How found ECM key Tandberg?

gotya said:

you are right xosef1234, my mistake I just followed the starting of the DES encrypted cw that was posted by dmr0x, I guess he missed it too.

it's yes and should be like this according to the file uploaded by dmr0x


so the decrypted cw from this C8

Code:

[B]PID: 19Ah  B8h-Crypt8:61 8D 32 2E 56 8F B3 4B  [[B][COLOR="Red"]O[/COLOR][/B]] Count:211[/B]

which was found from the ts file {odd pid } uploaded by dmr0x is attached :thum:

now we have the encrypted ECM key ==> { DES encrypted key } and we have the decrypted cw what should we do next ?

How to BF and find the working ECM key when we have both encrypted ECM key and decrypted cw ?

Click to expand...

47 47 DA 1E 00 80 70 18 EE 16 00 00 0A 26 [B]DB FE 27 33 72 CE 77 20[/B] E9 2C 95 14 7F 23 17 72 A5 63
47 47 DA 11 00 81 70 18 EE 16 00 00 0A 26 [B]DB FE 27 33 72 CE 77 20[/B] D4 18 35 35 1D D3 10 2C 4D 12

dale_para_bajo said:

@ViaHussun I seen your PMs, do not need to send multiple. At most that only make me feel that I been harass. 1 Pm is enough. I will answer when I have time.

Now if the question behind all this is to provoke me to release any executable. It will not happen any time soon.

I would not go into details as then I will received a complain or bann for doing "Flaming or any other inappropriate behavior towards other members is not allowed.".

=========================================================
Introduction.

barney2222's video link is perfect for the type of situation when poc.exe find the key. Nice.

Now lets assume that you do really are interest in knowing what is been done, "How found ECM key?" when poc.exe do not help.

Well only way I know is Brute Force the solution.

Now you want to read:
What is a Brute-force attack:
https://en.wikipedia.org/wiki/Brute-force_attack

The Protocol Use
https://en.wikipedia.org/wiki/Data_Encryption_Standard

The only porpoise of the previous links is to show that understanding what has to be done, requires knowledge witch requires many hours of self learning witch then will allow you to understand a multitude of complex operations.

=============================================================
But you will say in Powervu I has this tool.

You feed a -Log of EMMs- > PVHE > and it output the -Master Key-

Yes Colibri powervu analysis was amazing. Thanks. And latter the implementation of PVHE by anubis_ir was even beautiful.

As a result, most of you has collected the wrong or false Idea that you can do Bruteforce for anything in that simple way. So many of you think where is that tool, so I can do the same in tandberg.

I am sorry to tell you that:

a) Finding the crypt DES Block in Tandberg stream that you can then Find the Clear DES Block is 1 big problem.
b) Now Brute-force a DES Block by itself is another complicated thing.


So in powervu you just ask vplug to record a 20-40meg log of emm. Simple. Finding the DES Clear/Crypt Pair is not that easy. You need to use multiple of other tools to get to the different parts that you need. Just to be able to identify that crypt/clear pair, If you make a simple mistake in the identification, then your many hours to Bruteforce will produce 0 results or Incorrect.

=====================================================
Suggestion.
Before you continue to indirectly ask for a tool. First prove yourself useful by recording a TS file and finding a Valid Clear / Crypt Des Block of information that you then can try to bruteforce.

If you get to that point, then you may be requiring a tool to do Des Brute Force.

Click to expand...

dmr0x said:

heres a segment from an already know TD enc channel

ive cut it exactly on the key roll
https://mega.nz/#!Xdk1XCaB!dJa6tFPaNLrY27fIC6IMTKY4MxPptUw_rIsJyTyAG-g

decrypted CW is : Dx xx xx xx xx xx x0

cant post keys here but if you want to find it the c8 is in the ts

now to find its(des-)encrypted cw after some sleep, hopefully

Click to expand...

# this is an ModySat cw log file 
#
# type:
# MODYSAT -f ModySat.cwl -i ModySat_crypted.ts -o ModySat_clean.ts
#
0 DA D0 56 00 33 FE 3F 70
1 DA D0 56 00 33 FE 3F 70