I wonder if something like this would work on an Ir2 aurora card for the commercial channels?
I was sitting around thinking recently (warning - this is a dangerous situation for me )......
All those lonely public gammacards sitting in drawers doing nothing.......
Would it be possible to write some code for a pic or atmel that sits between the cam and the card that simply does HSN substitution?
ie make the cam think that the card in the slot is an active card, and use the card's crypto / keys to do the processing, and return what seem to be legit packets to the cam.
From what I understand of the I2 algo, this could be interesting....
Comments?
ag
Energy is the father of creation
Look Here -> |
I wonder if something like this would work on an Ir2 aurora card for the commercial channels?
Democracy & Ignorance = A Winning Combination
Now there's a thought
Old Dog, No Flies
All good but where does the HMK for that HSN come from, and who knows what the provider ID is for the given hex serial ,
so it wont do a masterkey update or a plain key update .
The masterkey update needs the HMK
The plainkey update needs the PMK and the ProV ID
Or thats the way it used to work
I guess its possible to do...otherwise we wouldn't have Mr White!
Democracy & Ignorance = A Winning Combination
True enough, that's the way it used to be,
But if (and this is a very big if) the source code floating around is infact the I2 algo:
- groupkey and providerID updates occur from commands to each HSN
- productkey and date updates occur from commands to providerID
- and the decryption key or controlwords are derived from the productkey
What is not certain whether each HSN has a unique AxiKey, ExiKey, GMask and PMask, or whether these are common for all cards? If these are shared, and the algo is true, then everything can be derived from the HSN.
Of course it may be that when the card is activated, each card may be given a unique set of the above keys, and in that scenario the HSN substitution would fail
ag
Energy is the father of creation
heres food for thought Ags, Just slightly off topic but relative to whats in discussion here
I've been wondering how the TOH manages to auto-update the Ird2 PK's and from my understanding of what I have read ( and that ain't much) so far it appears the TOH in the ram editor doesn't use a HMK, it appears to only rely on the HSN, Prov id & PMK of which these Ird2 PMK's are floating around on the net for the sexview bouquet in Europe.
So would it be too much to assume the Ird2 algo or part of it is contained somewhere in the TOH modules which tells it to calculate the Ird2 PK's for those bouquets? now that would be really interesting! it could be worth while taking a closer look at these TOH modules....or am i way off the track.
Democracy & Ignorance = A Winning Combination
are we able to retrieve that info from a working card?
Bookmarks