"David K. Merriman" <merriman@arn.net> writes:
At 01:34 AM 03/28/96 +0000, you wrote:
I've been looking for a file on how to make PPV descramblers and havn't found any. Commercial descramblers cost around $200 base price. If anyone has a file on how to make them please e-mail me one. Thanks.
This is cypherpunks. Not Cable-TV-Piracy-Punks.
ObCrypto: Scrambling TV signals sometimes makes use of encryption, so perhaps a brief discussion of how this is done could be tolerated.
If you are talking about recovering signals from completely encrypted digital MPEG-2 streams, such as those used by the DBS folks, you are probably out of luck. The relevant processing in the decoder exists on a small card which has so far resisted attempts at reverse engineering.
The DSS smart card has been reverse-engineered for at least six months now and pirate devices are in the market. The encryption used on those systems is good but it does not stand up to a well financed attack. In the European version of the system, the encryption routines were using a hashing function. The input packet also carried the authorisation data so it was using this as an input packet. The DSS routine is probably based on a similar hashing routine.
There are a variety of techniques for scrambling audio. The most expensive is to DES encrypt the sound and place it in the horizontal blanking interval. The regular sound channel can then be used for advertising. This requires a bit of processing at both ends, and is generally used for satellite to ground transmission of cable signals. The other common method is to modulate the sound on a subcarrier, usually the one transmitted in phase with the missing sync.
Using DES to encrypt the audio on the fly is an old technique and was used in the VideoCipher II system. Most of the more recent systems use a PRNBSG EXORed with the digital audio data stream.
Of course, once television transmission goes completely digital, and strong encryption is used on both audio and video, the opportunity for such simple attacks will vanish.
The problem of piracy will still exist on digital systems. The DSS system is a completely digital system and it too is hacked. Admittedly some of the elements of security in the DSS are good, most can be rendered void by hackers. The problem for DSS is that the smart card they used is not secure enough. It was a Motorola 6805 type. What appears to be the pattern with the hacks on more recent smart card systems is an inversion of the original pattern on the simple analogue systems. The original pattern was that some hobbyists would figure out how to hack the system and then the hack would be commercialised. With the smart card hacks - the pattern is inverted so that it becomes a trickle down pattern. The professional hackers reverse and emulate the smart card and then the code is sometimes hacked from the emulator card and then distributed among hobbyists. The most dangerous thing in all this is that the smart cards that have been hacked in Pay TV systems throughout the world are also used in other applications. The expertise and the knowledge of reversing smart cards is now more common in the Pay TV piracy business. There is always the possibility that these skills could be applied elsewhere. Regards...jmcc ******************************************** John McCormac * Hack Watch News jmcc@hackwatch.com * 22 Viewmount, Voice&Fax: +353-51-73640 * Waterford, BBS: +353-51-50143 * Ireland ******************************************** -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQCNAzAYPNsAAAEEAPGTHaNyitUTNAwF8BU6mF5PcbLQXdeuHf3xT6UOL+/Od+z+ ZOCAx8Ka9LJBjuQYw8hlqvTV5kceLlrP2HPqmk7YPOw1fQWlpTJof+ZMCxEVd1Qz TRet2vS/kiRQRYvKOaxoJhqIzUr1g3ovBnIdpKeo4KKULz9XKuxCgZsuLKkVAAUX tCJKb2huIE1jQ29ybWFjIDxqbWNjQGhhY2t3YXRjaC5jb20+tBJqbWNjQGhhY2t3 YXRjaC5jb20= =sTfy -----END PGP PUBLIC KEY BLOCK-----