Nagra Hex block Decryption

Status
Not open for further replies.
Apply MDC2 checksum to verify key


so we add another 0x12 bytes header to the full key so it will have a full 0x7E lenght size, then we apply MDC2 check

MDC2 HASH=
000000000000000000000000000000000000AF626E45A45F8AE484DCDB3FF0FBC51B43976F4BFF93E741406CA34622955BE99F6C9C72A32D169423E3EB59D08AF31C2DC06FB16B5DC6BAF23AD4901EBEE6FE9FD145BC706CF43A9556C2B32F1BC5BDA3499B3132A386E14E91B391264B98303DDDA05F2F431D55CBD72235

MDC2 Result=
D2 47 55 6F E7 19 29 C9 76 1F 12 8F 7A 60 4C A6

IDEAKEY1 result =
12 47 55 6F E7 19 29 C9 76 1F 12 8F 7A 60 4C 00


It shows 0E BYTES are ok store RSAN_$6C for later use.
Click to expand...

Could someone find out why do we add 0x12 bytes header ???
If someone compares MDC2 result with IDEAKEY1 result there are differences to first and last byte. Why is it ok ??


RSA Decrypted Block1 =
11437ADA2AA85DCED7D4F9F588A43600 -----------------------> IDEA KEY_1
843FC59F45C8BE8ADD32EBBE22B95CA9
321B900C23B52C9270DB86F09E921395
09D2DF487D79417652B9764D026DCECB
0FE3210BA034A4192E25239CD701D55C
8C82BA633686AD8F29612A3BF24240F1
5A82EB3C9C5DADB3277C61E273496863
2A4EE87DA0D0B36D ----------------------------------------> Block2 IDEA_ENCRYPTED

Final Result RSAN_$68
843FC59F45C8BE8ADD32EBBE22B95CA9321B900C23B52C9270DB86F09E92139509D2DF487D79417652B9764D026DCECB0FE3210BA034A4192E25239CD701D55C8C82BA633686AD8F29612A3BF24240F15A82EB3C9C5DADB3277C61E2734968632A4EE87DA0D0B36D
Click to expand...
How do we check RSAN68 with mdc2 ?? Which is the payload to apply MDC2 ???

result 0x50bytes need to be hashed with MDC2 using padding 0000 = Final result 0x10 "AKA" 16 byte new session key generated which will be used in AES_ECB mode.
Click to expand...
The payload to apply MDC2 is 0000+0x50 bytes result or 0x50bytes+0000 ???
 
After some tests I found out that there is no need for padding during MDC2 calculation for the new aes key. But the most important is that for the next cmds like cmd02, it is used aes cbc with the well known iv and not aes ecb. So many mistakes to this pdf .... At least the above are valid for HD02 DNASP482 card.
 
Message:
Nagra:


  • prepare code for Nagra Merlin HD03, HD04 support


:cool::cool:
 
Benfica200 said:
Nagra:
- prepare code for Nagra Merlin HD03, HD04 support
- no k**s included!hehehe
Click to expand...
really great! almost 10 year old pairing system which was hacked before 6 year ago now have been added to the officiall oscam!
btw. whats next ?!
 
yes ? and why you still not understand nothing about this system ..
this public oscam is basic school for you and others mans from you country :D :D
 
A new info from the patch became public (at least for me) is that we calculate the exponent used to cmd03 from the reply of cmd0E.
1286299100000D8E10000000F140 xxxxxxxx 56438533 008CA0CCCCCCCCCCCCCC
 
Hi all you experts i have questions how this fk team open maxtv iks forever
 

Attachments

  • IMG_0727.PNG
    IMG_0727.PNG
    1.2 MB · Views: 75
Status
Not open for further replies.

Similar threads

eon
    • Like
ND$ EMM Breakdown
Replies
0
Views
3K
eon
eon
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 without setup
Replies
0
Views
5K
Mick
Mick
Mick
New File Added: DreamboxEDIT (dreamedit) 5.2.0.0 with setup
Replies
3
Views
4K
Mick
Mick
R
Help with DVB-C, Plugins and Nagra 2 decryption.
Replies
1
Views
6K
willin
willin
irlam
Team Xecuter RGH2.0 For CoolRunner Rev A and B
Replies
4
Views
9K
dibbers
dibbers
Back
Top