Nagra Hex Block Decryption Research

[osjavper]

hola a todos amigos una pequeña inquietud el mod1 mod2 data50 mod50 son iguales para todas las tarjetas y entonses la data60 y el mod60 cuales serian caid 1861 gracias
datos50 = B6711C868C3EE72533A4E08C1364B83AEEFDEBE9FB54156A8776D872CBC41FF2E5EA2CBAF4F26A58C521EC53E310FC494354E49ECE6CD0F9631B724FAB0C8BAEC1F66C4CB37AD1DBAF19C342E1DBAF19C342E194354
mod50 = DB9E1F1BD23C6153444E444D8E6C471E162EC63C599D44F476E0D40C3840E0FDB7B63D174DD73B575543983F2F2DFB94E3644958AE642C91636A6BE55528478EB7A422479598C68E6F1FC9D647BBC4D5
mod1 = C1855C43D12D3E5862CA5045FE5DC46603C5E22760835F3D76B0F866911FD95E9616B195515991D8D8ECBDFA08011A40D403B6C2F1E73896E6241DB896EAECAB7C5489C88E742F6291BD84411F46D8814B6BD72CCBD3968D7C7F4211DCFE38DD638AA6839F2CC3F989DCCD5BF7BAE7EB
mod2 = A9259FF98B49597D057FDE727AA1A6B73BEA2F735F8B3559DA8DBE31156030D575318E3ED5E6C655DFCF98B21B250D49AD4DBF79C16B9BE643920207B53D8351C4A7E7199C5A0B3C763A6F72CC3650AB486156EBD88F2F7B34D3FC377C0968DD527CCC002DECA750312866004F087EEB
mod60 = ????????
datos60 = ????????

gramoacias cualquier ayuda

 

[Benfica200]

Your card use unique mode, need keys of block 016c, so your data60 is key3460

 

[osjavper]

Su tarjeta usa un modo único, necesita claves del bloque 016c, por lo que su dat

ok amigo gracias por la aclaracion y el mod60 cual seria

 

[osjavper]

ok amigo gracias por la aclaracion y el mod60 cual seria

o el famoso key60

 

[osjavper]

o el famoso key60

o el exp60

 

[Tadzik]

my cards black nagra caid 1884, cayman crocodile, works only ultrabox, not works my decoder.
not CWPK, nuid and keys, unique paring, CAS7.
boxkey, rsa........?
dump chip Broadcom BCM7252S,
help me.

 

[karlo.e]

you can lost some about this !

 

[pachecoso]

my cards black nagra caid 1884, cayman crocodile, works only ultrabox, not works my decoder.
not CWPK, nuid and keys, unique paring, CAS7.
boxkey, rsa........?
dump chip Broadcom BCM7252S,
help me.

i think for now no public easy solutions are avalaible for the BCM chips.
you need to find a way to get into the decoder , booting some modified uboot, or entering via some jtag/uart hole otherwise you will not get 16C from the flash since it's encrypted.

 

[agatazit]

Hello all,

I have Max Tv data block 016c read from my box, I have correct mod1 + mod2 + Nuid + cwpk0 .... it is working in special oscam for arm with no problem, i have tried to move it on pc ubuntu with emulator qemu-arm this oscam works but not so good it gets segmetation faults very often.
This oscam arm doesn't have fields mod50 and data50.
I tried to compile oscam with cak7 patch for pc ubuntu , all ok but has this fields 50 in reader for me unknown.
Have tried with HD+ mod50 data50, the card connects in private mode, but fails decrypt.
Do anyone have info mod50 adta50 specific for this card or are correct that same HD+ and I miss something else?

Thanks

 

[Benfica200]

Hello all,

I have Max Tv data block 016c read from my box, I have correct mod1 + mod2 + Nuid + cwpk0 .... it is working in special oscam for arm with no problem, i have tried to move it on pc ubuntu with emulator qemu-arm this oscam works but not so good it gets segmetation faults very often.
This oscam arm doesn't have fields mod50 and data50.
I tried to compile oscam with cak7 patch for pc ubuntu , all ok but has this fields 50 in reader for me unknown.
Have tried with HD+ mod50 data50, the card connects in private mode, but fails decrypt.
Do anyone have info mod50 adta50 specific for this card or are correct that same HD+ and I miss something else?

Thanks

Data50 and mod50 is same on all cards cak7...

