Satellite television company Sky says it is probing the use of digital boxes to hack its signals. Receivers are being advertised by a Dundee Facebook user. The devices allow the user to get all satellite channels without paying subscription fees. The so-called open boxes require users to have a satellite dish but not an active subscription.
It is not illegal to own these boxes as on their own they only give access to free-to-air channels. They can also be used to stream content from the internet. However, it is against the law to use one that has been pre-configured to hack subscription channels by using codes purchased online to decode the signals. One local man on Facebook was offering to sell and install the boxes for £120 even though they are available to buy online for less than a third of the price. His advert said: “These are satellite boxes with ALL uk sky channels and all packages inluding SPORTS, MOVIES, MUSIC, DOCUMENTARIES, KIDS, LIFESTYLE & SKY BOX-OFFICE.” He also says buyers will need to spend £25 a year to reboot their system. When approached by a Courier reporter posing as an interested buyer, he said he could install the device within 48 hours. He said: “It’s basically plug in and go.
They are £120.” Asked if the set-up was legal, he said: “Wouldn’t say Sky would be happy if they knew everyone had these but who’s honestly going to know unless you have the chief executive in your living room? “It’s either £120 one-off or £60 to £100 every month for your normal bill. “You must have a Sky dish though and internet connection.
Doesn’t matter if you’re not with Sky any more as long as the wire still comes into the house from the dish.” A Sky spokeswoman said the company would pursue anyone who illegally accesses their services. She said: “We strongly advise people not to buy products or services which on their own, or in combination with codes, claim to offer access to Sky content. “Such services are not authorised by Sky and are unlawful, and those who buy them could find their service switched off at any time.” Four years ago, a gang of three London men who supplied 400,000 boxes that let people watch Virgin cable channels for free were jailed for 15 years. Following the prosecution, the Metropolitan Police warned that anyone who uses an illegal box could also be charged.
0.0 Disclaimer / Explanation 1.0 What is a scrambling system? 1.1 Overview of scrambling in Europe 1.2 Characteristics of the major European Scrambling Systems 2.0 Hacking pay TV 2.1 Is it legal?
2.2 VideoCrypt Smart Cards 2.3 What is Season or Omigod software? 2.4 Where can I get the Season software? 2.5 The Season Cardadapter 2.6 I can’t ftp, Can someone post the file for me? 2.7 What are blockers and what is Phoenix? 2.8 Is there a D2-Mac Eurocrypt M version of Season?
2.9 Is there a hack on Nagra? 2.10 PIC source code for hacks. 2.11 Other smart card projects for hacks. 2.12 WWW sites for information and files. 3.0 Finding out more 3.1 Reading List 4.0 Netiquette On The Newsgroups Please read the following carefully: This FAQ is provided for educational purposes only. What you do with the information herein is your business.
Kana Kanum Kalangal Serial Song Free Mp3 Download. Kana Kaanum Kalangal Evergreen Title Song Mp3 Download Kana Kaanum Kalangal Evergreen Title Song.mp3. Kana Kaanum Kaalangal Title Song Mp3 Download Kana Kaanum Kaalangal Title Song.mp3. Kana Kanum Kalangal Title Song Mp3 Download Kana. Free Vijay Tv Kana Kanum Kalangal Serial Title Song mp3 download from Mp3eg webmusic, New Vijay Tv Kana Kanum Kalangal Serial Title Song Mp3, Vijay Tv Kana Kanum Kalangal Serial Title Song tubidy Mp3 Download, Office Tamil Serial Title Song BY Dilo Guna Mp3 Songs, Free Office Tamil Serial Title Song BY. Kana Kanum Kalangal Song Download Free Mp3 Download. Kanaa Kaanum Song 7g Rainbow Colony Mp3 Download Kanaa Kaanum Song 7g Rainbow Colony.mp3. Kana Kaanum Kalangal Evergreen Title Song Mp3 Download Kana Kaanum Kalangal Evergreen Title Song.mp3. Kana Kaanum Kanga Mella Hd Songs.
The contributors to this FAQ do not necessarily condone the illegal use of the devices or programs mentioned here. The contributors to this FAQ are in no way liable for any damage to equipment, revenue, or sanity as a result of the use or misuse of this information. 1.0 What Is A Scrambling System? A scrambling system is applied to a television signal to ensure that it is only receivable by the audience for which it is intended. The more cynical amongst us may rephrase that to “those who have paid to receive it”. Therefore a good scrambling system is one that can effectively make the picture unusable to all except those who have paid. There are two basic types of scrambling system: dumb and addressable.
The dumb system does not have any over-the-air (OTA) addressing. As a result the channel cannot turn a subscriber’s descrambler off.
