Nagra Hex block Decryption

Status
Not open for further replies.
Tr0jan said:
well i agree there are plenty popping up alright but they have no interest in learning either they just pay some one to do it for them. but il give you a hint on your post that key you posted will not decrypt your 016c/016e/9882/ block it is a key ok but not the one used for decrypting/encrypting the block.




so why say from what you have been reading if you no interest?
Click to expand...
indeed.:Chainsaw:
 
Anyone can solve this equation, I tried but the result of the session key does not fit.
33 63 CC BA 52 DD 20 F7 AF 2A 0C 91 02 C3 F7 5D
0E 70 0A EC D6 C8 32 1C A1 4A BA E6 95 A7 C9 8B
Idea Key = BB 99 FF 99 BB 99 77 88 71 2A 3B 4C 8E D5 C4 B4
Session Key = 05 C4 30 07 FE 22 D5 79 80 D3 94 67 E1 7D 47 9B

my way,1-33 63 CC BA 52 DD 20 F7
ideakey-BB 99 FF 99 BB 99 77 88 71 2A 3B 4C 8E D5 C4 B4
r1-C7 A2 2E DE 02 C2 93 33 xor 33 63 CC BA 52 DD 20 F7=F4 C1 E2 64 50 1F B3 C4
2-AF 2A 0C 91 02 C3 F7 5D
new_ideakey-F4 C1 E2 64 50 1F B3 C4 F4 C1 E2 64 50 1F B3 C4
.....
 
Benfica200 said:
Here's a dump for studies, ird, boxkey, rsa have changed and also the set top box no longer exists.
https://www.sendspace.com/file/663ddu
Click to expand...

20 08 7dd56df7400b6086
30 08 a37d68e276caa14b
31 40 349ee90aaa6d3c477d7c69b89381bcf9607531b731ce2dce3bdf7bed1fd5a894b453610eb54144d63724dcacdfff368c6fd32d436121740aa5908591438e1550
d0 08 9e8899d297b724aa

rsa=349ee90aaa6d3c477d7c69b89381bcf9607531b731ce2dce3bdf7bed1fd5a894b453610eb54144d63724dcacdfff368c6fd32d436121740aa5908591438e1550

bk=3df5f130e17d85e1
 
After reading a little more would i be right in thinking the idea key posted by myself (********101924314051647990A9C4E1)is used to validate the SK? also +twist?? is the another 8 byte key by anychance??
 
Hi

Stop wasting your time, these days we have new type of secured eeprom and nand, so far 016c/016e/9882/ block cannot be find.

16MBit=2MB data.

Above keys become obsolete in new receivers. Perhaps beacuse to much info has been officially written on forum :).

Such kind of discussion should be private, the main reason is who will do HW ? cak7 ??, 3des crypto ?

Before you all figure out keys, everything will become obsolete :).
 
Last edited:
I have a dump file from flash , can anyone help me find the bk and rsa? I read every post on this issue but still I need to learn a little more
 
Colombano said:
I have you
IRD: R 3054198XX
BK: 3DF5F130E17DXXXX
RSA: 349EE90AAA6D3C477D7C69B89381BCF9607531B731CE2DCE3BDF7BED1FD5A894B453610EB54144D63724DCACDFFF368C6FD32D436121740AA590859143XXXXXX

More Info by PM
Click to expand...


it's already been posted .............more info by pm is that how much you charge .....................lol
 
My question? this is calculated obtenied the sample? it is interesting for research and learn
 
[Quote = temocles0918; 2504962] Mi pregunta? Esto se calcula obtenied la muestra? es interesante para la investigación y aprender [/ quote]
Ofcourse ,,,!! you need stracted backup from BGA
 
Colombano said:
[Quote = temocles0918; 2504962] Mi pregunta? Esto se calcula obtenied la muestra? es interesante para la investigación y aprender [/ quote]
Ofcourse ,,,!! you need stracted backup from BGA
Click to expand...

and of course you also need "also inside the BGA " the CWPK key & the Global RAM2RAM key then if your smart enough you can try work out what the plain key will be used for the extra round of decryption.unless of course you can get into cpu :p

Then if your really smart you can work out the key used to decrypt the whole BGA NOR-FLASH in newer models of boxes:p
 
:) thanks. I know I have a dump of the receiver. My question is whether this result is obtained that product or attached file (thoms **. Zip). interesting to investigate placed around the thread and if it is possible to reach the same result would, and to make the same methods in my dump. and to make the same methods in my dump. if I can not do it, and to make the same methods in my dump. if I can not do it, just find research for my personal use.. Greetings :)
 
Last edited:
temocles0918 said:
:) thanks. I know I have a dump of the receiver. My question is whether this result is obtained that product or attached file (thoms **. Zip). interesting to investigate placed around the thread and if it is possible to reach the same result would, and to make the same methods in my dump. and to make the same methods in my dump. if I can not do it, and to make the same methods in my dump. if I can not do it, just find research for my personal use.. Greetings :)
Click to expand...

really do not understand what you mean
 
Colombano said:
really do not understand what you mean
Click to expand...
the data you posted of rs* and b*key were extracted from sample thom*.zip file?. los datos posteados fueron sacados del ejemplo de dump que publicaron en sendspace (thoms*.zip)? Es que intentare entender como lo sacaron y si logro, entonces poder aplicarlo al dump de mi stb para ver si logro extraer esa data :)
 
temocles0918 said:
the data you posted of rs* and b*key were extracted from sample thom*.zip file?. los datos posteados fueron sacados del ejemplo de dump que publicaron en sendspace (thoms*.zip)? Es que intentare entender como lo sacaron y si logro, entonces poder aplicarlo al dump de mi stb para ver si logro extraer esa data :)
Click to expand...

Send me Dumb by PM
 
temocles0918 said:
:) thanks. I know I have a dump of the receiver. My question is whether this result is obtained that product or attached file (thoms **. Zip). interesting to investigate placed around the thread and if it is possible to reach the same result would, and to make the same methods in my dump. and to make the same methods in my dump. if I can not do it, and to make the same methods in my dump. if I can not do it, just find research for my personal use.. Greetings :)
Click to expand...

Greetings .....

A dump from a receiver as such is interesting, however it's not going to show you a great deal as it's encrypted - however try logging pckts to and from the Cam.

Without keys we can't decrypt.. But we can learn.

Remember kudelski always makes mistakes

Mr_Spark
 
I tried to upload some rom180 mapping to encourage peeps to look away from CS but it appears I am too much of a newbie to do so just yet.

Mr_Spark
 
@ Mick/Trojan/MR_Spark
The pre-computed set of data would this be the same on every box with the same block size? i:e 016c/016e, so if I was to compare 2 dumps would I see the same set of data at the same address.

Thanks Andy
 
andy16v said:
@ Mick/Trojan/MR_Spark
The pre-computed set of data would this be the same on every box with the same block size? i:e 016c/016e, so if I was to compare 2 dumps would I see the same set of data at the same address.

Thanks Andy
Click to expand...

no the data will be different as the IRD is used to encrypt/decrypt the 016c/016e/9882 block so that is why every ones block will be different.and the reason why everyone will have a different cam_n
 
Status
Not open for further replies.

Similar threads

eon
    • Like
ND$ EMM Breakdown
Replies
0
Views
3K
eon
eon
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 without setup
Replies
0
Views
5K
Mick
Mick
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 with setup
Replies
3
Views
4K
Mick
Mick
R
Help with DVB-C, Plugins and Nagra 2 decryption.
Replies
1
Views
6K
willin
willin
irlam
Team Xecuter RGH2.0 For CoolRunner Rev A and B
Replies
4
Views
9K
dibbers
dibbers
Back
Top