Here's a thought

**agarol** · 29-10-08, 01:39 PM

I was sitting around thinking recently (warning - this is a dangerous situation for me

)......

All those lonely public gammacards sitting in drawers doing nothing.......

Would it be possible to write some code for a pic or atmel that sits between the cam and the card that simply does HSN substitution?

ie make the cam think that the card in the slot is an active card, and use the card's crypto / keys to do the processing, and return what seem to be legit packets to the cam.

From what I understand of the I2 algo, this could be interesting....

Comments?
ag

**osci** · 29-10-08, 09:29 PM

I wonder if something like this would work on an Ir2 aurora card for the commercial channels?

**Twoshots** · 29-10-08, 10:06 PM

Now there's a thought

**Oscar** · 29-10-08, 10:15 PM

All good but where does the HMK for that HSN come from, and who knows what the provider ID is for the given hex serial ,
so it wont do a masterkey update or a plain key update .
The masterkey update needs the HMK
The plainkey update needs the PMK and the ProV ID
Or thats the way it used to work

**osci** · 29-10-08, 10:30 PM

I guess its possible to do...otherwise we wouldn't have Mr White!

**beer4life** · 29-10-08, 10:31 PM

Originally Posted by agarol

I was sitting around thinking recently (warning - this is a dangerous situation for me

)......

All those lonely public gammacards sitting in drawers doing nothing.......

Would it be possible to write some code for a pic or atmel that sits between the cam and the card that simply does HSN substitution?

ie make the cam think that the card in the slot is an active card, and use the card's crypto / keys to do the processing, and return what seem to be legit packets to the cam.

From what I understand of the I2 algo, this could be interesting....

Comments?
ag

Hi,
whatever gave you the idea that they are sitting in the drawer doing nothing?
Been no whinging lately..........

Kindest Regards,..............

**sublib25** · 29-10-08, 10:36 PM

Originally Posted by beer4life

Hi,
whatever gave you the idea that they are sitting in the drawer doing nothing?
Been no whinging lately..........

Kindest Regards,..............

I believe ag is referring to the "gamma" card first release sourced from europe with the 1.04 os,not the later white cards known as "sellers" that got stopped a few months later.

**agarol** · 30-10-08, 08:44 AM

Originally Posted by sublib25

I believe ag is referring to the "gamma" card first release sourced from europe with the 1.04 os,not the later white cards known as "sellers" that got stopped a few months later.

Yes, I was referring to the defunct and lonely public cards, not the busy sellers cards.
ag

**agarol** · 30-10-08, 08:58 AM

Originally Posted by Oscar

All good but where does the HMK for that HSN come from, and who knows what the provider ID is for the given hex serial ,
so it wont do a masterkey update or a plain key update .
The masterkey update needs the HMK
The plainkey update needs the PMK and the ProV ID
Or thats the way it used to work

True enough, that's the way it used to be,

But if (and this is a very big if) the source code floating around is infact the I2 algo:
- groupkey and providerID updates occur from commands to each HSN
- productkey and date updates occur from commands to providerID
- and the decryption key or controlwords are derived from the productkey

What is not certain whether each HSN has a unique AxiKey, ExiKey, GMask and PMask, or whether these are common for all cards? If these are shared, and the algo is true, then everything can be derived from the HSN.

Of course it may be that when the card is activated, each card may be given a unique set of the above keys, and in that scenario the HSN substitution would fail

ag

**osci** · 30-10-08, 01:19 PM

Originally Posted by agarol

True enough, that's the way it used to be,

But if (and this is a very big if) the source code floating around is infact the I2 algo:
- groupkey and providerID updates occur from commands to each HSN
- productkey and date updates occur from commands to providerID
- and the decryption key or controlwords are derived from the productkey

What is not certain whether each HSN has a unique AxiKey, ExiKey, GMask and PMask, or whether these are common for all cards? If these are shared, and the algo is true, then everything can be derived from the HSN.

Of course it may be that when the card is activated, each card may be given a unique set of the above keys, and in that scenario the HSN substitution would fail

ag

heres food for thought Ags, Just slightly off topic but relative to whats in discussion here

I've been wondering how the TOH manages to auto-update the Ird2 PK's and from my understanding of what I have read ( and that ain't much) so far it appears the TOH in the ram editor doesn't use a HMK, it appears to only rely on the HSN, Prov id & PMK of which these Ird2 PMK's are floating around on the net for the sexview bouquet in Europe.

So would it be too much to assume the Ird2 algo or part of it is contained somewhere in the TOH modules which tells it to calculate the Ird2 PK's for those bouquets? now that would be really interesting! it could be worth while taking a closer look at these TOH modules....or am i way off the track.

**satbeginner** · 03-11-08, 11:01 PM

are we able to retrieve that info from a working card?

Thread: Here's a thought

Thread Tools

Search Thread

Display

Here's a thought

More channels than you can poke a stick at.

5.3

Bookmarks

Bookmarks

Posting Permissions