Brute Force ECM algo to hit CW = Key

[K2TSET]

I found this challenge while ago where they do BF the ECM to calculate the right Key to get CW so ts starts with 0x00 0x00 0x01, just like BF CSA.
http://mitega.github.io/write-ups/32C3_CTF/carder/index_en.html

They do use a Fun card and the CAID 0b00 (Conax), but I expect the algo on the Fun card not to be Conax but more an example.

Would this approach work for some real encryption algo to BF the ECM to a CW fits to get the Key in use?

 

[dale_para_bajo]

It is nice to see you again K2TSET. And see it is nice to see you always working. Testing. Not many try to do that sadly.

I saw the early but I am busy learning DSMCC. A nice new friend here in SU user 153043 is giving me some good advise. I am even experience writing on pascal.

As I said I saw this earlier but my other good friend ViaHussun just PM me asking me to look at this. Sp instead of answering on PM I will do it here.

So you ask:

Would this approach work for some real encryption algo to BF the ECM to a CW fits to get the Key in use?

I have not even download a single byte from the page. But I read the paper twice. Here is what I think. That is for DVB-T not DVB-S... Wait a minute in T2MI we saw DVB-T signal Pack and send via DVB-S. So there are many DVB-T deliver by Satellite? Weird no. The new Terestial Digital TV been offered via Satelite. What a confusing concept. But it is done in Big countries with litle population or spread. Sample Spain. Mexico, Colombia and Venesuela. Weird to the ones I know are from spanish countries but our friend dvlajkovic had show me Rusian and other eastern Europe countries.

Now back to objective. It is good to lean all what we can as this can be repeated in more transponders. Maybe we even find a relation with other cryptos used in Hispansat satelites.

And from what I quickly gather it is very simple, If people where interested in learning we could even go over it. But most here only want keys or an already program made to BF.

From my part I REALLY REALLY Appreciate the link and the shared information. Keep the good job.

PD; I just saw you sasid they use conax caid. Interesting. Now we should do some ECM comparison around.

 

[dale_para_bajo]

@K2TSET
Where did you learn about this?
Why do you say it is Conax Related? Where did you read that?

I did look into it today. And I think that even when this project seems interesting it can be also a wrong choice.

This is in fact part of a CTF contest.
Capture the Flag (CTF) is a special kind of information security competitions. There are three common types of CTFs: Jeopardy, Attack-Defence and mixed.

Normaly this are fake not real situation. Just created to promote some gamers to Find The Flag and then Get points.
Just go yo main github

https://github.com/ctfs
https://twitter.com/write_ups
https://github.com/ctfs/write-ups-2015/tree/master/32c3-ctf-2015

But they gave you apicture of the SmartCard!!!!! HEHEHEHEHE

But look at the original address

https://archive.aachen.ccc.de/32c3ctf.ccc.ac/uploads/smartcard-075e52e6b925b3af7d78c781f2bd208384e26dbc.jpg

Now go to

https://archive.aachen.ccc.de/32c3ctf.ccc.ac/index.html
https://archive.aachen.ccc.de/32c3ctf.ccc.ac/faq/index.html

In anycase just see main page

http://mitega.github.io/write-ups/32C3_CTF/carder/index_en.html

Read at the end

Congratulations, the flag is 32C3_youre_listening_to_flagfm_radio

Yes it is just a Capture the Flag contest and the guy found the Flag.

Now what REAL value have this for us? I guess good learning experience.

 

[abra26]

Does anyone already try to compile that source codes from guide page? I stuck in "CSA.decryptsoft" and "tresul.Text".

PS: Very good page for learning !!!

 

[dale_para_bajo]

No I did not try because I found it was not a real protocol but part of a contest. But I can agree with you that it seems to shoe details that make it interesting as a learning tool.

I guess I could look at "CSA.decryptsoft" and "tresul.Text" even when I have no idea what is. HEHEHEHE

 

[K2TSET]

I'm away right now.. but a few remarks

Yes, the info is on a challenge that's why I doubt it would be a real algo on the card.

The Conax remark was only due to the CAID:0x0B00 which belong to Conax, but since they only made it a a game it might not be correct.

DVB-T or DVB-S ... no big difference it's just a ts over a carrier system.

the 2 snippets in C# compiles fine... the CSA decode part does miss but that not important.

It was more a question if we could use this idea to grab a ts with ECM and make a BF on the video so we know the CW.... then take the ECM and via a known crypt algo decode the ECM by BF on all keys to see if we can get a hit on the known CW.

Do we have some info on a cypt algo where the ECM decode function are fully documented? (with a shout key)

So we can try to make a test on a real ts log

 

[kebien]

You have OSCAM source with most all known ECM algo.
Maybe you can use same code to bruteforce any of them.
Maybe starting with those that only use the smaller keys as to expend less time bruteforcing.

But if I know a bit about mitega,it is all tried by now.

 

[dale_para_bajo]

Sorry I must be s7up1d as I quit not understand:

...It was more a question if we could use this idea to grab a ts with ECM and make a BF on the video so we know the CW....

I mean we do that with MPEG video with the "00 00 01" CSA start? As for ECM for the most part they are not encrypted with CSA but with a special algo. So what is the question. What is in that project that get you some hopes!. I guess I need to look into that project. Sorry but I had little time lately and I used it for DSMCC.

And as always Kebien is correct. Oscam or Osemu are a very good source of info. I used osemu for crypto definitions. In fact I found that poc is in fact lines from osemu. Let me see if I can get some time tonight and have a quick look.

 

[abra26]

My theory is that this tutorial is useful for bruteforcing CW keys via audio pid. As I find out every plain audio (at least mpeg audio) has initial packet starting with 000001C0 so if I record encrypted audio and find encrypted initial packet and I know that this audio is encrypted via CSA and I know algo of CSA, then I can bruteforce it until my encrypted audio will match with 000001C0 of decrypted form.
...but we have better programs for finding CW keys.

And due to I'm a beginner in TS packets, I think that this guide-page learned me a lot!

 

[dale_para_bajo]

I see where you are coming. Well even when stream ID for MPEG2 audio may start usually with 0xC0 that fact is that the standard shows

The PES header starts with a 3 byte start code, followed by a one byte stream ID and a 2 byte length field.

The following well-known stream IDs are defined in the MPEG standard:

110x xxxx - MPEG-2 audio stream number x xxxx.
1110 yyyy - MPEG-2 video stream number yyyy.
1111 0010 - MPEG-2 DSM-CC control packets.

So as you see x xxxx can still be anything.

And yes you are correct in that the next bytes most of the time contain Fix data. I personally seen a bunch of 00 too. But it is a wild guess as it does not have to be that way.

I have no source code for Cudabiss but theory said that it uses only 000001 and if possible it try a new different line with 000001 again and last a new line again with 000001. See to reach the cw goal it tries 3 times with 3 different lines. How faster can we go if we have 1 extra byte I do not know.

 

[abra26]

I know there is "Thanks" button, but I want to say really big "Thanks" to you dale_para_bajo !!! Thanks for every info !!! :thum:

 

[K2TSET]

000001 are in both video and audio PUSI
000001 check works fine if you add the 4th byte you need to run more rounds in the SC-Run and you will need to check with 1 or 2 PUSI anyway

Also as pointed out you do not know for sure the value for 4 byte

The CSA are not the important part in this idea it's just to check if a valid key for the chosen crypt does fit.... it a BF of key's not CW, but the CW will be used to verify a key if it fits.

So for crypts with small key's like 8 bytes it might be possible to BF the whole key range ... but sure not for other systems with long keys.

The job could be split in a few parts
A: Grab a ts do a BF on th CSA so we have a known CW

B: Then run a BF on the ECM for a complete keyspace to get a fit for the allredy found CW, then we have the key

C: put the key in Emu