Nagra Hex block Decryption

[pachecoso]

I have bcm7346 locked and bcm7346 unlocked !
I get this bcm7346 in factory service, this have uart open and telnet open!
Whats cmd to extract rootkey or cwpk, this bcm have NUID FF FF FF FF and not have any data in block 00 00 00 97.

can you dump your nand via telnet ? test command nandump -h

 

[braza]

I can dump nand 128MB or Spi ( bga24) 4 MB or /dev/mem 256 mb !
I can?t dump dev/kmem why ?

 

[pachecoso]

can you dump and send me over pm please ? for algo study purposes

 

[braza]

Why ?
cwpk is inside NAND after boot up ?

 

[pachecoso]

share and then if i have something i share back with you.
without content i can't help your questions friend.

 

[Benfica200]

share and then if i have something i share back with you.
without content i can't help your questions friend.

"Thank you for sharing" LOL
It is rare to catch serious people in this world!!!

 

[ULtraJAnk]

Hi everyone, maybe you can help me with information from cak 7 nagra to south america, we are lost in information.

 

[hanna80]

hi.. anyone can help me with block 006e??

 

[pachecoso]

hi.. anyone can help me with block 006e??

what do you need ?

 

[hanna80]

I have a dump file that only have this block 006e but is not the right estructur i mean 0000006eirdird0303.. can anyone send me your Skype to better chat?

 

[pachecoso]

nice to see that portuguese company Novabase is involved on the dev for Movistar provider.

You don't have permission to view the code content. Log in or register now.

share some files hope that someone can extract the yaffs from it

 

[Benfica200]

nice to see that portuguese company Novabase is involved on the dev for Movistar provider.

You don't have permission to view the code content. Log in or register now.

share some files hope that someone can extract the yaffs from it

Forget, yaffs is pissed off!lol

 

[pachecoso]

Forget, yaffs is pissed off!lol

your brain is pissed off i have already extracted some file via cpio so don't talk sh*t eheh

 

[Benfica200]

your brain is pissed off i have already extracted some file via cpio so don't talk sh*t eheh

Cpio is yaffs filesystem?!oh god... In this file with some tricks only get rodata file here have keys to get mods,data50,mod50 and others shit!hehehe

 

[pachecoso]

Cpio is yaffs filesystem?!oh god... In this file with some tricks only get rodata file here have keys to get mods,data50,mod50 and others shit!hehehe

i din't sayd that cpio is yaffs filesystem ....
i sayd that over cpio i have already extracted some files in this files....

 

[Benfica200]

i din't sayd that cpio is yaffs filesystem ....
i sayd that over cpio i have already extracted some files in this files....

cpio is not big deal to extracted files, any user with basic knowledge of linux commands done job...
Of course that there are some that are modified the headers there is sandwiched extract files

 

[Benfica200]

nice to see that portuguese company Novabase is involved on the dev for Movistar provider.

You don't have permission to view the code content. Log in or register now.

share some files hope that someone can extract the yaffs from it

Caid: 1861
Provid: 007311
Id: 007211(Sysid)

MOD1-C1855C43D12D3E5862CA5045FE5DC46603C5E22760835F3D76B0F866911FD95E9616B195515991D8D8ECBDFA08011A40D403B6C2F1E73896E6241DB896EAECAB7C5489C88E742F6291BD84411F46D8814B6BD72CCBD3968D7C7F4211DCFE38DD638AA6839F2CC3F989DCCD5BF7BAE7EB

MOD2-A9259FF98B49597D057FDE727AA1A6B73BEA2F735F8B3559DA8DBE31156030D575318E3ED5E6C655DFCF98B21B250D49AD4DBF79C16B9BE643920207B53D8351C4A7E7199C5A0B3C763A6F72CC3650AB486156EBD88F2F7B34D3FC377C0968DD527CCC002DECA750312866004F087EEB

 

[viperx32cwpk]

[/QUOTE]Benfica200, post: 2652644, member: 254071"]Caid: 1861
Provid: 007311
Id: 007211(Sysid)

