testers for a server

are you telling me mate that you have attained the skills and knowledge to hack nagra 3? if your talking about flashing new images onto cable boxes and programming n1 cards then thats fair enough, even i can do that with the aid of a tutorial or two. but hacking nagra 3 from scratch:
there is no guide or tutorial for that.
thats where internet forums like this one become limiting and a degree in computer engineering or similar becomes necessary.
 
CrazyFool said:
are you telling me mate that you have attained the skills and knowledge to hack nagra 3? if your talking about flashing new images onto cable boxes and programming n1 cards then thats fair enough, even i can do that with the aid of a tutorial or two. but hacking nagra 3 from scratch:
there is no guide or tutorial for that.
thats where internet forums like this one become limiting and a degree in computer engineering or similar becomes necessary.
Click to expand...

I never said hacking nagra3 ... but c/s is perfectly possible.
 
hackmax said:
Not always :)
Click to expand...
Relative to the entire user base or forum users, when the expertise level required reaches a certain level, only a small group of people will be prepared to put in the necessary time and effort.
 
hackmax said:
And that is the problem.
Click to expand...
As I said earlier, it's the reason forums like this exist, so the many can benefit from the expertise and knowledge of the few. How that will play out with regards to CS or any other fix or workaround for N3 remains to be seen, but I wouldn't expect the interest level in CS to be as high as was the case with the software fix for N1.
 
shall we try and get this thread on a positive note:- here's info i found on the net that show there is a method to get the info from the stb and these are charging big bucks to do it!!!


Description: BOXKEY + RSA extraction service

BOXKEY + RSA extraction service from Nagravision receivers. If your TV operator sell receivers with build inkey and you are unable to split TV signal trought your house orapartment on several TV screens - this service is for you. We offerBOXKEY AND RSA extraction from your Nagravision receiver.
Once you have your RSA and BOX key it`s possible to watch TV on anyreceiver LINUX based and build in universal card reader and inreceivers not equipped in CAM reader (for example Dreambox 800 HD) orother where CAM reader does not work properly (Dreambox 7020).

Important! Even if decoder is faulty there is 90% of chance to extract RSA and BOXKEY.


Supported models:

This service probably apply to all receivers (with Nagravision system).

Tested models below:

Digital+ Spain
HOMSON T10 DSI/DTI8000 HD
THOMSON T1 DSI51SOG
PHILIPS DSR4211/16
PHILIPS P10 DSR7211/16 HD TDT
THOMSON T10 DSI81SOG Iplus
ECHOSTAR E1 MODELO: 6000

ZON TVCABO Portugal
ZON TVCABO POWER BOX THOMSON DSI12CAB
ZON TVCABO HD+ THOMSON DST2020CAB
ZON TVCABO HD+ THOMSON DCI7211CAB
ZON TVCABO HD+ THOMSON DSI8020CAB
ZON TVCABO HD+ THOMSON DCI8220CAB
ZON TVCABO HD+ THOMSON DST8040ZON
ZON TVCABO HD+ THOMSON DSI702ZON
ZON TVCABO POWER BOX OCTALTV MicroDVB-S *
*In case of this receiver is very high risk of destroying it in extraction process, because flash memory is glued to mainboard.

DIGI TV
HYUNDAI DIGI TV HSS-3169NA
HYUNDAI DIGI TV HSS-5160NA
HYUNDAI DIGI 2TV HSS-7160NA
HUMAX DIGI+ II *
HUMAX DIGI+ III
HUMAX DIGI+ IV
*In case of this receiver is very high risk of destroying it in extraction process, because flash memory is glued to mainboard.

DREAM TV Philipines
HOMECAST eM-152USNA

CABLE TELENET
Digibox DB-AD110 ADB Model: Q86-TLN *
*In case of this receiver is very high risk of destroying it in extraction process, because flash memory is glued to mainboard.

CABLE UPC
UPC MediaBox MODEL : THOMSON DCI52UPC02 **
UPC MediaBox MODEL PVR : THOMSON DCI62UPC **
UPC MediaBox – HD MODEL : PHILIPS DCR 5012/03 **
UPC MediaBox – HD MODEL : PHILIPS DCR 7101/03 **
UPC MediaBox – HD MODEL PVR : PHILIPS DCR 8111/09
UPC MediaBox – HD MODEL PVR : PHILIPS DCR 8111/03
UPC MediaBox MODEL : PACE DC621KU **
UPC MediaBox – HD MODEL PVR : CISCO 8485DVB UPC
**In case of this receiver is very high risk of destroying it in extraction process, because flash memory is glued to mainboard.
Price for service of extraction BOXKEY and RSA from that UPC Nagravision receivers is :
**Double price for extraction service (please choose an option from the list)

TV GLOBO
DMT 1501*
*In case of this receiver is very high risk of destroying it in extraction process, because flash memory is glued to mainboard.

