How to biss

greatgatsby · Jul 22, 2019

I've been reading, I know about rainbow tables, the tools that go with it, and I see the thread where people post crypt8's that don't have the rainbow tables and don't want to compute it themselves.

Right now I don't have a cuda gpu (but I will get one), but in the meantime, how can I get crypt8's to post in the crypt8 thread? I thought I could run the rainbow table tool without a GPU to get the crypt8, but it needs a gpu to do anything. What am I missing?

campag5242 · Jul 22, 2019

You can use Colibri's RBT v2 tool without a GPU to search a .ts file for C8s.

Or, if you have linux or Windows Subsystem Linux (WSL), then xosef1234 has published a perl script to do this, see: https://www.sat-universe.com/showthread.php?t=307112

If you can code, the method is pretty simple: simply keep count of encrypted ts payloads (of the same length, usually B8h / 184 bytes) sharing the same first 8 bytes. Those often-seen 8 bytes are the C8.

greatgatsby · Jul 22, 2019

Thanks for the reply. You gave me lots of options, as I do have linux, and can code (and I have some TS parsing code I wrote long ago kicking around, but I'll probably use one of the more ready to go options for now). Also really nice to know what the c8 actually is! I'm surprised the csa rainbow tool uses the GPU to parse the ts like that. From people I've talked to who've written cuda code (I've never done it myself, but if I'm going to get a cuda capable card, I surely will be in the future), the bottleneck is usually getting the data to and from the gpu. For something like file parsing, I'd think regular old multi-threaded code on the cpu would be faster actually, and just splitting the file contents across teh threads. Of course running the key search is clearly more suited to the GPU.

One other question, which mdplugin is used for biss once I'm actually ready for that? I haven't been able to figure that out from reading yet either.

dvlajkovic · Jul 23, 2019

vplug, but you can also do it with vlc player only - no need for any plugins

campag5242 · Jul 23, 2019

greatgatsby said:
Also really nice to know what the c8 actually is! I'm surprised the csa rainbow tool uses the GPU to parse the ts like that. From people I've talked to who've written cuda code (I've never done it myself, but if I'm going to get a cuda capable card, I surely will be in the future), the bottleneck is usually getting the data to and from the gpu. For something like file parsing, I'd think regular old multi-threaded code on the cpu would be faster actually, and just splitting the file contents across teh threads.

When you start coding it up, learning how DVB-CSA works, you'll realise why the 8 bytes were chosen at the start of a payload: those require the least amount of work to process, as there is no stream cypher overcrypt on those after the block cypher operation.

Yeah, CPU is perfectly adequate to sift through and collate stats on the ts. I outlined some methods to tag the C8s with their plains here which you might try to implement.

CUDA isn't so hard to pick up, and the results are amazing cf any CPU implementation. I started with CPU code, 08h tables only, as they can be searched in reasonable time on a fast multi-core CPU. Colibri's "DVB_TS_Vollverschluesselung_geknackt.pdf" is all you need to get you going: get those examples working on a CPU, & build from there.

greatgatsby · Jul 28, 2019

So, I got a gpu and an ssd, downloaded all of table 08hxFFh, uncompressed it, joined the 5 parts together using the tool (joined parts 1+2,then 3+4, then 12+34, then 1234+5), got some crypt8 values from some ts's, but I can't get a single one of them to give me a cw in the end. Anyone give me some guidance on what I'm doing wrong? Is it because it's giving me a B8h-crypt8, but for some stupid reason I downloaded the 08h table, which doesn't match?

Here's an excerpt from the log:
Search Crypt8 in TS Start
TS file: F:\test_biss.ts
Using all PIDs
Using file limit: 4096 MByte
File length: 1288 MByte
UsingFileLen: 1351156000 bytes
Reading file ...
Searching ...
Using payload size: 184
PID: 65h B8h-Crypt8:00 39 14 59 E2 33 35 E7 [E] Count:113
PID: 65h B8h-Crypt8:31 AA 11 90 49 2F D1 37 [E] Count:103
PID: 65h B8h-Crypt8:E5 C0 5F 8C 63 8F 3D 37 [E] Count:85
PID: 65h B8h-Crypt8:F8 D5 4A 7B 79 C3 4F 81 [E] Count:83
PID: 65h B8h-Crypt8:67 4F 45 5C 79 1D A8 21 [E] Count:74
PID: 65h B8h-Crypt8:19 7A A4 D9 DB F2 7E F5 [E] Count:73
PID: 65h B8h-Crypt8:45 33 C8 A9 39 42 34 9C [E] Count:73
PID: 65h B8h-Crypt8:7F B2 08 0A 68 73 43 09 [E] Count:63
...