MOD1-C1855C43D12D3E5862CA5045FE5DC46603C5E22760835F3D76B0F866911FD95E9616B195515991D8D8ECBDFA08011A40D403B6C2F1E73896E6241DB896EAECAB7C5489C88E742F6291BD84411F46D8814B6BD72CCBD3968D7C7F4211DCFE38DD638AA6839F2CC3F989DCCD5BF7BAE7EB

MOD2-A9259FF98B49597D057FDE727AA1A6B73BEA2F735F8B3559DA8DBE31156030D575318E3ED5E6C655DFCF98B21B250D49AD4DBF79C16B9BE643920207B53D8351C4A7E7199C5A0B3C763A6F72CC3650AB486156EBD88F2F7B34D3FC377C0968DD527CCC002DECA750312866004F087EEB[/QUOTE]

Hi #Benfica200 good??

#! /bin/sh
#
# rcS Call all S??* scripts in /etc/rcS.d in
# numerical/alphabetical order.
#
# Version: @(#)/etc/init.d/rcS 2.76 19-Apr-1999 [email protected]
#

PATH=/sbin:/bin:/usr/sbin:/usr/bin
runlevel=S
prevlevel=N
umask 022
export PATH runlevel prevlevel

#
# See if system needs to be setup. This is ONLY meant to
# be used for the initial setup after a fresh installation!
#
if [ -x /sbin/unconfigured.sh ]
then
/sbin/unconfigured.sh
fi

#
# Source defaults.
#
. /etc/default/rcS
export VERBOSE

#
# Trap CTRL-C &c only in this shell so we can interrupt subprocesses.
#
trap ":" INT QUIT TSTP

#
# Call all parts in order.
#
for i in /etc/rc.d/rcS.d/S??*
do
# Ignore dangling symlinks for now.
[ ! -f "$i" ] && continue

case "$i" in
*.sh)
# Source shell script for speed.
(
trap - INT QUIT TSTP
set start
. $i
)
;;
*)
# No sh extension, so fork subprocess.
$i start
;;
esac
done

#
# Finish setup if needed. The comment above about
# /sbin/unconfigured.sh applies here as well!
#
if [ -x /sbin/setup.sh ]
then
/sbin/setup.sh
fi

hug

 

[viperx32cwpk]

Benfica200, post: 2652644, member: 254071"]Caid: 1861
Provid: 007311
Id: 007211(Sysid)

MOD1-C1855C43D12D3E5862CA5045FE5DC46603C5E22760835F3D76B0F866911FD95E9616B195515991D8D8ECBDFA08011A40D403B6C2F1E73896E6241DB896EAECAB7C5489C88E742F6291BD84411F46D8814B6BD72CCBD3968D7C7F4211DCFE38DD638AA6839F2CC3F989DCCD5BF7BAE7EB

MOD2-A9259FF98B49597D057FDE727AA1A6B73BEA2F735F8B3559DA8DBE31156030D575318E3ED5E6C655DFCF98B21B250D49AD4DBF79C16B9BE643920207B53D8351C4A7E7199C5A0B3C763A6F72CC3650AB486156EBD88F2F7B34D3FC377C0968DD527CCC002DECA750312866004F087EEB[/QUOTE]

Hi #Benfica200 good??



hug

#!/bin/sh

if [ -e /etc/mdwcoredump.conf ]; then
echo "Coredump mode activated"
ulimit -c unlimited
ulimit -H -c unlimited
ulimit -a
sysctl -w fs.suid_dumpable=2
fi

# optional features
opt_dhcpcd=0
source ./datafs_folders

# DHCPCD as daemon
[ -e /usr/sbin/fusdhcp ] && opt_dhcpcd=1

TMP=`fdisk -l /dev/sda > /tmp/disk_size 2>&1`
FDISK_ERROR=`cat /tmp/disk_size | grep "No such device or address"`
if [ -z $FDISK_ERROR ]; then
DISK_SDA_PRESENT=1
else
DISK_SDA_PRESENT=0
fi

echo "Is disk present on /dev/sda ? : $DISK_SDA_PRESENT" > /dev/null

# fonction
# mount the data fs file system and manage reset factory
# for it
mount_datafs () {

# DATAFS
echo "Datafs Configuration"
mkdir /tmp/datafs
mount -t jffs2 -o rw,nosuid,nodev,noexec /dev/mtdblock$DATAFS /tmp/datafs
echo " Done"

if [ -e /root/apps/version/check_fs_version.sh ]; then
/root/apps/version/check_fs_version.sh
fi

if [ -e ./migrate_to_usermode.sh ]; then
./migrate_to_usermode.sh
fi

RESET_FACTORY=0
[ ! -e $boot_folder/reset_factory ] && RESET_FACTORY=1
[ -d $boot_folder ] && [ ! -e $boot_folder/reset_factory ] && RESET_FACTORY=1

