Irdeto2 signature

[laaraj11]

hello everybody !

please someone know's how to calculate the signature in Irdeto2 Ecm decryption.

for example this ecm:
817031C90000000300060028C9ECFE1A2F772B769793DF18930F12EA3D5CF94ADCFEAA8AD4269BBED3346978B2561662CABDEE90

with kasita programme I have this :

-------------------- Kasita Botonnou @ Irdeto2 --------------------
OP KEY 06        : A7B4FE687C9BF7E3B0B67162679558A3
ECM SEED         : 98B4DCAD44E8C9504C3F4E51692A7047
ECM IV           : AE652B210BF89FC69507609842FD303E
-------------------- Kasita Botonnou @ Irdeto2 --------------------
DCW DECRYPTED OK : 3226ADF968D1FFF632C84F8F18FEAE34 By K. Botonnou
-------------------- Kasita Botonnou @ Irdeto2 --------------------
Key Used Is Inde : 06
-------------------- Kasita Botonnou @ Irdeto2 --------------------
Sig Correct!!!   : B5E3180490B09E8E

I can't find out how to calculate this signature !

If someone could help, it will be nice

 

[jan55]

hello everybody !

please someone know's how to calculate the signature in Irdeto2 Ecm decryption.

for example this ecm:
817031C90000000300060028C9ECFE1A2F772B769793DF18930F12EA3D5CF94ADCFEAA8AD4269BBED3346978B2561662CABDEE90

with kasita programme I have this :

-------------------- Kasita Botonnou @ Irdeto2 --------------------
OP KEY 06        : A7B4FE687C9BF7E3B0B67162679558A3
ECM SEED         : 98B4DCAD44E8C9504C3F4E51692A7047
ECM IV           : AE652B210BF89FC69507609842FD303E
-------------------- Kasita Botonnou @ Irdeto2 --------------------
DCW DECRYPTED OK : 3226ADF968D1FFF632C84F8F18FEAE34 By K. Botonnou
-------------------- Kasita Botonnou @ Irdeto2 --------------------
Key Used Is Inde : 06
-------------------- Kasita Botonnou @ Irdeto2 --------------------
Sig Correct!!!   : B5E3180490B09E8E

I can't find out how to calculate this signature !

If someone could help, it will be nice

817031C90000000300060028 C9ECFE1A2F772B76 9793DF18930F12EA 3D5CF94ADCFEAA8A D4269BBED3346978 B2561662CABDEE90

1.Blok_Encrypt(16) - C9ECFE1A2F772B76
2.Blok_Encrypt(16) - 9793DF18930F12EA
3.Blok_Encrypt(16) - 3D5CF94ADCFEAA8A
4.Blok_Encrypt(16) - D4269BBED3346978
5.Blok_Encrypt(16) - B2561662CABDEE90

98B4DCAD44E8C950 xor 0000000000000000 -> 98B4DCAD44E8C950
98B4DCAD44E8C950 3DES_enc A7B4FE687C9BF7E3B0B67162679558A3 -> 76F4FCD4D9366AB4
76F4FCD4D9366AB4 xor 4C3F4E51692A7047 -> 3ACBB285B01C1AF3
3ACBB285B01C1AF3 3DES_enc A7B4FE687C9BF7E3B0B67162679558A3 -> B0463471F08E8B2B

ECM_SEED_PREPARE -> 76F4FCD4D9366AB4B0463471F08E8B2B

C9ECFE1A2F772B76 3DES_dec 76F4FCD4D9366AB4B0463471F08E8B2B -> A510D1AE4BFA9FF5
A510D1AE4BFA9FF5 xor AE652B210BF89FC6 -> 0B75FA8F40020033
9793DF18930F12EA 3DES_dec 76F4FCD4D9366AB4B0463471F08E8B2B -> B1FEF809D9311C78
B1FEF809D9311C78 xor C9ECFE1A2F772B76 -> 78120613F646370E
3D5CF94ADCFEAA8A 3DES_dec 76F4FCD4D9366AB4B0463471F08E8B2B -> 0D0DA0AD87AAEAAD
0D0DA0AD87AAEAAD xor 9793DF18930F12EA -> 9A9E7FB514A5F847
D4269BBED3346978 3DES_dec 76F4FCD4D9366AB4B0463471F08E8B2B -> B6B18F61D8FCAA8A
B6B18F61D8FCAA8A xor 3D5CF94ADCFEAA8A -> 8BED762B04020000
B2561662CABDEE90 3DES_dec 76F4FCD4D9366AB4B0463471F08E8B2B -> 61C583BA4384F7F6
61C583BA4384F7F6 xor D4269BBED3346978 -> [B][COLOR="Blue"]B5E3180490B09E8E[/COLOR][/B]

 

[laaraj11]

@shishmish
you explained well how to decrypt the ecm, but how to check if the signature is correct ?

 

[jan55]

ECM_Encrypt -> 817031C90000000300060028 C9ECFE1A2F772B76 9793DF18930F12EA 3D5CF94ADCFEAA8A D4269BBED3346978 B2561662CABDEE90

1.Blok_Encrypt(16) - C9ECFE1A2F772B76
2.Blok_Encrypt(16) - 9793DF18930F12EA
3.Blok_Encrypt(16) - 3D5CF94ADCFEAA8A
4.Blok_Encrypt(16) - D4269BBED3346978
5.Blok_Encrypt(16) - B2561662CABDEE90

98B4DCAD44E8C950 xor 0000000000000000 -> 98B4DCAD44E8C950
98B4DCAD44E8C950 3DES_enc A7B4FE687C9BF7E3B0B67162679558A3 -> 76F4FCD4D9366AB4
76F4FCD4D9366AB4 xor 4C3F4E51692A7047 -> 3ACBB285B01C1AF3
3ACBB285B01C1AF3 3DES_enc A7B4FE687C9BF7E3B0B67162679558A3 -> B0463471F08E8B2B

ECM_SEED_PREPARE -> 76F4FCD4D9366AB4B0463471F08E8B2B

C9ECFE1A2F772B76 3DES_dec 76F4FCD4D9366AB4B0463471F08E8B2B -> A510D1AE4BFA9FF5
A510D1AE4BFA9FF5 xor AE652B210BF89FC6 -> 0B75FA8F40020033
9793DF18930F12EA 3DES_dec 76F4FCD4D9366AB4B0463471F08E8B2B -> B1FEF809D9311C78
B1FEF809D9311C78 xor C9ECFE1A2F772B76 -> 78120613F646370E
3D5CF94ADCFEAA8A 3DES_dec 76F4FCD4D9366AB4B0463471F08E8B2B -> 0D0DA0AD87AAEAAD
0D0DA0AD87AAEAAD xor 9793DF18930F12EA -> 9A9E7FB514A5F847
D4269BBED3346978 3DES_dec 76F4FCD4D9366AB4B0463471F08E8B2B -> B6B18F61D8FCAA8A
B6B18F61D8FCAA8A xor 3D5CF94ADCFEAA8A -> 8BED762B04020000
B2561662CABDEE90 3DES_dec 76F4FCD4D9366AB4B0463471F08E8B2B -> 61C583BA4384F7F6
61C583BA4384F7F6 xor D4269BBED3346978 -> [B][COLOR="Blue"]B5E3180490B09E8E[/COLOR][/B]

817031C90000000300060028

1.Blok_Derypt(16) - 0B75FA8F40020033
2.Blok_Derypt(16) - 78120613[COLOR="Red"]F646370E[/COLOR]
3.Blok_Derypt(16) - [COLOR="red"]9A9E7FB5[/COLOR][COLOR="Blue"]14A5F847[/COLOR]
4.Blok_Derypt(16) - [COLOR="blue"]8BED762B[/COLOR]04020000
5.Blok_Derypt(16) - [COLOR="green"]B5E3180490B09E8E[/COLOR] - Signature

[COLOR="red"]F646370E9A9E7FB5[/COLOR] 3DES_dec A7B4FE687C9BF7E3B0B67162679558A3 -> 9C4386D863296030
9C4386D863296030 xor AE652B210BF89FC6 -> [COLOR="Purple"]3226ADF968D1FFF6[/COLOR]

[COLOR="blue"]14A5F8478BED762B[/COLOR] 3DES_dec A7B4FE687C9BF7E3B0B67162679558A3 -> C48E78818260D181
C48E78818260D181 xor F646370E9A9E7FB5 -> [COLOR="DarkOrange"]32C84F8F18FEAE34[/COLOR]

DCW_Decrypt -> [COLOR="Red"]F646370E9A9E7FB5[/COLOR][COLOR="Blue"]14A5F8478BED762B[/COLOR]