PID: 66h B8h-Crypt8:90 22 AF 45 0E FC 67 18 [E] Count:6
PID: 66h B8h-Crypt8:05 19 A2 D6 7F 33 5A B0 [E] Count:5
PID: 66h B8h-Crypt8:09 72 B8 1C AA 19 9D E3 [E] Count:5
PID: 66h B8h-Crypt8:0B 45 97 01 C8 B4 13 91 [E] Count:5
PID: 66h B8h-Crypt8:10 B3 9A 98 40 E3 D7 59 [E] Count:5
PID: 66h B8h-Crypt8:1B 0E 73 65 AE 65 A6 0F [E] Count:5
PID: 66h B8h-Crypt8:21 DC B3 0D 0C C1 0B 43 [E] Count:5
PID: 66h B8h-Crypt8:24 C8 41 E0 EF 0A 16 D3 [E] Count:5
...

PID: 67h B8h-Crypt8:08 E0 FF A7 FA 9E FF 9B [E] Count:4
PID: 67h B8h-Crypt8:76 58 69 E3 A6 55 B9 3D [E] Count:4
PID: 67h B8h-Crypt8

3 AC A7 09 EA 0D 80 65 [E] Count:4
PID: 67h B8h-Crypt8

E 5D AB 94 A7 BC 82 F0 [E] Count:4
PID: 67h B8h-Crypt8:ED 42 7D CA E3 67 7A C2 [E] Count:4
PID: 67h B8h-Crypt8:02 03 3E 71 D6 C5 FB F5 [E] Count:3
PID: 67h B8h-Crypt8:11 12 FB 8C 6C AD D3 58 [E] Count:3
PID: 67h B8h-Crypt8:19 85 61 23 FE AD 0D 70 [E] Count:3
...

Time for searching Crypt8 = 4 sec.

Search CW Start
RBT file: G:\csa-rainbow\CSA_08hxFFh_10000h.rbt
Calc all 10000h end values for this crypt ... (using file cache)
Search end values in RBT ...
Searching CW in RBT ...
Found 659231 possible chains (harddisk only search time = 134 sec.)
Analysing chains ... (will be 10 times slower if an other thread is keeping the GPU busy)
CW not found
It seems you need a bigger RBT
Search CW done (386 sec.)

barney115 · Jul 28, 2019

This Crypt8 is a Fail .
need a bigger count ..[E] Count:113 = LOW Count Fail
this happens a lot a good crypt8 example Here with good high count ->

PID: 200h B8h-Crypt8:91 0F 27 85 78 63 AB F8 [E] Count:3814
PID: 200h B8h-Crypt8:FD 41 2F 65 48 72 CB 96 [E] Count:2

08hxFFh Table is useful only for Payload Size 8 Crypt8's
very few feeds require this this Table .

usually B8hxffh is required for HD Feeds like what you posted ,
and B8hx00h for Audio C8's and SD Feeds .
So no real shock that you found nothing with 08hxFFh Table
record again look for a lot higher counts in your Crypt8
and use B8hxffh then you will start having success ,
Good luck : )

kebien · Jul 28, 2019

You will need all tables if you want to have success.
You are on your way,but still need more diversity in order to find keys for different type of feeds.

greatgatsby · Jul 28, 2019

barney115 said:
This Crypt8 is a Fail .
need a bigger count ..[E] Count:113 = LOW Count Fail
this happens a lot a good crypt8 example Here with good high count ->

How do I get a higher count? If the .ts file I record and use to find the crypt8 is > 4GB, the tool (at least V1) doesn't read it at all. It just "finishes" searching instantly and doesn't find anything. Do you use the V2 tool for that?

Working on downloading the b8hxffh tables - of course one file is not working and I'll have to wait.

greatgatsby · Jul 28, 2019

I see v2 tool does handle .ts files > 4GB, so I answered my own question. Just waiting for more mega quota so I can get the last file I need for the b8hxffx table...

campag5242 · Jul 28, 2019

greatgatsby said:
So, I got a gpu and an ssd

When it comes to learning how to code things up yourself, you'll still need to start with single-threaded CPU code to get a good grasp of how things work.

There's a lot of fun to be had first in getting things going, & then seeking performance boosts. And the same again when porting that code to CUDA. Only took me two years lol.

Tip: when coding your .ts search for counts of repeat C8s, allow it to analyze plaintext (fta or decrypted) packets too. That way you'll get to see directly plain versions of these crypt8s, and gain an insight into when they crop up. eg you only ever get 08hxFFh in the presence of B8hxFFh (& on select encoders), and as such 08hxFFh can be useful as a backup when your B8hxFFh has failed.

greatgatsby · Jul 29, 2019

Ok, have table, have gotten valid CW, but I can't figure out how to get it to work in vplug with tsreader. The CW works using tsreader's biss plugin, but I think you have to enter it manually everytime, which is lame. I had it working _very_ briefly in vplug, and now I can't get it working again.

Problem seems to be that vplug won't populate the CA-Info box with the list of encryptions in the mux, at least most of the time. Very occasionally it pops up.

So, starting from fresh install of vplug (no softcam, no v_keys.db or v_sids.db) how do you add biss keys to vplug?

credoman · Jul 29, 2019

It's too easy. Added key without control of sume.

How to biss

greatgatsby

campag5242

greatgatsby

dvlajkovic

Member

campag5242

greatgatsby

barney115

Donating Member

kebien

Registered

greatgatsby

greatgatsby

campag5242

greatgatsby

credoman