Hacking CA system challenge *Tandberg [ NO Keys Allowed in Chat Section/s ]*

[rustantenna]

@Ragnarok

This DDOS atacks are a pain. My last post got lost.

Listen do not waist to much time on poc.exe or oscam.
Simple it is a waist of time. NOt a single official Tandperg Channel Constant transmission has prove to work with POC.EXE or osacm. It only has work with feeds.

So if it did not work before chances are you will have no more luck now that they are changing stuff!!

@mauricelugher
Any type of parralel computation throu the use of GPU are as fast as the true power of the GPU in use. Normaly is the amount of core and the CPUs Speed but other stuff affect as speed of the PCIex and memory type and amount.

So what ever you can get with a relative Fast PCIex GPU, lets say 100 day. Can become 100 years in a laptop gpu!!

 

[bogyman]

maybe colibri.dvb can help ?

 

[Ragnarok]

I'm trying to sus what the new algorithm is , going back to the start of this thread.

Starting with playing with jcrypttool and trying follow the steps manually like with the old tandberg system. Through the EMM's with rom and ram keys to the final ECM key, then try it on the ECM and manually doing it with jcrypt tool, see what the decrypted data looks like, what the extra lengths do. the basics underlying the system still appears to be the same.

The 42 east stuff still appears to be using the same key index, the key itself might be the same, it could be longer. thats not a bad place to start.

 

[v4nagus]

" Premier League Broadcasters - Urgent Software Upgrade Required For RX8200s, See PLP Extranet "

 

[harshy]

Maybe colibri can get this latest update and figure out what's needed but the IMG feed seems to have gone on 7e as well.

 

[harshy]

Maybe colibri can get this latest update and figure out what's needed but the IMG feed seems to have gone on 7e as well.

Ok img feed back now with the pdg service update channel let's try and figure this out.

 

[rustantenna]

" Premier League Broadcasters - Urgent Software Upgrade Required For RX8200s, See PLP Extranet "

Please every one keep an eye on Software Upgrade Feeds. Try to record those. Then maybe colibri can help us in reverse engineer.

@kebien here you have it. You desire of receiver model.

rx8200-family

 

[harshy]

Please every one keep an eye on Software Upgrade Feeds. Try to record those. Then maybe colibri can help us in reverse engineer.

@kebien here you have it. You desire of receiver model.

rx8200-family

Presumably you switch on your rx8200 to the update channel, updates the firmware of which needs reversing/understanding to get to understand how they are coming up with the new key structure.

 

[bogyman]

can recive 7E here
@all try loging and recording the software, i am 100% sure
it will "OTA"

 

[kebien]

yes,the updates would be in the stream for all receivers involved.
Now,there is nothing you can do with logging the update alone.
It must be loaded in the receiver,or a simulator in order to see what is new in it.
Not sure to what extent a sim can be done,but would be a good idea to make one,in order to follow the changes....the only ones that can make it are the ones that have physical access to an ird,that knows what's in it.


In the other hand,this PDG channels or update channels are in the stream for a while.
Still not sure how many head ends are using this receiver model,some might be using older ones and might not get updated.

harshy
have you seen tandberg channels in america that are down?
I have not seen any yet

 

[harshy]

some channels on 42 east gone down, ar*na still working maybe they dont use same box?

 

[mauricelugher]

Yet another little file to study the new algo.
Only 1Mb file, during CW's switching.
I have tried all I could, which is close to nothing.
:thum:

 

[bogyman]

wait for updates we have the new fw's
thanks good friend for dumping them

 

[rustantenna]

@bogyman
Where is the fw? Who did?

@mauricelugher
I did ignored you file first. I am sorry. But it is to small. Then I read bogyman's comment, so I look one more time. You got interesting really small file.

I have not look at ECM. I Will. But You did 1 important step in the process. Thanks alot.

Now I want you to tell to what transponder this belongs. And if you have a bigger file. Lets say 30 seconds. Well as you already work on it just send that you have on hand. Yes the same file with same CWs.

You see less than a second of record is not enough to work with. So please do us a favor. Thanks ahead.

 

[mauricelugher]

Sorry guys, I have deleted everything.
I was frustrated that I was going nowhere.

 

[abra26]

Very good testing with new algo is with this TS example:

IMG3EU(7e) TS record for analysis.

https://mega.nz/#!HJYUQbKS!sIa-kh2HpbUxln3D0PyiOnDo9CXnfrsoA0Sx-aIZ6x8

already posted by Dave5118. Thank you!! :thum:

If is my prediction correct, now I need only EMM key with 69h index.

 

[vtcc]

@bogyman
Where is the fw? Who did?

@mauricelugher
I did ignored you file first. I am sorry. But it is to small. Then I read bogyman's comment, so I look one more time. You got interesting really small file.

I have not look at ECM. I Will. But You did 1 important step in the process. Thanks alot.

Now I want you to tell to what transponder this belongs. And if you have a bigger file. Lets say 30 seconds. Well as you already work on it just send that you have on hand. Yes the same file with same CWs.

You see less than a second of record is not enough to work with. So please do us a favor. Thanks ahead.

What's fw? I can record EPL with tandberg encryption when it appeared

 

[harshy]

Fw = firmware

 

[FishFeed]

Don't know if it helps in any way but here is a 16min recording from saturday with the 'PDG Service' included.

https://mega.nz/#!p5Vl1KKR!Tk6Cmb4D3OiGyuJOGWQHgH0vCL3A8KsL3A7clkQmHfQ

Details of the feed
http://www.sat-universe.com/imagehosting/4090155802307c26fee.jpg

 

[rustantenna]

@abrakadabra26 Thanks for the correction. That is the right way. Correct us when we are wrong. In this case showing us the right path. Thanks

But then let me say this to all. As Spanish speaker we do write a lot. But you guys in fact write to little! Then hide the good info instead of highlighting it.

It seems yes that what I been asking thinking no body did, has in fact been posted a few times.
It is not easier to just say: here is a good size ts with a valid crypt8/cw. Or here a valid cw encrypted/clear pair!.

Then in other occasion, where is the transponder info. This one will be nice to know current key that supposedly failed. T ?? ???? ?????????????

I will look in to this one see if I can play and learn a little.

Now I may be no expert, and do note know real time. But assuming Old D I $ H IRDs, we where all told to hook receiver and wait 10 minute for updates.
So it is true that this file has a Software Update Service but then file is 1 minute.

In the other hand I have no experience with how to extract beginning of file and finally extract the file. But will look in to it.

All this is a nice experience even if we get no where.

@FishFeed I will look into the other file posted too. Again what was the old failed key you used. Is it on the big list posted in key section?

Nice work guys.