Where’s Colibri he will crack it for us!
end? -BISS-CA Conditional Access Mode for BISS2
- Thread starter tevesat
- Start date
Where’s Colibri he will crack it for us!
campag5242
Feed Hunter
- Messages
- 2,585
It's nice to be optimistic, but I would not be so sure about that... we don't need help to reverse engineer the algorithms: it's all publicly documented. We are only missing keys. But they are so much longer/stronger that there's no hope to brute or employ rainbow techniques.
It gets worse: we've only seen Biss2-CA, with rolling ecm keys (session words in EBU terms) in a crypto period ~30secs. To get the rolling keys, we need to decrypt the ecms with session keys. Those session keys are gotten from emms. Those emms are targeted to individual receivers. The emm key is updated per event, and not sent in the stream. It's sent by email or whatever (just like those leaked Tandberg v3 / D5 keys), but this time RSA encrypted and only decryptable by that one receiver using a unique key buried in firmware. So we need someone who has both valid entitlements and is prepared to leak the email & also extract their key from their receiver firmware to obtain their unique set of emm keys. So compromising the source of the leak -> game over.
It gets worse: we've only seen Biss2-CA, with rolling ecm keys (session words in EBU terms) in a crypto period ~30secs. To get the rolling keys, we need to decrypt the ecms with session keys. Those session keys are gotten from emms. Those emms are targeted to individual receivers. The emm key is updated per event, and not sent in the stream. It's sent by email or whatever (just like those leaked Tandberg v3 / D5 keys), but this time RSA encrypted and only decryptable by that one receiver using a unique key buried in firmware. So we need someone who has both valid entitlements and is prepared to leak the email & also extract their key from their receiver firmware to obtain their unique set of emm keys. So compromising the source of the leak -> game over.
vakula
Super VIP
- Messages
- 6,238
$2500 :mecry:
campag5242
Feed Hunter
- Messages
- 2,585
Nautilus-7's oscam-emu can do everything that $2500 rx can for biss2. They are both missing valid entitlements. Only Biss2 Mode 0 will give you colours.
vakula
Super VIP
- Messages
- 6,238
Correct.
But this rx can do MPEG4 422 on-the-fly
So, potentially is ready for BISS2 + MPEG4 422 SD/HD
Where can we find this biss2 receiver?
Psilos2003
Registered
- Messages
- 52
eBay?
Code:
[URL="https://www.ebay.com/itm/Tandberg-RX8200-Receiver-Rev-2-40-SW-4-3-2-IU-Series-12-100-240V-used-6199/264324493766"]https://www.ebay.com/itm/Tandberg-RX8200-Receiver-Rev-2-40-SW-4-3-2-IU-Series-12-100-240V-used-6199/264324493766[/URL]vitoshatulip
Registered
- Messages
- 59
Saw this tweet the other day
Code:
https://twitter.com/WyzcomLtd/status/1280838857538392064
ViaHussun
Donating Member
- Messages
- 4,098
0.8W 11476 V 7120 8PSK
ID: ID: (empty) SID=1
Biss 2 (Caid 2610)
Full TS here
https://mega.nz/file/CVRilIxC#dG7acduUQ2FzVzF8ClQB-Rw21dGRjCVA9hFgQFokhaQ
ID: ID: (empty) SID=1
Biss 2 (Caid 2610)
Full TS here
https://mega.nz/file/CVRilIxC#dG7acduUQ2FzVzF8ClQB-Rw21dGRjCVA9hFgQFokhaQ
ViaHussun
Donating Member
- Messages
- 4,098
How come if you view the file you will find this "Generated by TSReader 2.8.53a on 2020/07/11 16:11" in PID 0x011 trough the whole file, this lead me to believe it not a raw dump?0.8W 11476 V 7120 8PSK
ID: ID: (empty) SID=1
Biss 2 (Caid 2610)
Full TS here
https://mega.nz/file/CVRilIxC#dG7acduUQ2FzVzF8ClQB-Rw21dGRjCVA9hFgQFokhaQ
Code:
47 42 00 9F 7E F5 3A 00 9A 7C 23 6C 93 CF 3E
47 42 00 9A 6E A0 1C A2 6C FC 1A 6E 82 11 2C
47 42 00 95 73 F4 5F 41 FE E2 A6 5E D4 36 3D
47 42 00 90 78 0E 37 D1 C3 2A 03 24 1F 73 B9
47 42 00 D2 D8 B8 F3 C6 BB 0D 57 DD 28 E0 70
47 42 00 DD 55 93 E3 CB 96 9D 30 42 59 49 CC
47 42 00 D8 59 0A BC 39 20 0B 1F BA 18 86 C2
47 42 00 D3 C9 3D B5 00 D4 1C D2 57 C7 C8 09Also you will se the odd /even key change 9x vs Dx so it's for sure not 1 static key
Last edited:
ViaHussun
Donating Member
- Messages
- 4,098
campag5242
Feed Hunter
- Messages
- 2,585
Just as you would expect to see for biss2 caid 2610 ie biss2-CA; none-cycling keys are biss2 modes 1 or E, caid 2602. Don't think 2602 has been seen in the wild yet.
