Nagra Hex block Decryption

Status
Not open for further replies.

fes_786

Inactive User
Joined
Nov 30, 2005
Messages
3,894
Reaction score
278
Location
uk
Ok I have been reading up
And as far as I can tell:

The Hex Block is encrypted
There are different sizes of hex blocks

There is a second block that is encrypted

Ird and a unique key is used to decrypt the second hex block
Then u XOR with first hex block

That gives you decrypted data from first hex block which contains cam_n .etc

Now I think it's IDEA encryption but not sure

I'm comparing 2 dumps from scrap Cisco boxs I got of eBay ;)

There are a few differences between dumps

Now any1 care to give me a few hints or clarify the above info if it's right or wrong

Cheers
 
Ok I have been reading up
And as far as I can tell:

The Hex Block is encrypted
There are different sizes of hex blocks

There is a second block that is encrypted

Ird and a unique key is used to decrypt the second hex block
Then u XOR with first hex block

That gives you decrypted data from first hex block which contains cam_n .etc

Now I think it's IDEA encryption but not sure

I'm comparing 2 dumps from scrap Cisco boxs I got of eBay ;)

There are a few differences between dumps

Now any1 care to give me a few hints or clarify the above info if it's right or wrong

Cheers

I read @fes_786 that the Encryption used is a simple derivative of the standard IDEA block algorithm. The decryption key is built into the cak code.
 
Last edited:
But I'm sure the decryption key is different for each box

If u send just the hex block they can't decrypt it
They want whole dump

Would love @Tr0jan, @SK, @nozzer .etc to clarify ;)
 
Last edited by a moderator:
But I'm sure the decryption key is different for each box

If u send just the hex block they can't decrypt it
They want whole dump

Would love @Tr0jan, @SK, @nozzer .etc to clarify ;)

not my work, you probably read this before :)

---------------------
The Idea encryption is used ONLY to encrypt a pre-computed set of data (the idea key being an amalgum of box IRD and constant ensures everybodies key is different and thus the resultant encryption gives different data for every box). The result of encrypting this pre-computed block is then simply exclusive-or'd with the encoded nagrablock to form a cleartext version of the nagrablock.

Note the IDEA algorithm is NEVER directly applied to the Nagrablock.

The pre-computed block is a simple Nagra standard sequence which must be the same length as your encrypted nagrablock. Idea encrypt this with IRD_No+Constant_key and then xor resultant block with the nagrablock. Result is a cleartext Nagrablock which you must then interpret (its tricky but not hard) to get your required data
---------------------
 
Constant_key is what I'm looking for

And according to that

There is another hex block same size as encrypted hex block

Ird+constant key decrypt the second hex block
Then XOR with encrypted block = your Details ;)

Now how long is this constant_key

And do u decrypt whole of second block or in sections ??

Mick is it ok if I post the 2 dumps

And the data that I think it is??
 
Constant_key is what I'm looking for

And according to that

There is another hex block same size as encrypted hex block

Ird+constant key decrypt the second hex block
Then XOR with encrypted block = your Details ;)

Now how long is this constant_key

And do u decrypt whole of second block or in sections ??

Mick is it ok if I post the 2 dumps

And the data that I think it is??

I do not have a problem with you posting them pal.

Mick
 
encrypted rsa hexblock starts with 01 6C

016c in decimal = 364

cisco encrypted hexblock starts @ 0001fc02
cisco encrypted hexblock finish @ 0001fded

cisco ird starts with 69

1st difference @ 00120004 4bytes long
2nd difference @ 0012014f 37bytes long
3rd difference @ 00120594 8bytes long
4th difference @ 0012074c 7bytes long
5th difference @ 00120770 128bytes long
6th difference @ 00120809 to 00120908
7th difference @ 001212df to 00121522
8th difference @ 001235b1 to 00123cb8
9th difference @ 0016000b to 00160047

....... got lazy after 9th one lol

2x cisco dumps from different SCRAP boxs

Code:
You don't have permission to view the code content. Log in or register now.

enjoy
 
Last edited by a moderator:
encrypted rsa hexblock starts with 01 6C

016c in decimal = 364

cisco encrypted hexblock starts @ 0001fc02
cisco encrypted hexblock finish @ 0001fded

cisco ird starts with 69

1st difference @ 00120004 4bytes long
2nd difference @ 0012014f 37bytes long
3rd difference @ 00120594 8bytes long
4th difference @ 0012074c 7bytes long
5th difference @ 00120770 128bytes long
6th difference @ 00120809 to 00120908
7th difference @ 001212df to 00121522
8th difference @ 001235b1 to 00123cb8
9th difference @ 0016000b to 00160047

....... got lazy after 9th one lol

2x cisco dumps from different SCRAP boxs

Code:
You don't have permission to view the code content. Log in or register now.

enjoy

On the right path there fes :), I think its knowing the algorithm more than anything!