This type of system is cheap and offers minimal security. As a result it is not used for high value channels. An addressable scrambling system is more complex in that it allows the channel to individually turn on and off descramblers.
Most systems in operation today are addressable. The basis of a scrambling system is the method by which it renders the picture unwatchable. The early scrambling systems were analogue. These systems interfered with the synch pulses or inverted the video either on a frame, field or line basis. Some actually delayed each line by one of three delays on a pseudo- random basis. All of the analogue scrambling systems were vulnerable and offered little protection to the channel using them.
It was trivial to build a descrambler that worked in an identical manner to the official descrambler. As the years and technology advanced, more complex systems came into operation. These systems were digital based systems. They digitised the picture or sound information and manipulated it. In order to descramble or decode the picture, the picture had to be digitised and then decoded. VideoCrypt, D2-MAC EuroCrypt M & S and Nagra Syster are all digital systems.
They all digitise the video in order to decode it. VideoCrypt and D2-MAC use line cut and rotate to scramble the picture. Nagra Syster uses Line Shuffle to scramble the picture. It takes a block of lines and changes the order. All of the above systems are smart card based. They rely on the fact that the smart card can be economically replaced in the event of a hack. The concept behind this is that of “The Secure Detachable Microcontroller”.
The older systems designs were based on the “Secure Embedded Microcontroller” concept. This concept was fundamentally flawed in that if there was a hack on the secure microcontroller (the chip that held the system’s secrets), then all of the decoders would have to be replaced or upgraded. 1.1 Overview of scrambling in Europe There are about six or seven different systems in use in various parts of Europe. The three most common ones are VideoCrypt, EuroCrypt and Nagravision.
Of course there are variants of each of these systems. VideoCrypt 1 and VideoCrypt 2 are good examples of this variants concept. VideoCrypt comes in two versions, VideoCrypt I and VideoCrypt II. They are parallel, and the idea is that VC I is to be used inside the UK and Ireland, and VC II in the rest of Europe. Since Europe is still a multi-copyrights area, there is often the need to sell the programming on one channel to two markets. Rather than create two separate channels, it is often easier to use the same channel, with the same scrambling system but two distinct datastreams.
The scrambling system is the same – line cut and rotate, but the information to descramble it is encrypted in the VideoCrypt 1 and VideoCrypt 2 datastreams. The datastreams are sent out on the one channel. Therefore the channel is available both in the UK and the continent using what on the surface appears to be two different systems.
Hack Sky Tv
Of course this underlines an important flaw in using two or more datastreams on one scrambling system – if only one of these datastreams is hacked, then there is effectively no more protection for the channel. Almost all efforts at cracking VideoCrypt has concentrated on VideoCrypt 1 variant. VideoCrypt 2 has not been much of a target as there is not enough premium programming available to warrant a hack. There are VideoCrypt 1 VideoCrypt 2 adaptors. These are plug-in boards with the switchable 68705 / 8752s that allow a VideoCrypt 1 decoder to be converted to use as a VideoCrypt 2 decoder and vice versa.
JSTV is the only broadcaster that broadcasts Europe wide using VideoCrypt I. This channel differs from the standard in that it is a very high fee channel but it is also very much a minority interest channel since it broadcasts programmes for the Ex-pat Japanese market. Multiplexed Analogue Component (MAC) is a transmission standard. The scrambling system overlay is EuroCrypt. EuroCrypt comes in a number of variants (M, S, S2) but according to European law, EuroCrypt-M is the European standard. Nobody takes much notice of that anyway.
The developers of EuroCrypt were France Telecom. Since the system is open as regards the scrambling algorithms, France Telecom chose a modified form of the US Data Encryption Standard algorithm. They removed the initial and end permutations to make it run faster in the smart card. They also believed that this algorithm would be top secret and unhackable.
Eurocrypt-M is the commonest. Only four channels (Sweden 1 and 2, Norway 2 and TV Erotica) use Eurocrypt S, the two first in the less used D-MAC variant. An older MAC variant, B-MAC, is used by the American Forces Radio and Television Service, The Satellite Information Services Racing Channel and several business TV applications.
Gradually this system is fading out of use. The B-MAC system applies relatively simple line delay scrambling to the MAC video and hard encrypts the digital audio and teletext services.
The hacks on this system involve cloning a valid subscriber identity number and then arranging for a continual supply of weekly keys. These keys are programmed into an EEPROM chip in the decoder. There are two flavours of B-MAC in operation in Europe: B-MAC 525 and B-MAC 625. The numbers refer to the line numbers. The 525 variant is used for the US AFRTS service and the 625 version is used for the Racing Channel. Pirate decoders for these services are expensive, typically costing in excess of five hundred pounds.
