Results 1 to 20 of 20

Thread: MASTER KEY from EMK string

  1. #1
    Junior Member
    Join Date
    May 2008
    Posts
    89
    Thanks
    3
    Thanked 7 Times in 4 Posts
    Rep Power
    196
    Reputation
    45

    Default MASTER KEY from EMK string

    Logging for a few hours, finally i have a line for my hsn, but i want to use fm calculator to calculate PMK ... so i need a 8 byte emk .... the long string i have is:
    CB6372BC00000030F8EC24BF29DAD3E0991404C8B200A12FEA F41732003F22CDD245A54111D374F5DD113FC34005AF89338A B492081F44F4


    what's the emk or master key???

    cheers



Look Here ->
  • #2
    Premium Member
    Join Date
    Jan 2008
    Location
    Melbourne
    Posts
    854
    Thanks
    246
    Thanked 87 Times in 69 Posts
    Rep Power
    243
    Reputation
    886

    Default

    Is that for current working HSN ?

  • #3
    Junior Member
    Join Date
    May 2008
    Posts
    89
    Thanks
    3
    Thanked 7 Times in 4 Posts
    Rep Power
    196
    Reputation
    45

    Default

    Quote Originally Posted by jimbo123 View Post
    Is that for current working HSN ?
    this is an example ..... but same length

  • #4
    Administrator

    Join Date
    Jan 2008
    Location
    Newcastle, Nsw
    Posts
    4,604
    Thanks
    815
    Thanked 2,531 Times in 1,138 Posts
    Rep Power
    1178
    Reputation
    41376

    Default

    Quote Originally Posted by bmohsen View Post
    finally i have a line for my hsn, but i want to use fm calculator to calculate PMK
    FM Calc is no good for calculating Irdeto 2 keys.

  • #5
    Junior Member
    Join Date
    Jan 2008
    Posts
    14
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Reputation
    10

    Default

    iS There any software that is
    cheers
    coxie

  • #6
    Super Moderator
    Fernbay's Avatar
    Join Date
    Jan 2008
    Location
    Newcastle
    Posts
    4,684
    Thanks
    1,515
    Thanked 3,458 Times in 1,141 Posts
    Rep Power
    670
    Reputation
    15830

    Default

    No. The packet is encrypted by an unknown algorithm ( Irdeto2 ) and then has a checksum signature as well to ensure packet integrity
    Reality is an invention of my imagination.
    ಠ_ಠ

  • #7
    Senior Member z80's Avatar
    Join Date
    Jan 2008
    Posts
    5,840
    Thanks
    112
    Thanked 77 Times in 48 Posts
    Rep Power
    0
    Reputation
    708

    Default

    If the algo was public it would be the end of IR2.

  • #8
    Junior Member
    Join Date
    Nov 2008
    Age
    37
    Posts
    37
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    189
    Reputation
    10

    Default

    you cant find the hmk like that. it is imbedded in the card, only a seller would know. the only thing available for you to c in that is your cards hsn which is being addressed (6372BC in example). if you want to do a emk update jus send line using gup.

  • #9
    Banned ilikethat's Avatar
    Join Date
    Mar 2008
    Age
    39
    Posts
    182
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Reputation
    9

    Default

    Quote Originally Posted by flick View Post
    you cant find the hmk like that. it is imbedded in the card, only a seller would know. the only thing available for you to c in that is your cards hsn which is being addressed (6372BC in example). if you want to do a emk update jus send line using gup.
    anf use a serial logger to capture the string you will see what it takes and what id doesnt from there

  • #10
    Senior Member covert's Avatar
    Join Date
    Jan 2008
    Location
    My Imagination
    Posts
    983
    Thanks
    31
    Thanked 34 Times in 20 Posts
    Rep Power
    232
    Reputation
    131

    Default

    I don't have an answer but great to see an interesting thread like this from a hobbiest and not a gmgmgm
    By reading this, you have already given me control over a tiny slice of your mind

  • #11
    Premium Member agarol's Avatar
    Join Date
    Jan 2008
    Location
    A state of constant denial
    Posts
    331
    Thanks
    27
    Thanked 52 Times in 23 Posts
    Rep Power
    215
    Reputation
    331

    Default

    Quote Originally Posted by z80 View Post
    If the algo was public it would be the end of IR2.
    Not quite technically correct. What you meant to say, I'm sure, is:-
    The security of most crypto algos lies in the keyspace, not the algo itself.

