Hacking CA system challenge *Tandberg [ NO Keys Allowed in Chat Section/s ]*

Messages
44
Here is a Tandberg encrypted stream (103 seconds):
_https://mega.nz/#!1ApzARrR!Oq0Mf9VDdJlcwyJidB5jRJ-8QTWLlP7G5FqnmJxx2vc

I have filtered it for the needed PIDs for program 3:
PID_PAT 0
PID_CAT 1
PID_EMM 0x1F4
PID_PMT 0x576
PID_ECM 0x56F
PID_VID 0x515
PID_PCR 0x577
PID_AUD1 0x51F
PID_AUD2 0x520
PID_AUD3 0x521
PID_AUD4 0x522
PID_AUD5 0x523
PID_AUD6 0x524
PID_AUD7 0x525

CAID is 1010h
EMM table IDs are 82h and 83h

I was able to decrypt it with the help of a EMM key that I have found in the firmware:
341135576525d25a6ca.png


It uses CSA with a changing CW.
Of course you can use RBT or CudaBiss to decrypt a crypto period, but the goal of this challenge is to decrypt it the normal way with the help of the EMM key (D5 B0 49 40 0D FB 83 25).


So post the first EMM with table ID 82h.
There are x * 8 byte encrypted data present.
Can you decrypt it with the above info?
You need to guess the encryption algorithm from this old (so it's not AES) Tandberg system.
The decrypted data should start with A4 C7...
Post the x * 8 byte decrypted data.
 

kebien

Registered
Messages
1,329
Oh,this is good.
The ECM carries 16 bytes of data
This are couple packets of old logs i have.
Code:
00 80 70 18 EE 16 00 00 00 01 96 31 4C A1 7A B9 F4 6D 9E 3F 8B 36 80 21 54 4C 25 10 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 
00 81 70 18 EE 16 00 00 00 01 96 31 4C A1 7A B9 F4 6D 73 B4 A1 20 15 62 B0 5D D7 E3 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF

It should be different provider than yours,maybe emm key is the same for all systems?
 

xosef1234

Registered
Messages
107
So post the first EMM with table ID 82h.
Code:
82 70 8a 00 58 17 e3 f0 84 e4 82 ff ff 90 77 34 86 8d 55 9b 48 c6 8b 24 cc c7 7a aa a8 36 f4 c4 8c fa b7 49 0a f3 ac 34 42 cb e8 6c 6e 9d cb c5 05 2c d8 fe 02 11 cb 7a 5b 4e 06 12 49 2b e2 51 28 48 79 fb f7 df ce a5 a0 52 a6 a9 f8 f0 d9 29 a0 57 1e 88 ca 13 f8 0e 20 5e 94 45 c4 89 3c 99 40 c2 99 1e d3 c1 b1 17 4e 24 cc a3 9f 34 63 7b 80 f2 c2 74 56 88 b6 54 6c 1c cc 2f cd 5a d4 f2 d2 18 b7 f9 d1 ff c9 db 0c a6 7d c1 25
 
Last edited:
Messages
44
The posted EMM is correct.
Even if someone can't write programs you can decrypt the emm using
_http://www.cryptool.com
The required block cipher is supported by this tool.
So which encryption algorithm is used?
 

xosef1234

Registered
Messages
107
Just to be sure, the structure of this EMM packet is like this?
Code:
82 [17 x 8 bytes] [4 bytes checksum]
Or maybe like this?
Code:
82 [12 bytes] [16 x 8 bytes]
 
Messages
44
@K2TSET:
Correct, but the question is have you found it via RBT or via the ECM.
If you found it via the ECM, what was the ECM key?

@xosef1234:
Here are different EMMs:
47 41 F4 13 00 82 70 8A 00 58 17 E3 F0 84 E4 82 FF FF 90 77 34 86 8D 55 9B 48...
47 41 F4 13 00 82 70 8A 00 58 4D 63 F0 84 E4 82 FF FC 75 22 F8 64 85 B7 9B 05...
47 41 F4 16 00 82 70 8A 00 58 BA 5A F0 84 E4 82 FF FD E5 5C 88 11 5F E1 C7 CB...
47 41 F4 1C 00 82 70 8A 00 58 17 E3 F0 84 E4 82 FF FE 1C 24 A5 AE 21 9B 6D 83...
Is seems green values are not crypted.

@antrabe:
This was an old record from a feed @10°E freq:11141 HOR SR:28500
 

drhans

Registered
Messages
116
is this the decrypted emm? starts with a4 c7 at least :)

Code:
a4 c7 10 df 23 9b 4a 7a 4a f4 25 4f 6e 13 2c c1 
3e ad c2 bc 98 7f 32 46 6b 16 51 85 d0 bc 9e cb 
fb 04 34 20 70 54 5d 38 37 07 e5 2a 07 cd c8 7c
37 29 8f cb 38 e3 01 57 0d ab 1f cb 6d 76 da 07
7c c1 0e ae ec c2 01 d5 ae 94 97 13 25 40 df 04
75 da 75 b0 58 76 8f 25 e0 b6 70 89 9e 4a 79 46
e3 ae 45 df f1 4c f8 dc b3 02 57 b9 ba 8a 16 d5
9d ef 43 46 a8 d3 0e 10 2f 9e ab bf b3 3e 86 9e
 
Messages
44
@drhans: Correct. For all the EMM & ECM stuff DES (ECB mode) must be used.