The problem of course is arranging the continual flow of keys. Nagravision is also known as Syster and as Nagra, and is used in France, Spain, Turkey and Germany. Unlike VideoCrypt and Eurocrypt, Nagravision decoder boxes are not for sale. They are only rented out to subscribers, but still operate with a smart card. Nagravision has not been cracked, and there are no known pirate cards. Nagravision is now replacing the older and less secure Discret system in France. Apart from these three big systems, others include Luxcrypt, used by the Dutch RTL networks (a box, no card – decoders easily available) and Smartcrypt (box & card, used by the French RTL channel; boxes now available for sale in France).
Even the old SATPAC system as used by FilmNet before they switched to D2-MAC has been used lately. 1.2 Characteristics of the major European scrambling systems VideoCrypt 1: TV Standard: PAL Video: Line Cut And Rotate Audio: None Smart Card: Yes Users: BSkyB Multichannels, Adult Channel, Eurotica, JSTV etc. Hack Status: 10 Card In Operation – One Claimed Hack Pirate Cards: Not Yet Season Programs: Not Yet VideoCrypt 2: TV Standard: PAL Video: Line Cut And Rotate Audio: None Smart Card: Yes Users: Discovery, FilmNet. Hack Status: Secure due to lack of interest. Pirate Cards: No Season Programs: No D2-MAC EuroCrypt-M: TV Standard: D2-MAC Video: Line Cut And Rotate on Chroma And Luma Audio: Encrypted Digital Smart Card: Yes Users: FilmNet, TV1000, TV3, Canal Plus. Hack Status: Hacked Pirate Cards: Yes Season Type Programs: Yes D2-MAC EuroCrypt-S: TV Standard: D2-MAC Video: Line Cut And Rotate on Chroma And Luma Audio: Encrypted Digital Smart Card: Yes Users: TV Erotica.
Hack Status: Hack advertised. Pirate Cards: Advertised Season Type Programs: No Nagra Syster: TV Standard: PAL Video: Line Shuffle Audio: Spectrum Inversion Smart Card: Yes, key shaped rather than conventional card shape. Users: Premiere, Canal Plus.
Hack Status: Possible, shortage of decoders prevents major damage. Pirate Cards: No Season Type Programs: No LuxCrypt: TV Standard: PAL Video: Frame / Average Peak Level Inversion with synch replacement Audio: Digital PCM but not used Smart Card: No.
Just a dumb and cheap system. Users: RTL-4 Veronique Hack Status: Totally compromised Pirate Cards: No Season Type Programs: No B-MAC: TV Standard: B-MAC Video: Line Delay Audio: Hard Encrypted with DES like algorithm Smart Card: No Users: AFRTS, SIS Racing Channel Hack Status: Hacked. Cost of decoders / key feeds are a problem.
Pirate Cards: No Season Type Programs: No 2.0 HACKING PAY TV 2.1 Is it legal? The cynical answer would be that it is only illegal if you get caught. The legal position on hacking varies from country to country.
Basically a good rule is that a channel being uplinked from a particular country is probably going to be protected by that country’s laws. For example hacking Sky in the United Kingdom is illegal under that country’s laws. However hacking FilmNet in the UK may not be directly protected under the UK’s law. TV1000 on the other hand is partially uplinked from the UK and is therefore protected under UK law even though the pornography transmitted on the channel would not be permitted to be uplinked from the UK.
A rather sly sidestep gets around this issue – the hardcore pornography is not uplinked from the UK. In fact, TV1000 has threatened UK dealers with legal action many times but with few results.
The problem of piracy on TV1000 in the UK has got to such a state that taking legal action against one or two dealers would not have any greater effect. Europe is still a multi-copyright area. It is therefore possible for Sky and FilmNet to purchase the rights to show the same film. Perhaps in the future, the copyright issue will be worked out and we will have a single copyright area for Europe, but for now we have to cope with the current mess. To date most of the prosecutions for piracy in the UK have been against people who have been too visible. It is not economically viable for a channel to prosecute every user of a pirate smart card. Instead they will generally concentrate on dealers and distributors.
Of course they may also decide to make an example of an individual pirate card user. The logic of the legal departments of channels is not as predictable as that of their engineering departments. If you get caught you are unlikely to be able to plead any clever excuse that you may come up with. More importantly, could you afford the expensive legal mouthpiece to argue your case? 2.2 VideoCrypt Smart Cards On 31/10/95 Sky switched over to the new 10 card. The fundamental result of this is that ALL season programs and pirate smart cards do not work anymore. Pirate smart cards are cards that have been manufactured to hack a channel.
