india



68.5E 4065H19850 CNBC



how can get the keys?:confused:
Click to expand...


Director = Tandberg ? ? ?

Ads_z.png
 
J

JimBizkit

Senior Member
Messages
128
@satfan_cn
no nano tag E1 in these recordings -> no ecm key.

but I would like to take a look at the 2nd recording, I did not see any nano tag E3 (EMM_TAG_OAC_COMMAND_DESCRIPTOR) yet. can you please upload it?
 
H

harshy

Well Known Member
Messages
746
ViaHussun said:
68,5E
Premier League TV Tandberg ? :eek:

image.png
Click to expand...

The best pl sports channel ever well missed in e*rope :( but we now have s*prt 24:D

Sounds like a nightmare to get the keys off regular channels they must not send the emm key regularly just like in b*ss where some channels never send cry*t8.

Can you get this channel on 68.5e and record please?
 
Last edited:
C

C0der

Senior Member
Messages
270
There are EMMs like this:
Code: 
[B][COLOR="RoyalBlue"]DO NOT POST KEYS IN Chat Section/s[/COLOR][/B]
Any use?


@JimBizkit:
Maybe poc could also put the found RAM-keys in the log?
That way we can see if they are changing over time.
 
ViaHussun

ViaHussun

Donating Member
Messages
4,098
C0der said:
There are EMMs like this:
Code: 
[B][COLOR="RoyalBlue"]Do Not Post Keys in Chat Section/s[/COLOR][/B]
Any use?


@JimBizkit:
Maybe poc could also put the found RAM-keys in the log?
That way we can see if they are changing over time.
Click to expand...


please upload ts :)
 
K

kebien

Well Known Member
Messages
1,329
Can poc be made to work on EMM logs (binary or text)?
I know here wouldn't be a way to verify for valid CW since there would not be any ecm packet to test on
Or maybe feeding also one ecm packet to poc?
Or can't simply work without a TS?

I also see tandberg Vplug module using the same key index for different services,meaning it looks like it chooses same Key 01 for service 01 even though you are tuning to another service (also using SID 01)
 
Last edited:
A

abra26

Senior Member
Messages
263
@JimBizkit
...so nano tag E1 or E2 is important?? without there nanos you will not know entitlement id and due to you can't calculate ecm key? is that right?
 
V

vtcc

Senior Member
Messages
103
JimBizkit said:
@satfan_cn
no nano tag E1 in these recordings -> no ecm key.

but I would like to take a look at the 2nd recording, I did not see any nano tag E3 (EMM_TAG_OAC_COMMAND_DESCRIPTOR) yet. can you please upload it?
Click to expand...

I can record them tomorrow i will set new dish for 91.5E and 166E:D
 
T

TheHighLander

Super VIP
Messages
4,144
For FEED Hunters, Tandberg encrypted feeds always appear on 7E & 10E. Are there other satellites where they appear on,too? especially in Europe and North Africa.
 
J

JimBizkit

Senior Member
Messages
128
abrakadabra26 said:
@JimBizkit
...so nano tag E1 or E2 is important?? without there nanos you will not know entitlement id and due to you can't calculate ecm key? is that right?
Click to expand...
nano tag E1 is needed for the key, it contains the entitlement id and the encrypted ecm key.
nano tag E2 removes an entitlement, so if it is present, there should be a good chance that E1 appears, too.

kebien said:
Can poc be made to work on EMM logs (binary or text)?
I know here wouldn't be a way to verify for valid CW since there would not be any ecm packet to test on
Or maybe feeding also one ecm packet to poc?
Or can't simply work without a TS?
Click to expand...
I can make it work with a raw EMM log. Verifying with ecm is not possible anyway, at least with the knowledge we have at the moment. I will uploaded the poc for raw emm in a few hours.
 
Last edited:
L

Liquor Twát

Senior Member
Messages
160
How find good key from log text file output from poc1.5 ?
Old version poc1.2 had line with entitlement ID etc, this not here in poc1.5 log text file
 
You must log in or register to reply here.
Top