cabsoft
07-05-2004, 05:16 PM
C&P from another site. I'm Canadian and don't have a sub with Dave, so I can't test this.
The following is an article written by an anonymous author, who has transferred distribution amd all other rights to Qardinal. It's intent is only for informational, educational, and entertainment purposes; the author, distributor, or possessor of this document in no way endorses or advocates the execution of the methods contained herein. It is only a scam if you purposely set out to defraud Directv. These methods are not in any way ones which enable any person to defraud Directv or any other satellite service.
The Major Flaws Contained in Satellite Company's Protection of Pay Programming, Specifically Directv
March 25, 2004
Oklahoma City, Ok
Directv is a well known provider of satellite television, who's equipment and web software contains just a few flaws, but ones substantial enough to compromise the entire structure of Directv's pay-per-view and adult programmming system.
I spoke to a man recently who in the interests of anonymity prefers to be called 27. At the completion of our conversation he handed me a note, which contained the following text:
"My method for receiving pay-per-view for free, part one:"
"All Directv boxes use a card in the back of the system, and this is the vital component for receiving programming. When a program is ordered, a signal is sent to the box, and the box then records this signal to the card. If, for example, you want to watch "In the Bedroom" starring Sissy Spacek, then you can either order this by using the internet, calling Directv, or ordering with your remote. Using the first two methods, a signal will be sent from a satellite in outerspace to your satellite on your house, and the signal will be passed through the cable to your settop box or boxes, and the box then records the information received to the access card. Using the latter method, ordering by remote, no signal is sent from an orbiting satellite; rather, the remote authorizes the settop box to write the information to the card. Directv would like their customers to have your settop box connected to a telephone line so that the box can send the information about purchases to Directv and they can charge them accordingly."
"Therefore, step one is to disconnect the box from the phone line. Directv would like for their customers to believe that having it connected to the phoneline benefits them, however all it does is tattle."
"Now that we've established how the system works, let's examine the flaws."
"The first major flaw is in the card. The most effective way to exploit this is through the internet, by going to www.d****tv.com and setting up an account, which enables customers to pay their bill, change their programming package, and order pay per view movies and events. However, it can also be exploited by calling in the pay-per-view order, although this generally carries a fee. This fee will be waived if it is indicated that there was some sort of technical difficulty in ordering the movie or event. I don't believe that it can be exploited through the method of using the remote because of the box's delayed reaction in sending the pay per view information to Directv."
"I will tell about how the flaw can be exploited by using the internet since this way is the easiest and the quickest. The first method I'll tell of is only for ordering pay-per-view purchases a day or more in advance if the purchase is an all day ticket program. If it only plays once that day, then this method will work if the movie or event is ordered before it begans."
"First, a customer orders the movie or event by going to the program guide. The process is followed until it indicates that the purchase has been completed. At this point, the customer goes to his or her set top box, and removes the access card from the back where the program has been recorded by a signal from the outerspace satellite(this is done instantaneously upon your purchase). They then go back to the computer, click on the link which says "current pay per view purchases", and they cancel the program which removes the charge instantly from their account. A signal is once again sent from outerspace, except this time it's to erase the program from the card. What happens when the box tries to erase it from the card? It can't, because the card isn't in there. So the customer, after having completed this step, then goes back to the receiver and replaces the card. The next day, the customer watches the prgram they've selected, and all Directv knows is that the program was ordered and then canceled."
"Things which could go wrong:"
"Directv consistently sends out a signal to your receiver at random times, usually about once every 30 hours or so, but sometimes, although it's infrequent, the signal can get sent up to twice in one day. What does this signal do? It simply resets your card with the information Directv has on file about the account, which means that all unauthorized programs will be erased and only authorized programs kept."
"Here is one VERY IMPORTANT point: NO INFORMATION CAN BE SENT BACK FROM THE SATELLITE SYSTEM TO THEM. It takes a special satellite system for this to be possible, such as a Directway satellite internet system, otherwise the satellite is only capable of receiving signals. It cannot send them, it cannot tell them anything about what is watched, which is why Directv requests that the box be connected to a phone line, so the box can send information about you. This is in contrast to cable television services, which is capable of both sending and receiving signals."
"Also: It is not illegal for a customer to order and cancel movies as they please. I've tested this method for over three years and have continued my existence as a standard, valued Directv employee. This may be viewed as strange behavior, to consistently order and cancel so many programs, but it's not illegal or against the terms of conditions to be a strange person. So what, the customer likes to order and cancel programs, maybe they have a mental disorder which compels them to do this. Who knows? Nobody."
