Understanding DES
- Thread starter cayoenrique
- Start date
cayoenrique
Member
- Messages
- 475
I am no genius, it is just that instead of watching sport feeds, I spent my hobby time Thinking, Reading, and practicing encryptions.
Yes we will have a faster program, I will post it next.
We will start a little before STARTKEY:0052C12900000000
And you will ask what?
52C1 is bigger than 5261????
The answer is NOPE.
52614F2CB05D3801 is a 64 bit representation, every byte at the end has 1 bit of parity.
0052C12900000000 is a 56 bit representation, parity bits where removed.
Lets see how it is done
I hope you see those numbers
52614F2CB05D3801
52C1396B0B8E00
Are in fact the same. One has ODD parity bits, the other one NOT.
How do I know where to start?
You ONLY need to look at the table I made for ECM explanation. You will see:
07-08 entitlementId 0003 entitlementId is used to select what ECM Key should be used
This means in the ECM info, for tandb3rg you can find what ECM entitlement is required. in this case is 0003
You can get some of the keys in key area at https://www.sat-universe.com/index.php?forums/tandberg.561/
You can find a few of the first one in https://www.sat-universe.com/index.php?threads/arena-sport-1-2-3-4-bih-39°e-1-9°e.295823/
places like https://www.sat-universe.com/index....1-2-3-4-bih-39°e-1-9°e.295823/post-2036848897
Yes we will have a faster program, I will post it next.
No we will not start from 52614F2CB05D3801 this number is what we are looking for.Me2019H said:
We will start a little before STARTKEY:0052C12900000000
And you will ask what?
52C1 is bigger than 5261????
The answer is NOPE.
52614F2CB05D3801 is a 64 bit representation, every byte at the end has 1 bit of parity.
0052C12900000000 is a 56 bit representation, parity bits where removed.
Lets see how it is done
Code:
#T 0003 00 52614F2CB05D3801
#5 2 6 1 4 F 2 C B 0 5 D 3 8 0 1
#0101 0010 0110 0001 0100 1111 0010 1100 1011 0000 0101 1101 0011 1000 0000 0001
#0101 001 0110 000 0100 111 0010 110 1011 000 0101 110 0011 100 0000 000
#0101 0010 1100 0001 0011 1001 0110 1011 0000 1011 1000 1110 0000 0000
#5 2 C 1 3 9 6 B 0 B 8 E 0 0
# 52C1396B0B8E00I hope you see those numbers
52614F2CB05D3801
52C1396B0B8E00
Are in fact the same. One has ODD parity bits, the other one NOT.
How do I know where to start?
You ONLY need to look at the table I made for ECM explanation. You will see:
07-08 entitlementId 0003 entitlementId is used to select what ECM Key should be used
This means in the ECM info, for tandb3rg you can find what ECM entitlement is required. in this case is 0003
You can get some of the keys in key area at https://www.sat-universe.com/index.php?forums/tandberg.561/
You can find a few of the first one in https://www.sat-universe.com/index.php?threads/arena-sport-1-2-3-4-bih-39°e-1-9°e.295823/
places like https://www.sat-universe.com/index....1-2-3-4-bih-39°e-1-9°e.295823/post-2036848897
Last edited:
cayoenrique
Member
- Messages
- 475
Lab004 Part VII
In Lab004 Part VI you found out how to find the DES Crypted/Clear pair to be Brute force.
Now we will try to brute-force the key.
IMPORTANT. We do not want to create rumors and find out that Tandb3rg can no longer be open. Just as we did for CSA, as a rule finding a key in a day I guess is acceptable. If you find that my code is faster than a Day, it will be, PLEASE do not post comments in public here. You want to let me how happy you are, then send me a PM. Share with your bests friend in private. Another NOTE: I am not imposing rules in the forum, the forum is free for all to post wjat they please but following forum rules, Not mine. But I am asking you as a favor not to post in this particular thread thinks that can make providers so uncomfortable that they move to new modern CAS that can not be Open!! If you are going to do as you please, the open a new thread apart of this.