They are, in most cases totally different from official smart cards. The majority of these cards are based on the PIC16Cxx series of microcontrollers. Other variations have been seen but the PIC16Cxx cards are the commonest. Over the past few months, the more expensive end of the market has tended towards the Battery Cards.
These cards use the Dallas Semiconductors FP5002 secured microcontroller and are updatable by the card user. It is simply a question of dialing a phone number and getting the set of numbers to punch into the Battery Card. There is also a trade in what are referred to as Grey Market smart cards. These are official cards, that are exported to another country. Generally it is a one for one trade with the broker taking a commission. For example, a Sky subscription would be taken out in the UK and a FilmNet subscription would be taken out in Sweden. The cards would then be swapped via a broker.
The subscriptions would be kept up to date by both parties. The legal position on this activity is not clear as the channels benefit from the transaction in that they both get subscriptions. It does rely on mutual trust. Purchasing a pirate card involves risk. There is a probability that the pirate card will be killed in the future.
The channels will implement electronic countermeasures to try and kill the pirate cards. Technically speaking, no pirate card can ever be 100% safe.
This point has been proven too frequently over the last few months. The system used by FilmNet Plus and TV1000 (among others) is EuroCrypt-M. This system has been continually hacked since 1992.
In terms of value for money, users of EuroCrypt-M pirate smart cards have fared better. This is because the channels have not frequently implemented countermeasures.
Of course the recent countermeasure by TV1000 has had a devastating effect. Most of the pirate smart cards have been knocked out. The VideoCrypt system, as used by Sky and the Adult Channel, has been updated more regularly. The present Sky card is issue 10 or in technical terms, the 0A card. It is commonly referred to as issue 10 but the reason for the 0A reference is purely technical. In hexadecimal, the number 10 is represented as 0A. In addition to issuing a new smart card every year or so, Sky and News Datacom also implement countermeasures to knock out pirate smart cards.
Over the last few months, the time between these countermeasures has only been a few weeks. For about a month preceding the switch to 10, Sky was in a transition from issue 09 to 10. Therefore they did not execute that many ECMs during that period. This is because the 10 card only had a simplified version of the 09 algorithm in order to cope during this transition stage. As a direct result ECMs such as key changes, many of the pirate cards have had to be sent back to the dealer for upgrade.
Some innovative pirates have designed their cards (The Battery Cards) so that they can be upgrade by the customer. The solutions for the countermeasures are recorded as a set of numbers on an answering machine. The customer rings the phone number with the answering machine and gets the update numbers.
Hack Sky Cable Channels
He then enters them into the pirate card via a key pad. Other solutions such as a modem on the pirate card have also been seen.
In real terms, anyone purchasing a pirate card is taking a risk. The pirate card will eventually be hit by a countermeasure. If it is not, then the channel may issue a new smart card with the consequence that all of the old pirate smart cards will be knocked out. The cost of the new pirate 10 cards, when they hit the market, will be in the region of two hundred pounds or so. At present a price of 498 DM is being quoted by one pirate card vendor. 2.3 What is Season or Omigod software?
At the time of writing, none of the Season programs are working on channels encrypted with the 10 codes. There have been at least two spoof attempts over the last few weeks. One of this is named SEASON10.ZIP and is very definitely a fake. The Season software began life as an attempt by Markus Kuhn and others to watch the final season of Star Trek: TNG. The final season was season 7.
As a result, the first working PC program that decoded Sky was named SEASON7. The first version of this program appeared in March of 1994. At the time, the current issue of the Sky card was Issue 7. Therefore some confusion arose. The term Omigod (Oh My God!) was also used to describe the programs. Well the preceding hack using the PIC cards was known as the Ho Lee Fook hack!
Over the months from March to May 1994, versions for different computers appeared. Many of these were posted on the alt.satellite.tv.europe newsgroup. On May 18th 1994, Sky changed from issue 07 cards to their new issue 09 card. In hacker terms, May 18th is referred to as Dark Wednesday.
The 09 card proved harder to hack but a temporary solution appeared in June of that year. It only lasted a few week before Sky changed codes again. Though some attempts at an issue 09 SEASON hack were made, the change of code by Sky stopped it cold.
Well at least until just before Christmas. Last Christmas, no less than three versions of the SEASON hack appeared. Two of them worked on the PC and the other one worked on the Apple MAC. Of course Sky was paying attention and on January 4th 1995, they implemented a countermeasure that knocked out pirate cards and all of the SEASON hacks. The war between Sky and the pirates had recommenced. Updated versions of the SEASON hacks became available.
