Nagra Hex block Decryption

[viperx32cwpk]

Hello, good afternoon, I'm sorry to put my fart here. I would like to talk to a friend if I can get a way to buy this board or receiver used to work correctly in Brazil from Portugal. The model may be the TECHNICOLOR DST 810 EBT or the TECHNICOLOR DST 722 EBT

Spoiler

You don't have permission to view the spoiler content. Log in or register now.

or

Spoiler

You don't have permission to view the spoiler content. Log in or register now.

or

Spoiler

You don't have permission to view the spoiler content. Log in or register now.

Spoiler

You don't have permission to view the spoiler content. Log in or register now.

Tanks
pm my

 

[electron112]

 

[calhordas]

thanks for reply

and not the cws are the purpose but not in this way the important thing is to understand the box / board process and reproduce the same

I see it this way

Well i hate to say it but we agree desagree..

The hole main purpose of all CAS system is to protect the full transmission of the system, CWs are the main and most important thing without them you get squat "zero" they are the holy bible of a CAS system.

Thats why u need the SCRAMBLERS which cost a fortune the licence fees in order to generate key per channel. "but thats a completelly different matter right" so in the end they go trough all those long mile steps with SoC "System On Chip" devices to protect what? yes the CWs..

So without them you have no system...


they can do 100 or 200 steps using extra algorithms in order to protect the CWs, but in the end "if they follow the pattern of DVB CSA algorithm" they will still need the 64bits key in order to produce A/V "Audio and Video decryption"

 

[calhordas]

any help about
dt05_20 ?

It has been widelly commented before its related to unique pairing.

 

[calhordas]

From the above algo the length of C is 0x68 bytes but from the log I have the cmd03 payload is 0x6C. What's going wrong ??

Thats because Lenght 6C is sent to the card, and you have to get its reply back.

so you have prevous 68 bytes decrypted result and add extra 4 bytes to get pre-6c data to be forwared


I wouldn´t go testing based on public info shared, as they were certainly shared intentationally wrong in order to see how far someone would go with that specific unique card data...


as for unique pairing DT05_20 you need to store the last final round decrypted, 68bytes as N68

it will be your unique RSA_68 bytes to decrypt step2 on cmd03 pairing L68 bytes, store final result 68bytes add extra 4 bytes FFFFFF to create 6C data , chiper it with RSA 6C using exp1001, forward chipered data to the smartcard.

decrypt card reply with current AES init key, extract the last 0x60 bytes chiphered, and decrypt it using Key 34(60) from your unique 016c block.

 

[calhordas]

Can someone help me ? I created my own rsas of 1024 bits 0x80 hex to sign my two blocks 016c + 017c but even then deco does not start, what will it lack even more? already signed with mdc5 the two blocks and does not start.

Better Late then Never right....

There is still one 0x80 byte of data that was chipered at manufacturing site, using a unique 1024 key unknown, unless u can Factorize 0x80 RSA byte length key good luck..... thats the main key missing, thats why you cannot go further to customize your own block.

and because its sitting on OTP are you simply cannot change it studied it years ago... so once you decrypt last 0x80 bytes you cannot change it, becasue you need to have the correct 1024bits key used on factory to chiper the block of 0x80 data back, its the only way to success, otherwise you will get stuck on boot signature check

Now get crazy and go factorize that last 1024bits N key

 

[calhordas]

This is great nagra secret!
Find out this and you can build your kernel, block 016c and much, much more.

I want to sign one kernel.

Suspect rsa is E2 EE E3 53 AA C2 56 48 0F 61 95 67 C4 13 88 BA , 80 bytes

Nop 8y&)# TTh×8NipPEr Is a buTt liCkeR!EqöšØ]† .ÿã ÿÿÿ was their big great secret, until it meet Haifa...

 

[electron112]

thanks for your reply great very great

 

[jor]

Thats because Lenght 6C is sent to the card, and you have to get its reply back.

so you have prevous 68 bytes decrypted result and add extra 4 bytes to get pre-6c data to be forwared


I wouldn´t go testing based on public info shared, as they were certainly shared intentationally wrong in order to see how far someone would go with that specific unique card data...


as for unique pairing DT05_20 you need to store the last final round decrypted, 68bytes as N68

it will be your unique RSA_68 bytes to decrypt step2 on cmd03 pairing L68 bytes, store final result 68bytes add extra 4 bytes FFFFFF to create 6C data , chiper it with RSA 6C using exp1001, forward chipered data to the smartcard.

decrypt card reply with current AES init key, extract the last 0x60 bytes chiphered, and decrypt it using Key 34(60) from your unique 016c block.

