Tandberg-slow learner questions

[dale_para_bajo]

This thread is in fact a follow up on: Hacking CA system challenge *Tandberg http://www.sat-universe.com/showthread.php?t=295303

I hope the moderators will allow this thread as the Original thread all ready morphed from Learning Understanding & Hacking to a Log Submit & key request. At most people go there to find an already made plugin. This is not a complaint. I know, project mature and it is on that stage. But I am giving reasons as why you should allow me to request info in a different thread.

My main reasons: I came late, I did not have much time. plus main reason I am a slow learner.

But I will like to learn the basics of colibris teaching.

===========================================================

I am in America so I can not reaceived same signal as colibri was using. Now I need to find what do I need to change to make it work for a transponder in America.

colibri start saying in 1rst post

I was able to decrypt it with the help of a EMM key that I have found in the firmware:

What key do I then use as for sure will be a different provider?
How do we get to download a firmware?
Some even mention BruteForcing EMMs?

In general How do we do it?


Now If I look into @JimBizkit poc2.c file I see he get his key from what he called g_emm_keys_rom This is what I think I need to get.

@JimBizkit @Colibri.DVB or any one of you nice coders, can you help me start here.

In the other hand if bruteforce is the way, what is the clear txt used against the encrypted?

 

[drhans]

Although I couldn't agree with you more that the original thread got sidetracked, all your questions are answered in the first 10 or so pages so in this case there wasn't really any point in opening a new thread.

 

[drhans]

and for the lazy learners

I am in America so I can not reaceived same signal as colibri was using
**** but you can download his recordings, that's what we all did

What key do I then use as for sure will be a different provider?
**** we don't really know this since no other provider seems to be hacked, only this EBU(?) feeds

How do we get to download a firmware?
**** good question, probablt someone wasn't careful enough and leaked it or Colibri has good friends in the broadcast industry...

In the other hand if bruteforce is the way, what is the clear txt used against the encrypted?
**** we know the clear text for one provider (Arena) who simulcrypts and the other encryption is broken

Now If I look into @JimBizkit poc2.c file I see he get his key from what he called g_emm_keys_rom This is what I think I need to get.
**** this came from the firmware

 

[dale_para_bajo]

drhans

I am starting to digest all this. I have not past page1. But I just found why my EMMS where not same as colibris, I was using ts_0100_12689H_28499_prg19.ts instead of ts_0100_11141H_28500_prg3.ts.. Stupid mistake. Now I may go faster. The people that know me seen I am not lazzy. Slow but steady.

Thanks for the answers of 2nd post.

Still in my question

In the other hand if bruteforce is the way, what is the clear txt used against the encrypted?

"**** we know the clear text ... simulcrypts ..."

I do not see your point. I guess I need more to studdy. In fact I may be running ahead since I should be in page 1. But my best guess is that comments of brute-forcing is regards of ECM to gets its encrypyion key. So my best guess was that wee need a know Clear piece of ECM to bruteforce it. Do not worry I will get there when it is time.

People relax, the idea is to enjoy while we learn. There is no point on learning if we get blame while making mistakes.

 

[Hwurst]

Hi dale_para_bajo,

"How do we get to download a firmware"?

colibri loggs the Firmware - (updates) very often over Satellite

 

[dale_para_bajo]

Hi Hwurst it is nice to see you.

I am interested in new things. This is one of them. But I have very little time lately. So I have no chance to learn. When I did had some time at the beginning I was screw by using wrong ts file. hehehe S7up1d of me.