Download new program and save in C:\Apps\Home\cryptodir\Labs\004\
OCLDes_010.zip (76.82 KB)
Lest extract and copy the files
Now I left the exe in the folder, for those that one to try. But I strongly suggest you build it yourself.
And you should see something like
See I can search full range with 480 cores in one month!! very nice. I bet you can do it in a day. PLEASE if you are faster in hours do not post the comment in public.
Enjoy
Enrique
In Lab004 Part VI you found out how to find the DES Crypted/Clear pair to be Brute force.
Now we will try to brute-force the key.
IMPORTANT. We do not want to create rumors and find out that Tandb3rg can no longer be open. Just as we did for CSA, as a rule finding a key in a day I guess is acceptable. If you find that my code is faster than a Day, it will be, PLEASE do not post comments in public here. You want to let me how happy you are, then send me a PM. Share with your bests friend in private. Another NOTE: I am not imposing rules in the forum, the forum is free for all to post wjat they please but following forum rules, Not mine. But I am asking you as a favor not to post in this particular thread thinks that can make providers so uncomfortable that they move to new modern CAS that can not be Open!! If you are going to do as you please, the open a new thread apart of this.
Download new program and save in C:\Apps\Home\cryptodir\Labs\004\
OCLDes_010.zip (76.82 KB)
Code:
https://workupload.com/file/eRsVL6f5QQHLest extract and copy the files
Code:
[WINKEY]+R CMD [ENTER]
> cd C:\Apps\Home\cryptodir\Labs\004
> 7z -pwww.sat-universe.com x OCLDes_010.zip
> move OCLDes_010.zip C:\Apps\home\zipfiles
> cd OCLDes_010Now I left the exe in the folder, for those that one to try. But I strongly suggest you build it yourself.
Code:
> make
> OCLDesAnd you should see something like
KERNEL_FUNC1 = tandberg1_pes1_sb0
KERNEL_FUNC2 = des_pes2_3_sb0
Today is Fri Oct 27 19:16:56 2023
OS: Linux mumble 4.19.0-19-amd64 #1 SMP Debian 4.19.232-1 (2022-03-07) x86_64 GNU/Linux
Timer test for 1 second: 1.000139
Connected Platform: Advanced Micro Devices, Inc.
Connected Device: Turks
OCLDESVERSION: 010
PROGRAM_FILE selected: des_decrypt_1block_001.cl
Device properties:
Number of Compute Units (CU): 6
Recommended Local Work Group size: 64
Max Local Work Group size: 256
Global Memory size: 536870912
Multithreading properties:
Number of Threads to launch: 4
Number of PES1 rounds per PES2 16
Single Thread properties:
Number Loops per kernel: 2048
Number of keys per kernel: 2048
Local Work Group Size: 256
Global Work Group Size: 1536
Keys per round: 6442450944(180000000)
File Log from Last Searched present: (007ACC40EF000000)
Start from config.ini value: (007ACC3800000000)
Base Selected: (007ACC3800000000)
Looking for: (7A67101A5BE52601)
BruteForcing for: DECTYPE: 1 TANDBERG EE SINGLE KEY
PES1:36 43 CD E6 3F 67 9D 20 00 00 00 00 00 00 00 00
PES2:7D 1C 9F 9D 68 42 34 10 00 00 00 00 00 00 00 00
Range: (180000000)
Launching threadnum# 0 From7ACC3800000000) To
Launching threadnum# 1 From
Launching threadnum# 2 From
Launching threadnum# 3 From
T# Round# From To Time kps:Round Last4 Keys Found
0 00000001 7ACC3800000000 7ACC397FFFFFFF 19:17:08 8.82e+06 2.63e+07 00 Total 00:
1 00000002 7ACC3980000000 7ACC3AFFFFFFFF 19:17:08 8.37e+07 3.92e+07 00 Total 00:
