Dies ist eine mobil optimierte Seite, die schnell lädt. Wenn Sie die Seite ohne Optimierung laden möchten, dann klicken Sie auf diesen Text.

Neue EMM ´s

  • Ersteller Ersteller Gelöschtes Mitglied 488570
  • Erstellt am Erstellt am
    Nobody is reading this thread right now.
2022/03/11 12:54:19 36DDFE40 r (reader) CARD2 [mouse] Decrypted payload
2022/03/11 12:54:19 36DDFE40 r (reader) 54 14 00 02 00 01 0A 61 DB 7E D7 6B D9 D1 F4 63
2022/03/11 12:54:19 36DDFE40 r (reader) 75 6C 33 FB 00 01

after writing EMM EK2 got changed so there is only 14byte (0A 61 DB 7E D7 6B D9 D1 F4 63 75 6C 33 FB)
so, any way to find 16byte EK2?
 
Zuletzt bearbeitet von einem Moderator:
I may be wrong but i think the leading "00 01" is part of the 16byte EK.
So in you case it would be "00 01 0A 61 DB 7E D7 6B D9 D1 F4 63 75 6C 33 FB"

Somebody please correct me if I am mistaken.
 
Hi,

but I check with few cards

54 14 00 02 00 01 XX XX XX XX XX XX XX XX XX XX XX XX XX XX 00 01

that 14byte is changed, other all bytes are same

Thanks.
 
This doesn't matter. It goes with the leading 00 01 into the key ladder.
 
sasika schrieb:
Hi,

but I check with few cards

54 14 00 02 00 01 XX XX XX XX XX XX XX XX XX XX XX XX XX XX 00 01

that 14byte is changed, other all bytes are same

Thanks.
Zum Vergrößern anklicken....
it looks like a 56bit ecw dcw brute force for the K1 determination is possible.
 
Zuletzt bearbeitet von einem Moderator:
kautz8953 schrieb:
it looks like a 56bit ecw dcw brute force for the K1 determination is possible.
Zum Vergrößern anklicken....
now no chance with brute-force (before we got keys via brute-force)

Provider change something and when they change only EK2 got change other all are same,

also can't see any single-byte change on the "Decrypted payload"

this is an old Decrypted payload and channels working
2020/07/15 09:55:01 4A449EE7 r (reader) Card1 [videoguard2] Decrypted payload
2020/07/15 09:55:01 4A449EE7 r (reader) 8A DF 6B 13 0B D3 39 82 00 00 06 A0 06 01 22 02
2020/07/15 09:55:01 4A449EE7 r (reader) 00 00 0E 02 01 00 0F 04 00 00 00 00 20 04 00 00
2020/07/15 09:55:01 4A449EE7 r (reader) 00 00 25 11 00 00 00 00 00 00 00 00 00 00 00 00
2020/07/15 09:55:01 4A449EE7 r (reader) 00 00 00 00 00 2A 04 06 A0 00 00 55 01 83 56 08
2020/07/15 09:55:01 4A449EE7 r (reader) 00 00 00 00 00 00 00 00

and after the change I have seen on oscam log all channels getting "classD3 ins54: no CW --> Card needs pairing/extra data"

also, I update my card then EK2 got changed and that error is gone and all channels dark (and again try to brute-force K1 not found)

and this is new also changes dark
2022/03/15 07:00:33 46D48D1E r (reader) CARD2 [videoguard2] Decrypted payload
2022/03/15 07:00:33 46D48D1E r (reader) 48 97 11 87 21 FC 10 91 00 00 06 A0 06 01 22 02
2022/03/15 07:00:33 46D48D1E r (reader) 00 00 0E 02 01 00 0F 04 00 00 00 00 20 04 00 00
2022/03/15 07:00:33 46D48D1E r (reader) 00 00 25 11 00 00 00 00 00 00 00 00 00 00 00 00
2022/03/15 07:00:33 46D48D1E r (reader) 00 00 00 00 00 2A 04 06 A0 00 00 55 01 83 56 08
2022/03/15 07:00:33 46D48D1E r (reader) 00 00 00 00 00 00 00 00

Thanks.

Hi @mileta5

Can you tell me how you make log via Saleae logic analyzer for look new ins7E key also what is the baud rate ?

Thanks.
 
Zuletzt bearbeitet von einem Moderator:
HI,

anyone can explain this EMM

when I wrote this emm to card EK2 got change

82 30 - EMM Marker
6E - EMM Length - 110 - OK (110)
40 - Type - unique EMM For Smartcard (1 Sub EMMs)
01 16 8E 6C - Serial Number (Smartcard)
00 - EMM-Type - unknown
00 - IRD EMM Length - 0 - OK (103)
F3 - Card EMM Length - 243 - FAIL (102)
02 - Card Nano Type - unknown
00 - Data
62 - Card Nano Type - unknown
90 - Card Nano Length - 144 - FAIL (98)
60
44 01
CB 54 51 EA 3B 19 1A DD B7 B5 36 5B 44 90 0E E7 - is this EK1 ?
50 C4 4C D9 C5 25 7E F3 6D D6 9E 81 00
DC 93 80 77 15 39 D2 20 73 AC C8 1E 9C 52 80 8E
F4 9E 41 51 6A F9 22 46 C5 1A 2C ED 62 BC 2C 45
5A 13 E0 69 8C 09 F9 40 1B 9E 1B 7F EF 96 90 92
79 30 4C 11 94 71 58 8B 29 65 FC 47 15 87 D8 1F
ED 00


old

Decrypted payload
54 14 00 02 00 01 10 A5 7A 0B ED 66 53 3F D5 F7
74 A9 0B FD 00 01


new

Decrypted payload
54 14 00 02 00 01 30 3C 27 E0 AA 3C 64 80 A6 4A
38 AC F8 95 00 01
 
Zuletzt bearbeitet von einem Moderator:
This is a single unique EMM without any extras. The content is hidden inside the nano 90 aka the encrypted part for the card.
sasika schrieb:
when i wrote this emm to card EK2 got chnage
Zum Vergrößern anklicken....
Maybe.

sasika schrieb:
82 30 - EMM Marker
6E - EMM Length - 110 - OK (110)
40 - Type - unique EMM For Smartcard (1 Sub EMMs)
01 16 8E 6C - Serial Number (Smartcard)
Zum Vergrößern anklicken....
ok

sasika schrieb:
00 - EMM-Type - unknown

00 - IRD EMM Length - 0 - OK (103)
F3 - Card EMM Length - 243 - FAIL (102)
Zum Vergrößern anklicken....
This is a filler. I don't know what this is for.

sasika schrieb:
02 - Card Nano Type - unknown
Zum Vergrößern anklicken....
No nano! Here we start with the "EMM type".

...and the following is what you expected to see without the filler.
"is this EK1 ?": No, it's not. This is just encrypted.
 
Du musst dich einloggen oder registrieren, um hier zu antworten.
Menü
Anmelden
Registrieren
Für die Nutzung dieser Website sind Cookies erforderlich. Du musst diese akzeptieren, um die Website weiter nutzen zu können. Erfahre mehr…