K1 for Unique Pairing Mode

h3nch4

Registered
Messages
201
Hello Everyone,
How to find K1 for Unique Pairing Mode to put in on OScam ?

Code:
2020/05/16 02:51:18 25E5EE4D r   (reader) Card [videoguard2] Answer from cardreader:
2020/05/16 02:51:18 25E5EE4D r   (reader)   84 3B 4E 9F 8E 0A C0 D0 F4 A4 2E 0B 0B C0 35 72 
2020/05/16 02:51:18 25E5EE4D r   (reader)   73 B2 EE E7 37 EF AC 68 91 BE BC 0E D8 24 B6 CF 
2020/05/16 02:51:18 25E5EE4D r   (reader)   20 24 71 00 5A AD 58 61 E8 49 13 59 15 69 FF 04 
2020/05/16 02:51:18 25E5EE4D r   (reader)   BC 11 7F B7 31 05 8F DF D8 DC 49 CD AA 23 C6 9E 
2020/05/16 02:51:18 25E5EE4D r   (reader)   AC 49 B3 2F 43 74 BF 84 CD 30 83 50 72 49 62 59 
2020/05/16 02:51:18 25E5EE4D r   (reader)   D1 05 BE C0 CF AC 71 82 90 20 
2020/05/16 02:51:18 25E5EE4D r   (reader) Card [videoguard2] Decrypted payload
2020/05/16 02:51:18 25E5EE4D r   (reader)   DF 08 00 80 74 25 7F 28 00 00 00 0D 00 01 22 02 
2020/05/16 02:51:18 25E5EE4D r   (reader)   00 00 0E 02 01 00 0F 04 00 00 00 00 20 04 00 00 
2020/05/16 02:51:18 25E5EE4D r   (reader)   00 00 25 11 00 00 00 00 00 00 00 00 00 00 00 00 
2020/05/16 02:51:18 25E5EE4D r   (reader)   00 00 00 00 00 2A 04 00 0D 00 00 55 01 83 56 08 
2020/05/16 02:51:18 25E5EE4D r   (reader)   00 00 00 00 00 00 00 00 
2020/05/16 02:51:18 25E5EE4D r   (reader) Card [videoguard2] classD3 ins54: CW is crypted, trying to decrypt unique pairing mode 0x83
2020/05/16 02:51:18 25E5EE4D r   (reader) Card [videoguard2] crypted CW is: 0000000000000000DF08008074257F28
2020/05/16 02:51:18 25E5EE4D r   (reader) Card [videoguard2] use k1(DES) for CW decryption in unique pairing mode
2020/05/16 02:51:18 25E5EE4D r   (reader) Card [videoguard2] decrypted CW is: 0000000000000000F855F434C8983EB2
2020/05/16 02:51:18 25E5EE4D r   (reader) Card [videoguard2] cardreader_do_ecm: after csystem->do_ecm rc=1
2020/05/16 02:51:18 25E5EE4D r   (reader) Card [videoguard2] cardreader_do_ecm: ret rc=1
2020/05/16 02:51:18 25E5EE4D r   (reader) Card [videoguard2] cardreader_process_ecm: cardreader_do_ecm returned rc=1 (ERROR=0)
2020/05/16 02:51:18 25E5EE4D r   (reader) Card [videoguard2] ecm hash: 80733512545DC9558419492F178C91D2 real time: 153 ms
2020/05/16 02:51:18 447BBE2B c      (ecm) anonymous (09B4&/17B6/17BA/17B6/I:80733512545DC9558419492F178C91D2#CW=0000000000000000F855F441C8983E9E): found (158 ms) by Card - HBx
2020/05/16 02:51:18 447BBE2B c      (ecm) cw:
2020/05/16 02:51:18 447BBE2B c      (ecm)   00 00 00 00 00 00 00 00 F8 55 F4 41 C8 98 3E 9E 
2020/05/16 02:51:18 25E5EE4D r   (reader) Card [videoguard2] cardreader_do_checkhealth: reader->card_status = 2, ret = 1
 
Last edited:

stinkefisch

Registered
Messages
183
hashcat -m 14000 hashes.txt -o cracked.txt -a 3 -1 /usr/share/hashcat/charsets/DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -w 4 --force

dCW: 64BE8AF941BA44BE
eCW: 2528E33502EE54F9

hashes File:
2528E33502EE54F9:64BE8AF941BA44BE
 

h3nch4

Registered
Messages
201
hashcat -m 14000 hashes.txt -o cracked.txt -a 3 -1 /usr/share/hashcat/charsets/DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -w 4 --force

dCW: 64BE8AF941BA44BE
eCW: 2528E33502EE54F9

hashes File:
2528E33502EE54F9:64BE8AF941BA44BE

thanks bro :thum:
 

h3nch4

Registered
Messages
201
i try this command :
hashcat64 -m 14000 -a 3 2528E33502EE54F9:64BE8AF941BA44BE -o cracked.txt -1 charsets\DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -w 4 --force

running and wait .....

