Nagra Hex block Decryption

Status
Not open for further replies.
Nice links and interesting stuff

Will have a proper read through it soon

Cheers
 
KubLinux said:
Bloc 000097 new paring nagra/merlin cak7, Country Chile South America




CAK VERSION R-BALAE-ADFBN-----South America provide



Cwpk active is 03 = 04 number off 05 Cwpk Key crypted


Tanks KubLinux
Click to expand...

Absolutely worthless information ... but keep going ;)

You provider VM UK already made changes , in future stb your flash inlcuding your 016c block will be chipset encrypted, so you wont get any pairingdata at all. But thats always gonna happen if people make a lot of bla bla in public.

And if they wanna kick the existing cards as well they simply disable DT08 sessionkey neogatiation like done on german smartcard generation.
 
XIL1NX said:
Absolutely worthless information ... but keep going ;)

You provider VM UK already made changes , in future stb your flash inlcuding your 016c block will be chipset encrypted, so you wont get any pairingdata at all. But thats always gonna happen if people make a lot of bla bla in public.

And if they wanna kick the existing cards as well they simply disable DT08 sessionkey neogatiation like done on german smartcard generation.
Click to expand...


It's already started the 016C block is encrypted in the Samsung_Tivo box and yes they can disable DT08 session-key negotiation. And for all these ones that say they can't do it on vm because certain models of boxes don't/can/t take the new encrypten then just look at certain s.a providers that imply it.

tr
 
Hi All
I learn 016c header and would like to try 9882.
Some good soul have some dump with 9882 header to study?

[ ] ´s
 
9882=1001.1000.1000.0010 bin
016C=0000.0001.0110.1100 bin


16 15 14 13-12 11 10 9-8 7 6 5-4 3 2 1

swap:
1 <---> 5
2 <---> 6
3 <---> 16
4 <---> 8
7 <---> 12
9 <---> 13
10 <---> 14
11 <---> 15
 
@ Trojan

am I right in thinking that the 9882 block is split into 16 blocks then organised into the above sequence, this will then become the 016C block and decrypted in the same way?

thanks Andy
 
andy16v said:
@ Trojan

am I right in thinking that the 9882 block is split into 16 blocks then organised into the above sequence, this will then become the 016C block and decrypted in the same way?

thanks Andy
Click to expand...


The 9882 block is decrypted using bit-swap in the order shown. Then it will show as the 00016c block which is then decrypted using the idea decrypt method
 
Can someone explain to me? If cwpk pairing uses a "CPUID". I got two receivers and removed NAND for both, afterward, I did reballing of first NAND at second receiver and it's working perfectly. How is this is possible?
 
morpheu said:
Can someone explain to me? If cwpk pairing uses a "CPUID". I got two receivers and removed NAND for both, afterward, I did reballing of first NAND at second receiver and it's working perfectly. How is this is possible?
Click to expand...

well since you replaced the NAND chip as far as im aware they would both hold the same firmware and not any blocks needed like the encrypted 00016c block or the decrypted 00016c block or the 000097 block either encrypted or decrypted.

plus as you said in your post "CPU-ID"
will be the same as the both boxes will have the same Bcm or stixxx cpu.


Just been curious what provider are you ? As i,m sure that certain providers at one time you could use the same NUID and key/keys to decrypt the final cw but since it was posted public, then it never lasted very long. As they closed that hole. that's what happens when things go public.
 
Ird
0000606d

rsa
1b08aeff81ffdc33946aa0c1222c33c3d3d112f755a8f5150a6ba9d58d8b1ddd307d476f6d19c2bfcd9dd5567984a96c59a1c315ec62b308952c97799ca0573b

boxkey
8244195295df6813

locka said:
here's a dump for studies .. For extract rsa
https://www.sendspace.com/file/tqm5ep
Click to expand...

- - - Updated - - -

Dear Tr0jan;

These receptors are the Cloro TV Brazil (caid: 1802).

The receivers have different NUID and HD's channels are working yet, after change NAND.

Thanks.




Tr0jan said:
well since you replaced the NAND chip as far as im aware they would both hold the same firmware and not any blocks needed like the encrypted 00016c block or the decrypted 00016c block or the 000097 block either encrypted or decrypted.

plus as you said in your post "CPU-ID"
will be the same as the both boxes will have the same Bcm or stixxx cpu.


Just been curious what provider are you ? As i,m sure that certain providers at one time you could use the same NUID and key/keys to decrypt the final cw but since it was posted public, then it never lasted very long. As they closed that hole. that's what happens when things go public.
Click to expand...
 
Tr0jan said:
9882=1001.1000.1000.0010 bin
016C=0000.0001.0110.1100 bin


16 15 14 13-12 11 10 9-8 7 6 5-4 3 2 1

swap:
1 <---> 5
2 <---> 6
3 <---> 16
4 <---> 8
7 <---> 12
9 <---> 13
10 <---> 14
11 <---> 15
Click to expand...
Thanks Tr0jan, I got it.

I sent you a PM, if you prefer I can ask in the forum.

Regards

Enviado desde mi SM-P605 mediante Tapatalk
 
Hello friends,


Good Afternoon!


I'm from Brazil and I am seeking help, I have a dump of a decoder BGA PACE HDC 74x1, and do not know where to start to extract BK & RSA could help me?


hugs
 
Status
Not open for further replies.

Similar threads

eon
    • Like
ND$ EMM Breakdown
Replies
0
Views
3K
eon
eon
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 without setup
Replies
0
Views
5K
Mick
Mick
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 with setup
Replies
3
Views
4K
Mick
Mick
R
Help with DVB-C, Plugins and Nagra 2 decryption.
Replies
1
Views
6K
willin
willin
irlam
Team Xecuter RGH2.0 For CoolRunner Rev A and B
Replies
4
Views
9K
dibbers
dibbers
Back
Top