@K2TSET: A4 C7 10 DF 23 9B 4A 7A are the first decrypted bytes via DES, but isn't the ECM key.


The 10h * 8 decrypted bytes are 10h EMM-Keys (that will be stored in RAM).

47 41 F4 13 00 82 70 8A 00 58 17 E3 F0 84 E4 82 FF FF 90 77 34 86 8D 55 9B 48...
47 41 F4 13 00 82 70 8A 00 58 4D 63 F0 84 E4 82 FF FC 75 22 F8 64 85 B7 9B 05...
47 41 F4 16 00 82 70 8A 00 58 BA 5A F0 84 E4 82 FF FD E5 5C 88 11 5F E1 C7 CB...
47 41 F4 1C 00 82 70 8A 00 58 17 E3 F0 84 E4 82 FF FE 1C 24 A5 AE 21 9B 6D 83...

Also important is the byte marked in green.
The two LSBs of this byte is the block index (range: 0..3) where the EMM-Keys must be stored in RAM.
BlockIdx = GreenByte & 0x03;

So the IRD can store 40h EMM-Keys. They can later be used with KeyIdx 0..3Fh

For the EMM that we have decrypted the BlockIdx was 3 (0xFF & 0x03 = 3).
So the first decrypted EMM-Key (a4 c7 10 df 23 9b 4a 7a) will get KeyIdx 30h and the last 3Fh.



EMM with table ID 83 (instead of ID 82) must be decrypted to get the the ECM key.
One of the 10h EmmKeys must be used to decrypt TabId83, but it's not KeyIdx 30h in this case.
TabId83 contains the KeyIdx that must be used. It contains also a 4 byte entitlement ID.
The ECM contains the entitlement ID also.

So we must fist find our constant entitlement ID in the ECM.
So post the first ECM with TabId 80h and the first with TabId 81h.
What is the meaning of the different bytes in the ECM?
 

drhans

Registered
Messages
116
47 45 6F 10 00 81 70 18 EE 16 00 00 16 AB A9 D4 0A 26 FE 79 CB AF 09 AC 49 F5 B3 42 B3 71 AA 02

47 45 6F 13 00 80 70 18 EE 16 00 00 16 AB 09 42 F1 62 63 48 BD 97 09 AC 49 F5 B3 42 B3 71 F7 63

I'd say the green ones are CWs, and something in 70 18 EE 16 00 00 16 AB would identify the ecm key and the entitlement ID?
 
Messages
44
47 45 6F 10
00
81: Table ID
70 18: & 0x0FFF -> Section length
EE: Tag ECM_TAG_CW_DESCRIPTOR
16: Length
00 00 16 AB: Entitlement ID
A9 D4 0A 26 FE 79 CB AF: encrypted CW
09 AC 49 F5 B3 42 B3 71: encrypted CW
AA 02: Checksum

By the way here are the names of all the tags I have found in the firmware:
E0 = EMM_TAG_RECEIVER_ALLOCATION_DESCRIPTOR
E1 = EMM_TAG_EVENT_ENTITLEMENT_DESCRIPTOR
E2 = EMM_TAG_EVENT_DEENTITLEMENT_DESCRIPTOR
E3 = EMM_TAG_OAC_COMMAND_DESCRIPTOR
E4 = EMM_TAG_SECURITY_TABLE_DESCRIPTOR
E6 = EMM_TAG_OVER_AIR_DOWNLOAD_DESCRIPTOR
E7 = EMM_TAG_OVERALL_ENTITLEMENT_DESCRIPTOR
E8 = EMM_TAG_OVER_AIR_DOWNLOAD_SWITCH_DESCRIPTOR
EE = ECM_TAG_CW_DESCRIPTOR


So post the first EMM with TabId83 that contains our 00 00 16 AB entitlement ID.
Then we need to locate the 8 crypted bytes (the encrypted ECM key).
We need to find the KeyIdx byte also.
 

xosef1234

Registered
Messages
107
Code:
83 70 40 02 7e ff 74 c1 fe 87 28 bd 7b e9 c5 f7 73 f7 ef 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 31 cf d0 f0 14 e1 12 00 00 16 ab 00 51 ee fb 6b f6 ae c3 3b 77 5d 64 47

I would say the encrypted ECM key is the following: f6 ae c3 3b 77 5d 64 47
and the key index is 31h

Is it correct?
 
Top