Zuletzt bearbeitet:
Here another example of a decrypted payload, same CAID/card
And the card just goes in this mode with correct ins7e/boxid, you don't really have a choice..
[*]2020/03/17 16:34:37 0C25C09B r (reader) 3B 20 4F 0D B1 64 43 A5 00 00 03 23 03 01 22 02
[*]2020/03/17 16:34:37 0C25C09B r (reader) 00 80 0E 02 03 00 0F 06 00 00 00 00 00 00 20 04
[*]2020/03/17 16:34:37 0C25C09B r (reader) 00 00 00 00 25 11 00 00 00 00 00 00 00 00 00 00
[*]2020/03/17 16:34:37 0C25C09B r (reader) 00 00 00 00 00 00 00 2A 04 03 23 00 00 55 01 8B
[*]2020/03/17 16:34:37 0C25C09B r (reader) 56 08 00 00 00 00 00 00 00 00 45 03 40 00 80 2B
[*]2020/03/17 16:34:37 0C25C09B r (reader) 02 00 00
What that mode means compared to x81 or x83...no Idea...but it gives a ECW, probably 3DES encrypted.
:coldsweat:Yes, no Chance.
Try it this way.Hello everybody
und ich versuche, 24 Positionen zu setzen. Ich muss versuchen, 0987 Caid NDS-Karte mit Oscam zu betreiben. Außerdem gibt es eine Ins7E-Nutzlast ab 6E 73 6B 20
und ich versuche 24 Position zu setzen und fügte hinzu "0000000000010202030002020203" (6E736B202F47AC57XXXXXXXX0000000000010202030002020203 )
aber "classD3 ins54: no cw --> Card needs pairing/extra data" auf oscam log anzeigen
and i chnage that ins7E payload to (6E736B202F47AC57XXXXXXXX08CB7D8600010202030002020203)
dann zeige wie unten oscam log
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] classD3 ins54: Tag55_01 = 8B, CW-overcrypt may not required
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] classD3 ins54: CW is crypted, trying to decrypt unique pairing mode 0x8B
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] crypted CW is: 0000000000000000DF355BD6E398CC59
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] k1 for unique pairing mode is not set
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] cardreader_do_ecm: after csystem->do_ecm rc=0
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] cardreader_do_ecm: ret rc=0
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] cardreader_process_ecm: cardreader_do_ecm returned rc=0 (ERROR=0)
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] Error processing ecm for caid 0987, provid 000000, srvid 0002, servicename: 0987@000000:0002 unknown
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] ecm hash: 77C85B02BD63C4629C5BECE6DF89716D real time: 102 ms
2020/03/01 16:38:03 488EA4EA c (ecm) local (0987 & / 044E / 1215 / 0002 / I: 77C85B02BD63C4629C5BECE6DF89716D # CW = 00000000000000000000000000000000): not found (133 ms) by v13
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] write to cardreader
2020/03/01 16:38:03 1E19BEB9 r (reader) D1 5C 00 00 04
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] Answer from cardreader:
2020/03/01 16:38:03 1E19BEB9 r (reader) 00 00 00 00 90 20
2020/03/01 16:38:03 488EA4EA c (dvbapi) Demuxer 0 restarting decoding requests after 1 ms with 1 enabled and 4 disabled ecmpids!
2020/03/01 16:38:03 488EA4EA c (dvbapi) Demuxer 0 trying to descramble PID 2 CAID 0987 PROVID 000000 ECMPID 1215 ANY CHID PMTPID 120C VPID 120D
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] local emm reader
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] cardreader_do_checkhealth: reader->card_status = 2, ret = 1
2020/03/01 16:38:03 1E19BEB9 r (reader) v13 [videoguard2] write to cardreader
2020/03/01 16:38:03 1E19BEB9 r (reader) D1 42 00 00 92 90 90 60 01 5F 23 B6 57 A9 6C E7
2020/03/01 16:38:03 1E19BEB9 r (reader) 4A 1D ED 21 E8 BD 68 4A 6A 75 94 2B CE 5B BE 54
2020/03/01 16:38:03 1E19BEB9 r (reader) 92 BE 00 6A AA 76 34 14 8C 30 2B 05 F2 FA 87 0D
2020/03/01 16:38:03 1E19BEB9 r (reader) C9 14 F5 8B 4C 65 28 6D 43 29 EF E4 B5 49 AC E4
2020/03/01 16:38:03 1E19BEB9 r (reader) 8E 48 BB 6A A6 F0 E5 AE 30 BE 03 AC E7 C6 52 C4
2020/03/01 16:38:03 1E19BEB9 r (reader) 4F 16 80 83 89 82 C4 A3 D0 6E 59 46 72 62 45 D2
2020/03/01 16:38:03 1E19BEB9 r (reader) 58 9F 3B B5 02 39 A3 9F 05 79 82 24 74 D2 51 51
2020/03/01 16:38:03 1E19BEB9 r (reader) 61 95 27 72 63 C7 80 FF 1C CA 3C 61 86 2E 9D 5B
2020/03/01 16:38:03 1E19BEB9 r (reader) 6E 78 96 FB 12 38 60 EA 43 14 CA 99 8D A6 D1 6D
2020/03/01 16:38:03 1E19BEB9 r (reader) 28 D2 2F 2A 71 DB 1E
2020/03/01 16:38:04 1E19BEB9 r (reader) v13 [videoguard2] Answer from cardreader:
2020/03/01 16:38:04 1E19BEB9 r (reader) 90 20
2020/03/01 16:38:04 1E19BEB9 r (reader) v13 [videoguard2] local emm reader
2020/03/01 16:38:04 1E19BEB9 r (reader) v13 [videoguard2] cardreader_do_checkhealth: reader->card_status = 2, ret = 1
2020/03/01 16:38:04 1E19BEB9 r (reader) v13 [videoguard2] write to cardreader
2020/03/01 16:38:04 1E19BEB9 r (reader) D1 42 00 00 92 90 90 60 01 23 33 FB 50 D9 D7 52
2020/03/01 16:38:04 1E19BEB9 r (reader) 75 F1 8D F3 78 B2 2F 30 E9 E5 18 49 76 92 6F BB
2020/03/01 16:38:04 1E19BEB9 r (reader) 6F 90 7A 18 F3 0F 7A DD 6D E0 7F AD 8E D9 6B 5D
2020/03/01 16:38:04 1E19BEB9 r (reader) 00 68 4A 94 5A D9 43 29 6B 4E E5 87 84 FA 2E 9F
2020/03/01 16:38:04 1E19BEB9 r (reader) AE 5B 78 C9 13 94 77 B1 06 C3 DB 8A 8D A6 02 BB
2020/03/01 16:38:04 1E19BEB9 r (reader) F9 EF C3 59 FB 8F 14 AF A7 45 17 2A FB C2 B7 94
2020/03/01 16:38:04 1E19BEB9 r (reader) 0B 3A 5C 2A 92 3F EF 1A CA CA 86 53 76 67 A8 04
2020/03/01 16:38:04 1E19BEB9 r (reader) F2 4B 96 42 48 09 FD 05 A5 F2 CD 8F 41 2C 25 8A
2020/03/01 16:38:04 1E19BEB9 r (reader) 32 99 69 19 E1 10 EC 67 ED 2A D7 B1 47 47 BC C5
2020/03/01 16:38:04 1E19BEB9 r (reader) 73 69 18 91 43 B1 87
2020/03/01 16:38:04 1E19BEB9 r (reader) v13 [videoguard2] Answer from cardreader:
2020/03/01 16:38:04 1E19BEB9 r (reader) 90 20
2020/03/01 16:38:04 488EA4EA c (ecm) local (0987 & / 044E / 1215 / 0002 / I: 77C85B02BD63C4629C5BECE6DF89716D # CW = 00000000000000000000000000000000): not found (82 ms) by v13
2020/03/01 16:38:04 1E19BEB9 r (reader) v13 [videoguard2] cardreader_do_checkhealth: reader->card_status = 2, ret = 1
2020/03/01 16:38:04 488EA4EA c (dvbapi) Demuxer 0 restarting decoding requests after 1 ms with 1 enabled and 4 disabled ecmpids!
