Nagra Hex block Decryption

Status
Not open for further replies.
klivo said:
calculation code ? what is this ? :D .. i see on world is new hack group Dumb and Dumber alias pachecoso + milosina :D
Click to expand...
klivo are you stupid or dumb ? it seams to me you are both....
Klivo If you don't have any idea what the dt05_xx calculation "process" is, then you will never understand what whe are talking on this topic,
So please stop your stupid comments and go sleep , i don't use other aliases , don't need it....
 
milosina said:
Can anyone help me?I have dt05 code.Can anyone compile this code on oscam?
Click to expand...

Amazing ;)..... after all this years and still stuck on the init cmds, we´ll see further advances on the next decade...
shurely not for the lack of information or dumps to reverse....

Benfica200 said:
BCM are a pain in the ass, maybe with glitch the keys come out...
Click to expand...

Nice still wasting your time with glitches :cool: its been what 4 years now ? 5 years and no glitches i wonder why...
 
braza said:
I have the NOCS and libnexus.so to open and close i2c debug interface and other keyladder emulation, aka ram2ram engine, keyladder , otp bits read , dvrkey, nuid check number, in BCM cpu. NUID + CRC + XXXXX generate nuid check number.. CASN +CRC+XXXXXX generate casn check number. and otherrrrrrrrrrsssssssssssss
Click to expand...

In other words, you have all and yet ...you still have nothing.... :cool:

it kind of reminds me the old story of the

tecnologia[2].jpg
 
calhordas said:
Amazing ;)..... after all this years and still stuck on the init cmds, we´ll see further advances on the next decade...
shurely not for the lack of information or dumps to reverse....



Nice still wasting your time with glitches :cool: its been what 4 years now ? 5 years and no glitches i wonder why...
Click to expand...
It was just an observation, for sure they leave! Lol
buy the material and send me.HAHAHAHA
 
calhordas said:
In other words, you have all and yet ...you still have nothing.... :cool:

it kind of reminds me the old story of the

View attachment 120655
Click to expand...

burro a olhar para um palacio ? eheh

you know calhordas some people are here to study and reverses bins for educational porpuses and hobby, others only for cash €€ solutions.

It's sad that it turns this way.

for me dt05 and other cmd's is not the problem anymore, the problem is on more dificult areas like ecwpk decryption that is the secret that nobody tells eheh

nice to see you back here :)
 
NET DIGITAL(BRAZIL)
SYSID-3811

MOD1-BFE03A509A7180C9B6F83B1266A86CEFE25D4A6648998E231E530145AE907383307308B1C9140B6E805E27255A6363918C5FB41A484DDB4FD5BDD5D61D1DBF15E686E6FAB0F1D098288560C421659837D1B28D01F4ABD0A41B2DA998FA007F149052133858D3F03E43FD349C059F2683
MOD2-CCC91F2E94FA6188C0E4B2E975715BAE8B88D20B060385DE85EC6D9F81B79478662B9858556F3C870BFB4B05700313F95ACFE3F36EBBFA8E52C3E5C1CA0CD96BE3B469A1CADECE432BAF8572BB9E65243C6DF24968B57A75989663E30B301E914CE12009CAECECBE2A3EDBCEB8406F89
Click to expand...

EMBRATEL(BRAZIL)
SYSID-2211

MOD1-918094212FB6A2F9A53D9DECAC95B4C599306136E4F23059B862DAFBBB028EEAC2AB43D158BACFF17E7778E2A03DB6D9053AD75AABAD8E6EEF7E9ECEDFD4A00CF9FA1C72B4B7CA169C1D4B263757FB80B1088DC6CD746586E28247F17CF5B362DAE671D7E49BBFCDB0DDF3558C06B405
MOD2-E0FBCB3B78AE1CE6B8DCC818CCFF35CEF1985022A150801B11B4FFD59086BC9B2DAB94715C917F7F24EB8A3918582FAF34AF71BDD71DDE152A57D482158238D024BBD1334CBE33A6C8F619DEC0EC915D6DC7FAF4866638166119F54390B066CF54414BBD8293C05A7C8E4499C8A0C373
Click to expand...

WTF they still use the DNASP142!!!
 
dognaldo said:
Hi,
As this subject matters only to us from overseas and is not related to this topic ..................... call me in PM
I apologize for continuing in Portuguese....
Também estou procurando informações a respeito este novo firmware. Tenho alguns .ntb e o que da pra entender é que quem criou
esse novo processo dividiu em 2 partes. Primeiro tem um .hex base que carrega na netcard e com o novo netools NetLabV204.exe vc consegue
carregar a atualização .ntb . O cara que criou o processo deve ter um outro programa para gerar o restante da atualização da netcard.
Essa atualização .ntb usa o MAC da netcard para criptografar o arquivo .ntb gerado.
Quando mandamos atualizar a netcard via NetLabV204.exe e o processo se encerra a pic32 é colocada em modo protegido, ou seja sem acesso a leitura. Temos apenas 2 maneiras de "capturar" os dados sem estarem criptografados durante o processo. Uma maneira é com um sniffer de rede capturando os pacotes de dados entre o pc e a netcard quando iniciamos a atualização. Devemos repetir o processo varia vezes com diferentes .ntb e ver as diferenças. Acredito que a única diferença seja os MAC´s. Outra maneira seria capturar a comunicação de dados entre o ENC e a PIC.

