Nagra Hex block Decryption

Status
Not open for further replies.
I already see the UK commerical "KAMSAT LTD" having a lot of fun with boxkey stuff, selling polsat cards with keys on ebay ;)

Keep going the good discussions in public and soon your virigin media has the same sweet features as MAXTV.
 
Point taken tbh I have no interest in free TV, just want to learn i pay for my package :)and always have.
 
XIL1NX said:
I already see the UK commerical "KAMSAT LTD" having a lot of fun with boxkey stuff, selling polsat cards with keys on ebay ;)

Keep going the good discussions in public and soon your virigin media has the same sweet features as MAXTV.
Click to expand...

Also people selling maxtv and others. Sooner we all go to the new decryption method the better maybe it bring an end to c/s. As for public nothing any more posted public,but there's nothing wrong in giving people that want to learn some hints we all had hints at some time.
 
I doubt most people wanna learn or do it for EDU. Reason: From my previous experiences and messages i got on PM, most only wanna know how to do it / have a 1 click solution to kick into cable IKS buisness and / or extraction "services", since SLY HD is down.

Nobody with a hobbyist intention is going to spend 1000s of pounds on extraction equipment for fun. Can buy dozens of legal subs for that price ;)
 
Last edited:
XIL1NX said:
I doubt most people wanna learn or do it for EDU. Reason: From my previous experiences and messages i got on PM, most only wanna know how to do it / have a 1 click solution to kick into cable IKS buisness and / or extraction "services", since SLY HD is down.

Nobody with a hobbyist intention is going to spend 1000s of pounds on extraction equipment for fun. Can buy dozens of legal subs for that price ;)
Click to expand...

not all are equal, personally I also pay my subscription and this for me is a hobby, the most gratifying is that one can say that I also learned something new. unfortunately there are people who just do it for $$. this is like who invented the knife, never thought about what used to kill people. I agree that no one spent $$ a hobby, here it is to learn something and apply it for personal use. Regards ..
 
Seems there's bad news coming for virgin media forget about the old idea block on newer boxes they are now using a newer version of cak6, where the 00016C block is encrypted using a key for short a, ramkey which is encrypted with cpukey where the block is hidden and the algo used to decrypt it non-public.

So what it means in layman's terms is the 00016c block is encrypted using a key that is stored in the cpu plus the algo to decrypt it so we need to find that key before we get to the 00016c block to decrypt to use the cam_n /boxkey in oscam.Until someone finds key used ( if same key or unique per box.) don't swap your box for newer one.:p

tr


ps: And to round it off they all have the 0097 block, sure you can all read of what that entails as it been used now on most narga systems.
 
fes_786 said:
So looks like a ram dumper might work
?
Click to expand...

in short no the decrypted block will be stored in the cpu. That's the whole idea of this be no point in doing that if the decrypted block is stored in ram.Will need to find a way of getting the key /dump from cpu.I heard of a method of getting it from sti cpu's on certain boxes but not heard of anyone getting it from broadcom but hey you never know:p
 
andy16v said:
@ Trojan which Broadcom CPU,I have a Firmware dump (from the ROM)not my own work BCM7403 credits to the original author
Click to expand...

it's a BCm7019 but it wouldn't work like that anyway andy it would need to be running so the block and ramkey could be sent to the cpu from flash.
 
Thanks for the reply Trojan, i'm sure this as been done already but like the 016c etc will be kept private just a little leak here and there.
 
andy16v said:
Thanks for the reply Trojan, i'm sure this as been done already but like the 016c etc will be kept private just a little leak here and there.
Click to expand...

off course andy it has been done for other networks. It could be leaked, never know but then it depends if like caroltv61w can use same cwpk or like 70w use the same two cwpk keys then it be handy. but if every box use different key to decrypt then it will be left to the few who can get it from the cpu.
 
If this is the case Trojan does it not make sense to move away from card pairing and move towards MOSC would still require a subscribed user card or could there be some kind of tier hack.

Thanks Andy
 
andy16v said:
If this is the case Trojan does it not make sense to move away from card pairing and move towards MOSC would still require a subscribed user card or could there be some kind of tier hack.

Thanks Andy
Click to expand...

sounds good but there's one major problem with that. First of you need to dump the card and as far as im aware it not been done (not saying it hasn't ) unless of course we get another provier like NDS that released the first dump doing the same again
 
All sounds good in theory, but as you say putting it into practice is another matter.
 
hex-6.html have a read here!
 
Last edited by a moderator:
Status
Not open for further replies.

Similar threads

eon
    • Like
ND$ EMM Breakdown
Replies
0
Views
3K
eon
eon
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 without setup
Replies
0
Views
5K
Mick
Mick
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 with setup
Replies
3
Views
4K
Mick
Mick
R
Help with DVB-C, Plugins and Nagra 2 decryption.
Replies
1
Views
6K
willin
willin
irlam
Team Xecuter RGH2.0 For CoolRunner Rev A and B
Replies
4
Views
9K
dibbers
dibbers
Back
Top