Go Back   Sat Universe > Encryptions > Encryptions chat

Note: Visitors from certain countries might see in-text advertising(underlind words in posts) or pop-under ads.
It is only shown to unregistered visitors or members that haven't made any posts. So you can easily get rid of it.

World-Of-Satellite

New BISS algo? (TESTCA @ 7°E)

Encryptions chat

Reply
  #21  
Old 20-06-2019, 16:31  Translate from English to Italian  Translate from English to French  Translate from English to German  Translate from English to Spanish  Translate from English to Dutch  Translate from English to Greek  Translate from English to Portuguese  Translate from English to Russian  Translate from English to Russian
campag5242 campag5242 is offline
Senior Member
 
Join Date: May 2019
Posts: 1,589
Thanks: 259
Thanked 2,259 Times in 384 Posts
Country: Country Flag
Default

I looked at recent .ts recordings:
1. Scrambling control in the PMT is 0x10, so DVB-CISSA here, not CSA3
2. Tuesday's H264 video had FF padding, easily spotted by the trailing 8-bytes of FF on the packets without an AF. And confirmed by the subsequent AF ending ...FF FF 80
3. Since CISSA's AES CBC encrypts the block left to right, the Crypt16 is the same irrespective of payload length.
4. Furthermore, the fact that the CBC crypt is done left to right (not right to left as per CSA) means only one round of AES required for building chains, not 23 rounds of CSA BC as per the B8hx Crypt8s
5. It's still hopeless...
Reply With Quote
The Following 9 Users Say Thank You to campag5242 For This Useful Post:
C0der (20-06-2019), jenseneverest (20-06-2019), manic01 (20-06-2019), nautilus7 (20-06-2019), orangebirds (21-06-2019), siawoosh (20-06-2019), Stunner34 (20-06-2019), TheHighLander (20-06-2019), ZinnetiG (20-06-2019)
  #22  
Old 21-06-2019, 01:29  Translate from English to Italian  Translate from English to French  Translate from English to German  Translate from English to Spanish  Translate from English to Dutch  Translate from English to Greek  Translate from English to Portuguese  Translate from English to Russian  Translate from English to Russian
kebien kebien is offline
 
Join Date: May 2008
Posts: 1,175
Thanks: 12
Thanked 1,412 Times in 610 Posts
Country: Country Flag
Default

But there is another important issue : the ECM decryption algorithm.
There most probably is a security element in the ird that is used for decryption of the ECM that is required to emulate.
Not sure why people is getting ahead into control words,when is easy to assume this will become just like any other encryption that needs to decrypt ECM to get CW,and you could never apply the principles used in BISS.
Forget about getting CW or crypt8,since you don't look for those for any encryption with an ECM.
The only solution you have is to know way the ECM is decrypted (ECM decryption algo),the keys used to decrypt ECM (EMM decryption),a way to make an AES decryption module (for DVB cards emulators),a way to setup the CA device to use AES CA in chipsets (if present)(nautilus was testing this feature for oscam).

So,in spite of the name,this is one more dynamic ecnryption that has nothing in common with BISS,but with any encryption with an ECM.

Nothing has ended,people will eventually try to play with some of this new irds and see if there is a chance in be open.

Who is assuming there is a single CW session when an ECM is present?
why bother finding a 128bit key for 10 seconds of video,in that case?

Last edited by kebien; 21-06-2019 at 01:32..
Reply With Quote
The Following 2 Users Say Thank You to kebien For This Useful Post:
Gabriel Sosa-91 (21-06-2019), ZinnetiG (21-06-2019)
  #23  
Old 21-06-2019, 01:45  Translate from English to Italian  Translate from English to French  Translate from English to German  Translate from English to Spanish  Translate from English to Dutch  Translate from English to Greek  Translate from English to Portuguese  Translate from English to Russian  Translate from English to Russian
Gabriel Sosa-91's Avatar
Gabriel Sosa-91 Gabriel Sosa-91 is offline
Senior Member
 
Join Date: Nov 2017
Posts: 592
Thanks: 4,930
Thanked 2,891 Times in 599 Posts
Country: Country Flag
Default

I mean, is it possible to be a way to break this new key (Biss 2)?
Reply With Quote
  #24  
Old 21-06-2019, 02:47  Translate from English to Italian  Translate from English to French  Translate from English to German  Translate from English to Spanish  Translate from English to Dutch  Translate from English to Greek  Translate from English to Portuguese  Translate from English to Russian  Translate from English to Russian
kebien kebien is offline
 
