Coder or Hacker needed for CW-TS analisys

[dale_para_bajo]

Yes we are in need of some one that is willing to help us develop a small PC application.

We need an app just like tsdec or ModySat but with the following improve.

1-From what I see in tsdec it uses 1rst cw that matches to sync then it start decoding until it has no more cw to match or fail. And it produces a decrypted ts file.

Here is the tar for its source code.
https://sourceforge.net/p/tsdec/code/ci/default/tarball
https://sourceforge.net/projects/tsdec/

2-The improved require need to save in an extra output file the following:

a)It should save the ECM associated (or at time of) with the sync and the recording of the decrypted ts save.
b)If TS specs produces a record time stamp well it will be nice.

Why it is needed?
I am as may be many others trying to find a valid bruteforce for ECM in T@ndberg. See

yes you are right, and I made a mistake, correct it should be:

if you want to brute force:
(1) brute force the cw with the rainbow table tool (like BISS) -> this gives you the cw
(2) get the EE nano tag from the ecm, that was sent during the brute forced cw period -> this will give you the encrypted cw
(3) you now have cw and (des-)encrypted cw, you can assume that the last byte of the des key is 00. now brute force the des key -> this is the ecm key

Now this has low expectations as there is no shortcuts to speed up the bruteforce. But it feasible.

Now on PVU there was no doubt as what Cleat Text to use in Brute Force. But in what we intent to do ALL is base in the fact that we detect and Identify CORRECTLY the CWs that decrypts the TS piece of record.

So while I am working in the Brute Force, Can any one look if he can improve tsdec?

Listen you do not have to use tedec if you do not want. If you know Oscam Code then you are our guy. Oscam and many other program do this type of stuff.

Thanks ahead.

 

[kebien]

I am not sure all that is needed.
But for the record,the program clock reference is what keep the TS in sync,is a time stamp generally embedded in the video pid,sometime using other pid.
Are you trying to validate the CW by trying to decrypt the video using the new found key?
Why? some content of the video packet you know what will look when decrypted,would not be a matter of just of comparing?
Also,why not validate the key found by decrypting the next ecm change and see if one CW matches?

Again,just trying to help,being practical is key when brute forcing.

 

[dale_para_bajo]

I may have confused the need by mentioning sync. Just ignore that I said that, we can talk about that letter.

But imagine, a group get together to Bruteforce using the wrong Text vs Encrypted. After X time, just say 1 week we get upset of waisting time. Then we find it was the wrong Crypt/Clear pair CW!

It will be better if we are more secure than guessing we do!.

If a program can ping point with exactitude it is better. That is the Idea. Who can help?



Regards, the Brute force program I been stuck for days at changing some routine from Encrypt to Decrypt! I know I suck at learning. But I am getting there. I am trying to apply BitSlice to a regular program. Then will see if it improve in GPU. Now for the moment I see a lot of code lines needed. That is no good as available stream processors diminish with the use of limited resources!

 

[dale_para_bajo]

I see no body want to join.

I guess I will check that later my self.

I may stay posting my advance in BF here as the other side is crowded with key request.

So here is a recap.

*After not finding x83 on stream MANY logically said why not try Brute force ECMs.
*Then after giving it a thought ALMOST ALL decided it was impossible as there are 2 of 8 Check sum bytes in CWs. As it was exposed each of the 2 bytes can obscure by 256 each ans increase the needed Brute force time. Well that is what a In Box thinker do.
*Then C0der made at what 1rst looks like it is another negative comment, but in reality there we have it 1rst Out of the Box Thinker. His comment show he is in the right way. Nice comments. In fact I have no time jet to implement some of the ideas those comments suggest!.

So we try 2^49 keys and check 48 bits of the result. How many "false positives" should we expect?

*So I posted it can be done with 1rst code. WE show it can do 10^6 ~ 10^7 keys a second. I hope to get 100 faster at least with GPU.

And I been lost in space since them learning DES mechanism. Sadly there is in fact to little as every google tread is superficial. But there like a dozen code samples. So I been force to understand others code in order to learn what is needed.

But I am out of the theory an implementing.
So most of the web speak at applying BitSlice Technique. Wao something simple as it is just trying the same work but getting 32 time more output! But implementing Confusing.

So Now I am in OpenCL. And here is the first output.

This is in a AMD HD7950. about 1792 Stream Processors.

Now Problem is that DES S-Box Tables are huge!!! That mean over use of Vector Registers. Witch is compensated by reducing the number of core used!!.

Here is the analysis
<= Hit to See Bigger

As you see in theory only 10% of occupancy can be done. So 90% of the GPU Card goes to waist.

So the 5*10^9 could be improved if we find a way to reduce Vector Register Use.

hehehehe Seems impossible as tables are as lowest as they are! Over 10 years of other people experience is on that. But as I am always thinking out of the box, I have some Ideas, Problem is that it complicate the Host PC Program A lot.....


See you around.

 

[ViaHussun]

what can I do ?

 

[zayden]

DES has been around a long time I'd doubt you'll be able to optimize it further. The big difference between then and now of course is processing power.

How long does it take you to find a key vs the key interval ? A distributed or parallel attack will yield immediate efficiencies however inelegant.