FORMAT_HDD=0
FORCE_CHKFS=0
if [ -e ./setup_hdd.sh -a $DISK_SDA_PRESENT -eq 1 ]; then
[ ! -e $boot_folder/format_hdd ] && FORMAT_HDD=1
[ -d $boot_folder ] && [ ! -e $boot_folder/format_hdd ] && FORMAT_HDD=1
[ -e /tmp/datafs/force_chkfs ] && FORCE_CHKFS=1
if [ $FORMAT_HDD -eq 0 ]; then
NEW_PARTITIONS_VER=`cat /opt/partitions_ver.txt`
OLD_PARTITIONS_VER=`cat $boot_folder/format_hdd`
if [ "$NEW_PARTITIONS_VER" != "$OLD_PARTITIONS_VER" ] && [ "$OLD_PARTITIONS_VER" != "" ]; then
FORMAT_HDD=1
fi
fi
fi

if [ ! -d $boot_folder -a $RESET_FACTORY -eq 0 ]; then
mkdir $boot_folder
chmod 777 $boot_folder
touch $boot_folder/reset_factory
chmod 666 $boot_folder/reset_factory
fi

if [ ! -e $boot_folder/reset_db -a -e ./TLFP.ECTI89 ]; then
echo "Deleting DB in $middleware_folder/*.db ..."
rm -f $middleware_folder/*.db
touch $boot_folder/reset_db
echo " done !"
fi

if [ ! -e $middleware_folder -o $RESET_FACTORY -eq 1 ]; then
echo "Reset Factory Pending"
umount /tmp/datafs
flash_eraseall /dev/mtd$DATAFS
cat /appsfs_mtd2_jffs2.img > /dev/mtd$DATAFS
mount -t jffs2 /dev/mtdblock$DATAFS /tmp/datafs
touch /tmp/datafs/reset_factory
mkdir $boot_folder
chmod 777 $boot_folder
touch $boot_folder/reset_factory
chmod 666 $boot_folder/reset_factory
touch $boot_folder/reset_db
chmod 666 $boot_folder/reset_db
if [ $FORMAT_HDD -eq 0 ]; then
touch $boot_folder/format_hdd
chmod 666 $boot_folder/format_hdd
fi
echo " Done"
#reboot
fi
}

echo "Init..."

# MBS.ITSAD88.PVOD
# remount / to read-only
if [ -e ./MBS.ITSAD88.PVOD ]; then
echo "remounting /"
mount -oremount,ro rootfs /
echo " Done"
fi

if [ -e ./script_vlan.sh ]; then
# optional feature configuration of marvell (vlan)
echo "Launch VLAN"
./script_vlan.sh
echo " Done"
else

echo "IFCONFIG support"
if [ -e ./TLF.DSI* ]; then
ETH0_TEST=`ifconfig -s | grep eth0`
if [ "$ETH0_TEST" != "" ]; then
ifconfig eth0 up
# Default NW route to eth0 interface.
route add default eth0
fi
else
ifconfig eth0 up
route add default eth0
fi
fi
echo " Done"


DATAFS=`grep \"DATA* /proc/mtd | cut -c4`
echo "DATAFS=$DATAFS"

date 090909092009
# TZ variable must NOT be set since we use /etc/localtime file to set the local time offset

# Migration des fichiers OS21 -> Linux
if [ -e /usr/bin/migrate.sh ]; then
echo "Migrate OS21 Filesystem"
/usr/bin/migrate.sh
echo " Done"
fi

# Configure kernel TCP/IP stack parameters
sysctl -p >/dev/null 2>&1

sysctl -w kernel.panic=10

if [ "$opt_dhcpcd" -eq 1 ]; then
ifconfig lo up
mount_datafs
/etc/init.d/fusdhcpd start
# Patch to avoid HAL2 crash when reset factory
# A root cause must be found PR 39763
if [ $RESET_FACTORY -eq 1 ]; then
sleep 3;
fi
fi

# Not for ITAD83 SD FT
if [ -e /lib/modules/gsechal_core.ko ]; then
echo "Special Core insmod"
insmod /lib/modules/gsechal_core.ko
echo " Done"
fi

# FSs
if [ -e /lib/modules/fat.ko ]; then
echo "Fat Support"
insmod /lib/modules/fat.ko
echo " Done"
fi
if [ -e /lib/modules/msdos.ko ]; then
echo "Msdos Support"
insmod /lib/modules/msdos.ko
echo " Done"
fi
if [ -e /lib/modules/ntfs.ko ]; then
echo "Ntfs Support"
insmod /lib/modules/ntfs.ko
echo " Done"
fi
if [ -e /lib/modules/vfat.ko ]; then
echo "Vfat Support"
insmod /lib/modules/vfat.ko
echo " Done"
fi
if [ -e /lib/modules/nls_cp437.ko ]; then
echo "Nls_cp437 Support"
insmod /lib/modules/nls_cp437.ko
echo " Done"
fi
if [ -e /lib/modules/nls_cp850.ko ]; then
echo "nls_cp850 Support"
insmod /lib/modules/nls_cp850.ko
echo " Done"
fi

# Mass storage
if [ -e /lib/modules/usbcore.ko ]; then
echo "usbcore Support"
insmod /lib/modules/usbcore.ko
echo " Done"
fi

if [ -e /lib/modules/usb-storage.ko ]; then
echo "Usb Mass Storage Support"
insmod /lib/modules/usb-storage.ko
echo " Done"
fi

# PVR
if [ -e /lib/modules/scsi_mod.ko ]; then
echo "PVR Addon Support"
insmod /lib/modules/scsi_mod.ko
echo " Done"
fi

if [ -e /lib/modules/sd_mod.ko ]; then
echo "PVR Addon Support"
insmod /lib/modules/sd_mod.ko
echo " Done"
fi

# SATA
if [ -e /lib/modules/libata.ko ]; then
echo "SATA Support 1"
insmod /lib/modules/libata.ko
echo " Done"
fi

if [ -e /lib/modules/sata_stm.ko ]; then
echo "SATA Support 2"
insmod /lib/modules/sata_stm.ko
echo " Done"
fi
if [ -e /lib/modules/ehci-hcd.ko ]; then
echo "ehci-hcd Support"
insmod /lib/modules/ehci-hcd.ko
echo " Done"
fi
if [ -e /lib/modules/ohci-hcd.ko ]; then
echo "ohci-hcd Support"
insmod /lib/modules/ohci-hcd.ko
echo " Done"
fi
if [ -e /lib/modules/hcd-stm.ko ]; then
echo "hcd-stm Support"
insmod /lib/modules/hcd-stm.ko
echo " Done"
fi

# HAL3
echo "HAL3 insmod"
if [ -e /lib/modules/im.sh ]; then
/lib/modules/im.sh
else
insmod /lib/modules/hal3.ko
fi

echo " Done"

if [ -e /root/wifi/rt5370sta.ko ]; then
echo "Wifi Support"
insmod /root/wifi/rt5370sta.ko
/root/wifi/start_wifi.sh &
echo " Done"
fi

if [ -e /usr/bin/unlockhdd ]; then
/usr/bin/unlockhdd > /dev/null 2> /dev/null
fi

if [ "$opt_dhcpcd" -eq 0 ]; then
ifconfig lo up
mount_datafs
fi

NANDFS=-1
# NAND Support
if [ -e /lib/modules/mtd_hal2.ko ]; then
echo "NAND Module insmod"
insmod /lib/modules/mtd_hal2.ko
NANDFS=`grep NAND\ HAL2 /proc/mtd | cut -c4`
echo " Done"
fi

 

[viperx32cwpk]

Benfica200, post: 2652644, member: 254071"]Caid: 1861
Provid: 007311
Id: 007211(Sysid)

MOD1-C1855C43D12D3E5862CA5045FE5DC46603C5E22760835F3D76B0F866911FD95E9616B195515991D8D8ECBDFA08011A40D403B6C2F1E73896E6241DB896EAECAB7C5489C88E742F6291BD84411F46D8814B6BD72CCBD3968D7C7F4211DCFE38DD638AA6839F2CC3F989DCCD5BF7BAE7EB

MOD2-A9259FF98B49597D057FDE727AA1A6B73BEA2F735F8B3559DA8DBE31156030D575318E3ED5E6C655DFCF98B21B250D49AD4DBF79C16B9BE643920207B53D8351C4A7E7199C5A0B3C763A6F72CC3650AB486156EBD88F2F7B34D3FC377C0968DD527CCC002DECA750312866004F087EEB

Hi #Benfica200 good??



hug

# Mount NAND filesystem
if [ $NANDFS -ne -1 ]; then
echo "NAND Configuration"
if [ $RESET_FACTORY -eq 1 ]; then
echo " Format nand"
ubiformat -y /dev/mtd$NANDFS
echo " Done"
fi
ubiattach /dev/ubi_ctrl -d 0 -m $NANDFS > /tmp/nand.txt
if [ $? != 0 ]; then
ubiformat -y /dev/mtd$NANDFS
ubiattach /dev/ubi_ctrl -d 0 -m $NANDFS > /tmp/nand.txt
fi
UBIMAJOR=`cat /sys/class/ubi/ubi0/dev | cut -d : -f 1`
UBIMINOR=`cat /sys/class/ubi/ubi0/dev | cut -d : -f 2`
mknod /tmp/ubi0 c $UBIMAJOR $UBIMINOR
mount -t ubifs -o sync ubi0:sc_ubivol /mnt/nand
if [ $? != 0 ]; then
echo " Make Volume"
NANDFS_SIZE=`cat /tmp/nand.txt | awk '{printf $17}' | awk -F . '{printf "%sMiB", $1}'`
ubimkvol /dev/ubi0 -s $NANDFS_SIZE -N sc_ubivol
mount -t ubifs -o sync ubi0:sc_ubivol /mnt/nand
echo " Done"
fi
echo " Done"
fi

# HDD
if [ -e ./setup_hdd.sh -a $DISK_SDA_PRESENT -eq 1 ]; then
doformat=""
docheckfs=""
[ $FORMAT_HDD -eq 1 ] && doformat="format"
[ $FORCE_CHKFS -eq 1 ] && docheckfs="checkfs"
echo "HDD Configuration ./setup_hdd.sh $doformat"
./setup_hdd.sh $doformat $docheckfs
cp -f /opt/partitions_ver.txt /tmp/datafs/format_hdd
cp -f /opt/partitions_ver.txt $boot_folder/format_hdd
chmod 666 $boot_folder/format_hdd
if [ -e /tmp/datafs/force_chkfs ]; then
rm /tmp/datafs/force_chkfs
fi
if [ -d /mnt/sda2 ]; then
echo "/mnt/sda2 exists, allow all users to access it"
chmod 777 -cR /mnt/sda2
fi
echo " Done"
fi

touch $middleware_folder/datafs_flash_is_writable
if [ ! -e $middleware_folder/datafs_flash_is_writable ]; then
# flash is corrupted
reboot
fi
rm $middleware_folder/datafs_flash_is_writable


if [ -e /root/apps/is_initramfs ]; then
rm /appsfs_mtd2_jffs2.img
fi


# Mcenter cgi interface
if [ -e ./CD.* -o -e ./BCLINUX* ]; then
echo "Mcenter Interface Support"
if [ -e ./BCLINUX.M8X ]; then
/bin/busybox httpd -p 127.0.0.1:50000 -h /usr/www
else
/bin/busybox httpd -p 50000 -h /usr/www
fi
echo " Done"
fi

#default thread stack size of 32ko for middleware processus#
#ulimit -s 32

# clean middleware.pid
/bin/rm -f /var/run/middleware.pid

# omclogsys
if [ -e /usr/lib/CComc/libCCCommon.so ]; then
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/lib/CComc/
fi
if [ -e /opt/omclogsys ]; then
echo "Launch omclogsys"
/opt/omclogsys -i 360 -t 360 -p 9 > /dev/null 2>&1 &
echo " Done"
fi