[ ] ´s
Click to expand...
Ola sou do Brasil, vamos fazer contato ....
 
dognaldo said:
Hi,
As this subject matters only to us from overseas and is not related to this topic ..................... call me in PM
I apologize for continuing in Portuguese....
Também estou procurando informações a respeito este novo firmware. Tenho alguns .ntb e o que da pra entender é que quem criou
esse novo processo dividiu em 2 partes. Primeiro tem um .hex base que carrega na netcard e com o novo netools NetLabV204.exe vc consegue
carregar a atualização .ntb . O cara que criou o processo deve ter um outro programa para gerar o restante da atualização da netcard.
Essa atualização .ntb usa o MAC da netcard para criptografar o arquivo .ntb gerado.
Quando mandamos atualizar a netcard via NetLabV204.exe e o processo se encerra a pic32 é colocada em modo protegido, ou seja sem acesso a leitura. Temos apenas 2 maneiras de "capturar" os dados sem estarem criptografados durante o processo. Uma maneira é com um sniffer de rede capturando os pacotes de dados entre o pc e a netcard quando iniciamos a atualização. Devemos repetir o processo varia vezes com diferentes .ntb e ver as diferenças. Acredito que a única diferença seja os MAC´s. Outra maneira seria capturar a comunicação de dados entre o ENC e a PIC.

[ ] ´s
Click to expand...
faz contato comigo, sou do brasil tb, valeu
 
jason10 said:
hi all,

I could ask you to analyze the log and send the RSA + BOX KEY.

Thank you all.

you can download here -> http://89.163.225.250/stb.bin
Click to expand...

Enter file name > stb.bin
Reading 4194272 bytes. Wait...
Match found... Offset..: 247FE0

Block 97
000000978B77E5D10001AA7005000181
10BCAFCE6992E9EC878E104B03C942F2
42FD4B539649CB54E007D03E34A4E944
11F6E2CC6959D95A9AFD3CDF0E01FBDF
D025EAED15E45DECD77FBDBDAC87DE8A
95DCF7A22F46FC86403E425813EFDDE0
690E4C69B7E480BE5E28D9D9A3DB740F
6E94D7E8779C4369D9CCCE676DB0970E
216460685CF650831F7197D0A69E2421
3DE0E654B0634AFFFFFFFFFFFFFFFFFF

NUID (boxid)............: 8B77E5D1
Max Number Provider IDs.: 0001
Provider ID.............: AA70
Security Architecture...: 05
CW Key descriptor.......: 0001
Hex bytes...............: 81
Storage table length....: 10
CWPK 00 encrypted ......: BCAFCE6992E9EC878E104B03C942F242
CWPK 01 encrypted ......: FD4B539649CB54E007D03E34A4E94411
CWPK 02 encrypted ......: F6E2CC6959D95A9AFD3CDF0E01FBDFD0
CWPK 03 encrypted ......: 25EAED15E45DECD77FBDBDAC87DE8A95
CWPK 04 encrypted ......: DCF7A22F46FC86403E425813EFDDE069
CWPK 05 encrypted ......: 0E4C69B7E480BE5E28D9D9A3DB740F6E
CWPK 06 encrypted ......: 94D7E8779C4369D9CCCE676DB0970E21
CWPK 07 encrypted ......: 6460685CF650831F7197D0A69E24213D

Enter CPU Key : ???????????????????????????????
 
dognaldo said:
Enter file name > stb.bin
Reading 4194272 bytes. Wait...
Match found... Offset..: 247FE0

Block 97
000000978B77E5D10001AA7005000181
10BCAFCE6992E9EC878E104B03C942F2
42FD4B539649CB54E007D03E34A4E944
11F6E2CC6959D95A9AFD3CDF0E01FBDF
D025EAED15E45DECD77FBDBDAC87DE8A
95DCF7A22F46FC86403E425813EFDDE0
690E4C69B7E480BE5E28D9D9A3DB740F
6E94D7E8779C4369D9CCCE676DB0970E
216460685CF650831F7197D0A69E2421
3DE0E654B0634AFFFFFFFFFFFFFFFFFF

NUID (boxid)............: 8B77E5D1
Max Number Provider IDs.: 0001
Provider ID.............: AA70
Security Architecture...: 05
CW Key descriptor.......: 0001
Hex bytes...............: 81
Storage table length....: 10
CWPK 00 encrypted ......: BCAFCE6992E9EC878E104B03C942F242
CWPK 01 encrypted ......: FD4B539649CB54E007D03E34A4E94411
CWPK 02 encrypted ......: F6E2CC6959D95A9AFD3CDF0E01FBDFD0
CWPK 03 encrypted ......: 25EAED15E45DECD77FBDBDAC87DE8A95
CWPK 04 encrypted ......: DCF7A22F46FC86403E425813EFDDE069
CWPK 05 encrypted ......: 0E4C69B7E480BE5E28D9D9A3DB740F6E
CWPK 06 encrypted ......: 94D7E8779C4369D9CCCE676DB0970E21
CWPK 07 encrypted ......: 6460685CF650831F7197D0A69E24213D

Enter CPU Key : ???????????????????????????????
Click to expand...