This spiral of countermeasure and update has continued until the present. The issue of the new Sky card, has changed the situation somewhat.
The VideoCrypt SEASON hack is now living on borrowed time. The algorithm in the 09 card issue is far more complex than the one used in the 07 card. While the 07 algorithm was not really designed to be extremely upgradable, the 09 algorithm is an extremely flexible algorithm. No doubt the 10 card algorithm will build heavily on the lessons of the 09. At present only The Adult Channel (UK soft porn) and Eurotica (UK Hard Core Porn) are decoded by VideoCrypt SEASON programs.
None of the official Sky channels will be decoded by any of the SEASON programs available. 2.4 Where can I get the software from?
Currently there are working versions of the SEASON hacks for the Adult Channel and Eurotica available on almost every European BBS. There are many ftp and webpages (WWW) where the programs are freely available. There are no known versions that cover VideoCrypt 2. (A hack on JSTV was claimed a few months ago).
There are many version of SEASON: Voyager, SEASON, Freeview etc. All of these have stopped working on the Sky channels since Sky switched to their 10 cards. However in the meantime, these programs are available at all good sites, a few of which are listed below. Ftp: ftp.uni-erlangen.de /pub/Multimedia/VideoCrypt/ ftp.paranoia.com /pub/users/defiant ftp.ua.pt /pub/misc/satellite helvetica.gw.chnet.ch Note the capital letters and the forward slashes (/). They do make a difference as the ftp sites are run on UNIX systems where the case of the characters makes a difference.
2.5 The Season Cardadapter The computer has to be connected to the VideoCrypt decoder via an interface. This interface is sometimes referred to as an Omigod or Season interface. It is essentially a simple design that allows the RS232 serial port of the computer to be connected to the TTL levels of the card socket. Most of the versions of the Season software include a text file on the construction details of this interface in a file called ADAPTER.TXT.
Details of the adapter are on Erlangen in the directory: /pub/Multimedia/VideoCrypt/cardadapter/ The artwork for making the PCB interface is available in postcript form at: ftp harley.pcl.ox.ac.uk /pub/crypt/smartpc/smart.ps ftp joule.pcl.ox.ac.uk /pub/mark/smart.ps This software uses very accurate timing for the decoding, there are several reports that this software runs OK on some machines and not on others. Please expect problems and try slowing your CPU down as a first fix. Problems are reported about different COMM cards, Memory Managers and so called Serial Device drivers (like fossils).
It’s best to run the Season software on a ‘clean’ machine 2.6 I can’t ftp. Can someone post it for me? If you can’t use ftp from your account then get yourself acquainted with ftpmail.
As well as allowing you to get the software yourself and keeping traffic in the group down, it will also enable you to get any software on any subject! For details of how to use ftpmail send a message with the word “help”in the body to: [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] The files will be returned in a format known as uuencoded. You’ll need a uudecoder to make these into useful files.
These are widely available for all platforms although if you can’t ftp you’ll have to work out how to get one. More details on email use of the net are on Super Channel CNBC text page 188.
2.7 What are blockers and what is Phoenix? In the middle of the summer of 1994, there was little success in hacking Sky.
A program was written in the TV-CRYPT for testing a theory. The theory dealt with the over the air addressing system on VideoCrypt.
The question was: “could the presently available knowledge be used to switch on or off a Sky card?”. At that time, the available knowledge consisted of the fragment of the 09 code that was killed in June and a working knowledge of how Sky encoded card numbers in their over the air addressing system. The available knowledge was sufficient. The computer program written to test the theory was called Phoenix.
Since most of the cards experimented upon were Quickstarts that Sky had killed, Phoenix, the mythical bird that rises from its own ashes seemed a good name. Of course the program fell into the hands of commercial pirates. The Phoenix program on its own was useful to switch on the 09 Quickstarts that Sky had killed. It was also being used to switch on all channels on a Sky card with only the Multichannels subscription. It was a Musketeer hack – all for one and one for all.
But that hack name had already been used. Unfortunately these reactivated cards were only lasting a few days before being killed again by Sky. Then when Sky increased their kill cycle the cards only lasted a few hours. Some solution had to be found. The solution lay in a hack of 1992 – the KENtucky Fried Chip.
This was a modified version of the smart card – decoder microcontroller in the VideoCrypt decoder. It stopped Sky from turning off a card by examining each over the air packet for the identity number of the card in the card socket and stopping such a packet from reaching the smart card.
Sky could not kill the card because the card never received the kill instruction. Of course the chip used in the decoder was too expensive and there was a rather large number of redundant PIC16C84 chips available. The first blockers to hit the market had the blocking program in a PIC16C84.
They consisted of a card socket, a PIC16C84 and a PCB. The official card, having being activated by the Phoenix program would then only be used in the blocker. Luckily it was not named the Condom hack. Of course the popularity of these devices soon meant that individually activating the Quickstart cards with the Phoenix program was taking too much time. The solution was to incorporate the Phoenix routines in the PIC16C84. These new blockers were more successful.
Over the months from August to November, they were given a bewildering array of names; Genesis, SunBlocker, Sh.tblocker, Exodus. Naturally Sky were a little upset with this resurrection of their dead cards. Their response, at first was purely technical.
Later in 1994, they took legal action in the Uk against some people supplying blockers. There was more to the VideoCrypt 09 smart card than people realised. The most important aspect was that Sky could actually write to the card. The instructions for doing this were carried in the same packets that carried the activation and deactivation instructions. The blockers only looked for the specific identity number of the card in the card socket. As long as that identity number did not appear in the packet, it was let straight through to the card. Sky had managed to knock out a number of cards while they were in the blockers.
Some of these countermeasures were reversible in that the card itself was not completely dead. One of Sky’s countermeasures did actually hit the card in a manner that effectively locked it. At that point, the blockers were becoming irrelevant – there were working pirate smart cards for VideoCrypt. The Phoenix program, in various guises, still works. Of course some of the newer smart cards from Sky have been found to be resistant to being activated with Phoenix. At present there is some PIC source code that has been labelled 10BLOCK.ZIP.
It is believed that this is not actually the code for a 10 Blocker but merely 09 Blocker code that does not work on 10. Using this code in the hope that it would stop a 10 card being killed is dangerous to say the least. 2.8 Is there a D2-MAC EuroCrypt-M Version of The Season Hack? The simple answer is yes. The main program is MacAccess.
Though the original author of the MacAccess program did not update it due to the sheer abuse of the program. The comments from a few ungrateful idiots wanting the new version and at the same time insulting the original author for not supporting the program irritated not only the author but many hackers as well. Someone has patched the new FilmNet and TV1000 keys into an early version of the program. The patched program is available on BBSes and ftp sites as MAXS-15A.ZIP The EuroCrypt-M system is DES based. In an ironic way the system’s greatest strength was its greatest weakness. Again the progression from pirate smart card to computer program was apparent. 2.9 Is there a hack on Nagra?
There is no OMIGOD program for hacking Nagra. What occurred was that some JAFA from the English consumer publication, “What Satellite” saw a program for monitoring the Nagra card-decoder communications and ignorantly assumed that it was an OMIGOD hack. Though there is possibly a smartcard based hack, the main problem is getting an adequate supply of Syster decoders. Of course marketing the hack in the home area of the channel would be suicidal. It would be easy to replicate the pirate smart card but the decoders are not easy to get.
Therefore with access to the decoders controlled it is a very good demonstration of the philosophy of total access control. 2.10 PIC Source code for hacks Since late April, there has been no security on the PIC16C84 microcontrollers. This is ironic because this microcontroller formed the backbone of the European piracy business. In late April, the information on popping (extracting the protected contents of the chip’s memory) the PIC16C84 was published in a USENET newsgroup. An article on this can be found on the following webpages: As a result of this information being published on the USENET, result everybody found out how to pop the PIC. All the code for the D2-MAC hacks and the Sky hacks were laid bare. The source code for the PIC based D2-MAC cards is widely available on the net.
3.0 FINDING OUT MORE 3.2 Reading List The de-facto standard text on encryption and scrambling systems is John Mc Cormac’s Black Book. Currently in edition 4, the book gives the reader a complete overview of the industry and systems in use in Europe. European Scrambling Systems – Black Book 4 ISBN 1-873556-03-9 Waterford University Press MC2 (Publications Division) 22 Viewmount Waterford Ireland Fax +30 BBS +33 e-mail [email protected] 4.0 Netiquette On A.S.T.E & A.S.T.C & R.V.S.E The first rule is that there are no hard and fast rules. There are, however some protocols designed to reduce the risk of incineration. The newsgroups alt.satellite.tv.europe and alt.satellite.tv.crypt are the groups where overt discussion of scrambling systems and attacks on scrambling systems are considered worthy topics. A few months ago, there was a schism in the newsgroups. The standard European satellite television newsgroup, alt.satellite.tv.europe split into two.
The first rec.video.satellite.europe, became part of the REC hierarchy. This is the proper group for discussion of general European satellite television topics. Please do not post messages asking for the latest hack on the R.V.S.E group. The second group became alt.satellite.tv.crypt. The alt.satellite.tv.crypt newsgroup is where the discussion of scrambling systems and hacking is meant to be conducted. It started out as a European group but there are many non-European readers. The alt.satellite.tv.europe group was supposed to be phased out but this does not seem to have happened yet.