    So I think we all know the algo, but not the keys.

    ag
    Energy is the father of creation

  • #12
    Junior Member
    Join Date
    Oct 2008
    Posts
    30
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    190
    Reputation
    10

    Default

    Quote Originally Posted by ilikethat View Post
    anf use a serial logger to capture the string you will see what it takes and what id doesnt from there
    newbie.
    caught onto something here
    is Gup the gamma card v3.5 or h2 loader

  • #13
    Senior Member puca's Avatar
    Join Date
    Jan 2008
    Age
    61
    Posts
    1,495
    Thanks
    785
    Thanked 306 Times in 150 Posts
    Rep Power
    283
    Reputation
    1817

    Default

    gamma card v3.5 is gup
    h2 loader is panda
    IF IT DONT WORK USE A BIGGER HAMMER

  • #14
    Junior Member
    Join Date
    Oct 2008
    Posts
    30
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    190
    Reputation
    10

    Default

    Quote Originally Posted by puca View Post
    gamma card v3.5 is gup
    h2 loader is panda
    thanks.
    please, i need a link for a working GUP

  • #15
    Member Luck Duck's Avatar
    Join Date
    Jan 2008
    Posts
    260
    Thanks
    68
    Thanked 13 Times in 8 Posts
    Rep Power
    207
    Reputation
    75

    Default

    I thought keys weren't suppose to be posted!!

    Luck Duck

    Quote Originally Posted by bmohsen View Post
    Logging for a few hours, finally i have a line for my hsn, but i want to use fm calculator to calculate PMK ... so i need a 8 byte emk .... the long string i have is:
    CB6372BC00000030F8EC24BF29DAD3E0991404C8B200A12FEA F41732003F22CDD245A54111D374F5DD113FC34005AF89338A B492081F44F4


    what's the emk or master key???

    cheers

  • #16
    Senior Member
    weirdo's Avatar
    Join Date
    Jan 2008
    Posts
    5,458
    Thanks
    4,638
    Thanked 3,135 Times in 1,633 Posts
    Rep Power
    0
    Reputation
    29602

    Default

    Quote Originally Posted by Luck Duck View Post
    I thought keys weren't suppose to be posted!!

    Luck Duck
    If you read post #3 it will tell you it was an example

  • #17
    Junior Member
    Join Date
    Jan 2008
    Posts
    190
    Thanks
    1
    Thanked 25 Times in 15 Posts
    Rep Power
    205
    Reputation
    81

    Default

    Don't quote me on this LOL its just what I have heard
    From the example in post 1.

    CB HSN Addressed EMM
    6372BC HSN
    000000
    30 <- Payload Length
    F8EC24BF29DAD3E0991404C8B200A12F <- Payload
    EAF41732003F22CDD245A54111D374F5 <- Payload
    DD113FC34005AF89338AB492081F44F4 <- Payload

    The payload IS encrypted. It is assumed that once the EMM Encryption is removed that you will have the data to decrypt with the Cards Master Key to give the current Plain Master Key.

    Remember the Irdeto 101
    Cards Master Key is used to decode the EMK to a PMK
    the PMK is used to decode the PKs (Plain Keys)
    The PKs are used to deocde ECMs to give CW's
    CW's are used to decode the scrambled stream.

    So how do you get the PMK from the CB?
    Without the Correct Cards Master Key and Without the EMM Decryption Key, and algos, you dont!!!

  • #18
    Junior Member nightsearch59's Avatar
    Join Date
    Mar 2008
    Posts
    32
    Thanks
    1
    Thanked 12 Times in 5 Posts
    Rep Power
    198
    Reputation
    70

    Default

    Quote Originally Posted by crypto7 View Post
    Don't quote me on this LOL its just what I have heard
    From the example in post 1.

    CB HSN Addressed EMM
    6372BC HSN
    000000
    30 <- Payload Length
    F8EC24BF29DAD3E0991404C8B200A12F <- Payload
    EAF41732003F22CDD245A54111D374F5 <- Payload
    DD113FC34005AF89338AB492081F44F4 <- Payload

    The payload IS encrypted. It is assumed that once the EMM Encryption is removed that you will have the data to decrypt with the Cards Master Key to give the current Plain Master Key.

    Remember the Irdeto 101
    Cards Master Key is used to decode the EMK to a PMK
    the PMK is used to decode the PKs (Plain Keys)
    The PKs are used to deocde ECMs to give CW's
    CW's are used to decode the scrambled stream.

    So how do you get the PMK from the CB?
    Without the Correct Cards Master Key and Without the EMM Decryption Key, and algos, you dont!!!

    Hi Crypto,

    Just wanted to clarify my understaning. In the example above you say 30 is the payload length, yet when I count it, the length is 48 bytes long...

  • #19
    Premium Member
    Join Date
    Jan 2008
    Location
    Melbourne
    Posts
    854
    Thanks
    246
    Thanked 87 Times in 69 Posts
    Rep Power
    243
    Reputation
    886

    Default

    each byte is represented by 2 characters,.. 30 hex = 48 bytes,... so 96 expected characters

  • #20
    Junior Member nightsearch59's Avatar
    Join Date
    Mar 2008
    Posts
    32
    Thanks
    1
    Thanked 12 Times in 5 Posts
    Rep Power
    198
    Reputation
    70

    Smile

    thanks jimbo, i didn't do my hex to dec conversion...

  • Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •