Oder CI (Pro) - Modul
Digital Eliteboard - Das Digitale Technik Forum
Registriere dich noch heute kostenloses um Mitglied zu werden! Sobald du angemeldet bist, kannst du auf unserer Seite aktiv teilnehmen, indem du deine eigenen Themen und Beiträge erstellst und dich über deinen eigenen Posteingang mit anderen Mitgliedern unterhalten kannst! Zudem bekommst du Zutritt zu Bereiche, welche für Gäste verwehrt bleiben
OP
OP
Gelöschtes Mitglied 488570
Guest
Bitte zurück zu den EMM´s ... das hatten wir schon im anderen Thread tausendmal ...
I've been looking at some of the Chip Manufacture IDs in a SkyUK EMM log.
42 73 35 10 ; Bs5 ; BCM 7335A (MIPS)
42 74 01 21 ; Bt.! ; BCM 7401 (MIPS)
6E 73 6B 20 ; nsk ; ???
6E 73 6B 21 ; nsk! ; ???
I suspect that latter two are SkyQ boxes with the STiH412 'Monaco' (ARM) chip.
Can anyone confirm?
42 73 35 10 ; Bs5 ; BCM 7335A (MIPS)
42 74 01 21 ; Bt.! ; BCM 7401 (MIPS)
6E 73 6B 20 ; nsk ; ???
6E 73 6B 21 ; nsk! ; ???
I suspect that latter two are SkyQ boxes with the STiH412 'Monaco' (ARM) chip.
Can anyone confirm?
OP
OP
Gelöschtes Mitglied 488570
Guest
INS-7E - German Sky "Q" Box ist "6E 73 6B 21"
OP
OP
Gelöschtes Mitglied 488570
Guest
Edit: noch einmal drüber nachgedacht ... nein ist so nicht möglich
wenn K2 und K1 aus 2 x 8 Bytes bestehen sollen muss EK 1 auch aus 2 x 8 Bytes bestehen
wenn K2 und K1 aus 2 x 8 Bytes bestehen sollen muss EK 1 auch aus 2 x 8 Bytes bestehen
Zuletzt bearbeitet von einem Moderator:
I've been looking at the SlyUK EMMs that carry the information to assemble INS7E and the EK2.
They are very similar to the SkyDE 38C1 pair.
Four questions:-
1. Which of these 16 byte strings is the EK2? 30_15 or 31_15?
Or are they manipulated togther( XORed? or 3DES crypted, with one as the data and the other the keys) to create the actual EK2?
I believe you have the same issue for SkyDE. Does anyone know the answer?
2. What are the four bytes after the Chip ID and their purpose??
3. 01_01 81 What does the "81" indicate?
Finally, to me it appears that oscam does not use the payload data in INS7423 anywhere. Is that correct?
If so, how can it work in unique mode? Surely EK1 comes from INS7423?
They are very similar to the SkyDE 38C1 pair.
Du musst dich
Anmelden
oder
Registrieren
um diesen Inhalt sichtbar zu machen!
Four questions:-
1. Which of these 16 byte strings is the EK2? 30_15 or 31_15?
Or are they manipulated togther( XORed? or 3DES crypted, with one as the data and the other the keys) to create the actual EK2?
I believe you have the same issue for SkyDE. Does anyone know the answer?
2. What are the four bytes after the Chip ID and their purpose??
3. 01_01 81 What does the "81" indicate?
Finally, to me it appears that oscam does not use the payload data in INS7423 anywhere. Is that correct?
If so, how can it work in unique mode? Surely EK1 comes from INS7423?
kautz8953
Premium
- Registriert
- 21. April 2013
- Beiträge
- 2.167
- Lösungen
- 1
- Reaktionspunkte
- 2.820
- Punkte
- 283
- Ort
- Keine ahnung
In mod81 EK2 (K1) come From the Receiver EMMs 38C1
In mod83 EK2 (K1) come from the ins7423
In mod83 EK2 (K1) come from the ins7423
OK. Thank you.
Do you know how the two 16 bytes strings in the 38C1 EMMs are combined to create the EK2?
Also for unique mode, am I correct in thinking that currrently oscam does not use INS7423 for EK2 and therefore will need to be patched to use it
(either AES or 3DES depending upon the system - SkyDE - SkyUK respectively)?
Do you know how the two 16 bytes strings in the 38C1 EMMs are combined to create the EK2?
Also for unique mode, am I correct in thinking that currrently oscam does not use INS7423 for EK2 and therefore will need to be patched to use it
(either AES or 3DES depending upon the system - SkyDE - SkyUK respectively)?
Miese.Ratte
Meister
- Registriert
- 20. Juli 2015
- Beiträge
- 992
- Reaktionspunkte
- 2.203
- Punkte
- 263
They just don't!
Miese.Ratte
Meister
- Registriert
- 20. Juli 2015
- Beiträge
- 992
- Reaktionspunkte
- 2.203
- Punkte
- 263
The two keys (strings in your lingo) are for different cards. They are very likely encrypted keys.
Because they are for different cards and do the same job, they can't be sufficient for an EK2.
Because they are for different cards and do the same job, they can't be sufficient for an EK2.
Interesting. If you know that for sure then I'll accept it. Thank you.
However, all my testing indicates the INS7E creation EMMs (38C1 for SkyDE) have nothing to do with the card and are solely to do with the box, for the following reasons:-
1. These EMMs are addressed to the box not the card.
2. In UK there are currently THREE card types, 0960, 0961 and 0963. But there are only TWO 16 byte strings/keys/seeds. So where would the third card type get its data from?
3. I've logged the EMMs for two different card types in the same box. They are identical and give rise to exactly the same INS7E.
4. These 16 byte strings/keys/seeds follow the 30_15 and 31_15 nano_length tags. The first five bytes of these are flag bytes some of which denote the encryption method used (02 = TDES, 10 = AES etc) and which variation.
eg for SkyUK
30_15 00 01 00 02 03 .............
31_15 00 02 02 02 03 .............
eg for SkyDE
30_15 00 01 10 10 05 ............
31_15 00 02 10 10 05 ............
This suggests to me that, the following 16 bytes are the EK2 for the two different encryption types (TDES, AES etc) and variations, and the EK2 selected will be the one currently active.
However, all my testing indicates the INS7E creation EMMs (38C1 for SkyDE) have nothing to do with the card and are solely to do with the box, for the following reasons:-
1. These EMMs are addressed to the box not the card.
2. In UK there are currently THREE card types, 0960, 0961 and 0963. But there are only TWO 16 byte strings/keys/seeds. So where would the third card type get its data from?
3. I've logged the EMMs for two different card types in the same box. They are identical and give rise to exactly the same INS7E.
4. These 16 byte strings/keys/seeds follow the 30_15 and 31_15 nano_length tags. The first five bytes of these are flag bytes some of which denote the encryption method used (02 = TDES, 10 = AES etc) and which variation.
eg for SkyUK
30_15 00 01 00 02 03 .............
31_15 00 02 02 02 03 .............
eg for SkyDE
30_15 00 01 10 10 05 ............
31_15 00 02 10 10 05 ............
This suggests to me that, the following 16 bytes are the EK2 for the two different encryption types (TDES, AES etc) and variations, and the EK2 selected will be the one currently active.
Miese.Ratte
Meister
- Registriert
- 20. Juli 2015
- Beiträge
- 992
- Reaktionspunkte
- 2.203
- Punkte
- 263
SkyDE has also three different cards.
The V13 gets fed with the first key and the V14/V15 use the second key. You can verify/see it while logging on the receiver during the decryption process when running in the global "pairing" mode aka mode 81.
These keys do also change sometimes. The K2 doesn't.
... and don't rely too much on the keyladder. NDS loves to modify those things here and there a little bit.
The V13 gets fed with the first key and the V14/V15 use the second key. You can verify/see it while logging on the receiver during the decryption process when running in the global "pairing" mode aka mode 81.
These keys do also change sometimes. The K2 doesn't.
... and don't rely too much on the keyladder. NDS loves to modify those things here and there a little bit.