@dmr0x and others. I would stay active as a member as long as I feel comfortable. But it is hard to received nice and sweet PMs and see same members been rough in public. At the moment, If I get a key I will share. That is all I can offer. I will move on as soon as I feel none comfortable. I will not try to defend my self anymore.
MaRwAn26 is right on track.
A) CSA CW
*Started from complete Small TS of 1 channel ( In general 12 seconds ).
*He uses CSA RBT to get crypt8 request cw.
Code:
[B]PID: 19Ah B8h-Crypt8:61 8D 32 2E 56 8F B3 4B [[B][COLOR="Red"]O[/COLOR][/B]] Count:211[/B]
*Some one responded with cw. I guess in this case himself. See attached decrypted CW.txt.
So up to here what he got?
He has a piece of TS that is Complete ( Video, Audio,ECM, etc).
And now he knows the Current IN USED CW.
Is this an ECM, DES, Key, Clear, Encrypted, bla bla bla?
None of the above. In terms of CSA he only has the Current IN USED CW. At most you have a CSA Key as CSA is in fact an encryption protocol and the CW it is Key.
B) ECM.
Now before you continue you need to find out what is a ECM? What it is use? It is always the same info? Or even the same Structure? How many ECM you can have? Are they encrypted? Yes sure no one of you will find that out.
By the way can you explain me how is a BISS ECM?
Thanks to colibri we know tandbers ECM structure. Read on it.
MaRwAn26 is right on track again.
Code:
47 47 DA 1E 00 80 70 18 EE 16 00 00 0A 26 DB FE 27 33 72 CE 77 20 E9 2C 95 14 7F 23 17 72 A5 63
47 47 DA 11 00 81 70 18 EE 16 00 00 0A 26 DB FE 27 33 72 CE 77 20 D4 18 35 35 1D D3 10 2C 4D 12
But clearly to understand all those numbers you need to read colibri definition.
Now here is where MaRwAn26 is not so correct. Maybe a type error on in a hurry up mistake. Or maybe just hes own way of describing. I myself make many mistakes like that. As kebien time after time remind me to correct.
***
now we have the encrypted ECM key ==> { DES encrypted key } and we have the decrypted cw what should we do next ?
How to BF and find the working ECM key when we have both encrypted ECM key and decrypted cw ?
The encryption CAS is Tandberg but it uses DES as its core engine. Yes you read that in colibri info right.
The Tandberg ECM payload is encrypted.
What is the usual payload of a ECM? Well there are other CAS like NAGRA that instead carry the rolling key protocol.
So the Tandberg ECM payload is encrypted ins what?
Those are not ment to be sarcastic. But the remind you what you are doing. Find out.
Up to here you should have been notice that all this DVB-S system is on encrypted protocol inside another encrypted but different one and there are more. So what it is a plaintex for one protocol is used later as a key for another protocol or an ecrypted part of another protocol. Very confusing.
So here we have 2 ecm with encrypted payload. Each payload had 16 bytes or 2-8 byte long. The important thing here is that 1 of those 8 byte correspond to a Encrypted CW been in Used. Now YOu need to forget about CW. Concentrate in the fact that is an 8 byte Block DES Encrypted. That you happens to have its 8 byte B/ock DES in Clear. The one you found by CSA RBT.
So you in fact you have a pair of DES Clear/Crypted Block. This means you can then start the Brute Force Attack of your choice.