RAS encryption

xosef1234

Registered
Messages
107
A bigger record would be great in order to have a deeper look. Whether crypt8 will work... I have some doubts. If you have a look at the files uploaded from serkanguzel you can see the following (just a few things I noticed):

-You get crypt8 using Colibris CSA-tool; anyway, if you check the 188bytes packets with the crypt8 you will see that except the crypt8 the remaining bytes are not identical. So in my opinion this is not CSA.

-The crypt8 you can get are part of blocks which do have kind of a "structure" at the beginning. The first 2 bytes are somehow repeating in some packets.

-The packets with adaptation field are not scrambled (the bits are not set).
 

kebien

Registered
Messages
1,329
No, it's not 7 byte, just 7 digits. I recently saw one person in a broadcast studio introducing all parameters in a professional receiver. He inserted frequency, symbol rate.... and RAS key. It was just a 7-digit number (not letters), for example 1234567, so I think that just 1 million of keys are available. This man told me they receive a different fixed key for each feed, so the operations are exactly like BISS (they introduce a fixed key in the receiver), but the key is simpler, and I don't know if crypt8 method could be used to find the key.
Thank you to all users that provided good TS recordings.
Think about it
Hypotetically they could use this 7 digit key,they use a 128bits rsa that's inside the receiver to expand it,then after a long process they come up with a control word,being this DES or CSA,or in the worst case proprietary.
See how simple things are only in appearance?
Being only numbers mean really nothing at this point.
You know nothing more than that operator you know,which is really little.

In the other hand,it can be really simple,but still a mistery.
Whatever you have been told,is simply the process of entering a key in an IRD,what we need to know is what happen inside the IRD,understand?

I also doubt it uses CSA
Cracking RAS wount be easy without the information from inside the IRD
 
Last edited:

xosef1234

Registered
Messages
107
Have a look at the following manual (3-13 and 3-14)

_http://dtv.mcot.net/data/manual/book1155180902.pdf

Maybe the 7digits key is the DSNG key and according to this manual RAS is propietary.
 

Francescone

Member
Messages
686
kebien, as you said, unfortunately I don't know nothing more than the operator. Clearly understand your thinking, sometimes simple does not mean simple! Anyway, I know that RAS is not present in all professional IRDs, but only in Ericsson/Tandberg receivers. So... yes, it could be proprietary I'm afraid.
 

kebien

Registered
Messages
1,329
Somebody get this TS and see if it gives you crypt8 and post it in the thread that search for keys.
There are many people with tons of resources,and if a key come up,we continue the experiment.
 

C0der

Registered
Messages
267
So there are no ECMs. That would suggest a constant key.
But there are lots of different crypt8. That would suggest a varying key.
What is going on there?
 

kebien

Registered
Messages
1,329
Take a single crypt8 and see if a key comes up,at the same time record the feed,see if the key found (if found) decrypts the feed.
If only decrypts pieces,then the ird changes the cw,but I see this as a problem for them to sync the key changes without an ecm. (could simply be using the PCR /time stamps in the feed,though)
Without an ECM there is no way the key is changing in my view.
But who really knows what the receiver do?
 
Last edited:
Top