Hacking CA system challenge *Tandberg [ NO Keys Allowed in Chat Section/s ]*

[kebien]

I have not worked on that service.
I was mainly trying to log Bandeirantes Intelsat 21.
But trying to improve reception,all logs I get are corrupted,and with tons of errors.

For example I see
[Emu] error: TandbergParseEMMNanoTags: pos(0) + 2 + tagLength(77) > length(44)
emm with errors:

83 70 B4 01 DE 1D 82 01 00 9C DC 01 A1 7B 31 17 
E3 F0 2C E0 4D FF 01 00 00 04 00 00 00 00 00 00 
00 A6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 
DE 1D 82 01 07 66 DC 01 08 00 31 11 58 F0 2C E0 
4D FF 01 00 00 04 00 00 00 00 00 00 00 00 5E 00 
00 00 00 00 00 00 00 00 00 9C 54 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 01 DE 1D 82 01 
19 85 B4 01 08 00 31 77 56 F0 2C 6E 2A FF 01 00 
00 04 00 00 00 00 00 4E C4 9F 00 00 00 00 00 00 
00 00 00 00 00 89 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00

And have it repeatedly,some of the payload change.
It doesn't look an error the packet lenght (0xB4) but it could be,and is different than the service in study in this thread
I am assuming is a broken packet,but could also be a chained packet (with payload continuing in the next packet,not sure what would be the descriptor for this kind,if happens to be the case)
I am waiting for someone that can log this service without errors and post the logs.

 

[C0der]

Looks like these EMMs need a different parsing.
Coud be 3 parts like this:

83 70 B4
01 DE 1D 82 01 00 9C DC 01 A1 7B 31 17 E3 F0 2C E0 4D FF 01 00 00 04 00 00 00 00 00 00 00 A6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01 DE 1D 82 01 07 66 DC 01 08 00 31 11 58 F0 2C E0 4D FF 01 00 00 04 00 00 00 00 00 00 00 00 5E 00 00 00 00 00 00 00 00 00 00 9C 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
01 DE 1D 82 01 19 85 B4 01 08 00 31 77 56 F0 2C 6E 2A FF 01 00 00 04 00 00 00 00 00 4E C4 9F 00 00 00 00 00 00 00 00 00 00 00 89 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

(and no, there are NO KEYS in there)

Similar to the one I posted earlier:

82 70 B4
01 DE 1D 83 01 C4 E1 D0 02 08 00 21 57 5E F0 2C E0 2A FF 01 00 00 01 00 00 00 ...
01 DE 1D 83 01 1F DA D5 02 08 00 21 8F BE F0 2C E0 2A FF 01 00 00 01 00 00 00 ...
01 DE 1D 83 01 0F A7 D5 02 08 00 21 81 8E F0 2C E0 2A FF 01 00 00 01 00 00 00 ...

 

[drhans]

not every 83 table is interesting this clearly looks like an EMM_TAG_RECEIVER_ALLOCATION_DESCRIPTOR message

 

[tarekw40]

amerca 40° w

 

[gotya]

I recorded whole night of wrong Pid $01ff. I will try again latter.

all logs I get are corrupted,and with tons of errors.

I don't know if this might help you guys but I tried recording *.ts files while Tandberg feeds were transmitting and I realized that some application of dvb players are not working with poc tools of JimBizkit and Anubis_Ir

I was succeeded and managed getting info with poc application with these dvb players :
TSReader OK
TSWriter 2 with DVB Dream OK
ProgDVB pro 6.11 OK

AltDVB NOT Working
DVB Dream NOT Working
Stream Recorder with DVB Dream NOT Working

hope this will help you guys

Cheers !!!

 

[okidokios]

someone know how to put service id on poc above 10 cuz I recorded tandberg streams and service id's are 114,14,3de, or something like that, so when i put on poc "tsfile.ts" 114 out.ts i just got stream found on emm but not the video audio ecm pid list.

H:\>poc "10-15-59.ts" "14" out2.ts
poc 1.6
TS mode
[Emu] info: FFDecsa parallel mode = 32
[Emu] stream found emm_pid: 1F4
[Emu] got EMM nano tag E0 (EMM_TAG_RECEIVER_ALLOCATION_DESCRIPTOR) for the first time
[Emu] got EMM nano tag E4 (EMM_TAG_SECURITY_TABLE_DESCRIPTOR) for the first time
[Emu] Keys found in EMM: new nano E4 ram keys 20 to 2F
[Emu] Keys found in EMM: new nano E4 ram keys 30 to 3F
[Emu] Keys found in EMM: new nano E4 ram keys 0 to F

 

[kebien]

amerca 40° w

This say nothing,unless I am blind.

