Brute Forcing CW (non-B*SS)
- Thread starter tvglotze
- Start date
BLACKCRUSADER
Senior Member
- Messages
- 1,994
We cannot post CW here but yes all crypts posted I can get CW in BISS
so you need to ask in a post in the crypt section stating the satellite and frequency and channel name before I can send the CW.
Colibris RGB tables working just fine
I put all three crypts in V2 at same time and got all the CW in 10 seconds. V1 each crypt one by one also working
Last edited:
vakula
Super VIP
- Messages
- 6,238
- Messages
- 24,744
V2 B8hxffh
87 D5 C7 CA FD B6 7D B3 #CW: FF xx xx xx xx xx xx 37
CA 1E E0 17 CB C6 AA 0A #CW: E8 xx xx xx xx xx xx 18
13 64 10 08 0C 63 00 E9 #CW: 8E xx xx xx xx xx xx 18
search completed 100% Success with all 3 Crypt8's : )
only took around 1 min search time total in V2 B8hxffh to find all 3 CW's .
87 D5 C7 CA FD B6 7D B3 #CW: FF xx xx xx xx xx xx 37
CA 1E E0 17 CB C6 AA 0A #CW: E8 xx xx xx xx xx xx 18
13 64 10 08 0C 63 00 E9 #CW: 8E xx xx xx xx xx xx 18
search completed 100% Success with all 3 Crypt8's : )
only took around 1 min search time total in V2 B8hxffh to find all 3 CW's .
It depends:
If the channel use padding/stuffing bytes then Yes (but not 100%)
If not which as more and more tend to do then No, here you will need raw BF which takes much more time
Something wrong? You would need 360 10 seconds chunks for an hour of video.
If you have 6 chunks per minute.....
In any case,I would say you might not find all crypt8 for all chunks,or maybe not repeats in just 10 seconds.
Brute force on those might take a while,and if you missed many....
And also is a matter of syncing the control word changes,you must push them to the CA device at a precise time.Or are you going to cut 360 clips and decrypt individually then join them? well,more work then.
With tools made for the prurpose it might just make sense ,but without this tools that 60 minutes show becomes a week or more of dedicated work.
This is possible since 2002,and nobody ever thought it was worth to do it.
Psilos2003
Registered
- Messages
- 52
I think this was Colibri's intention when he started v2, that is to make finding the CW take less than 10 seconds, so that you can watch real-time (well, with a 10 second delay). Unfortunately he had to guess the fixed for v2 size of the tables and only got, what 85% success rate? Then for the remaining chunks you have to use v1 which has a 99% success rate given a large enough table. And we're still talking about chunks that have a crypt8 but not all chunks do. The remaining have to be brute forced. Now as far as a tool, once you have all CWs, you put them in a .cwl file and tsdec will decrypt the file in one pass. But I don't know of a tool that would spit out the chunks that need brute force.
For every intention or purpose,the search for obtaining CSA CW in real time is the only true form CSA can be hacked.
And the hacking world is pursuing this from the beginning,yes,while others are fascinated with getting to know how encryption work,just enough reward in that for many.
This is probably the important part,Colibri wanted to know,he studied and he got his reward,as a collateral effect,he shared his work and views.And we are here today.
Interesting about the .cwl file.
Would like to see the format,if it follows any type of syncing,since it is needed because the ECM does not change in same intervals.I wonder how you think is done.
Or maybe tsdec just look for next key when it can't decrypt anymore packets?
And the hacking world is pursuing this from the beginning,yes,while others are fascinated with getting to know how encryption work,just enough reward in that for many.
This is probably the important part,Colibri wanted to know,he studied and he got his reward,as a collateral effect,he shared his work and views.And we are here today.
Interesting about the .cwl file.
Would like to see the format,if it follows any type of syncing,since it is needed because the ECM does not change in same intervals.I wonder how you think is done.
Or maybe tsdec just look for next key when it can't decrypt anymore packets?
Last edited:
Psilos2003
Registered
- Messages
- 52
See? this is the problem I was pointing o9ut and have no idea if tsdec could sync the CW to an encrypted file.
Apprently it need the time stamps or may not even use them .
As per readme:
****TSDEC will now try to sync, meaning trying to find TS packets matching to a
cw. If the recorded ts file was ok and you have the CWs from the correct
program and time (this is the problem,I think), you see "sync at packet..." and tsdec should write the
decrypted file recording_decrypted.ts on your disk. ****
I imagine tsdec could check for correct decryption and when failed,it uses the next CW ,but then video packet can be corrupted and never decrypt,while tsdec would change to the next CW when it should not.
Again,an uneducated guess from my part.
UPDATE
the readme actually tells how it works, and how it determine to use next CW,so,is clear for me now.
Thank you
Too many variables that can disrupt the decryption offline,as per the original question on this thread.
Last edited: