V7 (De laatste loodjes -:) )

[dontno]

Is this correct:

http://www.satdudez-forumz.com/forum/showthread.php?s=&threadid=47927

[Gast]

wat staat hier dan ik ben niet geregistreerd alleen wel benieuwd.

skystar

[DreamHummie]

Ben ook zoooo benieuwd.

Zit al de hele dag op een registerbevestiging te wachten van dudez. <img src="/ubbthreads/images/graemlins/dogeyes.gif" alt="" />

[Gast]

dit:My appologies if this has been posted before.

I have not seen it around anywhere so thought I would share

I know this information to be correct a very reliable source told me this a few days ago.

 

 

just a quick expanation for who asked how this "crack" works.

 

The emulation of the S*ca2 system uses the following instruments:

 

- Hash Table Bx Algorithm SuperEncription

- RSA key and exponent to decrypt ECM table 1001

- Operative Key 0D (March)

 

First of all you have to know that we have 3 hash tables in our S*ca2 cards. We have 9x, Bx and Fx table.

 

The Bx and the Fx tables are allocated in the eeprom of the card that was dumped maybe using an unlooper or a glitcher. The 9x tables are allocated in the rom, and there's no voice of a dump of the S*ca2 rom over the Net.

 

The eeprom dump is not of public domain anyway but someone with commercial interests used that to produce some pirate cards called Titanium and KnotCard earlier this year, wich files are not on the public domain as these cards are sold by people who lives this not as a hobby but as a work!

 

I think that the Bx tables used in the emu that YOU have on your cams (I've only an extremely normal GoldBox decoder ), have been dumped down from one these pirate cards or maybe someone had the files used to build the titanium cards and similar cards and he decompiled them.

 

The nice fact is that these tables are now in the public circuit, you can find them in the "Scam" binary file of the 5 mega img file for DreamBox. The sad fact is that if S_K_Y wants (and why shouldn't it want it?), it can switch all the ECM and EMM to a different table. It can use Fx tables at the beginning, just to give a black screen to all the emu people but soon or later also the Fx tables will faced up the sceenes. Definitevely S_K_Y could switch all to 9x hash table then and it will grant it the stronger smack down for anyone interested in emu or pirate solutions.

 

For who is asking how the Bx hash table is used, just look at a couple of strings here:

 

this is an example of ECM we receive:

 

 

C13C01Bx5C1001 236382606FAB41DCEBD40B034F59D0CD090A0196D42642E2FF

2FF399741920FA956DD1C0631

4F6F2

099989C66653347162D6E8D063A3051F2A653C4FB751CEBCD6

D887EE70CEE11CF3DA61F4346

03F01

BDF95FBF593D665BEB4A

 

and this is an examble of EMM we receive:

 

C14001B0631003 E7C2019B9870CD01D2A01CE5FBF66304DB0B1CB8DB2DE4832E

4D6BCDEC87106A6E3F6D76294

73058

3355BB4E4AAAB52AEFEEC74DC369D488D47E756394C715FBB1

D2C1F76AEDE39DEFBD50C9795

A4584

0EFEEC75FBF6630367822F9AA952804681

 

 

Look at the start of each string, it says us that:

 

C1 = Class of the command

40 = indicates the Ins used in the command, the ins 40 is used for EMM and ins 3C for ECM

01 = indicates the provider (Italian 01 is -> S_k_y (0070), in Spain it is -> C*nal+ (0064), and so on)

B0 or B1 = the lower nibble indicates the keys wich is signing the command, so 0 is for MK 00 and 1 is for MK 01, the high nibble indicates the hash tables used to crypt the entire command, from the beginning up today has been used the Bx hash table but as I said why S_K_Y should continue to use it now?

5C or 63 or other = indicates the LEN of the following part of the string

10 01 or 10 03 = indicates the ECM or EMM tables. We have 3 potentially activable tables for ECM and for EMM: 1001, 1003 and 1005, and an unuseful table 1007. Each table works with one RSA key and a public exponent. Each table is different from ECM to EMM, so if we had ECM table RSA keys 1001 they will be different from EMM table RSA keys 1001.

 

The control words (or cryptes words) now come crypted with ECM table 1001. The emu contains the RSA ECM 1001 keys and it firstly decrypt the entire command that brings the CryptedWord to open a channel. The cw comes with a C13C01Bx5C1001 command where, as you have understand:

 

C1 = Class

3C = Ins used for sending CW

01 = provider

Bx = you just know that B is the hush table used and x can be the operative C or D or E keys that will sign the command

5C = LEN

1001 = ECM table in use NOW!

 

The emu does that:

 

- receive the ECM that is crypted on ECM table 1001, signed with operative key in use now (0D March) hashed in table Bx

- decrypts it and takes the 8 bytes crypted word

- reply with a C1 3A containing the 8 bytes decrypted word (it doesn't require any suppletive cryptation)

 

All that gives you the open vision of the channels.

 

But how much can it last? Few days in my opinions.

 

The following are just some example of how can S_K_Y switch off the emus:

 

1) By changing operative key (Emu has the march key only and it is not updatable because it includes ECM table 1001 and not the EMM table 1003 wich is used to sign actualization!)

2) By changing ECM table from 1001 to 1003 or 1005 (these two last use a RSA key not in the public domain)

3) By switching all the command from hash tables Bx to unsecure but not yet in the public domain Fx tables or strongest solution: all switched to 9x tables!!!

 

I hope this explanation has been of any help for who asked how the system works, and if someone asks why it doesn't work for other providers, he must remember that:

 

- other provider hash tables are not in the public domain

- other provider ECM or EMM tables are not in the public domain

- many provider in Europe uses strongest cards then the Italian cards (we use Version 7.0A and Version 7.0B cards in Italy and Spain, other countries use cards with less bugs up to not-known bugs)

[cobes]

als ik hem nu opzoek krijg ik dit.

 

Citaat:

Invalid thread specified. If you followed a valid link, please notify the webmaster

 

maar na enig zoeken toch gevonden.

 

 

groet cobes

[Pino]

Citaat:

But how much can it last? Few days in my opinions.

The following are just some example of how can S_K_Y switch off the emus:

1) By changing operative key (Emu has the march key only and it is not updatable because it includes ECM table 1001 and not the EMM table 1003 wich is used to sign actualization!)
2) By changing ECM table from 1001 to 1003 or 1005 (these two last use a RSA key not in the public domain)
3) By switching all the command from hash tables Bx to unsecure but not yet in the public domain Fx tables or strongest solution: all switched to 9x tables!!!

I hope this explanation has been of any help for who asked how the system works, and if someone asks why it doesn't work for other providers, he must remember that:

- other provider hash tables are not in the public domain
- other provider ECM or EMM tables are not in the public domain
- many provider in Europe uses strongest cards then the Italian cards (we use Version 7.0A and Version 7.0B cards in Italy and Spain, other countries use cards with less bugs up to not-known bugs)

<img src="/ubbthreads/images/graemlins/crazy.gif" alt="" /> Houdt dit in dat het plezier van korte duur zal zijn .... <img src="/ubbthreads/images/graemlins/dogeyes.gif" alt="" />

[noorderlicht]

Beter kort dan helemal niet! <img src="/ubbthreads/images/graemlins/grin.gif" alt="" />

 

Ik volg het forum al geruime tijd en ik vind het helemaal te gek wat de garnalenpellers allemaal bedenken <img src="/ubbthreads/images/graemlins/xyxthumbs.gif" alt="" />

 

Ik zit iedere avond met veel plezier te genieten van mijn satdoos. Zonder garnalenpellers geen garnalen! Immers met huid en haar zijn ze niet te vreten <img src="/ubbthreads/images/graemlins/crazy.gif" alt="" />

 

Bedankt jongens en ik wacht met smart af <img src="/ubbthreads/images/graemlins/biggthumpup.gif" alt="" />

 

 

Greetz Noorderlicht <img src="/ubbthreads/images/graemlins/anoniem.gif" alt="" />

[Gast]

Kimble je bent een grote aanwinst voor SAT4ALL. Dit vind ik echt professioneel werk. Ik zal je werk met veel belangstelling volgen. Maar eerst even de garnalen proeven of ze echt smaken.

 

Veel suc6 en tot de volgende uitvinding <img src="/ubbthreads/images/graemlins/xyxthumbs.gif" alt="" />

torpedo

[Gast]

ik denk dat het volgende wat kimble doet

 

kroepoek gaat heten <img src="/ubbthreads/images/graemlins/smile.gif" alt="" />

[satspock]

Is er al iets bekent over de franse seca2 (kiosk enz )?

[arie kanarie]

Voor sommige, onder ons, gaat het niet vlug genoeg.

Wie had dit 2 weken geleden kunnen dromen.

 

grtz arie

[satspock]

Ik vraag dit niet omdat ik ongeduldig ben,maar om informatie te krijgen.

[klosjos]

Het is net als met een virus.

Als het uitkomt dan is het meteen verspreid via indernet.

Dus als het franse virus uitbreekt zullen we het vanzelf wel lezen

 

Normaal lacht er een om het virus en huilen er vele.

Maar met het s2 virus lachen en vele en huilen er een paar.

[holles]

Citaat:

Maar met het s2 virus lachen en vele en huilen er een paar.

Volgens mij doet s2 het maar op enkele ontvangers. Dus denk ik dat de zin moet zijn dat er weinig mensen lachen en vele nog steeds huilen. <img src="/ubbthreads/images/graemlins/loldev.gif" alt="" />

[Gast]

Wat dat laatste betreft ben ik het niet helemaal eens. Er zal wel wat tijd overheen gaan voordat iedereen alle garnalen lust.

De laatste generatie tuners zijn nl vrij open en daarom door iedereen aangeschaft of het zijn de eerste generatie S1 dozen.

Het probleem zit hem in de middenweg. De verkoop van de plipsen de strings de pianoers de rokenja zijn heel hoog en staan bij het merendeel van de huishoudens. De pianoers hebben een aantal nerds zodat die al bij de eerste horen net als de laatse groep gevorderden met hun droomdozen ed.

 

Naar mijn verwachting zal dan ook de plipsen eerst zijn en dan de strings, wat later de middenweg zoals de humans de fotak etc. Dit is eigenlijk te wijten aan de leveranciers van allerlei cams want die willen omzet genereren kostte wat het kost, zonder know how.

 

Maar uiteindelijk zal dit jaar iedereen alle garnalen lusten en is ook de schade beperkt.

 

Kijk maar naar de samba's ed die de grootste problemen hadden met V7