SATELITE UPC
UPC HD PVR PHILIPS DSR8111/53

CABLECOM
CABLECOM MODEL : ADB CCM7100CX**
**In case of this receiver is very high risk of destroying it in extraction process, because flash memory is glued to mainboard.
**Double price for extraction service (please choose an option from the list)

All models shown above ARE TESTED. If you have other model there is almost 100% chance that it`s possible to extract RSA and BOXKEY.

Important! This service is very complicated, sometimes it`s possible that your receiver will be damaged but RSA and BOXKEY will be extracted and youcan use it in other receivers. PLEASE CONSIDER THIS BEFORE YOU SHIPRECEIVER TO US.


What do we need:

- CAM / receiver serial number
- CAM / receiver without CARD, no need to be activated, it can be straight from prepaid set.

For extraction data process receiver or CAM module must be deassembled. You will lost warranty. After this process it will be assembled tested and send back however due to complication of this process it`s possible that it will not work like before (it may hang).
 
Last edited:
He doesn't do the UK boxes.

Or should i say, he'll say he'll give it a go but he doesn't know for sure.
 
Methinks RSA keys in ye firmware will be encrypteth.

Encrypted when in RAM too?
 
Sorry to sound noobish here but are the rsa keys unique to your box, your card ???
What will having them enable you to do, card-share you card?

Jama
 
For pairing to a CAM, I think.

Different method on older boxes if I understand that bit right though.
 
Depends which method, DT08 or SK - but essentially each box/card has it's own set of RSA keys, one private one public. Which is which in this case does not matter, one is given to the card and one is give to the box.

From the cards perspective, the private key is the IRD's key and it's own key is public.
From the IRD's perspective the private keys the cards's key and it's own key is public.

Each set generates is unique to that IRD & card only.
 
Hi
Sorry people you all had me confused at first so had a little surf.
Now there is a wide range of learning curves via the net/comp nowadays
You can even pass your first part of flying a plane on it . Yes you can become a doctor via it too. Basically its all up to the individual and their brain. The only thing you cant learn is the manual practice and that is not even completely true.
Now to the important bit whos keeping count and whats the score. As stated 10 needed and im not after being a tester but i would be if i had the equipment

P.S Thanks jimmyp for explaining :Clap:
 
also don't forget the rsa keys for the dt08/06 is 128 bytes now it could come in two parts off 64 bytes are it could come in 4 parts off 32.
it could be encrypted are uncrypted. but no matter what you need to find them.


oh and by the way it's more known as the ird_n you need to find which will give you the rsa modlus.so you will need them if your card/box uses the dt08/06
along with your boxkey ird cam id.

after a few rounds off idea decrypting you get up with the cam_n. this is what we want there's a few other things that need done after that but the likes off rqcs will do that for us.


now if using the sk method then you need just the cam_n which is diff in every box/card that uses the sk method so if you find one it won't work in someone else's box.


now from what i have read they are hard to find and as been said on diff forums on some boxes you could destroy the box finding them don't know haven't tryed. i know some one says they must have them as they working/boxes getting sold well i would say for the irish boxes they where took off an open rom110 a05 card . as for the uk ones getting sold well they hardly going to tell people how to do it are they.? which i can't blame as im sure they spent a bit off time trying to sort it out and then have the rest off the fta box sellers geting there hard work with out doing fook all them selves but im sure in time it will come out. but again maybe not everyone cup off tea.

so i would say search the internet (Google) look for any thing related to ird_n are dt08 cmd 2a-2b.there is hints and how to out there.

if don't want to go down that line then sign up to virgin /s*y. are buy one off the fta boxes are join a private c/s (please not public) as im sure most will agree we did have a good run at it maybe longer than we though.


tr0jan
 
From my understanding, DT06 is not a real pairing method, the DT06 Key 0D is how to card extracts the CAM_N for it's own half of the pairing (Rnd^CAM_E MOD CAM_N. This applies regardless of the pairng method (DT08, SK) etc. as the card would still need to know the agreed CAM_N.

Many softcams support this as a way of deriving CAM_N because the users may have an image from the older N2 card. The DT06 Key 0D when expanded gives CAM_N and the cards exponent (this is really the private key).

At no point does the card reveal DT06 as this would reveal more than just the CAM_N and certianly more than the IRD would need (or should have access too)

Since the UK didn't use N2, we won't have access to an N2 eeprom dumped to know DT06 Key 0D so this method is of no use.

No real official receiver therefore will support DT06 pairing.
 
Last edited:
hackmax said:
From my understanding, DT06 is not a real pairing method, the DT06 Key 0D is how to card extracts the CAM_N for it's own half of the pairing (Rnd^CAM_E MOD CAM_N. This applies regardless of the pairng method (DT08, SK) etc. as the card would still need to know the agreed CAM_N.

Many softcams support this as a way of deriving CAM_N because the users may have an image from the older N2 card. The DT06 Key 0D when expanded gives CAM_N and the cards exponent (this is really the private key).

At no point does the card reveal DT06 as this would reveal more than just the CAM_N and certianly more than the IRD would need (or should have access too)

Since the UK didn't use N2, we won't have access to an N2 eeprom dumped to know DT06 Key 0D so this method is of no use.