Please bear in mind that some people have to pay to download the newsgroups. In the past few months there have been a few flame wars about posting UUENCODED binaries into the alt.satellite.tv.crypt and alt.satellite.tv.europe groups.
The argument on this is that the procedure is now to upload any file to a popular ftp site and announce that it is available there rather than posting it as a UUENCODED message. Advertising of devices on the newsgroups is another subject that inspires strong reactions. It is unfortunately now a fact of life. If you have to advertise, then observe the standard Usenet protocol of including the word AD or ADVERT in the subject line. Only post to the groups where relevant. If you are posting an advert for a device with European usage do not post in the US satellite newsgroups. In many European countries there are complex legal rules regarding ‘goods to be used for criminal purpose’.
If we keep the discussion at an ‘educational’ level, for personal use the group should attract much less attention. There is also a grey area of the law that is presently untested. This surrounds the possible prosecution of Internet service providers because of material they carry.
If the newsgroup becomes a source of software for hacking pay TV you may find your site removes it, just as some providers strip the alt.binaries.pictures.erotica groups.
Media captionInside Out goes undercover to expose the criminals touting illegal pay-for-view TV packages at knock-down prices. Criminal gangs are selling hacked pay television services at a fraction of their true cost, a BBC investigation has revealed. Subscribers to satellite or cable TV can pay more than £80 a month to legitimately receive premium packages. But fraudsters were caught on camera selling set-top boxes which access equivalent packages for £10 per month. In light of the findings, experts warned hacked satellite and cable TV is increasing and becoming the 'new norm'. How it works The television signal is received in the usual way, but it is encrypted by the broadcasters in an attempt to prevent piracy.
The boxes use the internet to stream the encryption key, allowing the viewer to receive channels. One of the fraudsters exposed by the BBC London/Inside Out investigation was Gyula Markovits, a Venezuelan satellite dish installer living in south London. He sold hacked boxes that receive every conceivable channel for less than an eighth of the normal monthly price. So many people are doing it, it is becoming the norm Dr Luke McDonagh, Copyright law expert He boasted that he had 150 customers, generating him almost £20,000 a year in illicit income.
Mr Markovits subsequently denied all wrongdoing. Shop 'closed' Another fraudster, who called himself Ahmed, sold BBC researchers numerous fraudulent packages from satellite TV shop Golsat in Upton Park, east London. He said of the £150 access to all Sky movies and sport: 'This is nothing for what you are going to watch, seriously.'
Within days of being confronted with the BBC's evidence, Golsat appeared to shut down. A poster on the door said it had 'closed for refurbishment'. Ahmed did not respond to a request for a comment. Under the Copyright Act, those convicted of supplying the equipment could face a 10-year jail sentence and unlimited fine. Sky, BT and Virgin have all refused to reveal how many cases of hacked TV they encounter a year. But the BBC heard of dozens of examples of the fraud spread right across the UK, both tip-offs and cases currently going through the courts.
It is a nationwide problem, with Swansea and Cardiff highlighted as hotspots for pubs using cracked boxes to stream Premier League football. Gang rumours Keith Cottenden, forensic services director at consultants Cy4or, said there were some areas in the UK where those hacking satellite TV outnumber viewers paying for it legitimately. He said: 'Some of the stats don't make good reading for the providers. 'In some areas, there are not as many subscribers as there are others. Image caption The shop from which 'Ahmed' offered his illegal service has closed down 'Within the urban areas, it's widespread - most cities have a wide network of people doing this.' During the investigation, the BBC accompanied City of London Police's Intellectual Property Crime Unit raiding an individual in Liverpool suspected of being the ringleader of a gang supplying the boxes to customers around the country. Documentation was seized and officers continue to investigate.
The BBC heard reports from the police of numerous gangs. Managers at Golsat and Mr Markovits were recorded saying that they were part of a wider gang, implementing, managing, selling and marketing the devices that perpetuated the fraud. Dr Luke McDonagh, an expert in copyright law at Cardiff University, said: 'The problem is there, it's getting more widespread and the big broadcasters are trying to cut down on it by targeting the criminal enterprises that are running these pirated systems. Image caption The hacked set-top boxes stream encryption codes from the internet 'But it's very difficult to crack down on the use of cracked decoders by consumers - so many people are doing it, it is becoming the norm. 'If it continues then we may see the broadcasters having to change their model like the music industry has with things like Spotify - it could become that wide-scale.'
