agarol

I was sitting around thinking recently (warning - this is a dangerous situation for me )......

All those lonely public gammacards sitting in drawers doing nothing.......

Would it be possible to write some code for a pic or atmel that sits between the cam and the card that simply does HSN substitution?

ie make the cam think that the card in the slot is an active card, and use the card's crypto / keys to do the processing, and return what seem to be legit packets to the cam.

From what I understand of the I2 algo, this could be interesting....

Comments?
ag

__________________
Energy is the father of creation

osci

I wonder if something like this would work on an Ir2 aurora card for the commercial channels?

__________________
Democracy & Ignorance = A Winning Combination

Twoshots

Now there's a thought

__________________
Old Dog, No Flies

Oscar

All good but where does the HMK for that HSN come from, and who knows what the provider ID is for the given hex serial ,
so it wont do a masterkey update or a plain key update .
The masterkey update needs the HMK
The plainkey update needs the PMK and the ProV ID
Or thats the way it used to work

osci

I guess its possible to do...otherwise we wouldn't have Mr White!

__________________
Democracy & Ignorance = A Winning Combination

beer4life

Hi,
whatever gave you the idea that they are sitting in the drawer doing nothing?
Been no whinging lately..........
Kindest Regards,..............

__________________

sublib25

I believe ag is referring to the "gamma" card first release sourced from europe with the 1.04 os,not the later white cards known as "sellers" that got stopped a few months later.

agarol

Yes, I was referring to the defunct and lonely public cards, not the busy sellers cards.
ag

__________________
Energy is the father of creation

agarol

True enough, that's the way it used to be,

But if (and this is a very big if) the source code floating around is infact the I2 algo:
- groupkey and providerID updates occur from commands to each HSN
- productkey and date updates occur from commands to providerID
- and the decryption key or controlwords are derived from the productkey

What is not certain whether each HSN has a unique AxiKey, ExiKey, GMask and PMask, or whether these are common for all cards? If these are shared, and the algo is true, then everything can be derived from the HSN.

Of course it may be that when the card is activated, each card may be given a unique set of the above keys, and in that scenario the HSN substitution would fail

ag

__________________
Energy is the father of creation

osci

heres food for thought Ags, Just slightly off topic but relative to whats in discussion here

I've been wondering how the TOH manages to auto-update the Ird2 PK's and from my understanding of what I have read ( and that ain't much) so far it appears the TOH in the ram editor doesn't use a HMK, it appears to only rely on the HSN, Prov id & PMK of which these Ird2 PMK's are floating around on the net for the sexview bouquet in Europe.

So would it be too much to assume the Ird2 algo or part of it is contained somewhere in the TOH modules which tells it to calculate the Ird2 PK's for those bouquets? now that would be really interesting! it could be worth while taking a closer look at these TOH modules....or am i way off the track.

__________________
Democracy & Ignorance = A Winning Combination

satbeginner

are we able to retrieve that info from a working card?