# Update the msg queue
echo '250' > /proc/sys/fs/mqueue/msg_max

# rlauncherd
echo "Lauch rlauncherd"
/usr/bin/rlauncherd &
echo " Done"

# Disable lazy dynamic link to be safer
export LD_BIND_NOW="1"

# TR69
if [ -e /opt/tr69 ]; then
echo "Launch TR69"
ulimit -S -H -n 2048
/opt/tr69 &
if [ -e ./BYT.MBYT ]; then
echo " Skip TR69 SNMP proxy"
else
if [ -e /opt/TR69-SNMP-PROXY ]; then
echo " Launch TR69 SNMP proxy"
/opt/TR69-SNMP-PROXY &
echo " Done"
fi
fi
echo " Done"
fi

# USB support
# Launching usbd automouter
if [ -e /usr/bin/usbd ]; then
echo "Launch USB Daemon"
/usr/bin/usbd -v0 -d
echo " Done"
fi

if [ -e ./ip4tables.sh ]; then
# optinal feature configuration of firewall
echo "Launch FIREWALL"
./ip4tables.sh
echo " Done"
fi

# Launching IPTABLES
if [ -e /sbin/iptables ]; then
# optinal feature configuration of firewall
echo "Launch FIREWALL"
/etc/scripts/init_iptables.sh &
echo " Done"
fi

# Launching networkd manager
if [ -e /usr/bin/networkd ]; then
echo "Lauch networkd"
/usr/bin/networkd -v0 -d &
echo " Done"
fi

# Move coredumps on USB key if present
if [ -e /root/apps/copy_coredump.sh ]; then
/root/apps/copy_coredump.sh > /dev/console
fi

if [ -e /root/apps/trace_logger.sh ]; then
/root/apps/trace_logger.sh > /dev/console 2>&1 &
fi

# Middleware
# clean middleware.pid
/bin/rm -f /var/run/middleware.pid
echo "Launch middleware"
if [ ! -e /root/apps/middlewared ]; then
/opt/middleware > /dev/null &
else
start-stop-daemon -S -b -x /root/apps/middlewared
fi
echo " Done"

if [ -e /opt/casware ]; then
echo "Launch casware"
/opt/casware > /dev/null &
fi

# Angie standalone
echo "Launch Angie"
if [ -e /usr/bin/angie ]; then
/usr/bin/angie > /dev/null &
fi

# restart usb-storage driver to force a new scan of usb devices
if [ -e /lib/modules/usb-storage.ko ]; then
echo "Check USB Devices"
sleep 5
rmmod usb_storage && insmod /lib/modules/usb-storage.ko
echo " Done"
fi

# Launching watchdog process
if [ -e /sbin/watchdog ]; then
echo "Launch watchdog"
/sbin/watchdog -t 5 /dev/watchdog > /dev/null
echo " Done"
fi

# Launching master watching middleware process
if [ -e /usr/bin/master ]; then
echo "Launch master"
/usr/bin/master -v0 -d &
echo " Done"
fi

# Alcatel Remote MGMT
if [ -e /root/apps/remote_mgmt.sh ]; then
echo "Launch remote MGMT"
/root/apps/remote_mgmt.sh &
echo " Done"
fi

echo "Misc"

# on efface de la ram (initramfs) les modules charges
if [ -e /root/apps/is_initramfs ]; then
rm /lib/modules/*
fi

# Free unused cached memory (wait 10 seconds before doing it)
sleep 10
echo 3 > /proc/sys/vm/drop_caches
echo " Done"

if [ -e /etc/openvpn/openvpn-service ]
then
echo "Launching OPEN VPN Support"
/etc/openvpn/openvpn-service &
echo "done"
fi

# For debugging purposes
# start telnetd (client request)
if [ -e /usr/sbin/telnetd ]; then
echo "telnetd Support"
mount -t devpts devpts /dev/pts
/bin/busybox telnetd &
echo " Done"
fi

if [ -e /usr/sbin/sshd ]; then
echo "SSHD Suppoprt"
if [ ! -d /var/empty ]; then
mkdir -p /var/empty
fi
/usr/sbin/sshd&
echo "Done"
fi




echo "...Done"