"Now, there is also one more major flaw in the system, only this one allows you to cancel all day ticket programs the same day in which they're ordered, whereas it ordinarily requires action by a Directv agent in order to do this."
"The customer must have internet access for this exploit also, and an online Directv account. This one is a bit more complicated then the last one."
"Step #1: The all day ticket movie or event is ordered, either online or on the phone(online is much easier)."
"Step #2: A second movie is ordered, except this movie must NOT be an all day ticket program. It can be one that starts the next day, or that starts in an hour. If it's one that has already began, then this exploit cannot be taken advantage of."
"Step #3: The user then removes their access card from the back of their settop box."
"Step #4: The user returns to the computer, making sure they're still on the current pay-per-view page, and begins the process to cancel the 2nd movie ordered. However, the customer doesn't cancel it, because they just need the webpage which has the cancellation option on it(the webpage should say something like "You can only cancel an all day movie ticket program if it has not yet begun, are you sure you want to cancel this program?")."
"Step#5: The customer clicks on new window in his or her browser, so that he has two webpages now in front of him, both asking if he wants to cancel."
"Step #6: The customer then clicks the back button on one of those cancellation pages, so that he's back at the current pay per view page."
"Step #7: The customer clicks on the first movie he ordered, the all day ticket movie that he could not previously cancel."
"Step #8: The page that comes up will tell him that he can't cancel the movie . . . oooh, denied, right? Wrong. He goes back to the other cancellation page that he had up, and pushes the confirm cancellation button. The all day ticket is then canceled, because Directv's webserver has become confused, since the last movie that the customer tried to cancel was the one he couldn't, but yet the server is still being told it has to cancel a movie. It cancels the only movie it knows you might want to cancel, the all day ticket movie."
"Step #9: The customer returns to the second movie he ordered, and cancels that without a problem, since it had not already began."
"Bear in mind the overall function of this method, and it becomes much less complicated: to receive an equal amount of cancellation pages as movies or events you wish to cancel. This is obtained by ordering a movie which has a cancellation page, and pushing 'new window' as many times as it takes to obtain the number of cancellation pages needed."
The following is an article written by an anonymous author, who has transferred distribution amd all other rights to Qardinal. It's intent is only for informational, educational, and entertainment purposes; the author, distributor, or possessor of this document in no way endorses or advocates the execution of the methods contained herein. It is only a scam if you purposely set out to defraud Directv. These methods are not in any way ones which enable any person to defraud Directv or any other satellite service.
The Major Flaws Contained in Satellite Company's Protection of Pay Programming, Specifically Directv
March 25, 2004
Oklahoma City, Ok
Directv is a well known provider of satellite television, who's equipment and web software contains just a few flaws, but ones substantial enough to compromise the entire structure of Directv's pay-per-view and adult programmming system.
I spoke to a man recently who in the interests of anonymity prefers to be called 27. At the completion of our conversation he handed me a note, which contained the following text:
"My method for receiving pay-per-view for free, part one:"
"All Directv boxes use a card in the back of the system, and this is the vital component for receiving programming. When a program is ordered, a signal is sent to the box, and the box then records this signal to the card. If, for example, you want to watch "In the Bedroom" starring Sissy Spacek, then you can either order this by using the internet, calling Directv, or ordering with your remote. Using the first two methods, a signal will be sent from a satellite in outerspace to your satellite on your house, and the signal will be passed through the cable to your settop box or boxes, and the box then records the information received to the access card. Using the latter method, ordering by remote, no signal is sent from an orbiting satellite; rather, the remote authorizes the settop box to write the information to the card. Directv would like their customers to have your settop box connected to a telephone line so that the box can send the information about purchases to Directv and they can charge them accordingly."
"Therefore, step one is to disconnect the box from the phone line. Directv would like for their customers to believe that having it connected to the phoneline benefits them, however all it does is tattle."
"Now that we've established how the system works, let's examine the flaws."
"The first major flaw is in the card. The most effective way to exploit this is through the internet, by going to www.d****tv.com and setting up an account, which enables customers to pay their bill, change their programming package, and order pay per view movies and events. However, it can also be exploited by calling in the pay-per-view order, although this generally carries a fee. This fee will be waived if it is indicated that there was some sort of technical difficulty in ordering the movie or event. I don't believe that it can be exploited through the method of using the remote because of the box's delayed reaction in sending the pay per view information to Directv."