Join Date: May 2008
Posts: 1,175
Thanks: 12
Thanked 1,412 Times in 610 Posts
Country: Country Flag
Default

Quote:
Originally Posted by Gabriel Sosa-91 View Post
I mean, is it possible to be a way to break this new key (Biss 2)?
Not until the ECM can be decrypted,and only by taking apart one of those IRDs could be possible to know if there is hope


Is it only me that thinks all irds should have the same content ? (universal keys,universal algo) and the only difference would be unit id?
But is just speculation based on they will not make provider specific CA id and so on
Reply With Quote
The Following User Says Thank You to kebien For This Useful Post:
ZinnetiG (21-06-2019)
  #25  
Old 21-06-2019, 03:51  Translate from English to Italian  Translate from English to French  Translate from English to German  Translate from English to Spanish  Translate from English to Dutch  Translate from English to Greek  Translate from English to Portuguese  Translate from English to Russian  Translate from English to Russian
thefatty thefatty is offline
Senior Member
 
Join Date: Apr 2012
Posts: 1,547
Thanks: 18
Thanked 55 Times in 26 Posts
Country: Country Flag
Default

Quote:
Originally Posted by TheHighLander View Post
ECM is not fixed = No fixed BISS key.
How do you know its not fixed?




Also if its an open system, surely that means reverse engineering it will not require access to hardware?

Also it says rolling keys, but doesn't say how often it will roll; it could be seconds it could be hours.

I dont know why they would call it BISS, its more like PowerVU if anything.

As I understand it BISS2 Modes 1,2 and 3(BISS-E) are similar to BISS1, except using IPTV software scrambling algorithms and a AES yes instead of DES. I think i am correct in thinking that hardly no-one uses BISS-E at the moment anyway. BISS-CA is a new option with the rolling keys.

Not sure why they would use an IPTV scrambling algorithm and not develop one specifically for satellite.

Last edited by thefatty; 21-06-2019 at 04:16..
Reply With Quote
The Following 2 Users Say Thank You to thefatty For This Useful Post:
samir mokhtari (21-06-2019), ZinnetiG (21-06-2019)
  #26  
Old 21-06-2019, 06:33  Translate from English to Italian  Translate from English to French  Translate from English to German  Translate from English to Spanish  Translate from English to Dutch  Translate from English to Greek  Translate from English to Portuguese  Translate from English to Russian  Translate from English to Russian
campag5242 campag5242 is offline
Senior Member
 
Join Date: May 2019
Posts: 1,589
Thanks: 259
Thanked 2,259 Times in 384 Posts
Country: Country Flag
Default

Sure the test transmissions thus far (one in Feb, two this month that I've logged) have been Biss2-CA 2610 with a crypto period ~29 seconds before swapping odd/even key. Who knows what the prevalent mode will be if/when widely deployed... it might be one of the static modes with caid 2602.

RBT *can* be used for rolling keys if padding is seen inside a crypto period, and the lookup is fast enough (v2 was designed thus). But it's still hopeless here on account of key size, so impossible storage requirements and timescales.

@thefatty it's irrelevant whether biss or biss-e, nett result is the same fixed key (same goes for biss2-1 or biss2-e). There's no way of knowing which static mode is in use, unless you are the bloke in the OB van tasked with injecting the key.
Reply With Quote
The Following 2 Users Say Thank You to campag5242 For This Useful Post:
nautilus7 (21-06-2019), ZinnetiG (21-06-2019)
  #27  
Old 21-06-2019, 10:37  Translate from English to Italian  Translate from English to French  Translate from English to German  Translate from English to Spanish  Translate from English to Dutch  Translate from English to Greek  Translate from English to Portuguese  Translate from English to Russian  Translate from English to Russian
nautilus7 nautilus7 is offline
 
Join Date: Aug 2012
Posts: 597
Thanks: 2,241
Thanked 1,389 Times in 365 Posts
Country: Country Flag
Default

Quote:
Originally Posted by kebien View Post
But there is another important issue : the ECM decryption algorithm.
There most probably is a security element in the ird that is used for decryption of the ECM that is required to emulate.
Not sure why people is getting ahead into control words,when is easy to assume this will become just like any other encryption that needs to decrypt ECM to get CW,and you could never apply the principles used in BISS.
Forget about getting CW or crypt8,since you don't look for those for any encryption with an ECM.
The only solution you have is to know way the ECM is decrypted (ECM decryption algo),the keys used to decrypt ECM (EMM decryption),a way to make an AES decryption module (for DVB cards emulators),a way to setup the CA device to use AES CA in chipsets (if present)(nautilus was testing this feature for oscam).