ViaHussun
Donating Member
- Messages
- 4,098
New records
0.8W 11489 V 7120 8PSK
ID: (empty) SID=1
Biss 2 (Caid 2610)
=> https://mega.nz/file/bQREVKCB#Ho7mNgPlLA54oXQOj-EL3oxIWvLt_aCBtfzi0TPi3H0
Crypt8
0.8W 11489 V 7120 8PSK
ID: (empty) SID=1
Biss 2 (Caid 2610)
=> https://mega.nz/file/bQREVKCB#Ho7mNgPlLA54oXQOj-EL3oxIWvLt_aCBtfzi0TPi3H0
Crypt8
Code:
45 24 DF 0C C4 A2 ED 36 #[E] PID:0200h
83 E6 C2 1F 8C 43 79 94 #[O] PID:0200h
1F 18 11 A4 E1 DE E3 84 #[E] PID:0200h
FC 3B B9 CD AE 34 D4 53 #[O] PID:0200h
9E 3C 38 BC 86 71 E1 68 #[E] PID:0200h
76 34 A9 AD 98 55 CB AD #[O] PID:0200h
53 62 6B F5 0B 35 05 B3 #[E] PID:0200h
CF 8B 1A 6F 0E 17 61 72 #[O] PID:0200h
B1 2E 1E 77 09 9D 2E 68 #[E] PID:0200h
44 FF A1 7B 5A 0A 8A E4 #[O] PID:0200h
84 C6 37 B0 F5 01 47 92 #[E] PID:0200h
59 F4 62 64 C7 99 6B 6D #[O] PID:0200h
3F 3D DC F2 29 FD 89 B6 #[E] PID:0200h
31 2C BF 12 73 60 06 22 #[O] PID:0200h
D0 BF CD D9 DF DD 1A 74 #[E] PID:0200h
54 9D FA 25 B9 46 76 BB #[O] PID:0200h
F2 EE EC EC 52 AA 33 15 #[E] PID:0200h
6D 5A A2 C8 5C E2 D7 DD #[O] PID:0200h
60 11 67 A3 7A C9 A1 23 #[E] PID:0200h
AD FC 34 F6 24 70 49 47 #[O] PID:0200h
77 4D EE DE 7F FD FB 24 #[E] PID:0200h
3A 41 53 7C A7 47 0C A1 #[O] PID:0200h
51 E6 28 60 86 1F 7A 93 #[E] PID:0200h
75 C7 12 1D 7B B7 6D E5 #[O] PID:0200h
41 3C 57 3B 6A 4F EB DF #[E] PID:0200h
4F BD EA 73 8B 19 DC 16 #[O] PID:0200h
14 D4 B3 18 B1 15 5B D4 #[E] PID:0200h
A5 A3 2E 3F 51 4A CB 88 #[O] PID:0200h
A6 8A 59 C7 61 ED 67 ED #[E] PID:0200h
16 63 C4 A7 D3 5C 87 E4 #[O] PID:0200h
D2 43 7F 0E 01 0E 6F 29 #[E] PID:0200h
02 A5 65 5F FC AD 62 88 #[O] PID:0200h
0C 86 22 D4 B6 1D A3 07 #[E] PID:0200h
BF 7D 0F 3F 30 DE 05 29 #[O] PID:0200h
13 9D B4 9C 28 01 05 17 #[E] PID:0200h
EA BA 38 CE 4B 8D AD 6D #[O] PID:1030h
87 7D 6E 6F 65 DF 4B F8 #[E] PID:1030h
D4 0C 18 E9 91 EC B9 93 #[O] PID:1030h
74 E7 A2 07 4E 31 B8 BA #[E] PID:1030h
18 91 36 E8 87 11 49 48 #[O] PID:1030h
3E 78 55 2F 48 ED 2F E2 #[E] PID:1030h
91 1A 35 C9 2B 80 70 28 #[O] PID:1030h
45 A3 CD D8 96 93 57 10 #[E] PID:1030h
02 EB FD 74 3D 71 53 A2 #[O] PID:1030h
8A 27 16 CD A6 DB 35 A8 #[E] PID:1030h
90 59 0C F2 5D 5E 8A D1 #[O] PID:1030h
63 12 0D 88 4C 6F 39 A1 #[E] PID:1030h
03 88 BB 2A BB 3A 2B 35 #[O] PID:1030h
5F 3B E1 8A 53 8D 98 CD #[E] PID:1030h
18 53 D4 9E 5C BA 56 E2 #[O] PID:1030h
AE 17 59 91 F2 A9 B9 27 #[E] PID:1030h
EA BA 38 CE 4B 8D AD 6D #[O] PID:1040h
87 7D 6E 6F 65 DF 4B F8 #[E] PID:1040h
D4 0C 18 E9 91 EC B9 93 #[O] PID:1040h
74 E7 A2 07 4E 31 B8 BA #[E] PID:1040h
18 91 36 E8 87 11 49 48 #[O] PID:1040h
3E 78 55 2F 48 ED 2F E2 #[E] PID:1040h
91 1A 35 C9 2B 80 70 28 #[O] PID:1040h
45 A3 CD D8 96 93 57 10 #[E] PID:1040h
02 EB FD 74 3D 71 53 A2 #[O] PID:1040h
8A 27 16 CD A6 DB 35 A8 #[E] PID:1040h
90 59 0C F2 5D 5E 8A D1 #[O] PID:1040h
63 12 0D 88 4C 6F 39 A1 #[E] PID:1040h
03 88 BB 2A BB 3A 2B 35 #[O] PID:1040h
5F 3B E1 8A 53 8D 98 CD #[E] PID:1040h
18 53 D4 9E 5C BA 56 E2 #[O] PID:1040h
AE 17 59 91 F2 A9 B9 27 #[E] PID:1040h
Last edited:
- Messages
- 24,736
YOUR Image does not open do you have a source link instead for this info ??
Sorry, it should now be possible to open the image.
In any case I leave a link here:
https://gyazo.com/17cfa6731cc23989e47955c227e90a3f
Last edited:
TheUltimate007
Registered
- Messages
- 13
That's not good news at all. All motorised setups will be rendered useless for a long while