If you're interested in how things work and are prepared to spend time and energy learning
for learning's sake then good on you. You've made a good start and will find lots of interesting hidden puzzles to explore.
However a large number of people, the majority I think we can safely say, study these things only because they want to obtain Pay TV reception more cheaply. If there was a program they could download and run that would magically give it to them they wouldn't spend even ten minutes reading about card processor types, file types and formats, interfaces, programming protocols, emulators, master keys, session keys, EMMs and ECMs, provider ids, country codes and so on.
Irrespective of your country or what satellite or cable system you use, to view an encrypted program you would need
1. a card emulator program with cryptosystem-specific algorithm and keys necessary to negotiate access to the data stream (eg Irdeto, NDS, Seca, Nagravision)
2. a provider-specific set of keys for decrypting the DVB control words (because emulators are useless without valid keys)
3. tools for installing the above on your hardware (clone card or PC/receiver emulator)
No
working emulator or key files for GAMMA are public at this time, and you're not likely to find working ones for GAMMA or its successors on public sites in future, at least not on the scale witnessed in previous generations. To understand why you need to appreciate how clone file distribution has evolved, because GAMMA distribution logistics are unlike that of previous generations of card cloning.
Back in the Goldoic era, emulator and key were sold together as a unit to pirate retailers (sellers) who sourced blank cards themselves, programmed and sold them individually or in dish+receiver+card packages. When keys changed customers returned to their resellers who needed to obtain a replacement file from their supplier - they couldn't make it themselves. Blanks and programmers were both easy to obtain, and sellers weren't hard to find either, so it was in sellers' interest to maintain secrecy. But clone card discovery was inevitable; identified keys were deactivated and potentially traceable back to the originator.
To avoid a single point of failure crackers began supplying key extraction tools separate to their emulators. These enabled sellers to use their own subscription cards, making the crackers less vulnerable and releasing sellers from dependence on them for updates. Sellers now had greater incentive to preserve security among their clients, plus a means of fixing customer cards if one of their accounts was busted. Eventually though both the emulator and key extraction method both would become public, at which point every customer saw the opportunity to earn money from selling, piracy exploded and radical countermeasures became necessary.
Irdeto 2 required a fast crypto coprocessor which necessitated the use of a newer, more powerful card that was harder to obtain. But rather than rely on scarcity of the new blanks to hinder unlicensed proliferation of their emulator by end users, the GAMMA developers used the card's strong crypto not just for emulation but for licence control of the emulator itself.
- They programmed the blank cards with the emulator (algorithm and cam negotiation keys specific to each provider), same as before
- They produced tools for key extraction, same as before, though these were more tightly controlled, initially distributed only to regional heads (far fewer in number than previous generation sellers)
- The emulator contained a loader allowing keys to be updated by sellers, same as before
- The extracted key files were encrypted, readable only by the card loader (some emulators of previous generation did this but most didn't)
- The emulator's loader also supported emulator/key updates to be applied, sent in encrypted form from the developer to the sellers. That the emulator file only existed in encrypted form was a new development - in previous generations it was unencrypted. Because of this encryption the file could only be written to blanks that already had the developer's own loader, preventing sellers or third parties from cloning it onto independently-sourced blanks. ie the only person having the card program in unencrypted form was the developer himself. The encryption also hindered providers' efforts to develop countermeasures targeting emulator imperfections, since without a binary to reverse they could only discover discrepancies by trial and error.
- The emulator was configured to mimic a benign memory card when initially distributed, to avoid problems if intercepted in transit by customs or thieves. To turn off the mimicry and enable normal operation the developers preloaded a "transport code" known only to the regional distributor and his sellers, who supplied it using special loader commands. The loader had provision to shut down permanently after repeated attempts with an incorrect code.
- The emulator had two modes. One was where it booted to the loader and issued its own arbitrary "GAMMA" ATR for administrative purposes (recognised by tools supplied to the distributors by the developer), handling commands for regional/provider key entry and emulator update. Another was where it booted to the provider ATR. But the emulator and the loader are just different functions of the same program - there is no GAMMA "operating system" to speak of apart from the alternative ATR and loader commands (known to old-timers as the monitor or bootstrap).
So that means the only educative files around now are for older data streams. If you want to make progress in your learning you'll be better off focusing on data streams using older encryption algorithms for which working tools are available.
What is the best tool for dealing with IRDT II?
Reply With Quote
Originally Posted by gw1
informative post
Bookmarks