Session..........: hashcat
Status...........: Quit
Hash.Type........: DES (PT = $salt, key = $pass)
Hash.Target......: 2528e33502ee54f9:64be8af941ba44be
Time.Started.....: Sat May 16 17:58:53 2020 (11 secs)
Time.Estimated...: Thu Sep 16 18:44:38 2027 (7 years, 122 days)
Guess.Mask.......: ?1?1?1?1?1?1?1?1 [8]
Guess.Charset....: -1 charsets\DES_full.charset, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: 311.3 MH/s (294.93ms) @ Accel:16 Loops:1024 Thr:512 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 3137339392/72057594037927936 (0.00%)
Rejected.........: 0/3137339392 (0.00%)
Restore.Point....: 0/34359738368 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:34816-35840 Iteration:0-1024
Candidates.#1....: $HEX[733834616e616e61] -> $HEX[fe2f2ffe7f0b0101]
Hardware.Mon.#1..: Temp: 78c Fan: 37% Util:100% Core:1026MHz Mem:1494MHz Bus:8
 

007.4

VIP
Messages
364
If the eCW:dCW data you are using is not for your card, your seven year wait will all be in vain.
 

h3nch4

Registered
Messages
201
Is it possible to find K1(DES) on file ts ?

i running on hashcat with this command :

hashcat64 -m 14000 -a 3 filets.ts -o cracked.txt -1 charsets\DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -w 4 --force

vsE3UnC.png
 

dijitalxyz

Registered
Messages
90
Is it possible to find K1(DES) on file ts ?

i running on hashcat with this command :

hashcat64 -m 14000 -a 3 filets.ts -o cracked.txt -1 charsets\DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -w 4 --force

vsE3UnC.png

dvb-s CSA is standart and crypted ts packed
recording ts has containing more information
need crypted only one pid ts

CCWs ??
 

jessika

Registered
Messages
99
which oscam and device you have tried

Try calculate manually my some channels open now

where to find dcw

edit: Please Refrain from spamming
 

erol029

Registered
Messages
51
which number need to put in haschat ,where is this number


dCW: xxxxxxxxxxxxxxxx
eCW: xxxxxxxxxxxxxxxx

hashes File:
xxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxx

?
 

dishnxt

Registered
Messages
4
hashes File:
2528E33502EE54F9:64BE8AF941BA44BE
This hash file Is same for all cards
Or how to get this file
 

shabeerbhatti

Registered
Messages
3
C:\Users\SoNiC\Downloads\Compressed\hashcat-6.1.1\hashcat-6.1.1>hashcat -m 14000 -a 3 84479f7b0fdfd923:0e7f8c85d8d8019f -o crackme.txt -1 charsets\DES_full.charset --hex-charset ?1?1?1?1?1?1?1?1 -w 4 --force
hashcat (v6.1.1) starting...

You have enabled --force to bypass dangerous warnings and errors!
This can hide serious problems and should only be done when debugging.
Do not report hashcat issues encountered when using --force.
OpenCL API (OpenCL 1.2 ) - Platform #1 [Intel(R) Corporation]
=============================================================
* Device #1: Intel(R) HD Graphics 4400, 1565/1629 MB (407 MB allocatable), 20MCU
* Device #2: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz, skipped

Minimum password length supported by kernel: 8
Maximum password length supported by kernel: 8

Invalid hex character detected in mask charsets\DES_full.charset

Started: Wed Sep 02 06:09:51 2020
Stopped: Wed Sep 02 06:09:53 2020
 

Grobbel

Registered
Messages
2
Could someone please explain how to get a hash or hashes file from the oscam log?
I ran "oscam -S -d 6" and the output looks like the first post in this thread, but i don't see numbers like in the hashcat commands shown.
 
Top