 

[agatazit]

Data50 and mod50 is same on all cards cak7...

so is correct keys 50 = B671.. and DB9E..
what can be the problem of no decryption with self compiled oscam ...

 

[Benfica200]

so is correct keys 50 = B671.. and DB9E..
what can be the problem of no decryption with self compiled oscam ...

Something is wrong on you side!

 

[frankviana]

EDIT:

Sorry... this is for Cable.

Wrong section.

 

[rumas]

so is correct keys 50 = B671.. and DB9E..
what can be the problem of no decryption with self compiled oscam ...

post your reader(oscam.server), maybe you have wrong configuration ...
;

 

[agatazit]

post your reader(oscam.server), maybe you have wrong configuration ...
;

Thanks rumas, I've tried also exactly yours compile from streamboard,
same thing, the card is initialised to unique mode properly , but on decode empty cmd CCCCCC and no cw

[reader]
label = maxtv_16
protocol = mouse
device = /dev/ttyUSB0
cacheex_allow_filter = 0
cacheex_lg_only_remote_settings= 0
caid = 1830
boxkey = 623934XXXXX0F39C
rsakey = C08D45D78756F169443AAEC8B68711DDC46E7069873224DF483F53066082F8A63D4B5CB24E593E8BF01856D270FF4B39A8F8C9711F8D21CA97E3757676E65E45
mod1 = 9AB78201C1BA2786EEDBAB070FE498305AD6EF49CC5CFCD00352162DAC6E4DAB14B1A64ED76BD185D09468DB6CD1DEEFA6F4C8FD184FE97FF1C59514FF810DF7AE027B9B3B7C6BFD7A8BAF8CE1D2573AB575FFF6B3C69C6AD529EE8D9281BA2C6B2CEF7B8A8868D985F1685B533BB7D7
mod2 = E4C4CEFEAA0E49553FD4E1E3EA584EC8EDBB0C49154E22822C73804A31E4B77AB8EE61EA7B94A5C63F007CDFA877B9EE855433CD54E5897DDF1209340EA2725170C4295A8CDD056BDBD8E37C070C65C611536C25E164A0CF1169AB248FCCD275B3DC79496D168820487C68013F53BA79
key3588 = CC749F9BDC8617EA89D71FCCD7F13EA2D24F12833303108741D182145F07F7B18C548BDD541FF81568D538F8CAB0F4867FE11B1455D5D415994733C487E2589456D18DA580648C6A7701059AB2A011C34F11F68C52715FC2A34882C7E8D86E6EEA0104B6AF58017D6E01397DD3D17CD3756FE6CDA5715188E05D5F3AC266C70644B97AFF4A27A2C6
key3460 = AECF7DB631805A7DE10A7C2EC3CB3EFAD98AAA22ED2A42A8F1DAD8B1D281C8A9275E65BFA7F661FE9DFBF091A0EFC03A917C5900D041F399EDA9FC97C6B794BDAC524092658F5017090D55B71B2BB97027CABF89406B7D84A637EE0B9E24C06D
key3310 = 339DFED11543B1DDFB12DE7C83XXXXXX
data50 = B6711C868C3EE72533A4E08C1364B83AEEFDEBE9FB54156A8776D872CBC41FF2E5EA2CBAF4F26A58C521EC53E310FC494354E49ECE6CD0F9631B724FAB0C8BAEC1F66C346AD2DB1CB3871AF44C1E1592
mod50 = DB9E1F1BD23C6153444E444D8E6C471E162EC63C599D44F476E0D40C3840E0FDB7B63D174DD73B575543983F2F2DFB94E3644958AE642C91636A6BE55528478EB7A422479598C68E6F1FC9D647BBC4D5
idird = 67XXXXAC
nuid = 8XXXXXXX
cwekey = 9XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0,0,0,0,0,0,0,0
fix07 = 0
detect = cd
nagra_read = 1
detect_seca_nagra_tunneled_card= 2
ident = 1830:000000
group = 1
emmcache = 1,1,5,0
saveemm-unknown = 1
saveemm-u = 1
saveemm-s = 1
saveemm-g = 1
auprovid = 00AA81
read_old_classes = 0

 

[Benfica200]

Thanks rumas, I've tried also exactly yours compile from streamboard,
same thing, the card is initialised to unique mode properly , but on decode empty cmd CCCCCC and no cw