So,in spite of the name,this is one more dynamic ecnryption that has nothing in common with BISS,but with any encryption with an ECM.

Nothing has ended,people will eventually try to play with some of this new irds and see if there is a chance in be open.

Who is assuming there is a single CW session when an ECM is present?
why bother finding a 128bit key for 10 seconds of video,in that case?
Like campag5242 wrote, there is the static mode with caid 2602 as well.

In dynamic CW mode (mode CA), the ECM is encrypted with AES128 CBC. Each ECM carries the 2 encrypted CWs (for CISSA) and an IV for their decryption.

Of course, the ECM key is needed, which is obtained through the EMM (which is encrypted with RSA OAEP 2048). But maybe ECM keys are leaked for each event, and we won't need the EMM keys. Who knows.

The CISSA hardware decryption is already working in Dreambox and Edision STBs with OSCam. I can't tell about other manufacturers. The API is in the code. Who ever is interested can add support for CISSA in their STBs.
Reply With Quote
The Following 3 Users Say Thank You to nautilus7 For This Useful Post:
jenseneverest (21-06-2019), medousa89 (24-06-2019), ZinnetiG (21-06-2019)
  #28  
Old 21-06-2019, 10:52  Translate from English to Italian  Translate from English to French  Translate from English to German  Translate from English to Spanish  Translate from English to Dutch  Translate from English to Greek  Translate from English to Portuguese  Translate from English to Russian  Translate from English to Russian
kebien kebien is offline
 
Join Date: May 2008
Posts: 1,175
Thanks: 12
Thanked 1,412 Times in 610 Posts
Country: Country Flag
Default

campag5242 is right,of course
For static mode search,the size of table grows exponentially,not linearly,if there will be this option.
And the look up time the same.
And having an ecm that can change the session key any time without warning makes a search moot.
I would think they could change keys midway transmission,just a thought.But maybe not.

I'd say there are better odds of extracting the decryption and keys from ird in order to make a lasting emulation,and this extraction could never happen or take a long time.

Then comes the "colibri's" of this hobby to make a fool of all of us and explain absurd unseen weaknesses.
Anything can happen.

Last edited by kebien; 21-06-2019 at 11:00..
Reply With Quote
The Following 6 Users Say Thank You to kebien For This Useful Post:
abjhddo (21-06-2019), barney115 (21-06-2019), iq180 (21-06-2019), jenseneverest (21-06-2019), playboy1 (21-06-2019), Stunner34 (21-06-2019)
  #29  
Old 21-06-2019, 20:28  Translate from English to Italian  Translate from English to French  Translate from English to German  Translate from English to Spanish  Translate from English to Dutch  Translate from English to Greek  Translate from English to Portuguese  Translate from English to Russian  Translate from English to Russian
Shamra Shamra is offline
Senior Member
 
Join Date: May 2015
Posts: 177
Thanks: 420
Thanked 251 Times in 85 Posts
Country: Country Flag
Default

Why do they need such difficulties, if the key itself in 128 bits immediately blocks the "attack" for several months or even years.
Moreover, as you yourself indicate, the key can be changed at any time.
Reply With Quote
  #30  
Old 22-06-2019, 04:45  Translate from English to Italian  Translate from English to French  Translate from English to German  Translate from English to Spanish  Translate from English to Dutch  Translate from English to Greek  Translate from English to Portuguese  Translate from English to Russian  Translate from English to Russian
thefatty thefatty is offline
Senior Member
 
Join Date: Apr 2012
Posts: 1,547
Thanks: 18
Thanked 55 Times in 26 Posts
Country: Country Flag
Default

Of course anyone with the knowledge to find a weakness will keep quite until mass rollout, else the weakness will be fixed before release into the wild.
Reply With Quote
The Following User Says Thank You to thefatty For This Useful Post:
ilmago_ (22-06-2019)
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 12:31.


Powered by vBulletin
Copyright ©2006-2019 - Sat Universe