Understanding an EMM ??

[Saintaholic]

I'm new to actually getting and doing logging. I have tut's on the breakup of the 01010000 etc etc and fully understand that. I also have info on the make-up of the IRD1 string and again, understand.

Now I've been Logging 0500 for a while now and just throwing in some bytes that I have, I see unusal strings. Now I'm not saying the strings are EMK's but I dont know if it's normal or maybe it's somewhere I can start.

OK, what I'm getting at is, if I were to search a HSN and get and EMK, good. If I searched again (hour later) and got another hit for that HSN, even better. Those 2 EMK's would have certain bits exactly the same in the string, but other bits would be different.

Now that hasn't happened, SO DONT PM ME PLEASE!!

But what if I searched for a HSN and a string came up that contained the HSN but not after cb38 or c338. Now that same string is coming up every couple of minutes. EXACTLY THE SAME. The string does start with 38DB.
Then it disappears entirely and a new string is replaced with the HSN.
This string starts with 3F02 and is 8 bits longer. It now comes up every few minutes. If I search for the previous string, nothing.

Bottom line is, I always thought the EMM's were encrypted in such a way that it would be rare as hens teeth to see more than 2 lines EXACTLY the same. It's funny how I search for HSN's and this happens. I search for other bits I find in other strings in the same position as the ones I had multiple finds for that I'm guessing could be a HSN and I get only the one hit.

Again, I know sweet FA with the logs. I've only read what the make-up of an actual string is. Are these just fakes? By seeing the same string more than once, makes it a fake??

[Saintaholic]

Even weirder, is I'm getting hits on a HSN ALMOST in the right spot.

38F22HSNHSN17C1FE0XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXX137FAF9C75

the string is ONE number too long. I dont know, but is there something in this to pursue?

Do we make the F22 a CB or C3. It's not my HSN so I cant test.


(I've noticed it's showing spaces within the String after I posted. The String is correct and has NO spaces)

[best4less]

What are you logging with Saint ???
or are you looking at the raw stream ???

cheers

[Saintaholic]

For this Log, EMMLOGGER.

[jimbo123]

the string is ONE number too long. I dont know, but is there something in this to pursue?

That initial string didn't look wrong in length to me,.. 38hex bytes of data following the length field was right.

[Saintaholic]

I measured against EMK's I sent to people last week. OK maybe I had a space in my 'notebook'

Am I running around in circles or is there something in this??

[seeu]

Windows notepad does not like large txt files. I would use something like Notepad ++

[Saintaholic]

Yea, I do use Notepad ++ when I'm configuring things. Just used windows notepad to save/create a file.

[autertip]

38F22HSNHSN17C1FE0XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXX137FAF9C75

You are correct the byte alignment doesn't look right. You would expect 38 F2 2? before you would see the HSNHSN.

That's one way of causing the gamma to fail.

How is the CAM handling this? You would expect the CAM to filter the message out as it does not seem to follow the standard.

[Saintaholic]

With this particular string/hsn I dont have it. My HSN has not been as successful so I cant test. I've been waiting for the dude to relog in here at Austech so I can tell him and maybe test etc.