Nagra Hex block Decryption

Status
Not open for further replies.
Well not sure what I can say and cant say but here goes. Got my 016c block and split the 96 bytes into 12 blocks of 8 (assuming ive got the right ones) applied the idea key. Then xor'd the results with the originals(new 12 with old 11, new 11 with old 10 etc etc..) my end result wasnt what I expected. Feeling like ive missed something.

Sent from my GT-I9300 using Tapatalk 2


well your part right and part wrong

your block start with 016c (364) which is the size of the block that needs decrypting.what happens in the stb is the cak (find carpairn) asks for the block and checks size then decrypts it yes in blocks of eight using your IRD it takes from block and the idea key +twist pre-stored in cak the constant that your posting beginning with 10 is not the idea key used to decrypt the block
 
Ok im nearly there just need to find this twist??

Sent from my GT-I9300 using Tapatalk 2
 
_bldr_GetNagraPairingData:
lw $t9, dword_13F500
move $t7, $ra
jalr $t9
li $t8, 0x263
# End of function _bldr_GetNagraPairingData

that from cak7 but you get the hint

again from cak7

.rodata:000F4BD0 .byte 0x63 # c
.rodata:000F4BD1 .byte 0x61 # a
.rodata:000F4BD2 .byte 0x6B # k
.rodata:000F4BD3 .byte 0x70 # p
.rodata:000F4BD4 .byte 0x61 # a
.rodata:000F4BD5 .byte 0x69 # i
.rodata:000F4BD6 .byte 0x72 # r
.rodata:000F4BD7 .byte 0x6E # n
 
Last edited:
_bldr_GetNagraPairingData:
lw $t9, dword_13F500
move $t7, $ra
jalr $t9
li $t8, 0x263
# End of function _bldr_GetNagraPairingData

that from cak7 but you get the hint

again from cak7

.rodata:000F4BD0 .byte 0x63 # c
.rodata:000F4BD1 .byte 0x61 # a
.rodata:000F4BD2 .byte 0x6B # k
.rodata:000F4BD3 .byte 0x70 # p
.rodata:000F4BD4 .byte 0x61 # a
.rodata:000F4BD5 .byte 0x69 # i
.rodata:000F4BD6 .byte 0x72 # r
.rodata:000F4BD7 .byte 0x6E # n

Hi, I analyzed dump with binwalk and found several terms that are not visible in the original dump.
cakinit,‡cakdrvs,cakterm,caecmres,$1@Qdy©Äá(this is famous)lol;).I assume it's the lib cak...
 
Hi, I analyzed dump with binwalk and found several terms that are not visible in the original dump.
cakinit,‡cakdrvs,cakterm,caecmres,$1@Qdy©Äá(this is famous)lol;).I assume it's the lib cak...

63 61 6b 6c 69 62 00 00 00 00 00 00 00 12 94 10 00 00 00 00 43 41 4b 37
Ascil: Caklib cak7
 
I wanna remind the people on here not to post any real dumps from the box. They contain sensitive information which allows K....ski to track you down.
 
I wanna remind the people on here not to post any real dumps from the box. They contain sensitive information which allows K....ski to track you down.
XIL1NX has exceeded their stored private messages!:)
 
Can this really be done now? I can read chips with my willem and extract the ird and bk but not the encrypted rsa key.. Does somebody offer this service?
 
Willem

Lmao

Dream on m8

Bk is encrypted like rsa

The only thing u can extract is the ird

To decrypt the block is a lot harder
 
I used to extract the ird and bk back in the day by lifting the chips? unless the flash has been updated and encrypted now?...
 
i suggest u do alot more reading m8

in the old days it was Nagra 1 system

now its Nagra 3 different ball game
 
IDEA-key ********101924314051647990A9C4E2 is this correct ?? from what information i have been reading it should be ********101924314051647990A9C4E1 ??
 
IDEA-key ********101924314051647990A9C4E2 is this correct ?? from what information i have been reading it should be ********101924314051647990A9C4E1 ??
you better edit your post, i think...
 
you better edit your post, i think...

why?? is this not common knowledge? i'm sure if members who have an interest in this can find all the information they require, well maybe not on any English sites!
 
why?? is this not common knowledge? i'm sure if members who have an interest in this can find all the information they require, well maybe not on any English sites!


try it and let us know
 
@ Trojan for me this all theory i have no real desire to spend money and time obtaining dumps etc, i'll leave it mainly to the traders of which there seems to be many springing up for VM now that S*Y card share have no HD channels "but thanks for invite"
 
@ Trojan for me this all theory i have no real desire to spend money and time obtaining dumps etc, i'll leave it mainly to the traders of which there seems to be many springing up for VM now that S*Y card share have no HD channels "but thanks for invite"

well i agree there are plenty popping up alright but they have no interest in learning either they just pay some one to do it for them. but il give you a hint on your post that key you posted will not decrypt your 016c/016e/9882/ block it is a key ok but not the one used for decrypting/encrypting the block.

DEA-key ********101924314051647990A9C4E2 is this correct ?? from what information i have been reading it should be ********101924314051647990A9C4E1 ??


so why say from what you have been reading if you no interest?
 
Status
Not open for further replies.
Back
Top