Why people spending so much time in guessing? You have a STB that contains all stuff and you got a CI+ too. The major problem of any device is that you can do the man in the middle. After the RSA handshake for CI+ you have a encrypted data stream that is covered by AES/3DES. The Chip itself you can grab informations with a simple arduino that can do power analysis. To grab the AES KEY´s. Now you are able to listen to the full decrypted communication on both sides. If you have to much money spend 250$ for a Chipwhisperer. Breaking AES is very easy if a IC handels the crypto on hardware. Same work´s for smarcard´s too.... All you need is a grabbing device a shunt resistor and that´s it.