2 00000003 7ACC3B00000000 7ACC3C7FFFFFFF 19:17:08 5.01e+08 1.56e+08 00 Total 00:
3 00000004 7ACC3C80000000 7ACC3DFFFFFFFF 19:17:09 5.01e+08 2.74e+08 00 Total 00:
0 00000005 7ACC3E00000000 7ACC3F7FFFFFFF 19:17:14 9.67e+06 2.74e+08 00 Total 00:
1 00000006 7ACC3F80000000 7ACC40FFFFFFFF 19:17:15 6.28e+07 2.69e+08 01 Total 01: Key 001:7A67101A5BE52601
2 00000007 7ACC4100000000 7ACC427FFFFFFF 19:17:15 2.51e+08 2.06e+08 00 Total 01:
3 00000008 7ACC4280000000 7ACC43FFFFFFFF 19:17:15 5.01e+08 2.06e+08 00 Total 01:
0 00000009 7ACC4400000000 7ACC457FFFFFFF 19:17:20 9.67e+06 2.06e+08 00 Total 01:
1 0000000A 7ACC4580000000 7ACC46FFFFFFFF 19:17:21 7.18e+07 2.08e+08 00 Total 01:
kernelkeyspersec[0]=9.67e+06 kernelkeyspersec[1]=7.18e+07 kernelkeyspersec[2]=2.51e+08 kernelkeyspersec[3]
Total Key Space = 5.63e+14 Average KPS 2.08e+08
Time for Full range brute force = 0 years 1 months 0 days 19 hours
Finish
Warning - SET pTI->fExitallThread - 1 was SET
See I can search full range with 480 cores in one month!! very nice. I bet you can do it in a day. PLEASE if you are faster in hours do not post the comment in public.
Enjoy
Enrique
Me
Time for Full range brute force = 0 years 2 months 28 days 5 hours
dvlajkovic what about you? How many seconds ?
A faster way must be found But no one helps with any idea
Time for Full range brute force = 0 years 2 months 28 days 5 hours
dvlajkovic what about you? How many seconds ?
A faster way must be found But no one helps with any idea
dvlajkovic
Member
- Messages
- 498
Total Key Space = 5.63e+014 Average KPS 1.16e+010Me
Time for Full range brute force = 0 years 2 months 28 days 5 hours
dvlajkovic what about you? How many seconds ?
A faster way must be found But no one helps with any idea
Time for Full range brute force = 0 years 0 months 0 days 13 hours
Now :
Total Key Space = 5.63e+014 Average KPS 1.33e+008
Time for Full range brute force = 0 years 1 months 18 days 3 hours
moonbase There are many ways: finding a faster way to decrypt DES, or a way to speed up the key schedule
How does the Key schedule work?
Total Key Space = 5.63e+014 Average KPS 1.33e+008
Time for Full range brute force = 0 years 1 months 18 days 3 hours
moonbase There are many ways: finding a faster way to decrypt DES, or a way to speed up the key schedule
How does the Key schedule work?
what is password zip file?
cayoenrique
Member
- Messages
- 475
I put password due to a habit I learn from the beginning of internet sharing. You may recall rapidshare,4share... etc. At that time files encrypted lasted longer. Now a days I do not think it matters, as files my last only 3 or 6 moth at most.
Anyway another learned habit from an old master was to always used this forum address as password. So ALL my files will always have a password:
So do not need to learn it. Just remember to look at SU forum address.
Anyway another learned habit from an old master was to always used this forum address as password. So ALL my files will always have a password:
Code:
www.sat-universe.comcayoenrique
Member
- Messages
- 475
The short answer is no, I do not have a good GPU.
Now I not sure about you question.
What is EK2 for you?
For me EK2 in 2TDEA is
plaintext = DK1 ( EK2 ( DK3 (cyphertext)))
So if you have EK2 + plaintext then you only need on key K1,
Where K1 is ONLY 56 bits. As the other K2 have the other 56 bits. But you do not need it as you have EK2!!