2020/03/01 16:38:04 488EA4EA c (dvbapi) Demuxer 0 trying to descramble PID 2 CAID 0987 PROVID 000000 ECMPID 1215 ANY CHID PMTPID 120C VPID 120D
2020/03/01 16:38:05 488EA4EA c (ecm) local (0987 & / 044E / 1215 / 0002 / I: 77C85B02BD63C4629C5BECE6DF89716D # CW = 00000000000000000000000000000000): not found (5 ms) by v13
2020/03/01 16:38:05 488EA4EA c (dvbapi) Demuxer 0 restarting decoding requests after 1 ms with 1 enabled and 4 disabled ecmpids!
2020/03/01 16:38:05 488EA4EA c (dvbapi) Demuxer 0 trying to descramble PID 2 CAID 0987 PROVID 000000 ECMPID 1215 ANY CHID PMTPID 120C VPID 120D
2020/03/01 16:38:05 1E19BEB9 r (reader) v13 [videoguard2] local emm reader
2020/03/01 16:38:05 1E19BEB9 r (reader) v13 [videoguard2] cardreader_do_checkhealth: reader->card_status = 2, ret = 1
2020/03/01 16:38:05 1E19BEB9 r (reader) v13 [videoguard2] write to cardreader
2020/03/01 16:38:05 1E19BEB9 r (reader) D1 42 00 00 1E 90 1C 40 01 3A 49 4D 85 4D CD 9F
2020/03/01 16:38:05 1E19BEB9 r (reader) AC 65 CB 5C 24 06 91 FC 96 B6 51 7B 21 78 64 A1
2020/03/01 16:38:05 1E19BEB9 r (reader) CE 15 C5
2020/03/01 16:38:05 1E19BEB9 r (reader) v13 [videoguard2] Answer from cardreader:
2020/03/01 16:38:05 1E19BEB9 r (reader) 90 20
Ist es möglich, einen k1_unique-Piaring-Schlüssel mit Brute-Force-Angriff zu erhalten?
Außerdem kann ich DCW nicht finden und ist es möglich, mit STB zu kommen?
Vielen Dank
I don't know what you are all trying...
It does not matter which mode the card is in (All those mode numbers we don't know what they mean only Cisco knows), as long as you get an ECW.
In the last payload (x88) there is no ECW, in the other (x8B) there is one.
If you have an ECW, the question is how is this ECW encrypted.
If 3DES (or AES or whatever not bruteforceable standard anno 2020) -> no possibilities
If DES -> Possible, if you are able to get a DCW somewhere from (you could also bruteforce it for a given stream, especially if 48 bit CWs are used, for 64bit CWs it's hard)
But my guess is: it's 3DES so just give up.
If you are able to get a DCW somehow try tro bruteforce the ECW/DCW...if not it's very likely 3DES.
@Ghafar : You've already gotten the correct answer. There is no way possible to bruteforce or calculate your unique Key.Because:
DES -> 56 bit -> few days
3DES -> 112 bit -> few days x 2^56 = a few trillion days
There are so much more possibilities that a bruteforce is not feasable with current hardware.
Wir verwenden Cookies und ähnliche Technologien für folgende Zwecke:
Akzeptieren Sie Cookies und diese Technologien?
Wir verwenden Cookies und ähnliche Technologien für folgende Zwecke:
Akzeptieren Sie Cookies und diese Technologien?