"I will tell about how the flaw can be exploited by using the internet since this way is the easiest and the quickest. The first method I'll tell of is only for ordering pay-per-view purchases a day or more in advance if the purchase is an all day ticket program. If it only plays once that day, then this method will work if the movie or event is ordered before it begans."
"First, a customer orders the movie or event by going to the program guide. The process is followed until it indicates that the purchase has been completed. At this point, the customer goes to his or her set top box, and removes the access card from the back where the program has been recorded by a signal from the outerspace satellite(this is done instantaneously upon your purchase). They then go back to the computer, click on the link which says "current pay per view purchases", and they cancel the program which removes the charge instantly from their account. A signal is once again sent from outerspace, except this time it's to erase the program from the card. What happens when the box tries to erase it from the card? It can't, because the card isn't in there. So the customer, after having completed this step, then goes back to the receiver and replaces the card. The next day, the customer watches the prgram they've selected, and all Directv knows is that the program was ordered and then canceled."
"Things which could go wrong:"
"Directv consistently sends out a signal to your receiver at random times, usually about once every 30 hours or so, but sometimes, although it's infrequent, the signal can get sent up to twice in one day. What does this signal do? It simply resets your card with the information Directv has on file about the account, which means that all unauthorized programs will be erased and only authorized programs kept."
"Here is one VERY IMPORTANT point: NO INFORMATION CAN BE SENT BACK FROM THE SATELLITE SYSTEM TO THEM. It takes a special satellite system for this to be possible, such as a Directway satellite internet system, otherwise the satellite is only capable of receiving signals. It cannot send them, it cannot tell them anything about what is watched, which is why Directv requests that the box be connected to a phone line, so the box can send information about you. This is in contrast to cable television services, which is capable of both sending and receiving signals."
"Also: It is not illegal for a customer to order and cancel movies as they please. I've tested this method for over three years and have continued my existence as a standard, valued Directv employee. This may be viewed as strange behavior, to consistently order and cancel so many programs, but it's not illegal or against the terms of conditions to be a strange person. So what, the customer likes to order and cancel programs, maybe they have a mental disorder which compels them to do this. Who knows? Nobody."
"Now, there is also one more major flaw in the system, only this one allows you to cancel all day ticket programs the same day in which they're ordered, whereas it ordinarily requires action by a Directv agent in order to do this."
"The customer must have internet access for this exploit also, and an online Directv account. This one is a bit more complicated then the last one."
"Step #1: The all day ticket movie or event is ordered, either online or on the phone(online is much easier)."
"Step #2: A second movie is ordered, except this movie must NOT be an all day ticket program. It can be one that starts the next day, or that starts in an hour. If it's one that has already began, then this exploit cannot be taken advantage of."
"Step #3: The user then removes their access card from the back of their settop box."
"Step #4: The user returns to the computer, making sure they're still on the current pay-per-view page, and begins the process to cancel the 2nd movie ordered. However, the customer doesn't cancel it, because they just need the webpage which has the cancellation option on it(the webpage should say something like "You can only cancel an all day movie ticket program if it has not yet begun, are you sure you want to cancel this program?")."
"Step#5: The customer clicks on new window in his or her browser, so that he has two webpages now in front of him, both asking if he wants to cancel."
"Step #6: The customer then clicks the back button on one of those cancellation pages, so that he's back at the current pay per view page."
"Step #7: The customer clicks on the first movie he ordered, the all day ticket movie that he could not previously cancel."
"Step #8: The page that comes up will tell him that he can't cancel the movie . . . oooh, denied, right? Wrong. He goes back to the other cancellation page that he had up, and pushes the confirm cancellation button. The all day ticket is then canceled, because Directv's webserver has become confused, since the last movie that the customer tried to cancel was the one he couldn't, but yet the server is still being told it has to cancel a movie. It cancels the only movie it knows you might want to cancel, the all day ticket movie."
"Step #9: The customer returns to the second movie he ordered, and cancels that without a problem, since it had not already began."
"Bear in mind the overall function of this method, and it becomes much less complicated: to receive an equal amount of cancellation pages as movies or events you wish to cancel. This is obtained by ordering a movie which has a cancellation page, and pushing 'new window' as many times as it takes to obtain the number of cancellation pages needed."