DCW_Encrypt -> [COLOR="purple"]3226ADF968D1FFF6[/COLOR][COLOR="darkorange"]32C84F8F18FEAE34[/COLOR]


ECM_Decrypt -> 817031C90000000300060028 0B75FA8F40020033 78120613[COLOR="red"]F646370E[/COLOR] [COLOR="Red"]9A9E7FB5[/COLOR][COLOR="Blue"]14A5F847[/COLOR] [COLOR="blue"]8BED762B[/COLOR]04020000 [COLOR="Green"]B5E3180490B09E8E[/COLOR]

8170 -----> Haeder Type EMM (Table ID -> 80=CW0 Active Or 81= CW1 Active)
31 -------> Len ((Hex:0x31) => Dec=49 Bytes => 98 symbols)
C90000 ---> ??????
0003 -----> Channel ID
00 -------> Provider
06 -------> OP Key Index
00 -------> ??
28 -------> Len ((Hex:0x28) => Dec:5*8=40 Bytes => 80 symbols)
0B75FA8F -> ??
40 -------> Nano Date
02 -------> Len Date
0033 -----> Date ??
78 -------> Nano Update DCW
12 -------> Len ((hex:0x12) => Dec=18 Bytes (OP Key Index(1 Byte) + 1 Byte + DCW(16 Bytes) => 36 symbols)
06 -------> OP Key Index (1 Byte)
13 -------> 80=12 || 81=13 (1 Byte)
[COLOR="Red"]F646370E9A9E7FB5[/COLOR][COLOR="Blue"]14A5F8478BED762B[/COLOR] --> DCW_Decrypt
04020000 -> ??
[COLOR="green"]B5E3180490B09E8E[/COLOR] -> Signature

 

[laaraj11]

Actually I coded the full irdeto2 algo but I need just how to check the signature (like in emm-opkey decrypt algo) !
here is my code :

#include "Iredeto.h"

unsigned char Ecm_Seed[]={
0x98,0xB4,0xDC,0xAD,0x44,0xE8,0xC9,0x50,0x4C,0x3F,0x4E,0x51,0x69,0x2A,0x70,0x47};

unsigned char Ecm_IV[]= {
0xAE,0x65,0x2B,0x21,0x0B,0xF8,0x9F,0xC6,0x95,0x07,0x60,0x98,0x42,0xFD,0x30,0x3E};

unsigned char OPkey[]= {
0xA7,0xB4,0xFE,0x68,0x7C,0x9B,0xF7,0xE3,0xB0,0xB6,0x71,0x62,0x67,0x95,0x58,0xA3};

void dec_3des(unsigned char *data, unsigned char *key) {
    unsigned char tmpKey[16];
    memcpy(tmpKey,key,16);
    doPC1(tmpKey);
    doPC1(&tmpKey[8]);
    Des(data,tmpKey,DES_ECS2_DECRYPT);
    Des(data,&tmpKey[8],DES_ECS2_CRYPT);
    Des(data,tmpKey,DES_ECS2_DECRYPT);
}

void enc_3des(unsigned char *data, unsigned char *key) {
    unsigned char tmpKey[16];
    memcpy(tmpKey,key,16);
    doPC1(tmpKey);
    doPC1(&tmpKey[8]);
    Des(data,tmpKey,DES_ECS2_CRYPT);
    Des(data,&tmpKey[8],DES_ECS2_DECRYPT);
    Des(data,tmpKey,DES_ECS2_CRYPT);
}

void dec_3des_cbc(unsigned char *data, unsigned char *key, int len) {

unsigned char IV[16],IV_tmp[16];
memcpy(IV_tmp,Ecm_IV,16);
int i=0,j=0;
	for(i=0;i<len/8;i++)
	{
		memcpy(IV,IV_tmp,16);
		memcpy(IV_tmp,data+i*8,16);	
		dec_3des(data+i*8,key);
		for(j=0;j<8;j++) data[i*8+j] ^=  IV[j];
	}
}

char IredetoECM(unsigned char *ecm, unsigned char *dw)
{
    unsigned char Crypted_Data[40] = {0};
    unsigned char *tmpKey;
    unsigned char Ecm_Seed_Preprare[16];
    unsigned char Crypted_Key[16];
    int len = ecm[11];
    int ecmlen = ecm[2]+3;
    memcpy (Ecm_Seed_Preprare,Ecm_Seed,16);
    memcpy (Crypted_Data,ecm+12,40);

//Calc Ecm_Seed_prepare key

    enc_3des(Ecm_Seed_Preprare,OPkey);
    for(int i=0;i<8;i++) Ecm_Seed_Preprare[8+i] ^=Ecm_Seed_Preprare[i]; 
    enc_3des(Ecm_Seed_Preprare+8,OPkey);
    
//ECM Decrypt 
	dec_3des_cbc(ecm+12,Ecm_Seed_Preprare,len);
	memcpy(Crypted_Key,ecm+24,16);


//Decrypt OPKey
	dec_3des_cbc(Crypted_Key,OPkey,16);	
	memcpy(dw,Crypted_Key,16);

//Check signature ?

}

 

[testi]

code from 607xEMU :

unsigned int CalculateMAC(unsigned char *Key, unsigned char *IV_PAD, unsigned char *Data2Sign, unsigned int DataLen) {
	unsigned char CryptBuffer[8], MACBuffer[8], keybuffer[24];
	unsigned int i, y, z;

	for (i=0;i<16;i++)	keybuffer[i] = Key[i];
	for (i=0;i<8;i++)	keybuffer[16+i] = Key[i];

	for (i=0;i<8;i++) { 
		CryptBuffer[i] = 0;
		MACBuffer[i] = Data2Sign[DataLen-8+i];
	}

	z = 0;
	for (y=0;y<((DataLen****3));y++) {
		for (i=0;i<8;i++) {
			if (((y*8)+i) < (DataLen-8))	CryptBuffer[i] = Data2Sign[(y*8)+i] ^ CryptBuffer[i];
			else {
				CryptBuffer[i] = IV_PAD[8+z] ^ CryptBuffer[i];
				z++;
			}
		}
		cDes_3DES(CryptBuffer, keybuffer, PRV_DES_ENCRYPT, PRV_DES_DECRYPT); //3DES-Encrypt
//		Encrypt3DES (keybuffer,CryptBuffer,CryptBuffer);
	}
	return memcmp(CryptBuffer, MACBuffer,8);
}

	if (CalculateMAC(Key1, table->IV_PAD, abIOBuffer+6, DataLen+6))
	{
		#ifdef DEBUG
				printf("Signature check: \tFAILS\n");
		#endif
		return false;
	}
	else {
		#ifdef DEBUG
				printf("Signature check: \tOK\n");
		#endif
	}

 

[jojor]

Have a look at gamma source code

unsigned int CalculateMAC(unsigned char *Key, unsigned char *IV_PAD, unsigned char *Data2Sign, unsigned int DataLen) {
	unsigned char CryptBuffer[8];
	unsigned char MACBuffer[8];
    unsigned char keybuffer[24];
	unsigned int i;
	unsigned int y;
	unsigned int z;

	for (i=0;i<16;i++)
		keybuffer[i] = Key[i];
	for (i=0;i<8;i++)
		keybuffer[16+i] = Key[i];

	for (i=0;i<8;i++) 
     { 
		 CryptBuffer[i] = {0x00};
		MACBuffer[i] = Data2Sign[DataLen-8+i];
	}

	z = 0;
	for (y=0;y<((DataLen****3));y++) 
     {
		for (i=0;i<8;i++) 
           {
		 if (((y*8)+i) < (DataLen-8))
		 CryptBuffer[i] = Data2Sign[(y*8)+i] ^ CryptBuffer[i];
		else 
              {
			CryptBuffer[i] = IV_PAD[8+z] ^ CryptBuffer[i];
			z++;
		   }
		}
	Encrypt3DES (keybuffer,CryptBuffer,CryptBuffer);
	}
	return memcmp(CryptBuffer, MACBuffer,8);
};

 

[laaraj11]

hello my friends,
After testing the function CalculateMAC(), it doesn't generate the correct Signature(MAC).
Here is my tests:
1) First test, I replaced the decrypted opkey in Data2Sign:
Key = 76F4FCD4D9366AB4B0463471F08E8B2B
IV_PAD = AE652B210BF89FC69507609842FD303E
Data2Sign = 0B75FA8F40020033
781206133226ADF9
68D1FFF632C84F8F
18FEAE3404020000
B5E3180490B09E8E
DataLen = 40

