hmmmm interesting.
HMK (Hex Masterkey) – fixed key management can't be updated.
Hex Serial Number – 3bytes hex serial number for addressing card.
ProvID (Provider ID) – 3bytes for addressing card. the first 2bytes identify a 256 card (Provider Group) .4 providers in the card.
PMK (Provider Masterkey) – provider masterkey. key each Provider four in card.
opKey – Each provider have 12 Keys for ECM decryption. irdeto2 maybe less
CHID (Channel ID) - 2bytes
Date – 2bytes and is incremented daily by the provider
Quote:
G-EMM
----------
during bootup the card sends 3bytes (hex serial number) to the CAM,
later the CAM filter EMM stream and pass only these EMMs to the card
which have flag 0xC3 or 0xCB in the header followed by (hex serial number) to decrypt
and excute EMM the card uses Hex Masterkey (HMK).
normally to update PMK or write new provider
example:
82 40 38 C3 xx xx xx 00 00 00 30...
82 40 38 CB xx xx xx 00 00 00 30... !!unknown to me!!
Quote:
S-EMM
-------
Also during bootup the card sends all provider ID later the CAM filter EMM stream
and pass only these EMMs.
To decrypt use PMK for target provider normally update opkey or add channel id to the card.
example:
82 40 38 02 xx xx 00 00 00 30... provider 00 group,
82 40 38 0A xx xx 00 00 00 30... provider 01 group,
82 40 38 12 xx xx 00 00 00 30... provider 02 group,
82 40 38 1A xx xx 00 00 00 30... provider 03 group,
82 40 38 03 xx xx xx 00 00 00 30... provider 00 single card,
82 40 38 0B xx xx xx 00 00 00 30... provider 01 single card,
82 40 38 13 xx xx xx 00 00 00 30... provider 02 single card,
82 40 38 1B xx xx xx 00 00 00 30... provider 03 single card,
EMM-G (Global) - addresses ALL cards. AFAIAA Irdeto does not use this method. (Whereas, for example, Nagra does)
EMM-S (Shared) - addresses all cards of a provider group (256).
EMM-U (Unique) - addresses a single card either via the HexSN or specific ProviderID
KeyFlow
I'm singing
That when the cat's away
The mice will play
Look Here -> |
hmmmm interesting.
If you feed ducks at a pond, chances are your bound to feed a goose or two without even knowing it.
Old-timers will recognise that as an Irdeto 1 diagram. But conceptually it holds true for Irdeto 2 as well, and no doubt there are quite a few here who haven't seen it before. Thanks for sharing.
The explanation above is good, and points out the essential task of CAMs: to filter stream messages and forward only those of interest to the card. Card ISO7816 communication is far too slow to keep up with the stream directly which is why CAMs are needed.
Bookmarks