Thank you very much for your reply. The point for me during cmd03 payload calculation is whether I have to follow what in pdf described (1st step expand first 0x18 bytes of rsa88 to 0x60 bytes and then build 000000FF+MOD50+IRD+DATA1+DATA2 and so on) or what wasserwaage suggested (
a - your secret
g - public ses const DB9E...C4D5
p - public mod const B671...1592

1. 640 bit
A = g^a mod p )
. The other steps are similar. For me (provider 3411) would be enough to find the right payload using generic pairing. My card does not suppport cmd02 but I use cmd0E with stbird FFFFFFFFF with success. So please advise me accordingly.

 

[braza]

I founf it on web :

EncryptedHdcpTxKeys[BAVC_HDMI_HDCP_N_PRIVATE_KEYS]=
{
/* LSB.. MSB */
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x691e138f, 0x58a44d00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x0950e658, 0x35821f00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x0d98b9ab, 0x476a8a00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xcac5cb52, 0x1b18f300},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xb4d89668, 0x7f14fb00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x818f4878, 0xc98be000},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x412c11c8, 0x64d0a000},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x44202428, 0x5a9db300},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x6b56adbd, 0xb228b900},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xf6e46c4a, 0x7ba49100},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x589d5e20, 0xf8005600},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xa03fee06, 0xb77f8c00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x28bc7c9d, 0x8c2dc000},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x059f4be5, 0x61125600},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xcbc1ca8c, 0xdef07400},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x6adbfc0e, 0xf6b83b00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xd72fb216, 0xbb2ba000},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x98547846, 0x8e2f4800},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x38472762, 0x25ae6600},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xf2dd23a3, 0x52493d00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x543a7b76, 0x31d2e200},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x2561e6ed, 0x1a584d00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xf7227bbf, 0x82603200},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x6bce3035, 0x461bf600},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x6b97d7f0, 0x09043600},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xf9498d61, 0x05e1a100},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x063405d1, 0x9d8ec900},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x90614294, 0x67c32000},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xc34facce, 0x51449600},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x8a8ce104, 0x45903e00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xfc2d9c57, 0x10002900},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x80b1e569, 0x3b94d700},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x437bdd5b, 0xeac75400},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xba90c787, 0x58fb7400},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xe01d4e36, 0xfa5c9300},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xae119a15, 0x5e070300},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x01fb788a, 0x40d30500},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xb34da0d7, 0xa5590000},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x409e2c4a, 0x633b3700},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x412056b4, 0xbb732500}
} ;

 

[calhordas]

I founf it on web :

EncryptedHdcpTxKeys[BAVC_HDMI_HDCP_N_PRIVATE_KEYS]=
{
/* LSB.. MSB */
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x691e138f, 0x58a44d00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x0950e658, 0x35821f00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x0d98b9ab, 0x476a8a00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xcac5cb52, 0x1b18f300},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xb4d89668, 0x7f14fb00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x818f4878, 0xc98be000},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x412c11c8, 0x64d0a000},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x44202428, 0x5a9db300},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x6b56adbd, 0xb228b900},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xf6e46c4a, 0x7ba49100},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x589d5e20, 0xf8005600},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xa03fee06, 0xb77f8c00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x28bc7c9d, 0x8c2dc000},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x059f4be5, 0x61125600},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xcbc1ca8c, 0xdef07400},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x6adbfc0e, 0xf6b83b00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xd72fb216, 0xbb2ba000},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x98547846, 0x8e2f4800},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x38472762, 0x25ae6600},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xf2dd23a3, 0x52493d00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x543a7b76, 0x31d2e200},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x2561e6ed, 0x1a584d00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xf7227bbf, 0x82603200},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x6bce3035, 0x461bf600},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x6b97d7f0, 0x09043600},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xf9498d61, 0x05e1a100},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x063405d1, 0x9d8ec900},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x90614294, 0x67c32000},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xc34facce, 0x51449600},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x8a8ce104, 0x45903e00},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xfc2d9c57, 0x10002900},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x80b1e569, 0x3b94d700},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x437bdd5b, 0xeac75400},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xba90c787, 0x58fb7400},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xe01d4e36, 0xfa5c9300},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xae119a15, 0x5e070300},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x01fb788a, 0x40d30500},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0xb34da0d7, 0xa5590000},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x409e2c4a, 0x633b3700},
{ 0, 0, 0, 0, 0, 0, 0, 0, 0x412056b4, 0xbb732500}
} ;

High-bandwidth Digital Copy Protection

Those are protection keys for anti-copy developed by intel in the early 90s , shortly after Onsitbin developed his first nagra-hack 5 years before cak5 was released in portugal in 1995/6 , ask him he´s probably generated those keys before intel even dreamed of HDCP, and he uses them to dump the CPUs also.

