Nagra Hex block Decryption

Status
Not open for further replies.
XIL1NX said:
And yes its possible to get the keys from encrypted smartdtv modules. But again i repeat myself: not with a soldering station or spi programmer
Click to expand...

If not by reading the chips out using SPI programmer, how then? Please explain.
 
Last edited by a moderator:
This is my problem,i have dump from my resiver and i put rsa and boxkey.Negotiate sessionkey was not successful! Please check rsa key and boxkey.
Who can hel me?
 
if someone wants to exchange words about cak7 merlin uniq pairing ..

I'm trying everything oscam cak7 but nothing works .. not have the full code ..

If someone wants to collaborate seriously and not continue reading post after pot without solution, I think it's a waste of time.

Thank you
 
So, who will post another cak7 oscam source code or make a fork on github? :)
 
I'm going to clean this thread up at the weekend. During that time it will be closed to replies.
  • All off topic posts will be removed.
  • All personal attacks will be removed.
  • All off site references, including IM screen shots, will be removed.
  • All nonsensical posts, including any replies not in English, will be removed.
I have no knowledge of nagra or the cable scene, so expect the cuts to be deep. If you want anything in particular keeping or dumping please argue your case below (or via PM with myself).

Any one violating the rules after the clean up, especially rules 3, 10 and 11, will be issued with a ban - the length of which will be determined by staff.

Change log: (16/6/18)
132 posts deleted! Any more rule violations will see the thread locked permanently.
 
Last edited:
Could someone give an example of generic pairing cmd0E for a DNASP482 RevR24 ??
Which RSA modulus key35(88) should I use ??
 
dont confuse pairing mode with CSC mode
$0e is to submit CSC info, even with generic pairing. but you have to use other flags.
 
The example I gave is from this text. This text I am trying to follow. I have successfully calculated up to RSAN68. Then is the step with generic pairing. I send the cmd as at the text but I get 6F01 reply. What is going wrong ??
 
jor said:
Thank you very much for your reply. As I have read from a research to the net the structure of the cmd you propose is for unique pairing. I was talking about generic pairing. What I found is as following :
CRC32 ---------------------------------------------------> 3F 34 74 6B
CMD SEQ -------------------------------------------------> 00 00 09
CMD TYPE ------------------------------------------------> 0E
CMD LEN -------------------------------------------------> 7B
xx xx xx xx ---------------------------------------------> DATA1 (This will be copied and used on CMD$03 build sequence)
00
FF FF FF FF ---------------------------------------------> STB IRD Number generic the same for all
34 11 ---------------------------------------------------> Provide SYS ID
85 5F A5 6A C7 96 BE D5 99 87 B0 40 D4 D0 C0 1F ---------> Last 0x70 Bytes of Unique RSA Modulus key 35(88) paired to STB
84 4C 52 6C 88 4E 80 3A 1F 40 EA EF A8 8F 24 95
AA 79 C7 3C FE 79 06 44 28 8E CE 3E 23 86 81 30
78 A3 82 B0 DC 6E B5 4F 81 83 D2 A6 8C 49 3C 8A
7C 5C D5 52 BE 08 0D 81 6B 9B 16 0D 86 BE BA 21
1C E2 4C 4B 8F 96 37 F9 55 1F 03 86 28 DB 82 D4
8D 51 49 59 36 A7 A2 DA E1 9F 11 76 E8 50 40 6B
CCCCCCCC

I was wondering if this is right or no.
Click to expand...

CMD LEN 7B indicate for cmd 02 not cmd 0E

Same authentication init with cmd 02
Code: 
You don't have permission to view the code content. Log in or register now.
 
wasserwaage said:
CMD LEN 7B indicate for cmd 02 not cmd 0E

Same authentication init with cmd 02
Code: 
You don't have permission to view the code content. Log in or register now.
Click to expand...
So there must be a mistake to the document ...
Is the following plain command right to send it for generic pairing ??
1222EDB800000B027B0F5D423600FFFFFFFF34119D7EEECE530980AE6B5AEE3A41CE0975EFA6BF1E984FA4116F43CACDD06E69FA25C1F9118E7AD019C0EB00C0572A40B7FF8ABB2521D750E735A185CDA6D3DEB33D16D494768A828C7025D400D0648C26B95F44FF7370AB43F568A2B1B58A8E025F9606A8C34F15CD99C269B83568114CCCCCCCCCCCCCCCCCCCCCCCCC
 
jor said:
So there must be a mistake to the document ...
Is the following plain command right to send it for generic pairing ??
1222EDB800000B027B0F5D423600FFFFFFFF34119D7EEECE530980AE6B5AEE3A41CE0975EFA6BF1E984FA4116F43CACDD06E69FA25C1F9118E7AD019C0EB00C0572A40B7FF8ABB2521D750E735A185CDA6D3DEB33D16D494768A828C7025D400D0648C26B95F44FF7370AB43F568A2B1B58A8E025F9606A8C34F15CD99C269B83568114CCCCCCCCCCCCCCCCCCCCCCCCC
Click to expand...

if (1222EDB8 right crc32) and (00000B02 right sequence id) then yes


BBBBUUUUTTTTT, this rom version not accept cmd 02 ;), only cmd 0E
 
So if DNASP482 RevR24 does not accept cmd02, I have to use cmd0E unique pairing ??
 
no, you have the right syntax. try to decrypt season log offline up to authentication process and you will unterstand the transport layer protocol.
 
I can understand you but you could hide the sensitive data. I just want to see an applied example to find out what's going wrong. Unfortunately I don't have access to an official receiver. I just have an HD02 card which I change the rom just for playing with it. Thanks anyway.
 
Status
Not open for further replies.

Similar threads

eon
    • Like
ND$ EMM Breakdown
Replies
0
Views
3K
eon
eon
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 without setup
Replies
0
Views
5K
Mick
Mick
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 with setup
Replies
3
Views
4K
Mick
Mick
R
Help with DVB-C, Plugins and Nagra 2 decryption.
Replies
1
Views
6K
willin
willin
irlam
Team Xecuter RGH2.0 For CoolRunner Rev A and B
Replies
4
Views
9K
dibbers
dibbers
Back
Top