 

[kebien]

I don't know if this might help you guys but I tried recording *.ts files while Tandberg feeds were transmitting and I realized that some application of dvb players are not working with poc tools of JimBizkit and Anubis_Ir

I was succeeded and managed getting info with poc application with these dvb players :
TSReader OK
TSWriter 2 with DVB Dream OK
ProgDVB pro 6.11 OK

AltDVB NOT Working
DVB Dream NOT Working
Stream Recorder with DVB Dream NOT Working

hope this will help you guys

Cheers !!!

I am using a private logger with dvbviewer,should not have problems with recording emm or full ts.
I do not see poc having problems with this logs either,except the ones that have broken packets.
Problem is we do not have valid 0x83 packets in the services in America.
Maybe there should be a focus on brute forcing the ecm keys,most people have cuda video cards ready to start searching,if a dedicated developer decide to do the leg work.

 

[barney115]

Anyone had any luck with these New Tandberg Feeds ??
=> http://www.sat-universe.com/showpost.php?p=2036683387&postcount=8433

they are all Olympic Games TEST Muxx feeds from Rio
7E 11088 H 7200 Feed is still active ..
other 2 Feed freq's have temp. left i think ..:mecry:
i dont know yet how to get ECM Keys .
plze pm me if anyone has success ?
cheers !

 

[dog-man]

I wish someone would make a short guide. I have not had the time to keep up with developments due to work.

I think I have worked out how to use POC.exe and get keys but don't know how to use those keys.

 

[harshy]

Anyone had any luck with these New Tandberg Feeds ??
=> http://www.sat-universe.com/showpost.php?p=2036683387&postcount=8433

they are all Olympic Games TEST Muxx feeds from Rio
7E 11088 H 7200 Feed is still active ..
other 2 Feed freq's have temp. left i think ..:mecry:
i dont know yet how to get ECM Keys .
plze pm me if anyone has success ?
cheers !

I recorded 3 minutes with dvbdream and tsreader yesterday and then put through poc, upload the ts if you can and will analyse it

 

[dog-man]

Where do the keys go in DVB Dream please?

 

[gotya]

I am using a private logger with dvbviewer,should not have problems with recording emm or full ts.
I do not see poc having problems with this logs either,except the ones that have broken packets.
Problem is we do not have valid 0x83 packets in the services in America.
Maybe there should be a focus on brute forcing the ecm keys,most people have cuda video cards ready to start searching,if a dedicated developer decide to do the leg work.

I can help you guys finding CW from C8

 

[gotya]

Anyone had any luck with these New Tandberg Feeds ??
=> http://www.sat-universe.com/showpost.php?p=2036683387&postcount=8433

they are all Olympic Games TEST Muxx feeds from Rio
7E 11088 H 7200 Feed is still active ..
other 2 Feed freq's have temp. left i think ..:mecry:
i dont know yet how to get ECM Keys .
plze pm me if anyone has success ?
cheers !

sorry no signal here m8

 

[gotya]

I wish someone would make a short guide. I have not had the time to keep up with developments due to work.

I think I have worked out how to use POC.exe and get keys but don't know how to use those keys.

Where do the keys go in DVB Dream please?

lol you missed alot my friend don't worry

just follow this link and read my first post then download the latest v_key updated by me and bingo :thum: all is good

Latest Updated Tandberg v_keys

 

[sorrowman]

Plugins
http://up.top4top.net/downloadf-175qjz81-rar.html
or
http://www.sat-universe.com/attachment.php?attachmentid=382366&d=1466547775
thx,viahussun

Then add the key..

Is there any quick guide as how we can find the keys from a tandberg encrypted feed? I know about the main discussion page , but tbf is too long and reading the fist 10-15 pages , everything was sounding like chinese to me lol

 

[karol8903]

Anyone had any luck with these New Tandberg Feeds ??
=> http://www.sat-universe.com/showpost.php?p=2036683387&postcount=8433

they are all Olympic Games TEST Muxx feeds from Rio
7E 11088 H 7200 Feed is still active ..
other 2 Feed freq's have temp. left i think ..:mecry:
i dont know yet how to get ECM Keys .
plze pm me if anyone has success ?
cheers !

look here :nana:

 

[dog-man]

Which prog opens vkeys.db?

 

[karol8903]

http://www.sat-universe.com/showthread.php?t=295442

 

[sorrowman]

not sure if has been answered this but , is it possible to somehow make the tandberg encrypted feeds to play on normal receivers ? like openbox , azbox etc
and maybe if anyone have any idea how to do it to work in profesional receiver Tandberg . Would be funny if the tandberg(receiver) cant play the tandberg (encryption)