Regards
Mick
 
Interesting read, just dumped mine so lets try to get my brain in gear..

Sent from my GT-I9300 using Tapatalk 2
 
Hi,

The same guy , in same forum said;
"Bearing in mind that you know what the initial nagrablock header is supposed to look like (00 00 01 6C II II II II 03 03) its reasonably
simple to work out the bit mapping. Alternatively, write a program to try all mappings and check the decryption for proper format."

and said in another;

"The pre-computed block is a simple Nagra standard sequence which must be the same length as your encrypted nagrablock. Idea encrypt this with IRD_No+Constant_key and then xor resultant block
with the nagrablock. Result is a cleartext Nagrablock which you must then interpret (its tricky but not hard) to get your required data "
My questions;
IRD = 4bytes ok !
No+Constant = 00 00 01 6C II II II II 03 03 or 00 00 00 6E II II II II 03 03 ??? (10bytes)
nagra key = II II II II 00 00 01 6C II II II II 03 03 -->14 bytes ????
nagrakey size = 16 bytes ????
I need post more to see your dumps ! I will try !
Not easy, great logical problem, but i keep trying !

Godofredo
 
Hi again,
I found this too;
Same guy;

1. Originally Posted by braza
Hello !
I have extracted the BIN inside my BGA (cpu 5107) !
How to decrypt the layer 0x202 ~ 0x3F1
_h t t p : // w w w . m e g a u p l o a d . c o m / ? d = 5HHWOZIZ
Key to decrypt = 168466934566 or 1684669345
Any help

http://img840.imageshack.us/img840/2013/viaboxkey.jpg

"Not sure what your key is but its not for this !
The data is standard encrypted Nagrablock data which is decrypted using a the very ordinary IDEA algorithm and a small twist.
The initial key consists of your IRD number and 10 other bytes which are not at this time generally public (though you may find this key on some sites).
To be able to work out how to decrypt encrypted Nagrablock information you really need to closely examine various routines within the Nagra CAM to work out exactly what they do."

Just know "small twist" and 10 other bytes !

Godofredo
 
That's very Interesting

Now if we had the nagra cam / cak library maybe we can figure it out
 
But I'm sure the decryption key is different for each box

If u send just the hex block they can't decrypt it
They want whole dump

Would love @Tr0jan, @SK, @nozzer .etc to clarify ;)


the decryption key is the same for every box that uses the sk method except of course for the block that starts with 9882 and not 016c/016e the one that starts 9882 has to be decrypted before it can be decrypted if that makes sense

and no you don't need the whole dump to decrypt/encrypt to see the cam_n. it all depends on what way the person wrote the progam to decrypt/encrypt the dump/block
 
Last edited by a moderator:
So if I'm comparing 2 dumps
I would be looking for data that is the same

Any hint on decryption process. ??
 
Ok I have been reading up
And as far as I can tell:

The Hex Block is encrypted
There are different sizes of hex blocks

There is a second block that is encrypted

Ird and a unique key is used to decrypt the second hex block
Then u XOR with first hex block

That gives you decrypted data from first hex block which contains cam_n .etc

Now I think it's IDEA encryption but not sure

I'm comparing 2 dumps from scrap Cisco boxs I got of eBay ;)

There are a few differences between dumps

Now any1 care to give me a few hints or clarify the above info if it's right or wrong

Cheers

there is always going to be differences between dumps for a start the ird will be different also the cam_ n along with box key and other keys in plain view will be different from box to box, so when they are encrypted will always be different from box to box
 
So if I'm comparing 2 dumps
I would be looking for data that is the same

Any hint on decryption process. ??

NO
there is nothing in the dump you get the 016c block from that will help you decrypt the block (well not that i know off) you be better of dumping the firmware chip (next bga to the one you dumped) find the cak check in ida how it works of find the cak lib files and find out how it works
 
So dump the NAND chip
And put that into Ida

Nice

Will try and dump it
First need to see if I got a reball stencil for it
 
So dump the NAND chip
And put that into Ida

Nice

Will try and dump it


First need to see if I got a reball stencil for it


same chip so should be same stencil or take one from the two scrap boxes you have
 
Nope NAND chip is different bga layout from the chip we dump to get details

It's also different chip
 
Status
Not open for further replies.
Back
Top