Hacking CA system challenge *Tandberg [ NO Keys Allowed in Chat Section/s ]*

G

gotya

Moderator
Messages
7,200
@ rustantenna = dale_para_bajo

why don't you post with your original ID { dale_para_bajo } ?

what's the point of making more registration with different nicknames and you know it's against the forum RULES ?

you said you were leaving the forum before or it's just because there is a new change in the system now :cool:
 
R

rustantenna

Banned
Messages
64
I am going to ignore that. I knew it was coming, that as soon as crypt8/cw where mention I will get blame or associated with other old issues.

Here is what I can see up to here from:
https://mega.nz/#!HJYUQbKS!sIa-kh2HpbUxln3D0PyiOnDo9CXnfrsoA0Sx-aIZ6x8

and from
Code: 
hashcat64.exe -m 14000 2DF526CB2F3F76ED:019FCB6B98CB6ED1 -o cracked.txt -a 3 -1 charsets/DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -w 3

By the way the previous assumption is wrong, you can not obtain DES ECM Key from brute-forcing a crypt8 using a CW Clear text.

Wrong you are confusing and mixing CSA with DES encryption

But after looking on it I could figure that out.

Since you provided the Clear CW, it was time to test and identify ECM.

http://www54.zippyshare.com/v/OqABh06N/file.html
On it you will see a unencrypted 9 seconds and the ECM that is used for that.

Now you smart guys can speculate what to do next. As I have a feeling due to confusion I will get next banned. If that is the case. It was nice to meet and share with you all ( I guess All = ALL - 1). Hope I am wrong and I will allow to be around.
 
Last edited:
K

kebien

Well Known Member
Messages
1,329
rustantenna
You have minimal knowledge about how firmware updates are spooled or downloaded or installed.

For DISH net,the spool contains at least 10 different receivers models updates......no wonder you must wait 10 minutes to WAIT FOR YOUR RECEIVER TO LOCATE THE CORRESPONDING FRAGMENT..it might take 10 minutes to repeat..then download and install.

Here there is apparently only one receiver,a continued spool.....at the bitrate this pid is running you would not need more than a minute.........or two.
 
H

harshy

Well Known Member
Messages
746
Damn it I wish I had programming experience, do you think it's a big change or just increased key lengths, is it the calculation to get to the longer key lengths we are trying to understand?
 
R

Ragnarok

Donating Member
Messages
337
it looks like a switch to 3des for some the 83 table EMM's and the ECMs. there is a Waring in the software upgrade notes that the New entitlements from this are not backward compatible and will be lost with a software downgrade, but the old ones are carried forward, this would suggest that with the change to 3des an increase in key length.

The biggest problem might not actually be the Tandberg/Ericcson director encryption system itself at all depending on the output of the de-crypted ECM.
 
Last edited:
K

kebien

Well Known Member
Messages
1,329
Anything is possible.
I would imagine they creating more dependencies than the ones we know,meaning the need of more information (like the need of a complete ROM (or other unknown code portion) to decrypt ECM and/or EMM)
Not that there would be a problem (or there is) if there is access to some of this irds......but in case they do not upgrade old receivers (like the one used to start all this).....could be a big problem
 
B

BLACKCRUSADER

Well Known Member
Messages
2,022
I tried to post in other thread. Post this and hope it's accepted so I can make more posts. There was as suggestion on another forum that for the new tandberg to work the RAM would need to be increased to 8mb.

RX 8200s Ericsson IRD need a software update to open.
 
K

kebien

Well Known Member
Messages
1,329
Ragnarok said:
Does anyone know how to find the scrambling descriptor 0x65 in the PMT. If the scrambling mode is anything but 01 we should forget this, unless your just investigating for fun.

http://www.etsi.org/deliver/etsi_ts/100200_100299/100289/01.01.01_60/ts_100289v010101p.pdf
Click to expand...
Is rather simple to parse PMT,if there is a descriptor 0x65 you would see it.

I am pretty sure the use of any other than CSA v1 would involve a hardware change.It could not be done through a firmware update.

Receiver's chipset might be ready,though,it's just a matter of looking at the chipset specs,I doubt there is any CSAv3 chipset in this receivers.

by the ETSI document :
****"These factors inspired DVB to create a new, more
complex and secure version which was standardized as DVB-CSAv3 in 2007. CSAv3 is supported by new terminal
equipment now arriving on the market, however migrating to CSAv3 requires the previous generation of terminal
equipment to be replaced.****
 
Last edited:
O

ooOO_SORGOS_OOoo

harshy hi good morning

what do you think ?

you think

Tandberg sharing home ?

or powervu !!!

Colibri knows but we dont knows
 
H

harshy

Well Known Member
Messages
746
I think many things lol but yeah I think whatever solution it is it's already cracked and not public.
 
K

kebien

Well Known Member
Messages
1,329
Thanks to a friend for the clarification.
In the EMM's posted in this thread there is no UA in any of them.
What we thought it was the UA is just more descriptors and checksums.
 
barney115

barney115

Donating Member
Staff member
Administrator
Messages
24,840
kebien said:
I think there is a need to be patience,Barney2222.
Do not lose hope.
Click to expand...
No i will never loose hope and i agree fully with you i just did not hear anything much for a few days and this thread went off topic a bit too which then got quite confusing but a good friend of mine sent me a message today and i have every faith that the solution will be coming very soon for Tandberg's new Security System . :thum:

Thats all i can say about it so yep kebien your right and you got it spot on for sure :)
 
You must log in or register to reply here.
Top