the result of the function is :
y=0)
CryptBuffer = 0000000000000000 ^ 0B75FA8F40020033 = 0B75FA8F40020033
CryptBuffer = 0B75FA8F40020033->ENC_3DES->C628755283B18212
y=1)
CryptBuffer = C628755283B18212 ^ 781206133226ADF9 = BE3A7341B1972FEB
CryptBuffer = BE3A7341B1972FEB->ENC_3DES->8AEADF126F15A265
y=2)
CryptBuffer = 8AEADF126F15A265 ^ 68D1FFF632C84F8F = E23B20E45DDDEDEA
CryptBuffer = E23B20E45DDDEDEA->ENC_3DES->99E39DDED7698E1F
y=3)
CryptBuffer = 99E39DDED7698E1F ^ 18FEAE3404020000 = 811D33EAD36B8E1F
CryptBuffer = 811D33EAD36B8E1F->ENC_3DES->E26FBDE1D00414B0
y=4)
CryptBuffer = E26FBDE1D00414B0 ^ 9507609842FD303E = 7768DD7992F9248E
CryptBuffer = 7768DD7992F9248E->ENC_3DES->D8B3E33A07166950

D8B3E33A07166950 doesn't match with B5E3180490B09E8E, so the calculated MAC is false.

2) test2 I keep the crypted opkey in Data2Sign :

Key = 76F4FCD4D9366AB4B0463471F08E8B2B
IV_PAD = AE652B210BF89FC69507609842FD303E
Data2Sign = 0B75FA8F40020033
78120613F646370E
9A9E7FB514A5F847
8BED762B04020000
B5E3180490B09E8E
DataLen = 40

the result is :
CryptBuffer = 0000000000000000
CryptBuffer = 0B75FA8F40020033
CryptBuffer = C628755283B18212
CryptBuffer = BE3A734175F7B51C
CryptBuffer = 5C4B96435525BAFE
CryptBuffer = C6D5E9F6418042B9
CryptBuffer = 795479BB2C32499B
CryptBuffer = F2B90F902830499B
CryptBuffer = 2957E49567A228F6
CryptBuffer = BC50840D255F18C8
CryptBuffer = C4D51A99A2853804

C4D51A99A2853804 doesn't match again with B5E3180490B09E8E, so the calculated MAC is false.

 

[jojor]

Check with the following payload
C373D45F1030F1BE682400C8EA061332DB00B0AD3A241AC804AD8E988AEAC99FB0603A2E5E80E34BAE50F103EA01
key3des
C5EFAF54B66A092D50268541010DA652
iv
87A3DBFC22B199E762C649E08F2A5E65
and tell me if you get signature
A52EF14F2983E20A
if so then there is problem with the payload you take for calculation

 

[ELECTRIK DZ]

jojor@ is more hhhhh ,!

 

[laaraj11]

here is the results :

(NB: I take only the first 40 bytes !)
C373D45F1030F1BE682400C8EA061332DB00B0AD3A241AC804AD8E988AEAC99FB0603A2E5E80E34BAE50F103EA01

C373D45F1030F1BE
682400C8EA061332
DB00B0AD3A241AC8
04AD8E988AEAC99F
B0603A2E5E80E34B
AE50F103EA01

key3des = C5EFAF54B66A092D50268541010DA652
iv = 87A3DBFC22B199E7 62C649E08F2A5E65

y=0)
CryptBuffer after xor with IV = C373D45F1030F1BE
CryptBuffer after enc_3des = 8AA134471741C8F0
y=1)
CryptBuffer after xor with IV = E285348FFD47DBC2
CryptBuffer after enc_3des = ED5F77FBB3E8FA61
y=2)
CryptBuffer after xor with IV = 365FC75689CCE0A9
CryptBuffer after enc_3des = EECD9CD2B97A946E
y=3)
CryptBuffer after xor with IV = EA60124A33905DF1
CryptBuffer after enc_3des = BB092C9664D10173
y=4)
CryptBuffer after xor with IV = D9CF6576EBFB5F16
CryptBuffer after enc_3des = 6953017F7F3DD38C

signature = 6953017F7F3DD38C

 

[jojor]

8AA134471741C8F0
ED5F77FBB3E8FA61
EECD9CD2B97A946E
BB092C9664D10173
70701AFB5F3B429B
A52EF14F2983E20A
Here are my results

 

[laaraj11]

@jorjor
I reproduce your results by using 3des cbc algo only and not when I use CalculateMAC().
As seen on image :

NB : playload = C373D45F1030F1BE682400C8EA061332DB00B0AD3A241AC804AD8E988AEAC99FB0603A2E5E80E34BAE50F103EA0162C6
62C6 = byte 9 and 10 from IV