How find BISS keys over CWFinder09 of help CW_list_Attack ...

campag5242

Feed Hunter
Messages
2,582
RBT method is a time v memory trade off: the full lookup table for the 2^48 keyspace is shrunk in size because lookup values are stored in chains (65536 results long for Colibri's v1), but only the start SW and end C8 (after reduction) are stored. The storage requirements are thus reduced by a factor of 65536, and your petabytes becomes gigabytes. But lookup is slowed (time losses traded off with storage wins) because you have to retrieve many chains & rebuild them to see if they contain your C8.

For DVB-CSA it's not hashes of passwords which are stored, but the results of encrypting known plain payloads such as packets with 184 (hex B8h) repeats of 00h or FFh (shorthand B8hx00h, B8hxFFh), which are typically found as padding bytes in h262/4 video and audio.

The chain is made by taking the 64-bit C8 from round 1, reducing it to 48 bits by discarding the last two bytes, then using that as the BISS SW/48-bit key for the next round of encryption on the B8hxFFh plain. That's the next link in the chain calculated. The rainbow part is a slight modification of the reduction function every at every round, by XORing the SW with the round number before use. That helps avoid the chains getting stuck in loops of repeating patterns. The chains cover the key space randomly: it's not guaranteed to cover the key space with one rainbow table size 2^48 / 2^16 count of 12-byte chains.

BF is also a known plaintype attack, but one where it's easy & guaranteed to find packets with the required crypted plains: the packets are marked with the PUSI bit set, and you can be sure the first three bytes are 00 00 01. Collect say three such packets, and all decrypt to 00 00 01 XX XX XX XX XX, and it's pretty likely you have the correct key.

For RBT, identifying the crypted packets which contain the plains our tables are built for isn't so clear-cut. Mostly, we count repeatedly occurring packets, and assume the ones with high counts are the right ones. So there's a bit of guesswork/skill to pick them out, or just try every damn one.
 

evrenbiss

Banned
Messages
43
This list is fully prepared as a hobby and we think it is useful for many people. there are few people who prepare the list properly and quality please make positive comments
 

barney115

Donating Member
Staff member
Administrator
Messages
24,681
Good afternoon

Please what is the key of the file

Regards
can you translate that into english please ? :confused:
There is no password for this .rar file just use free WinRar software to extract from the .rar folder nothing special is required :D
 

abu23bcr

Registered
Messages
15
Ask you to solve the problem of not running 32 - bit on the 64 - bit version of Windows
NTgCVPK

https://ibb.co/NTgCVPK
 

ivanski

Registered
Messages
35
Which program use for record TS - and what settings use??
i recorder few .TS file but not good and not possible find key
and how long need this file 5 min or more?
i use DVB DREAM Module:
streamrecorder and TSWriter 2 and nothing? :(
 

ivanski

Registered
Messages
35
how make emulator off ???
i am newbie
pls help me
and how long need this .TS file? - 5 min is ok or more?
 
Last edited:
Top