RSA Key extraction?

If only i had it working on my dreambox!

I've just read on a few forums including this one its working in the dreamboxes.

like the secret forum u was talking about with the n3 keys ...lolololol pull the other 1 Paradox .....u dont know what ur talking about.
 
like the secret forum u was talking about with the n3 keys ...lolololol pull the other 1 Paradox .....u dont know what ur talking about.

When did i say anything about n3 keys?

Jog on pondlife.
 
Last edited by a moderator:
Last edited by a moderator:
Doesn't really matter if its dreambox or not. The fact of the matter is that those boxes work so something somewhere is able to pair to VM N3 cards.

That shows its possible, regardless of the failure of the Polish locksmiths !

So, only way your going to do it is to try. Read around and see how its done elsewhere (learn some Spanish whilst your at it - may come in handy for the hols). A Rom180 is a Rom180 is a Rom180, regardless of provider !

Also bear in mind that regardless of who makes the box, if its got a real Nagra CAM built in then that code for that CAM was written by Kudelski. Kudelski simply supply their CAM library as ready built binaries that can be linked in during a firmware build. People like Pace & Samsung never have access to CAM source code. That little nugget of info should tell you a great deal........
 
Well all I can say is got the kryptview A750 on cable cs and been flawless so Happy Dayz. then they bring out A780 bas%$*^. As for cracking Nagra 3 Who Knows??? What I do know is that my wife has told me to get rid of all my cable junk. Any1 needing rom 10 rev 718? theres over 2000 of the fu£$ers. could sell them in the winter??????????????
 
as for sharing on a dream box it has been done,is been done there called private servers. "meaning they not public" so maybe that's why some people have not heard off them .

as for extracting the the rsa sk from boxes well there's only one way for members to find out is to try. some one said in an earlier post can we dump nvam to look as some done that when the pin was fooked . well again if im right i do remember that. i also remember it was only a hand full off members done it why the rest waited on the results

as for the 2 boxes that where talked about well lets say the 4010



dump the nvam chip, dump the st micro chip see if you can find the rsa/sk
then do the same with the 2100 .

the rsa key is 128 bytes the sk is 96 bytes. there is more than enough info for people to start looking.

as for what files to use once you have the keys im sure there are a few out there that will work.
 
..... Any1 needing rom 10 rev 718? theres over 2000 of the fu£$ers. .......

Sounds like someone had a major screwup somewhere !

Rev718 is, of course, exclusively for Rom7's so if you've stuck it on 2000 Rom10's you've wasted a lot of time !
 
@ trojan. what programs e.c.t will we need to "dump the nvam chip, dump the st micro chip " on a 4010, then if i did it i would pass the info on > thx,
 
You can dump the nvram using ocd.


are you sure about that m8 ???maybe your thinking of a fully working version of flash programer......same software company

easy enough on a 4000/4010............could take a fair bit of time downloading the st micro and nvram if your useing a wiggler...........ram is a far bigger dump than the flash so its always best to solder the connections for this job
 
are you sure about that m8 ???maybe your thinking of a fully working version of flash programer......same software company

easy enough on a 4000/4010............could take a fair bit of time downloading the st micro and nvram if your useing a wiggler...........ram is a far bigger dump than the flash so its always best to solder the connections for this job

I could be slightly confused!! I know I used ocd or similar with a jtag to dump the nvram of a 4010 - and it did take a while !!
 
I could be slightly confused!! I know I used ocd or similar with a jtag to dump the nvram of a 4010 - and it did take a while !!


You did.. !!

I have done it loads of times, when the movies pin problem was around I think it's ocd demon though, not commander from memory (it was roughly 3 years ago so cant remember)

Would need a willem to dump the ST chip though.


EDIT : Yes, it was ocd demon for reading, then commander for writing. !! Here is a tut that originated from this site I found in my files for dumping ram.
 
Last edited:
If someone gets a recent firmware read from a 4XXX TSOP could they try running it through Interactive Disassembler (IDA)?

A few years back they left the symbolic debug information in and the function names were still there. I don't know if there is anything of interest in there though it might be worth a quick look.

They might use production compiler output now.
 
well thanks for all the info guys. im gona have a fiddle & see what it thows up.if we all help each other we might get someware. here goes !!!!!!!!!!!!!
 
not putting a downer on all ur efforts but what you have to think is ok you succed in getting the rsa key
this will allow you with some more stuff to cs
but have you all thought to cs you need a full subscription

now if you are doing it to be able to share in you own home
it would work out a lot easier to get a second box will only cost £10 per month

plus if you intend shareing between friends you have to make sure ur server is secure

or men in black coats will visit and it will cost you a lot more than £10 per month
 
Back
Top