Nagra Hex block Decryption

Status
Not open for further replies.
terrestrial said:
What cable provider are we talking about?
Click to expand...

A very big cable provider in The Netherlands, having an big orange logo. Very easy to find. No names, no lawsuits.

pachecoso said:
[...] but ci+ you can only extract 16c nothing more.
Click to expand...

Is this enough for extracting the RSA/Boxkey?

If it is possible, I will get a CI+ module and post a picture of the mainboard.
 
SilliconBastard said:
A very big cable provider in The Netherlands, having an big orange logo. Very easy to find. No names, no lawsuits.



Is this enough for extracting the RSA/Boxkey?

If it is possible, I will get a CI+ module and post a picture of the mainboard.
Click to expand...
You may have the bad luck of block 016c being encrypted by FPK!:)
 
CAMs by Sm*t and Sm*rDTV are definitely crypted. Decryption key in inside CPU area. Impossible of dumping RAM because of obfusciation of keys. Every reset of CAM will give other results. Many have tried and many have failed :D
 
bccrew said:
CAMs by Sm*t and Sm*rDTV are definitely crypted. Decryption key in inside CPU area. Impossible of dumping RAM because of obfusciation of keys. Every reset of CAM will give other results. Many have tried and many have failed :D
Click to expand...

Isn't that the point of desoldering the Atmel (CPU) chip and using the BusPirate to read it out? At least, that's what I understand. There are also people who claim they can decrypt the 016c block, but I don't know if that's true.
 
SilliconBastard said:
Yes.

I contacted my cable provider, in my region they only use Sm*rDTV CI+ modules. I can confirm this, just asked a neighbour to have a look at their module.

What's the abbreviation of this so-called FPK?
Click to expand...
FPK-Flash Protection Key
 
Dump will do it soon, certainly the same hardware as NC +, HD +, Polsat CI+.

Reading block 16c and 97 is possible.

Cau Adas
 
adas said:
Dump will do it soon, certainly the same hardware as NC +, HD +, Polsat CI+.

Reading block 16c and 97 is possible.

Cau Adas
Click to expand...

heh .. who this speak ? i see you copy from this forum to pšonko forum some wolds as FPK etc.. is good if you some learning, oszuste :D

BTW: maybe you not understand what is block 016c is "crypted"
 
So in short, when you have a Sm*rDTV with internal encryption, you're pretty much out of luck?

Or are there - maybe complicated - ways to grab this FPK? Remember, desoldering components is not a problem.

Edit: Just wondering, how tough is this internal encryption? What protocol is used? Would it be possible to decrypt this encrypted blocks using bruteforce within a reasonable amount of time with current mainstream hardware? My gut feeling says no...
 
Tough enough to not be bf'ed or some other BS which could be done with amateur grade gear.
Here u got the proper reply too all those fools thinkin discussing and publishing in the public forums wouldn't be a big deal and we can make it all open source to help each other .. bla bla bla ;)
Now you gotta live with it ... IDEA CTR shit is over :D
 
Last edited:
XIL1NX said:
Tough enough to not be bf'ed or some other BS which could be done with amateur equipment or "soldering".
Click to expand...

No surprise brute force isn't possible. Of course this FPK can't be extracted using 'soldering', it's more like the first step to things like hardware analysis. But I was wondering if there are easier ways I missed to extract it.
 
SilliconBastard said:
No surprise brute force isn't possible. Of course this FPK can't be extracted using 'soldering', it's more like the first step to things like hardware analysis. But I was wondering if there are easier ways I missed to extract it.
Click to expand...
FPK decrypt global flash protection key(on cicam It seems to be 2DXXX...), the rest I do not know...
 
This is where the magic happens :)
 

Attachments

  • Untitled-1.jpg
    Untitled-1.jpg
    1.4 MB · Views: 155
Ziggo r.1.2

Cau Adas
 

Attachments

  • ziggo 1.2.jpg
    ziggo 1.2.jpg
    302.5 KB · Views: 149
No the smartcard insertion logo printed on the label is just for fun ;)
Good lord ....

And yes its possible to get the keys from encrypted smartdtv modules. But again i repeat myself: not with a soldering station or spi programmer
 
Last edited by a moderator:
Status
Not open for further replies.

Similar threads

eon
    • Like
ND$ EMM Breakdown
Replies
0
Views
3K
eon
eon
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 without setup
Replies
0
Views
5K
Mick
Mick
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 with setup
Replies
3
Views
4K
Mick
Mick
R
Help with DVB-C, Plugins and Nagra 2 decryption.
Replies
1
Views
6K
willin
willin
irlam
Team Xecuter RGH2.0 For CoolRunner Rev A and B
Replies
4
Views
9K
dibbers
dibbers
Back
Top