Thank you very much but I need to continue. Can you find a block 016C and 017C ?
braza said:
and r2rprotectkey is 0F09A2061988B68928EB902EB2361888
Click to expand...
 
No.. You no can´t !

Your block 016c is here:

81D5FD8F4669AA273095DC8C9800D6CDB0C8D115239DAC9066B3E9EB8CD44CBEAB6F9D5FDB350C0EE6278036AA7BC4EB013D64F3B1119446D52A04CA329BCE2FA5FD1BA005857F3515DB8B2FF4F92D38CEEC360A0F2D901F9DE85633D3A83490D21B12F9839DF558E081625C3D6873574FD82FA91ED64DFDD365E7763F7D16586680D113F575FF4502865966EC531305A3D6F7FB5109AE858BDE4807F2A845A4E8D290AB49E9230D7973FE2CC34E7FAB264657FF4FDA8602B4A855265BC10F6D35C1C7DA9BB87A3C1B3B8BAFD1C8B6A1DEAE527F20530FAFDC5806AED12F8DF5CBCBBD5CE8C1AA99EEDC92C0153335B14304F3EDDD48738A276976218DC518A251F696452BDD0C04357CB25DFEBB5F3DD7FA22AF15A0D06C924B692E9223E8B43A72112237C51945854C8F659B2C34211B38B7C52C6DC4018B1C4B73419DAD38CC26B902CAE5CBA77D3DDE6E46E4B40769A2F38BBBA62966CC87101984C3780B864EB50BC89D2AD28E08F8563ECF635459057BA17E002DC27767203B95DD1BEF58818F9B41DA97A0CEC43D20F2A711846E133E8088874308788243CA2C9AFD16BAFE5F7432D28C9D7816EBAE9A911CADBFDF4BD9A22B5BDBB7594A28B3FF317914E662C235EAC37730720EBA4AB574F2BE3269DBE1BD53912250FA353CBC055AEB47557BF751BEDFF9244F0E554E5430


You need the nocs to decrypt this data.
 
braza said:
No.. You no can´t !

Your block 016c is here:

81D5FD8F4669AA273095DC8C9800D6CDB0C8D115239DAC9066B3E9EB8CD44CBEAB6F9D5FDB350C0EE6278036AA7BC4EB013D64F3B1119446D52A04CA329BCE2FA5FD1BA005857F3515DB8B2FF4F92D38CEEC360A0F2D901F9DE85633D3A83490D21B12F9839DF558E081625C3D6873574FD82FA91ED64DFDD365E7763F7D16586680D113F575FF4502865966EC531305A3D6F7FB5109AE858BDE4807F2A845A4E8D290AB49E9230D7973FE2CC34E7FAB264657FF4FDA8602B4A855265BC10F6D35C1C7DA9BB87A3C1B3B8BAFD1C8B6A1DEAE527F20530FAFDC5806AED12F8DF5CBCBBD5CE8C1AA99EEDC92C0153335B14304F3EDDD48738A276976218DC518A251F696452BDD0C04357CB25DFEBB5F3DD7FA22AF15A0D06C924B692E9223E8B43A72112237C51945854C8F659B2C34211B38B7C52C6DC4018B1C4B73419DAD38CC26B902CAE5CBA77D3DDE6E46E4B40769A2F38BBBA62966CC87101984C3780B864EB50BC89D2AD28E08F8563ECF635459057BA17E002DC27767203B95DD1BEF58818F9B41DA97A0CEC43D20F2A711846E133E8088874308788243CA2C9AFD16BAFE5F7432D28C9D7816EBAE9A911CADBFDF4BD9A22B5BDBB7594A28B3FF317914E662C235EAC37730720EBA4AB574F2BE3269DBE1BD53912250FA353CBC055AEB47557BF751BEDFF9244F0E554E5430


You need the nocs to decrypt this data.
Click to expand...
Not really, him only need uart open and make ram dump! I think that!lol
but anyway ask Calhordas, mastermind in nagra and bcm...
 
Benfica200 said:
Not really, him only need uart open and make ram dump! I think that!lol
but anyway ask Calhordas, mastermind in nagra and bcm...
Click to expand...
+1 yes, sure if uart is open you can dump full ram where 16c is encrypted and decrypted ;)
 
Status
Not open for further replies.

Similar threads

eon
    • Like
ND$ EMM Breakdown
Replies
0
Views
3K
eon
eon
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 without setup
Replies
0
Views
5K
Mick
Mick
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 with setup
Replies
3
Views
4K
Mick
Mick
R
Help with DVB-C, Plugins and Nagra 2 decryption.
Replies
1
Views
6K
willin
willin
irlam
Team Xecuter RGH2.0 For CoolRunner Rev A and B
Replies
4
Views
9K
dibbers
dibbers
Back
Top