#1
|
|||
|
|||
![]() Hello,
doing some experiment with Smartdtv Cam anyway of extracting the RSA key? the cam is nagra based ![]() cheers |
#2
|
|||
|
|||
![]() Good to see you back
|
The Following User Says Thank You to ^[email protected]@in^ For This Useful Post: | ||
pipino (05-11-2018) |
#3
|
|||
|
|||
![]() cheers mate ..health kept me away for a while
![]() |
The Following User Says Thank You to pipino For This Useful Post: | ||
^[email protected]@in^ (05-11-2018) |
#4
|
|||
|
|||
![]() I was looking for the same on a NEOTRON Viaccess cam, used here for DVB-T
I know the firmware are transmitted as update in the ts as a SSU I the NIT I do see a 0x09 "System Software Update" service OUI: 0x237C => Neotion Sector lenght: 0x22 Sector_bytes: 08000001123456780.............. This kind of data are send as a carousel and I never found a way to capture the firmware, and if it was possible I guess it's encrypted and then hard to find the RSA. Another way could be to open the cam and unsolder the flash are read it and hope the FW are non encrypted. I was expecting to place a legal card in a OSCAM server and the let different receivers share that card. But that does not work since the ECM in the ts does have the RSA key flagged so I expect the RSA are needed. I did a complete record of the ts and at the same time I had logging running between the card and the cam on 2 the different TV's Both log on card / cam are exact the same during eg a timeslot on 1 min where the cw changed like every 10 sec. Since I did record the whole TS on a USB tuner at the same time I could now extract the same program and do a BF on the CW and have a clear picture...but the CW are not shown in plain in the return from the card /cam log so I'm a bit surprised on what part the RSA actually are used in the CI Any way I like to know how to get RSA as well ![]() |
#5
|
||||
|
||||
![]() in smartdtv cam you have more as one RSa.. all is visible in flashdump..
Too for decrypt blocks is used more as one round |
The Following User Says Thank You to pelcmichal For This Useful Post: | ||
pipino (12-12-2018) |
#6
|
|||
|
|||
![]() Quote:
![]() Under "ciplus" folder I have: Code:
01-01-1970 01:00 1.056 brand.der.aes 01-01-1970 01:00 16 clk.aes 01-01-1970 01:00 1.088 device.der.aes 01-01-1970 01:00 256 dh_g.aes 01-01-1970 01:00 256 dh_p.aes 01-01-1970 01:00 32 dh_q.aes 01-01-1970 01:00 1.200 private.der.aes 01-01-1970 01:00 16 random.aes 01-01-1970 01:00 1.024 root.der.aes 01-01-1970 01:00 16 siv.aes 01-01-1970 01:00 16 slk.aes 01-01-1970 01:00 16 usk.aes Indicating key 0 I have tried the different 16bytes AES files in Oscam under aeskeys for the reader Quote:
Any hint on which AES file are the right one to use in respect to D2 nano and over encrypt? |
The Following User Says Thank You to K2TSET For This Useful Post: | ||
VladoFogo (22-12-2018) |
#7
|
|||
|
|||
![]() Just found ci-plus documentation where the different keys are explained and a lot of other interesting information.
http://www.ci-plus.com/data/ci-plus_...ation_v1.3.pdf |
The Following User Says Thank You to K2TSET For This Useful Post: | ||
VladoFogo (22-12-2018) |
![]() |
Thread Tools | |
Display Modes | |
|
|