In conclusion this is just a single DES decryption? Is this is the case some one with a GOOD GPU can help you.
Now I not sure about you question.
What is EK2 for you?
For me EK2 in 2TDEA is
plaintext = DK1 ( EK2 ( DK3 (cyphertext)))
So if you have EK2 + plaintext then you only need on key K1,
Where K1 is ONLY 56 bits. As the other K2 have the other 56 bits. But you do not need it as you have EK2!!
In conclusion this is just a single DES decryption? Is this is the case some one with a GOOD GPU can help you.
Last edited:
cayoenrique
Member
- Messages
- 475
Never seen that error.
But most likely you need mingw64 run dlls. Best I can suggest is to install mingw64.
Now I have STRONGLY suggest to install in C:\Apps\MSys2\mingw64. The Idea is if you decided to learn from my tutorials you have that step done. If you want to install my basic setup please look at post 56 of Understanding CSA LINK
If you just want to do it mininum, Again please install in C:\Apps\MSys2\mingw64 : There is no MSys2 requirement. MSys2 Folder is just an empty folder to hold mingw64. In this way we are compatible with those that do want to install MSys2
And do not forget to add
Windows PATH : For all this setup to work you need to add the following in your Windows PATH. C:\Apps\MSys2\mingw64\bin;
But most likely you need mingw64 run dlls. Best I can suggest is to install mingw64.
Now I have STRONGLY suggest to install in C:\Apps\MSys2\mingw64. The Idea is if you decided to learn from my tutorials you have that step done. If you want to install my basic setup please look at post 56 of Understanding CSA LINK
If you just want to do it mininum, Again please install in C:\Apps\MSys2\mingw64 : There is no MSys2 requirement. MSys2 Folder is just an empty folder to hold mingw64. In this way we are compatible with those that do want to install MSys2
And do not forget to add
Windows PATH : For all this setup to work you need to add the following in your Windows PATH. C:\Apps\MSys2\mingw64\bin;
BF of 14B 3des key is not possible, you can forget for it. BF of 7B des key is not problem, If you have right input / output data, 100% BF is finished in cca 2,5 days and actual price for it is cca 60€
You mean (right input / output data,) from HW. i have STi and BCM
i have EK2 and K1 56byte i need K2 and after 3des 16byte
cayoenrique
Member
- Messages
- 475
Listen guys.
I have no experience on real external or internal CAM Conditional Access Modules. I am no t the guy to ask.
Now Assuming that I can Imaging that the process is like the following and that you can manage to get a Pair of Crypt / Clear data, is is possible to get 1 of the DES Key.
From your comment, it seems to me you have half of the problem 1 Key (K1). So you need K2.
Assuming this is the correct equation.
plaintext = DK1 ( EK2 ( DK3 (cyphertext)))
Lets rewrite then like this
plaintext1 = DK1 ( EK2 ( DK3 (cyphertext3)))
This means you need to have on your hand: plaintext1 & cyphertext3.
You then can use the key that you have K1 to get:
cyphertext2 = DES encrypt with k1 ( plaintext1 )
plaintext2 = DES decrypt with k1 ( cyphertext3 )
Now that you have your pair cyphertext2 & plaintext2 some one here with a good GPU can get your needed DES K2 .
I have no experience on real external or internal CAM Conditional Access Modules. I am no t the guy to ask.
Now Assuming that I can Imaging that the process is like the following and that you can manage to get a Pair of Crypt / Clear data, is is possible to get 1 of the DES Key.
From your comment, it seems to me you have half of the problem 1 Key (K1). So you need K2.
Assuming this is the correct equation.
plaintext = DK1 ( EK2 ( DK3 (cyphertext)))
Lets rewrite then like this
plaintext1 = DK1 ( EK2 ( DK3 (cyphertext3)))
This means you need to have on your hand: plaintext1 & cyphertext3.