 

[electron112]

need help to calculate manualy

 

[jor]

Another mistake at the famous pdf I found out with the help of a precious member's forum is about data2:

===========> Example unique pairing mode CMD $ 0E step3 <================

CMD $ 0E sends extra data "CHIPSET NUID" SO THE CARD can calculate the 3DES Keys on init based on the CHIPSET NUID.
It also sends the unique 016c PK RSA_modulus 0x88 key stored in offset 35 (88) but only the last 0x70 bytes of the unique key

CRC32 ------------------------------------------------- -> 3F 34 74 6B
CMD SEQ ------------------------------------------------ -> 00 00 09
CMD TYPE ------------------------------------------------ > 0E
CMD LEN ------------------------------------------------ -> 83
0F 5D 42 36 ---------------------------------------------> DATA1 (This will be copied and used on CMD $ 03 build sequence) The last byte gets increment + 1 on each smartcard init
00
6B 4C A7 9B ---------------------------------------------> STB IRD Number
34 11 ------------------------------------------------ ---> Provide SYS ID
85 5F A5 6A C7 96 BE D5 99 87 B0 40 D4 D0 C0 1F ---------> Last 0x70 Bytes of Unique RSA Modulus key 35 (88) paired to STB
84 4C 52 6C 88 4E 80 3A 1F 40 EA EF A 8 8F 24 95
AA 79 C7 3C FE 79 06 44 28 8E CE 3E 23 86 81 30
78 A3 82 B0 DC 6E B5 4F 81 83 D2 A6 8C 49 3C 8A
7C 5C D5 52 BE 08 0D 81 6B 9B 16 0D 86 BE BA 21
1C E2 4C 4B 8F 96 37 F9 55 1F 03 86 28 DB 82 D4
8D 51 49 59 36 A7 A2 DA E1 9F 11 76 E8 50 40 6B
A5 EA 1D EB ---------------------------------------------> CHIPSET PAIRED NUID OF STB
00 08 ------------------------------------------------ ---> OTP CSC "Secure Core Chipset" No. of keys 8
00 00 ------------------------------------------------ ---> OTA CSC "Chipset secure Core" No. of keys 0
CCCCCCCC

The first 0x18 bytes of the RSA_88 key will be IDEA Expanded to obtain P & Q 0x34 keys which will generate RSA the 0x68 RSA data used on CMD $ 03


And the card replies back

EB50B77C ------------------------------------------------- > CRC32
000009 ------------------------------------------------- -> CMD SEQUENCE
8E ------------------------------------------------- ------> CMD TYPE
10 ------------------------------------------------- ------> CMD LEN
00 00 01 46 ---------------------------------------------- > Increment Counter Reply
40 ------------------------------------------------- ------> Status Flag40 "Smartcard Unique pairing mode only"
49 15 C8 54 ---------------------------------------------- > Smartcard Serial number
5A 4D 32 5B ---------------------------------------------- > DATA2 (This will be copied and used on CMD $ 03 build sequence) The last byte gets increment + 1 on each smartcard init
00 8C A0
CCCCCCCCCCCCCCCC
[/ QUOTE]

data2 is not 5A 4D 32 5B (it is rahter a date) but 00 00 01 46.

 

[calhordas]

Another mistake at the famous pdf I found out with the help of a precious member's forum is about data2:

it basically depends of how many inits your card had.. i hope wil have a better understanding soon

 

[electron112]

it basically depends of how many inits your card had.. i hope wil have a better understanding soon

Can you be a little more specific ?

 

[onsitbin]

it basically depends of how many inits your card had.. i hope wil have a better understanding soon

 

[onsitbin]

yes he can do them all, send him your encrypted block he will decrypt it for you , after all he knows all.

 

[electron112]

onsitbin Are you allergic to skype? Coco

 

[electron112]

send jabber contact if you prefere

 

[electron112]

ok thanks