The Federation Against Copyright Theft (Fact) said the illegal pirating of paid-for television was not a victimless crime. Fact spokesman Eddy Leviten said: 'Is it fair that someone will be able to steal from someone else and that person will not be not paid for their work? 'That impacts not just on that one single person but on their families as well, all those who rely on that income.' One of the individuals exposed has now been referred to trading standards.
A spokesman for Newham council said that as a result of the BBC's investigation the authority had referred Mr Markovits and his business to its trading standards team. Between them Sky, Virgin and BT have 17.5m legitimate pay-TV customers. Inside Out is broadcast on BBC One London on Monday, 10 February at 19:30 GMT and nationwide on the iPlayer for seven days thereafter.
Over the last couple of days a small furore has erupted a News Corp subsidiary, has been hacking the pay-TV smartcards of News Corp’s competitors, and even News Corp’s own companies – allegations that NDS. I’m not going to speculate on the reasons why a supplier of – the technology that allows paid-TV providers to restrict access to their broadcasts – would want to undermine the security of their own product; but I am going to discuss how such systems work, and how secure they are. A Conditional Access Module (CAM) is a combination of encryption keys, smartcards and electronics and computer code inside a satellite or cable-TV receiver (or “decoder”).
The pay-TV provider encrypts the digital signal sent to the subscriber with an encryption key. The subscriber plugs a smartcard into his/her decoder, which decrypts the signal so programs and films can be displayed on the screen. Some decoders have the smartcard built-in already, so there is no external slot. The is a plastic card with a chip - much like a modern credit card. You can see electrical contacts on the chip. When the card is inserted, the chip is plugged into the decoder, allowing the CAM to get the decryption key. Other information is also stored on the chip – subscriber ID, subscription details, billing details, censorship filters and so on.
We don’t really know what’s there unless we hack into the chip, because it’s all kept secret. Each chip will have it’s own non-volatile memory (requires no battery), computer programs and a small (CPU). The security of the system depends on a few things:.
secrecy of the encryption algorithm. secrecy of the keys.
secrecy of the hardware. So let’s start with the. An algorithm is a recipe for doing something – in this case, for scrambling and descrambling the digital signal. Some CAM providers write their own algorithm, and depend on it remaining a secret. That’s a bit like hiding your door key inside a brick or under a flower pot – once the secret (that the key is in the brick) is discovered, you have no security. Works this way.
A much better approach is to keep the key with you (a secret key). Everybody knows how your door security works (you put the right key in the lock and turn), but that only works if you have the key. If your lock (algorithm) is faulty, you’ll find out quickly enough and replace the lock.
Of course, Pay-TV subscribers would have to remember the key, and have to enter it into their decoder - very inconvenient, but very safe. Foxtel uses CAMs. These use encryption - a reasonably complex encryption algorithm that’s difficult to crack without employing lots of supercomputers. 3DES is a known algorithm - it has been tested for years and, if implemented correctly, will be safe. And the security of the decryption key? That’s stored on the chip in the smartcard.
Just like hiding it inside a (very thin) brick. 3DES is a, which means you use the same key to encrypt and decrypt. If hackers can open up the card and get to the key, they can extract the key and use it to make cloned cards. This leads us to the secrecy of the hardware. Four years ago, Wired magazine posted a YouTube video (see below) showing Chris Tarnovsky demonstrating how to extract the chip from a smartcard, and access the electrical signals.
Reprogramming the card to display its stored data (including the decryption key) is the next step. Modern cards are better, but the techniques for getting into them are also better. It’s not even necessary to open up the card. Many digital TV watchers use techniques such as card sharing or to spread the cost of a Pay-TV subscription among tens or hundreds of people. And you can buy blank smartcards online from places such as for a few cents each.
There are also dedicated forums online to help would-be criminals access satellite TV and Pay-TV without a subscription. Just Google terms such as, and (Modified Original Smart Card). So just as with (circumventing the built-in security mechanisms of the Xbox and Xbox 360 videogame consoles), (gaining “superuser” permissions to your Android device’s software) and iPhones (gaining root access to Apple’s operating system), pay-TV piracy/hacking is happening now. The information is out there and is easy to access.
Hack Tata Sky Channels
Of course, anyone attempting to use the information has to be technically capable and adventurous. Is it being done on an industrial scale? Perhaps in places such as China or South America. A lot of the hardware which enables or supports unlawful access to IT systems (e.g. – the illegal copying of information from the magnetic strip of a credit or ATM card) appears to be coming from those regions. The Chinese government is and the systems which support it. My opinion is that the skills required (to hack these smartcards) are beyond most wannabe pirates and hackers.
Besides, it’s much easier just to install the peer-to-peer file-sharing protocol and download any program or film you want.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |