Help! New Mystery Encryption Scheme

[KenSoftTH]

So, I have run into this possibly new encryption on 162E. Every feed gives the same crypt8 value such as:

PID: 200h B8h-Crypt8:00 93 D9 8F BD 40 1B 72 [E] Count:4832178
PID: 200h B8h-Crypt8:00 93 D9 8F BD 40 1B 72 [O] Count:4613112
PID: 200h B8h-Crypt8:E5 5B 94 4D DE DB CC 53 [O] Count:11559
PID: 200h B8h-Crypt8:E5 5B 94 4D DE DB CC 53 [E] Count:10685
PID: 200h B8h-Crypt8:45 4F EF 21 A4 F4 DC 8D [O] Count:4031
PID: 200h B8h-Crypt8:45 4F EF 21 A4 F4 DC 8D [E] Count:3669
PID: 200h B8h-Crypt8:84 28 05 78 E5 65 F0 4D [O] Count:1324
PID: 200h B8h-Crypt8:A2 F0 D4 25 03 DC 50 F5 [E] Count:1118

or

PID: 200h B8h-Crypt8:00 93 D9 8F BD 40 1B 72 [E] Count:108475
PID: 200h B8h-Crypt8:E5 5B 94 4D DE DB CC 53 [E] Count:221
PID: 200h B8h-Crypt8:45 4F EF 21 A4 F4 DC 8D [E] Count:73
PID: 200h B8h-Crypt8:B3 50 3C CE 63 06 1E 37 [E] Count:17
PID: 200h B8h-Crypt8:2E 57 10 4E 86 A7 F6 5F [E] Count:14
PID: 200h B8h-Crypt8:ED 4F B1 F0 FB D5 10 6C [E] Count:10
PID: 200h B8h-Crypt8:50 8A 1E 97 23 33 A5 DD [E] Count:9
PID: 200h B8h-Crypt8:AF C1 13 19 CD 27 50 7F [E] Count:9

It turns out that it always going to give crypt 8 of these three value in all feed.

00 93 D9 8F BD 40 1B 72
E5 5B 94 4D DE DB CC 53
45 4F EF 21 A4 F4 DC 8D

I'm trying CUDA Biss, with 3x GTX 1070 for three days now. It's near finish, but returns nothing yet. CAS ID saids nothing, usually BISS must be 2600. So, I'm really confused about what could this possibly be. Please help!

Link to TS File

https://mega.nz/#!lYFEyaoT!e0YWC16wkssisCauVC6Veqya-R86yRCeDIDt_U-AbjQ

 

[KenSoftTH]

Bump, anyone?

 

[barney115]

IT IS NOT BISS Encryption .
there is ODD [ O ] AND Even [ E ] packets in the Crypt8
SO FOR 100% SURE THIS IS Not BISS 2600
It well could be BISS 2 Ident 2610 or Irdeto or other encryption too .

i have decrypted your .TS File using TSdec Tool
and it returns with #CW: E1 72 62 B5 42 66 18 C0
but this means nothing and no pictures or video was actually
decrypted since BISS 2 algo remains unknown and Still very much secured Encryption same can be said for any other possible encryptions that this Freq 12401_V_12222 is using .

Nameless_12401_1_12401_V_12222_20190609_1449_VPID_512_decrypted.ts
trying to sync...
sync at packet 13. using CW #58946 "0 E1 72 62 B5 42 66 18 C0"
packet 70. using CW #58947 "1 E1 72 62 B5 42 66 18 C0"
lost sync at packet 101. Trying resync.
end of TS input file reached. Total number of packets: 360512.
total time 2.78s (129850 packets/s, 23.28 MB/s)

hope that helps you understand a little bit better but you are wasting time with this Encryption you will simply not be hacking it that much is a certain fact .!!

 

[KenSoftTH]

IT IS NOT BISS Encryption .
there is ODD [ O ] AND Even [ E ] packets in the Crypt8
SO FOR 100% SURE THIS IS Not BISS 2600
It well could be BISS 2 Ident 2610 or Irdeto or other encryption too .

i have decrypted your .TS File using TSdec Tool
and it returns with #CW: E1 72 62 B5 42 66 18 C0
but this means nothing and no pictures or video was actually
decrypted since BISS 2 algo remains unknown and Still very much secured Encryption same can be said for any other possible encryptions that this Freq 12401_V_12222 is using .



hope that helps you understand a little bit better but you are wasting time with this Encryption you will simply not be hacking it that much is a certain fact .!!

Actually, you know what? That was the CW that the broadcaster was using for the last 4 years on Superbird B3 162E. They were using BISS but switch to this thing earlier this year. Thank you! That gave some clue

 

[KenSoftTH]

One last question, could it be constant CW or anything with same key on both odd and even packet? It seems like that would be the way they are going. As the key you found matched up exactly to many previous BISS feed on this frequency.

 

[barney115]

could it be constant CW or anything with same key on both odd and even packet?

nope that is not the case here of that i am certain .
if it was the case then your .TS recording would have quickly decrypted both the Video and Audio and provided a Picture and Audio sound which was not the case,
This looks like BISS 2 and Ident 2610 but could still be a wide range a various Encryptions but its impossible to know for sure
only way to know for sure is use a DVB Card or Box and see exactly what encryption is being used see my attached picture BELOW to find out exactly what to look for with any channel or even feed Example =>
Good luck : )

 

[jan55]

So, I have run into this possibly new encryption on 162E. Every feed gives the same crypt8 value such as:

PID: 200h B8h-Crypt8:00 93 D9 8F BD 40 1B 72 [E] Count:4832178
PID: 200h B8h-Crypt8:00 93 D9 8F BD 40 1B 72 [O] Count:4613112
PID: 200h B8h-Crypt8:E5 5B 94 4D DE DB CC 53 [O] Count:11559
PID: 200h B8h-Crypt8:E5 5B 94 4D DE DB CC 53 [E] Count:10685
PID: 200h B8h-Crypt8:45 4F EF 21 A4 F4 DC 8D [O] Count:4031
PID: 200h B8h-Crypt8:45 4F EF 21 A4 F4 DC 8D [E] Count:3669
PID: 200h B8h-Crypt8:84 28 05 78 E5 65 F0 4D [O] Count:1324
PID: 200h B8h-Crypt8:A2 F0 D4 25 03 DC 50 F5 [E] Count:1118

or

PID: 200h B8h-Crypt8:00 93 D9 8F BD 40 1B 72 [E] Count:108475
PID: 200h B8h-Crypt8:E5 5B 94 4D DE DB CC 53 [E] Count:221
PID: 200h B8h-Crypt8:45 4F EF 21 A4 F4 DC 8D [E] Count:73
PID: 200h B8h-Crypt8:B3 50 3C CE 63 06 1E 37 [E] Count:17
PID: 200h B8h-Crypt8:2E 57 10 4E 86 A7 F6 5F [E] Count:14
PID: 200h B8h-Crypt8:ED 4F B1 F0 FB D5 10 6C [E] Count:10
PID: 200h B8h-Crypt8:50 8A 1E 97 23 33 A5 DD [E] Count:9
PID: 200h B8h-Crypt8:AF C1 13 19 CD 27 50 7F [E] Count:9

It turns out that it always going to give crypt 8 of these three value in all feed.

00 93 D9 8F BD 40 1B 72
E5 5B 94 4D DE DB CC 53
45 4F EF 21 A4 F4 DC 8D

I'm trying CUDA Biss, with 3x GTX 1070 for three days now. It's near finish, but returns nothing yet. CAS ID saids nothing, usually BISS must be 2600. So, I'm really confused about what could this possibly be. Please help!

Link to TS File

https://mega.nz/#!lYFEyaoT!e0YWC16wkssisCauVC6Veqya-R86yRCeDIDt_U-AbjQ

maybe this is about it : https://www.sat-universe.com/showthread.php?t=171268

 

[KenSoftTH]

nope that is not the case here of that i am certain .
if it was the case then your .TS recording would have quickly decrypted both the Video and Audio and provided a Picture and Audio sound which was not the case,
This looks like BISS 2 and Ident 2610 but could still be a wide range a various Encryptions but its impossible to know for sure
only way to know for sure is use a DVB Card or Box and see exactly what encryption is being used see my attached picture BELOW to find out exactly what to look for with any channel or even feed Example =>
Good luck : )

Tried that, CAT Table is empty for me. I'd guess the broadcaster hide it OR could it be B-CAS since this is from Japanese Broadcaster? I also read a bit about CCW through the link above. So, if I know the CCW, I can decrypt this feed regardless of encryption used assumed that it's not BISS2?

 

[KenSoftTH]

maybe this is about it : https://www.sat-universe.com/showthread.php?t=171268

Thank you

 

[K2TSET]

If you look on the ts in a hex editor you will see most of the 188 bytes packets are identical. Except for the first 68 packets which does not have a PUSI in it

If you decode with the CW mentioned above and then search for the PUSI again you will not find any 00 00 01 so it proberly wrong

My guess are for that no video are being transmitted

 

[KenSoftTH]

If you look on the ts in a hex editor you will see most of the 188 bytes packets are identical. Except for the first 68 packets which does not have a PUSI in it

If you decode with the CW mentioned above and then search for the PUSI again you will not find any 00 00 01 so it proberly wrong

My guess are for that no video are being transmitted

Please also take a look at this one, same satellite, same encryption. Can't decrypt also.

https://mega.nz/#!ZPJyiAIQ!2ijWhTZNODs8JBpkrEdHZd_ESWITcIuqaYjbiYttlWA

 

[K2TSET]

Please also take a look at this one, same satellite, same encryption. Can't decrypt also.

https://mega.nz/#!ZPJyiAIQ!2ijWhTZNODs8JBpkrEdHZd_ESWITcIuqaYjbiYttlWA

Same kind behavior a lot of repeated packets (empty for content) and the something where the are actually some payload. If I decode with the CW mentioned above and search for the PUSI 47 42 00 in the sections where the payload does look like it has contains I do not see any 00 00 01.
So the CW does not fit or it's not CSA.

I have the idea then the repeated non content might have been planted to destroy the Crypt8 method

It would be possible to extract some PUSI data where it has content and the do a BF to find a CW but it will take time

 

[KenSoftTH]

Same kind behavior a lot of repeated packets (empty for content) and the something where the are actually some payload. If I decode with the CW mentioned above and search for the PUSI 47 42 00 in the sections where the payload does look like it has contains I do not see any 00 00 01.
So the CW does not fit or it's not CSA.

I have the idea then the repeated non content might have been planted to destroy the Crypt8 method

It would be possible to extract some PUSI data where it has content and the do a BF to find a CW but it will take time

Interesting discovery. I actually tried bruteforce once using CUDABiss, but it returned nothing. I will appreciate it if you can guide me on the way to extract PUSI data and BF.

I won't be surprised if this is not CSA as Japanese always making their own proprietary stuff.

BTW, there are some feed that broadcast simultaneously on both Superbird B3 and Superbird C2. On C2, they use regular BISS, which decrypted nicely. Would it be helpful if I upload file from both satellite that was recorded from the exact same time?

 

[K2TSET]

To find the PUSI to search for your can use like Hxd hexeditor, open the ts file set the Byte per row to 188 this make s a very nice view of packets aligned over each other

Now press "cntl" "F" for find and change to hex search and enter 47 42 00 (the 47 i the start byte and th 4 is the PUSI flag 2 00 is the PID) and search you will now see a lot of static packets which I believe are "Noise" to make Crypt8 not working.

but you will have eg a line like
47 42 00 D9 47 7F C9 B0 FF 56 87 01 BA 7E 5B FF 60 F3 94

47 42 00 is the PUSI flag for the PID 200 "D9" is a flag if there are a adaption field which there are not and a continuity counter ("9") so next comes the payload

47 7F C9 B0 FF 56 87 01 BA 7E 5B FF 60 F3 94 F1

Those are the bytes for the BF but you will need 3 packets total to make sure the 00 00 01 does fit in all 3 packets for the CW.

I believe that Cudabiss have chosen the 3 first packet you had in your file which does not have real content (fake)

I will try to run a BF and see if something usable comes out

 

[KenSoftTH]

To find the PUSI to search for your can use like Hxd hexeditor, open the ts file set the Byte per row to 188 this make s a very nice view of packets aligned over each other

Now press "cntl" "F" for find and change to hex search and enter 47 42 00 (the 47 i the start byte and th 4 is the PUSI flag 2 00 is the PID) and search you will now see a lot of static packets which I believe are "Noise" to make Crypt8 not working.

but you will have eg a line like
47 42 00 D9 47 7F C9 B0 FF 56 87 01 BA 7E 5B FF 60 F3 94

47 42 00 is the PUSI flag for the PID 200 "D9" is a flag if there are a adaption field which there are not and a continuity counter ("9") so next comes the payload

47 7F C9 B0 FF 56 87 01 BA 7E 5B FF 60 F3 94 F1

Those are the bytes for the BF but you will need 3 packets total to make sure the 00 00 01 does fit in all 3 packets for the CW.

I believe that Cudabiss have chosen the 3 first packet you had in your file which does not have real content (fake)

I will try to run a BF and see if something usable comes out

I don't think cudabiss took the fake packet, here's my input file

000000000000
FFFFFF000000
474200D8A9EA938D2300CBB4ADB32296
474200DF19249507E6B4596AF0CD4A9F
474200DD305F9D7CA911AC8B91CCB12F
999
1

 

[KenSoftTH]

Could this indicate that this is B-CAS? or it's normal for TS to have that?

 

[K2TSET]

Yeah, I did see that private descriptor "C8" "CDT" and I found this doc http://www.arib.or.jp/english/html/overview/doc/8-TR-B14v3_8-2p3-E1.pdf

CDT (Common Data Table)
Carries downloaded data in a section style table. In
digital terrestrial television broadcasting, only service
logo data is used, at the moment.

https://ibb.co/NKBr0R3

In respect to you input for CudaBiss the if you see the image with the hex of the file you see your first input with PUSI 47 42 20
the next line 47 02 00 does have some normal data but the in the next many lines this is what think are the "Fake" data but sure it could be black or no video / stuffing or so

 

[KenSoftTH]

Yeah, I did see that private descriptor "C8" "CDT" and I found this doc http://www.arib.or.jp/english/html/overview/doc/8-TR-B14v3_8-2p3-E1.pdf

CDT (Common Data Table)
Carries downloaded data in a section style table. In
digital terrestrial television broadcasting, only service
logo data is used, at the moment.

https://ibb.co/NKBr0R3

In respect to you input for CudaBiss the if you see the image with the hex of the file you see your first input with PUSI 47 42 20
the next line 47 02 00 does have some normal data but the in the next many lines this is what think are the "Fake" data but sure it could be black or no video / stuffing or so

I just got in touch with whoever record this ts. He said it was "Pre-Stream" recording, so i suspect it was color bar or black screen. I suspect this is "zero fill packet" as other stream that is known to be "non black" also gives crypt8 begin with 00 93...

Anyway, he sent me these ts file. Both of them are recorded from the same event broadcasting to two satellite. One is in BISS, another one is in this weird encryption. The one with BISS was given with decrypted version. Please take a look.

https://mega.nz/#F!gM9lWbBQ!aGb2HcoVoBLRp9J5SAouwQ

 

[K2TSET]

I did a full BF search on an active part of the ts and no CW found to match so it's not CSA or invalid data

I will have a look on the file from the other satellite

 

[K2TSET]

If I look into 12276000-V-7032-2019-06-09 17-22-28.ts then I do not see any 00 93 content nor any static areas when browsing trough the file so I have hard to believe it's the same content
compared to the 12402000-V-12222-2019-06-09 19-47-38.ts
then also have different time in filename