No real official receiver therefore will support DT06 pairing.
Click to expand...

but by going by that then it would of course be ok for the irish as they used n2 and there eeprom was dumped as far as i know. maybe that's the way the starview is doing it.???

that's good so then we know that all we need is the dt08 are the sk key.
so all it takes is to find out where they are stored on the box .

are they encryped.
are they uncrypted.
is the ird_n in one part /two parts/4 parts.
where is the cam_n stored if useing the sk.
is it encrypted.
is it uncrypted.

well at least we have some thing to look for /check i suggest we /one's that want to try instead off just moaning look see what's about on the net.
 
hackmax said:
Knowledge and expertise come from expermenting & learning.
Click to expand...


It's true.

You ought to see the things I can do with my willy, but I must warn that it has taken almost 40 years of experimenting.

;)
 
This thread reminds me of the time itv digital went down....very very similar requests and people forgetting the great work by people long forgotten about..:Clap::Clap: time my friends time..
 
Ok

Here is part of rqcs config file that sets up the dreambox to read the card:
# ----------------------------- Session Negotiation ---------------------------
# Following is a set of 4 parameters that may be used to achieve successful
# session key negotiation with the card.
# -----------------------------------------------------------------------------

# DT08 session negotiation method. Just the Box Key is required for this
# method to work. This is the simpler, preferable method, however, not all cards
# have DT08's.
box_key=??????????????????
# DT06 Key 0D session negotiation. An alternative method for when the card does
# not have a DT08. Useful when you have the card's DT06 and not the IRD's
# Secondary Key.
#
# If this value is specified, the DT06 method will be attempted instead
# of the DT08 one.
#
# IMPORTANT: BOTH the Box Key and the DT06 are needed for this method to work.
#
# HINT: The DT06 Key 0D *does not* change when a card is swapped, if you
# have this for an old card that was married to an IRD, it will work for
# newer cards on that same IRD.
# dt06_key_0d=

# Plain CAM N negotiation method. Another alternative method for when the card
# does not have a DT08. It is somewhat equivalent to the DT06 Key 0D method and
# again, useful when you have the card's CAM N obtained from an expanded
# DT06 Key 0D. As a sidenote, this parameter is equivalent to newcs's
# <rsa></rsa> parameter.
#
# IMPORTANT: BOTH the Box Key and CAM N are needed for this method to work.
#cam_n=???????????????????????????????????????????????????????????????????????????/
# Secondary key session negotiation method. If your card does not have a DT08,
# and you can't extract the cam's N key or DT06 Key 0D, this is the only possible
# method. The secondary key must be extracted from a provider IRD's TSOP dump.
#
# If this value is specified, it will supercede the DT08, DT06 Key 0D and Plain
# CAM N session negotiation methods. Neither the Box Key, DT06 Key 0D nor CAM N
# parameters are needed for this method to work, and will be ignored if they
# are provided.
#
# The secondary key is 96 bytes long and has the following structure:
#
# II II II II XX XX XX XX XX XX XX XX XX XX Y1 Y1 Y1 Y1 Y1 Y1 Y1 Y1
# SK SK SK SK SK SK SK SK SK SK SK SK SK SK SK SK
# SK SK SK SK SK SK SK SK SK SK SK SK SK SK SK SK
# SK SK SK SK SK SK SK SK SK SK SK SK SK SK SK SK
# SK SK SK SK SK SK SK SK SK SK SK SK SK SK SK SK
# Y2 Y2 Y2 Y2 Y2 Y2 Y2 Y2 CS CS
#
# II = IRD serial number.
# XX = Unimportant.
# Y1, Y2 = SK signature and also used to calculate the box key.
# SK = Actual secondary key data (CAM N, public modulus).
# CS = Checksum.
#
# NOTE: The Secondary Key should be specified as a single line without spaces
# (like the Box Key), and should be the exact 96 bytes as extracted from the IRD.
#
# NOTE: You can copy the 64 bytes that are labeled 'SK' from the Secondary
# Key, and use them in the cam_n parameter. This will also work, in that case
# the Box Key parameter must also be provided.
secondary_key=

# Optional. Card provider's IRD RSA key (only relevant for DT08 session
# negotiation method.
rsa_key=
Click to expand...
 
You must log in or register to reply here.

Similar threads

spud1966
12 Months of Nintendo Switch Online Free for Twitch Prime members FREE £17.99
Replies
0
Views
875
spud1966
spud1966
spud1966
UPDATE - Dec. 13th: It's HERE! - TX Has Finally Done It! - Their SX OS Now Fully Supports v6.2!
Replies
0
Views
474
spud1966
spud1966
trevortron
    • Like
Before you fly on a Boeing aircraft, especially a 737Max
Replies
0
Views
846
trevortron
trevortron
fus10n
    • Like
TV/Media Drivers for Network Attached Storage
Replies
2
Views
2K
fus10n
fus10n
spud1966
    • Like
New Switch CFW and tool Xecuter Presents First Exclusive Video For Our First SX Product
Replies
1
Views
729
sneaker
sneaker
Back
Top