NDS CW is crypted, trying to decrypt unique pairing mode 0x8B (CAID 0987)

emmiko · 20. März 2020

Du musst dich Anmelden oder Registrieren um diesen Inhalt sichtbar zu machen!

yes

DarkStarXxX · 20. März 2020

Yes, no Chance.

emmiko · 21. März 2020

DarkStarXxX schrieb:
Yes, no Chance.

:coldsweat:

Alex2018 · 21. März 2020

too big address space, It will take much more time to find than you alive.

clemenss · 21. März 2020

Because:

DES -> 56 bit -> few days
3DES -> 112 bit -> few days x 2^56 = a few trillion days

There are so much more possibilities that a bruteforce is not feasable with current hardware.

jordansv · 22. März 2020

sasika schrieb:
Hello everybody

und ich versuche, 24 Positionen zu setzen. Ich muss versuchen, 0987 Caid NDS-Karte mit Oscam zu betreiben. Außerdem gibt es eine Ins7E-Nutzlast ab 6E 73 6B 20
und ich versuche 24 Position zu setzen und fügte hinzu "0000000000010202030002020203" (6E736B202F47AC57XXXXXXXX0000000000010202030002020203 )
aber "classD3 ins54: no cw --> Card needs pairing/extra data" auf oscam log anzeigen
and i chnage that ins7E payload to (6E736B202F47AC57XXXXXXXX08CB7D8600010202030002020203)
dann zeige wie unten oscam log

Du musst dich Anmelden oder Registrieren um diesen Inhalt sichtbar zu machen!

Ist es möglich, einen k1_unique-Piaring-Schlüssel mit Brute-Force-Angriff zu erhalten?
Außerdem kann ich DCW nicht finden und ist es möglich, mit STB zu kommen?

Vielen Dank

Try it this way.
ins7E "0000000000010202030000000000" (6E736B202F47AC57XXXXXXXX0000000000010202030000000000 )
And show Tag55_01 =???

sasika · 24. März 2020

[QUOTE = "jordansv, post: 3761316, member: 329460"]
Try it this way.
ins7E "0000000000010202030000000000" (6E736B202F47AC57XXXXXXXX0000000000010202030000000000)
And show Tag55_01 = ???
[/ QUOTE]

I change that like as you told and now day 55_01_0B

2020/03/24 09:04:56 382E2974 r (reader) D8 7B EE 0D 91 23 92 55 00 00 03 23 03 01 22 02
2020/03/24 09:04:56 382E2974 r (reader) 00 80 0E 02 03 00 0F 06 00 00 00 00 00 00 20 04
2020/03/24 09:04:56 382E2974 r (reader) 00 00 00 00 25 11 00 00 00 00 00 00 00 00 00 00 00
2020/03/24 09:04:56 382E2974 r (reader) 00 00 00 00 00 00 00 2A 04 03 23 00 00 55 01 0B
2020/03/24 09:04:56 382E2974 r (reader) 56 08 00 00 00 00 00 00 00 00 45 03 40 00 80 2B

Any idea?

Thanks

also after restart oscam it's look line

D2H_NDS [videoguard2] Decrypted payload
2020/03/24 10:23:57 05C171CB r (reader) 00 00 00 00 00 00 00 00 00 00 03 23 03 00 22 02
2020/03/24 10:23:57 05C171CB r (reader) 00 80 0E 02 00 00 0F 06 00 10 00 00 00 00 20 04
2020/03/24 10:23:57 05C171CB r (reader) 00 00 00 00 25 11 00 00 00 00 00 00 00 00 00 00
2020/03/24 10:23:57 05C171CB r (reader) 00 00 00 00 00 00 00 2A 04 03 23 00 00 55 01 88
2020/03/24 10:23:57 05C171CB r (reader) 56 08 00 00 00 00 00 00 00 00 45 03 40 00 80 2B
2020/03/24 10:23:57 05C171CB r (reader) 02 00 00

clemenss · 24. März 2020

I don't know what you are all trying...
It does not matter which mode the card is in (All those mode numbers we don't know what they mean only Cisco knows), as long as you get an ECW.
In the last payload (x88) there is no ECW, in the other (x8B) there is one.

If you have an ECW, the question is how is this ECW encrypted.
If 3DES (or AES or whatever not bruteforceable standard anno 2020) -> no possibilities
If DES -> Possible, if you are able to get a DCW somewhere from (you could also bruteforce it for a given stream, especially if 48 bit CWs are used, for 64bit CWs it's hard)

But my guess is: it's 3DES so just give up.
If you are able to get a DCW somehow try tro bruteforce the ECW/DCW...if not it's very likely 3DES.

sasika · 24. März 2020

6E736B202F47AC571xxxxxxxx8CB7D8600010202030000000000

also i put like this and same

D2H_NDS [videoguard2] Decrypted payload
2020/03/24 10:32:36 05C171CB r (reader) 58 6F 96 F6 79 60 19 19 00 00 03 23 03 01 22 02
2020/03/24 10:32:36 05C171CB r (reader) 00 80 0E 02 03 00 0F 06 00 00 00 00 00 00 20 04
2020/03/24 10:32:36 05C171CB r (reader) 00 00 00 00 25 11 00 00 00 00 00 00 00 00 00 00
2020/03/24 10:32:36 05C171CB r (reader) 00 00 00 00 00 00 00 2A 04 03 23 00 00 55 01 8B
2020/03/24 10:32:36 05C171CB r (reader) 56 08 00 00 00 00 00 00 00 00 45 03 40 00 80 2B
2020/03/24 10:32:36 05C171CB r (reader) 02 00 00

Thanks for your explain

jordansv · 25. März 2020

7E is not correct for this card...

Ghafar · 25. März 2020

Du musst dich Anmelden oder Registrieren um diesen Inhalt sichtbar zu machen!

fun7 · 25. März 2020

We write all about german providers here and not about indian. Nobody here from germany
a) knows your provider
b) can give you dcw
c) can give you your unqiue key

Ghafar · 25. März 2020

[QUOTE = "fun7, post: 3762688, member: 560877"]
We write all about german providers here and not about indian. Nobody here from germany
a) knows your provider
b) can give you dcw
c) can give you your unique key

Sir Thank u For Repley
Sir please guid me how can i get unique key

Betatester_2000 · 26. März 2020

clemenss schrieb:
Because:

DES -> 56 bit -> few days
3DES -> 112 bit -> few days x 2^56 = a few trillion days

There are so much more possibilities that a bruteforce is not feasable with current hardware.

@Ghafar : You've already gotten the correct answer. There is no way possible to bruteforce or calculate your unique Key.

vladtimmy · 29. März 2020

[videoguard2] classD3 ins54: Tag55_01 = 8B, ONLY 3DES PARING K1=K2 K3

NDS CW is crypted, trying to decrypt unique pairing mode 0x8B (CAID 0987)

emmiko

Newbie

DarkStarXxX

emmiko

Newbie

Alex2018

Hacker

clemenss

Board Guru

jordansv

Newbie

sasika

Newbie

clemenss

Board Guru

sasika

Newbie

jordansv

Newbie

Ghafar

Newbie

fun7

Elite Lord

Ghafar

Newbie

Betatester_2000

Freak

vladtimmy

Newbie

Ähnliche Themen

NDS CW is crypted, trying to decrypt unique pairing mode 0x8B (CAID 0987)

Newbie

Newbie

Hacker

Board Guru

Newbie

Newbie

Board Guru

Newbie

Newbie

Newbie

Elite Lord

Newbie

Freak

Newbie

Ähnliche Themen

Datenschutz & Transparenz

Datenschutz & Transparenz