Nagra Hex Block Decryption Research

pachecoso

pachecoso

DW Member +
Joined
Jan 22, 2017
Messages
130
Reaction score
78
Hello everyone
I am going to open this topic after I have spoken and asked permission from an admin
to be able to continue our research topic.
We can talk and learn from everyone about this topic.
For those interested please, no insults and keep calm always so we can have a normal conversation
in this topic please like adults,
this way we will guarantee the continuity of this study topic for those interested to give and learn.

So many changes have been made lately in crypto systems.
who has studied the various new blocks that have appeared?
for example block 0370 who already burned brains studying him?
As i saw it has 370 bytes so maybe something hidden in it, that we already know from past?

Greetings to everyone
 
@pachecoso Thx for Opening this Thread
i am Interested in this but me would more interest if anyone was able to dump the Cards

i just see the dumps of the boxes and if all data that is needed is inside the box or if
the Important ones are still in the Cards

i Mean the Cards know the Boxid & Ins when they are running in Other Cam
so all Data must be in The Cards and is that the easier way or the harder one to get the Information needed to
Kick out the Original Box from the window with the Crappy Software from Synmedia
 
yes, it would be nice for everyone to colaborate ;
specially with the last version of "NAGRA MA" that used in these providers: 1882:000000, 1883:000000,1886:000000;
;
 
rumas said:
yes, it would be nice for everyone to colaborate ;
specially with the last version of "NAGRA MA" that used in these providers: 1882:000000, 1883:000000,1886:000000;
;
Click to expand...
explain more about your issue.
you have some dump to analyze?
 
i would be happy if i would have a Dump from the BCM7358 looks like not so easy to get one
with Broadcom Studio looks like no way to get any Dump

would be nice if That whole Thread would not be only about Decrypt it would be better if it would begin from getting the Dump till Decrypting it

what are you peepz used for getting the dump Jtag Uart ??? what is the best way to get any Crypted Dump
i can still read here and test but Nothing till now really bringed me till the Dump

i Respekt really evryone who was able to Dump that Boxes
but i ask my self is the Box or the Card the Key
 
Did anyone Managed how to Decrypt that Crypted Dumps from the Flash ???
or is there Game Over then
 
August12 said:
i would be happy if i would have a Dump from the BCM7358 looks like not so easy to get one
with Broadcom Studio looks like no way to get any Dump

would be nice if That whole Thread would not be only about Decrypt it would be better if it would begin from getting the Dump till Decrypting it

what are you peepz used for getting the dump Jtag Uart ??? what is the best way to get any Crypted Dump
i can still read here and test but Nothing till now really bringed me till the Dump

i Respekt really evryone who was able to Dump that Boxes
but i ask my self is the Box or the Card the Key
Click to expand...
dump you can get over desoldering bga and read it with a flash reader.
for the card you can dump if you have all the secrets to run unlooper on good frequency.
Let us know some more info about your board and bga model maybe someone can help in here.
 
rafadias6 said:
cim unlooper acho dificil
Click to expand...
Please @rafadias6 talk in english in here this is not PT forum.
and yes for sure it's possible nothing impossible with money and time , you only need to modify the frequency crystal from your unlooper to correspond to the speed of new atmel processor of the new generation cards.
how do you thing n2 cards where fully opened ?
as per say of someone same trick as before works on n3 cards , only unlooper needs to be adapted ;)
 
pachecoso said:
not game over , only skills are need
what is your receiver model ?
Click to expand...
i Tried on Different Boxes now and always get the same Crypted Things from them but my Target is the Kaon Box with BCM7358 because that is the one that is Important for my Card i get the Broadband Studio Connected to it but still was not able to Read anything out of it Because i dont have the Right Data for the Nand and Flash Chip and Whatever i Try it dont Match

i Really want to Learn something and Finally Buyed different Things to show what i can do i dont have the Knowlegde like the Most Peepz here who reply and Only Thing that i want is to get One Card finnaly to Run in Oscam and Kick out the Original Box out of the Window

i Tried with Osziloskope and Showed what the I2C Bus is sending Out
that was not so good and now i Bought an DS Logic Analyzer in hope to see little Bit more
when it arrive

most Boxes havent Jtag that i have or it is Possible only if i Hang Directly on Chip but thats to much for me because i dont have really that Knowlegde to do that so i only can Read about how things are going and Try out

thats why any help is welcome what i can try to do and i am Thankfull for any Pointing me in Right Direction

Then i Logged with Different Terminals the Serial Outputs on some Boxes
There was not much Info Inside some show just some Booting and that they Close OTP Sectors after Boot

Next Step would be that i Read more about the Cards and Look if there i can get any Information from them
i Have here some NDS Cards older ones and new ones for Trying
and i Have Bought some Nagra Cards to do same but i asume with Unlooper or Similar there are not Much Chances to get anything
 
August12 said:
i Tried on Different Boxes now and always get the same Crypted Things from them but my Target is the Kaon Box with BCM7358 because that is the one that is Important for my Card i get the Broadband Studio Connected to it but still was not able to Read anything out of it Because i dont have the Right Data for the Nand and Flash Chip and Whatever i Try it dont Match

i Really want to Learn something and Finally Buyed different Things to show what i can do i dont have the Knowlegde like the Most Peepz here who reply and Only Thing that i want is to get One Card finnaly to Run in Oscam and Kick out the Original Box out of the Window

i Tried with Osziloskope and Showed what the I2C Bus is sending Out
that was not so good and now i Bought an DS Logic Analyzer in hope to see little Bit more
when it arrive

most Boxes havent Jtag that i have or it is Possible only if i Hang Directly on Chip but thats to much for me because i dont have really that Knowlegde to do that so i only can Read about how things are going and Try out

thats why any help is welcome what i can try to do and i am Thankfull for any Pointing me in Right Direction

Then i Logged with Different Terminals the Serial Outputs on some Boxes
There was not much Info Inside some show just some Booting and that they Close OTP Sectors after Boot

Next Step would be that i Read more about the Cards and Look if there i can get any Information from them
i Have here some NDS Cards older ones and new ones for Trying
and i Have Bought some Nagra Cards to do same but i asume with Unlooper or Similar there are not Much Chances to get anything
Click to expand...
did you already check for uart connections on your kaon box ?
 
on the Normal Pins no Uart Tested Uart on some Other Boxes and Logged the Boot
but on the Kaon seems that i must search somewhere on the Chips for Uart
 
Anybody know the rsamod's for Ziggo/UPC The Netherlands ? (CAID 1801/1850/1868)
 
Benfica200 said:
Your have dump?I cant remember now I get this long time ago!
Click to expand...

Yes i have multiple, but the card still uses cak6 at the moment. But it could be switched in the future. At the moment i have very little time but i will get back to you.,
 
Is it correct Ziggo?

Provider ID: 7811

Cau Adas
 
You must log in or register to reply here.

Similar threads

S
    • Like
Ever wonder what happens when you forget history or are nationally arrogant?
Replies
0
Views
200
Sandra51
S
S
    • Like
    • Wow
Ever wonder what happens when you forget history or are nationally arrogant?
Replies
1
Views
248
miggy
miggy
trevortron
    • Like
Before you fly on a Boeing aircraft, especially a 737Max
Replies
0
Views
761
trevortron
trevortron
alimac
    • Like
Over 11 million people have installed spyware from 'Big Star Labs'
Replies
0
Views
515
alimac
alimac
M
Windows 8.1 AIO x86/x64 FR pre-activated + office16 pre-activated + 7 softwares + 239 updates
Replies
0
Views
4K
mehdibleu
M
Back
Top