Is the encrypted ECM key always located in the EMM with TabId83 that contains our 00 00 16 AB entitlement ID ?
How do we decrypt the encrypted ECM Key that was found in TabId83 ?
Will the poc offline decrypter made by JimBizkit pass to decrypt both of the EVEN and ODD CWs in all Tandberg feeds and channels ?
and how do we know which is active CWs is ? Is it the ODD decrypted CW or the EVEN decrypted CW ?
okidokios
But you would only need to log emm,not the full TS,since is the same EMM for all channels,you would find the keys for all channels in the same pid.
I will try the american channels for couple of days.
...
so I guess the odd CW is in use
does it mean then that these encrypted CW matches with these CW keys
1E 4A E7 F9 A4 F9 CC 33 = 80 XX XX XX XX XX XX 89
6B 76 B5 5C F2 41 CE 16 = 93 XX XX XX XX XX XX 6D
Is it right ??
So we try 2^49 keys and check 48 bits of the result. How many "false positives" should we expect?
@okidokios:
What do that EMMs look like? Starting with 0x83?
Oh well I recorded all pids except the video and audio and private data pids just in case, another thing I noticed is that the ecm keys are the same if the provider use the same id, example if the tandberg id is 1669 for the olympics feed the ecm key will be the same if another provider set the id 1669 for the channel.
Keys: 4.194304000000e+006
Time: 1.418083572378e+000
keys per sec: 2.957726950441e+006
Keys: 1.258291200000e+007
Time: 9.885997547120e-001
keys per sec: 1.272801448718e+007
I think we should check at least two different CWs. If decrypted bytes 0,1,2,4,5,6 match our plain CW, we should try to dercypt next CW(even located in the same ECM - there are two of them in one ECM) with the same key. The key is assumed valid if decrypted bytes 0,1,2,4,5,6 match our second plain CW. Now "false positives" shouldn't appear.
So for channel#2 I use
01 00 00 00 00 00 00 00 00
00 0D ## ## ## ## ## ## 24
01 33 ## ## ## ## ## ## C1
00 00 00 00 00 00 00 00 00
See how I pad the ModySat cwl with extra CW 00. That how I got my best results.
Now If I change the sequence I loose a small part of 2 seconds of Video.
I have to make notice that this is not the normal. We always some how need to figure this out.
So from what You show I will say that you are correct.
0 93 XX XX XX XX XX XX 6D
1 93 XX XX XX XX XX XX 6D
0 80 XX XX XX XX XX XX 89
1 80 XX XX XX XX XX XX 89
47 43 85 1E 00 80 70 18 EE 16 00 00 00 0B 1E 4A E7 F9 A4 F9 CC 33 6B 76 B5 5C F2 41 CE 16 96 08
CWL line 10: ignored:
CWL line 11: ignored:
CWL line 12: ignored:
"C:\Biss\Modysat\ModySat\ModySat\ModySat.cwl": 12 lines, 4 cws loaded.
writing decrypted stream to X:\ModySat\ModySat\FTS-Caracol_Alterno_3785_H_5200_20160702_2033_VPID_201 07-06 16-30-25_decrypted.ts
trying to sync...
sync at packet 56. using CW #0 "0 93 XX XX XX XX XX XX 6D"
packet 26931. using CW #1 "1 93 XX XX XX XX XX XX 6D"
lost sync at packet 26996. Trying resync.
sync at packet 27007. using CW #3 "1 80 XX XX XX XX XX XX 89"
end of TS input file reached. Total number of packets: 35443.
resynced 1 time(s). Decrypted stream has discontinuity and may be unplayable.
total time 0.91s (39193 packets/s, 7.03 MB/s)
0 0D XX XX XX XX XX XX 24
1 0D XX XX XX XX XX XX 24
0 33 XX XX XX XX XX XX C1
1 33 XX XX XX XX XX XX C1