You then can use the key that you have K1 to get:
cyphertext2 = DES encrypt with k1 ( plaintext1 )
plaintext2 = DES decrypt with k1 ( cyphertext3 )
Now that you have your pair cyphertext2 & plaintext2 some one here with a good GPU can get your needed DES K2 .
@cayoenrique
I think that ashoknek wrote about K2 from keyladder
K3>K2>K1
and he wanted to say that he has K1 key which is decrypted with not known 3des K2 key, he wrote that he has encrypted K2 key - EK2 too but this is not important and usable in this case
So he has 8B output data now - K1. If he should have 8B input data EK1 too and the not known key K2 used for decryption would be des, it would be possible to do BF, but his K2 key is 3des, so to do BF in real time isn´t possible
I think that ashoknek wrote about K2 from keyladder
US20130279691A1 - Secure Key Authentication and Ladder System - Google Patents
Method and system for secure key authentication and key ladder are provided herein. Aspects of the method for secure key authentication may include generating a digital signature of a secure key in order to obtain a digitally signed secure key and transmitting the digitally signed secure key...
patents.google.com
K3>K2>K1
and he wanted to say that he has K1 key which is decrypted with not known 3des K2 key, he wrote that he has encrypted K2 key - EK2 too but this is not important and usable in this case
So he has 8B output data now - K1. If he should have 8B input data EK1 too and the not known key K2 used for decryption would be des, it would be possible to do BF, but his K2 key is 3des, so to do BF in real time isn´t possible
Last edited:
cayoenrique
Member
- Messages
- 475
@all
At the moment I am pretty busy. I got involved in Not found c8 in hvec feeds and at the push/effort that C0der and a few others have put in to that thread, Try to find Chinese AU boxes secrete. HEHEHE
Sorry for me it is funny how many people will not work in new Ideas of their own. But they are willing to do anything to discover a so call Secrete that they imagine is been used by other.
Now back to my own, I do not care about AU. And most people here have work lots of ideas on Block cypher. In general around crypt8 concept. I think is time we look at the Stream cypher. And I have decided to give it a try. Point is I may be busy some time.
Who knows, I may grow a beard while I study it,
@feri333 & @ashoknek
Unless you show me that your project can benefit many here in the forum, or that we can learn a new thing for all. I do not believe I will have time to learn a new topic.
@ashoknek
I am sorry. At the moment a 2 key 3DES is not possible with what I posted.
But if you can simplify the problem to a simple DES Clear/Crypt crack, then may be some one here, will give you a hand.
At the moment I am pretty busy. I got involved in Not found c8 in hvec feeds and at the push/effort that C0der and a few others have put in to that thread, Try to find Chinese AU boxes secrete. HEHEHE
Sorry for me it is funny how many people will not work in new Ideas of their own. But they are willing to do anything to discover a so call Secrete that they imagine is been used by other.
Now back to my own, I do not care about AU. And most people here have work lots of ideas on Block cypher. In general around crypt8 concept. I think is time we look at the Stream cypher. And I have decided to give it a try. Point is I may be busy some time.
Who knows, I may grow a beard while I study it,
@feri333 & @ashoknek
Unless you show me that your project can benefit many here in the forum, or that we can learn a new thing for all. I do not believe I will have time to learn a new topic.
@ashoknek
I am sorry. At the moment a 2 key 3DES is not possible with what I posted.
But if you can simplify the problem to a simple DES Clear/Crypt crack, then may be some one here, will give you a hand.
DES 8BYTE allready cracked by BF
but now tryieng to crack 3des 1122334455667788AABBCCDDFFGGHHII 16BYTE
i have EK2 1122334455667788AABBCCDDFFGGHHII 16BYTE
i have K2 1122334455667788AABBCCDDFFGGHHII 16BYTE IM LOOKING FOR
i have UNIQUE K1 1122334455667788AABBCCDDFFGGHHII 16BYTE IM LOOKING FOR
mysky-pe
live:.cid.9232533c09608a47
ashok nek