Thank you very much but what I ask is not written to the pdf you are guiding me. I just want a confirmation on the calculations I've done according to this pdf.
Why people spending so much time in guessing? You have a STB that contains all stuff and you got a CI+ too. The major problem of any device is that you can do the man in the middle. After the RSA handshake for CI+ you have a encrypted data stream that is covered by AES/3DES. The Chip itself you can grab informations with a simple arduino that can do power analysis. To grab the AES KEY´s. Now you are able to listen to the full decrypted communication on both sides. If you have to much money spend 250$ for a Chipwhisperer. Breaking AES is very easy if a IC handels the crypto on hardware. Same work´s for smarcard´s too.... All you need is a grabbing device a shunt resistor and that´s it.
Sandy exactly a simple dev board can handle it. It was just a hint so thoose hobby pirates. Even few doesnt know what a prime number is or the RND within DES or AES. Chipset pairing isnt a real magic. But it´s like you get what you payed for security. The used STB´s have so many issues itself and the middleware is creepy. It´s just a jigsaw if you dont have access to that chip, take another . Like the smart tv´s... they gives you root access on the FS and you can gamble with it. U dont need to knock with a slegehammer on a STB hehehehehee
ok these are included to the well known pdf. What I say is where is rsa mod2 is used at the stage of cmd03 payload formation ??Mod1 = Used for RSA decrypt of data DT05_00 and DT05_10 (this 2 cmds are used in smartcards with global pairing, this means card can be swapped to another STB from same provider)
Mod2 = used for RSA decrypt of CMD dt05_20 (This cmd is only available in smartcards with unique pairing table) This gets 50% of the DT05_20 Process done, the other 50% is to generate the MDC2
Signature and also to calculate the Flag58 3DES SW key.
We use essential cookies to make this site work, and optional cookies to enhance your experience.