UART of BCM

If you use mainboard A but put flash from mainboard B, port UART will be blocked I think.
 
To open telnet (rj45) you need payloader to downgrade a firmware to telnet open port !
No way to hack the firmware to open telnet , firmware is protect by rsa128, the last 128 bytes of firmware block is the protection.
For my provider, i have payloader 7346 7358 and 1 more, I have telnet open, i have the key , dont have first key ( rootkey) for time.
 
cak7 said:
happy new year @ all people

only want sure a thing, example bcm box (A box) can get key of n*a*gra via telnet , other an provider ( B box) use same cpu and n*a*gra, but not rj45 port and uart blocked. i can get key from B box via A box mainboard. or nothing help ???
Click to expand...

If you have closed uart, there is no way, all important parts of fw are sha 256 signed and these signatures are 2048 bit rsa encrypted,
if you have root access, you can get a /dev/mem or /proc/kcore dump and it´s possible to get 0x70 mod1, mod2, data88 and keys from 016C.
It´s useful in several cases when provider doesn´t use hw pairing with cwpk.
The cwpk key from bcm box is not accessible at this moment, there are more lies about it on the net, but really nothing usable
 
Last edited:
feri33 said:
If you have closed uart, there is no way, all important parts of fw are sha 256 signed and these signatures are 2048 bit rsa encrypted,
if you have root access, you can get a /dev/mem or /proc/kcore dump and it´s possible to get 0x70 mod1, mod2, data88 and keys from 016C.
It´s useful in several cases when provider doesn´t use hw pairing with cwpk.
The cwpk key from bcm box is not accessible at this moment, there are more lies about it on the net, but really nothing usable
Click to expand...
i dont think beacause SKYDE and SKYIT working with BCM, BF cant possible crack 3DES
 
feri33 said:
If you have closed uart, there is no way, all important parts of fw are sha 256 signed and these signatures are 2048 bit rsa encrypted,
if you have root access, you can get a /dev/mem or /proc/kcore dump and it´s possible to get 0x70 mod1, mod2, data88 and keys from 016C.
It´s useful in several cases when provider doesn´t use hw pairing with cwpk.
The cwpk key from bcm box is not accessible at this moment, there are more lies about it on the net, but really nothing usable
Click to expand...
braza said:
To open telnet (rj45) you need payloader to downgrade a firmware to telnet open port !
No way to hack the firmware to open telnet , firmware is protect by rsa128, the last 128 bytes of firmware block is the protection.
For my provider, i have payloader 7346 7358 and 1 more, I have telnet open, i have the key , dont have first key ( rootkey) for time.
Click to expand...

look nothing help if mainboard A box uart open or telnet open can get key, but mainboard B box data can't get key via maiboard A box.

i saw other box hacked provider bcm7335 and 7358 , i think them are do this way.

if get cpu cef file have help or no ?
 
truefrnd said:
i dont think beacause SKYDE and SKYIT working with BCM, BF cant possible crack 3DES
Click to expand...

are you sure that these sky packages were solved from BCM boxes? example Humax models ESd - 160S/VE --> sky Q germany use sti h 418 chip
 

Attachments

  • skyq2.jpg
    skyq2.jpg
    27.1 KB · Views: 15
anyone have idea of black card n*a*gra ?

bcm7362,7335,7358,7563, sti h237
 
You must log in or register to reply here.

Similar threads

K
BCM 7358
Replies
1
Views
275
cak7
C
dar1437
Android Android Music Player
Replies
10
Views
321
**override**
**override**
spud1966
    • Like
PC Game Call of the Wild: The Angler Free Epic Games
Replies
0
Views
127
spud1966
spud1966
magicalbeef
Mi box s almost unusable
Replies
2
Views
93
avid
avid
spud1966
    • Like
  • Sticky
Stay online with the Nintendo 3DS and WiiU after today! April 8 2024 using Pretendo
Replies
1
Views
190
VirusSoldier
VirusSoldier
Back
Top