[reader]
label = maxtv_16
protocol = mouse
device = /dev/ttyUSB0
cacheex_allow_filter = 0
cacheex_lg_only_remote_settings= 0
caid = 1830
boxkey = 623934XXXXX0F39C
rsakey = C08D45D78756F169443AAEC8B68711DDC46E7069873224DF483F53066082F8A63D4B5CB24E593E8BF01856D270FF4B39A8F8C9711F8D21CA97E3757676E65E45
mod1 = 9AB78201C1BA2786EEDBAB070FE498305AD6EF49CC5CFCD00352162DAC6E4DAB14B1A64ED76BD185D09468DB6CD1DEEFA6F4C8FD184FE97FF1C59514FF810DF7AE027B9B3B7C6BFD7A8BAF8CE1D2573AB575FFF6B3C69C6AD529EE8D9281BA2C6B2CEF7B8A8868D985F1685B533BB7D7
mod2 = E4C4CEFEAA0E49553FD4E1E3EA584EC8EDBB0C49154E22822C73804A31E4B77AB8EE61EA7B94A5C63F007CDFA877B9EE855433CD54E5897DDF1209340EA2725170C4295A8CDD056BDBD8E37C070C65C611536C25E164A0CF1169AB248FCCD275B3DC79496D168820487C68013F53BA79
key3588 = CC749F9BDC8617EA89D71FCCD7F13EA2D24F12833303108741D182145F07F7B18C548BDD541FF81568D538F8CAB0F4867FE11B1455D5D415994733C487E2589456D18DA580648C6A7701059AB2A011C34F11F68C52715FC2A34882C7E8D86E6EEA0104B6AF58017D6E01397DD3D17CD3756FE6CDA5715188E05D5F3AC266C70644B97AFF4A27A2C6
key3460 = AECF7DB631805A7DE10A7C2EC3CB3EFAD98AAA22ED2A42A8F1DAD8B1D281C8A9275E65BFA7F661FE9DFBF091A0EFC03A917C5900D041F399EDA9FC97C6B794BDAC524092658F5017090D55B71B2BB97027CABF89406B7D84A637EE0B9E24C06D
key3310 = 339DFED11543B1DDFB12DE7C83XXXXXX
data50 = B6711C868C3EE72533A4E08C1364B83AEEFDEBE9FB54156A8776D872CBC41FF2E5EA2CBAF4F26A58C521EC53E310FC494354E49ECE6CD0F9631B724FAB0C8BAEC1F66C346AD2DB1CB3871AF44C1E1592
mod50 = DB9E1F1BD23C6153444E444D8E6C471E162EC63C599D44F476E0D40C3840E0FDB7B63D174DD73B575543983F2F2DFB94E3644958AE642C91636A6BE55528478EB7A422479598C68E6F1FC9D647BBC4D5
idird = 67XXXXAC
nuid = 8XXXXXXX
cwekey = 9XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0,0,0,0,0,0,0,0
fix07 = 0
detect = cd
nagra_read = 1
detect_seca_nagra_tunneled_card= 2
ident = 1830:000000
group = 1
emmcache = 1,1,5,0
saveemm-unknown = 1
saveemm-u = 1
saveemm-s = 1
saveemm-g = 1
auprovid = 00AA81
read_old_classes = 0

Hehehe
Use this.
GitHub - SambasOnFire/oscam-smod: modern & emu based oscam, but in-line with the latest trunk too

 

[frankviana]

Hehehe
Use this.
GitHub - SambasOnFire/oscam-smod: modern & emu based oscam, but in-line with the latest trunk too

Which difference between oscam-smod from enigma2 feeds?

 

[agatazit]

Hehehe
Use this.
GitHub - SambasOnFire/oscam-smod: modern & emu based oscam, but in-line with the latest trunk too

i cannot compile it successfully WITH_EMU it is neccessary? I have error on biss , have Openssl1.1.1 (use_libcrypto) maybe is my linux box .
I compiled it without EMU successfully , now will try the card.
Thanks

 

[frankviana]

I see here for cable section... but how to find correct section for satellite and about nagra decryption?

If posting in the wrong place, please move it to the correct one.

I'm new here and I've only had a card for a while.

I have this:

2022/10/18 21:23:54 03153911 r (reader) SmartCard [internal] detect native nagra card
2022/10/18 21:23:54 03153911 r (reader) SmartCard [internal] ready for requests
2022/10/18 21:23:54 03153911 r (reader) SmartCard [internal] found card system nagra
2022/10/18 21:23:54 03153911 r (reader) SmartCard [nagra] THIS WAS A SUCCESSFUL START ATTEMPT No 1 out of max allotted of 1
2022/10/18 21:23:54 03153911 r (reader) SmartCard [nagra] ROM: D N A S P 1 4 2
2022/10/18 21:23:54 03153911 r (reader) SmartCard [nagra] REV: R e v G 1 3
2022/10/18 21:23:54 03153911 r (reader) SmartCard [nagra] SER: ############
2022/10/18 21:23:54 03153911 r (reader) SmartCard [nagra] CAID: 1802
2022/10/18 21:23:54 03153911 r (reader) SmartCard [nagra] Prv.ID: 00 00 xxxxxxxxx
2022/10/18 21:23:54 03153911 r (reader) SmartCard [nagra] Prv.ID: 00 00 00 00
2022/10/18 21:23:54 03153911 r (reader) SmartCard [nagra] IRD ID: ############
2022/10/18 21:23:54 03153911 r (reader) SmartCard [nagra] active to: 2022/12/15 11:59


I'm using oscam-smod from feeds and I don't know which files I need to insert to open HD channels.

=================================================================================

And encrypted cwpk data (only sd channels)

--------------------------------------------------------

Opening File:
C:\Users\x\Downloads\[email protected]
4194560 Bytes
4096 Kb
Hex 0x400100

Searching... 0x 0000006E
String was not found in file

Searching... 0x 0000016C
String was found at offset 0x3FD00
String lenght 0x200
IRD = 0x xxxxxxxxxxxxxxxxxxxxxxx
IRD = 1xxxxxxxxxxxxxxxxxxxxxxx

Block Header: 0000016C
MAGIC Data:
IRD = 0x 6xxxxxxxxxxxxxxxxxxxxxxx
IRD = 1xxxxxxxxxxxxxxxxxxxxxxx
key(2008) = 6xxxxxxxxxxxxxxxxxxxxxxx
key(3008) = 5xxxxxxxxxxxxxxxxxxxxxxx
key(3140) == (RSA) = F5xxxxxxxxxxxxxxxxxxxxxxx
key(3310) = xxxxxxxxxxxxxxxxxxxxxxx
key(3460) = xxxxxxxxxxxxxxxxxxxxxxx
key(3588) = xxxxxxxxxxxxxxxxxxxxxxx
key(D008) = xxxxxxxxxxxxxxxxxxxxxxx
key(E002) = 0007
key(D008) XOR key(3008) == (BoxKey) = xxxxxxxxxxxxxxxxxxxxxxx

--------------------------------------------------------------------------------------------------------------------------------

Searching... 0x 000001B1
String was not found in file

Searching... 0x 00000097
String was found at offset 0x3FC00
String lenght 0xC0
NUID = 0x Bxxxxxxxxxxxxxxxxxxxxxxx
NUID = 3xxxxxxxxxxxxxxxxxxxxxxx

Block Header: 00000097
NUID = 0x Bxxxxxxxxxxxxxxxxxxxxxxx
NUID = 3xxxxxxxxxxxxxxxxxxxxxxx
0001
Provider ID: xxxx
010001
Header CWPK: 0x81
Header CWPK key sizes: 0x10
CWPK0 encrypted: 7xxxxxxxxxxxxxxxxxxxxxxx
CWPK1 encrypted: Bxxxxxxxxxxxxxxxxxxxxxxx
CWPK2 encrypted: 0xxxxxxxxxxxxxxxxxxxxxxx
CWPK3 encrypted: 6xxxxxxxxxxxxxxxxxxxxxxx
CWPK4 encrypted: Fxxxxxxxxxxxxxxxxxxxxxxx
CWPK5 encrypted: Fxxxxxxxxxxxxxxxxxxxxxxx
CWPK6 encrypted: Dxxxxxxxxxxxxxxxxxxxxxxx
CWPK7 encrypted: 6xxxxxxxxxxxxxxxxxxxxxxx

------------------------------------------------------------------------

Thanks

 

[frankviana]

Hehehe
Use this.
GitHub - SambasOnFire/oscam-smod: modern & emu based oscam, but in-line with the latest trunk too

INK Distribution/oscam-smod+git+2218+7a14e28-x86_64-linux-gnu-ssl.debug
STRIP Distribution/oscam-smod+git+2218+7a14e28-x86_64-linux-gnu-ssl
user@user-linux-mint:~/Downloads/oscam-smod$

This is only for pc?

Any way to compile for enigma2 boxes? I don't see option to choose arm-dream for example.

make config