Nagra 2: Boxkey Experiment

Backgound:

In our previous experiment we discussed the CONTROL words used in Nagra 1
and Nagra 2 and proposed a "thought" experiment whereby one could
conclusively determine if the CONTROL words are the same for both streams.
We introduced the IDEA encryption algorithm and suggested that this is the
cryptographic technique used with Nagra 2. Without attempting the actual
experiment, we concluded based on bandwidth considerations alone, that the
same MPEG-2 stream is being used for both Nagra 1 and Nagra 2 (i.e. - the
provider would be foolish to use twice as much video bandwidth to transmit
the same pictures to us---satellite bandwidth costs hundreds of millions of
dollars). Based on this, we concluded with a great deal of certainty that
the CONTROL words (which are used to "put together" the decoded MPEG-2
packets) were the same. Of course, with Nagra 1, we know that the CONTROL
words are encrypted using the cryptographic algorithm called DES. We also
know the Key0 and Key1 which is used with DES. Thus, we have no problem
decrypting the CONTROL words for the Nagra 1 stream.

What about the Nagra 2 stream? We surmised that the NAgra 2 stream uses the
encryption algorithm known as IDEA with different keys, namely IKey0 and
IKey1 which are unknown to us, but must reside somewhere in the EEPROM of
the Nagra 2 cards. But why are we justified in assuming that IDEA is the
encryption being used for Nagra 2? The answer is that "this is what the
experts" think! Not good enough...we need to be absolutely certain. We need
to prove this!

The following experiment will help us make sense out of the Nagra 2
encryption being used and also shed some light on the location of the
boxkeys used by Nagra 2.

Requirements:

-a subbed Nagra 2 system
-a Nagra 1 system
-two dataloggers; one for Nagra 1 setup and 1 for Nagra 2 setup
-copy of: "Applied Cryptography", By: Bruce Schneier (IDEA is outlined on
pp.319 / DES is outlined on pp. 270)

Experiment:

Okay, we know from Nagra 1 that before the card gives the CONTROL words to
the receiver for processing, it encrypts them using DES and the receiver's 8
byte boxkey. This is the same boxkey you all enter into your ROM cards, etc.
This occurs when a command $13 is issued.

It is very likely that Nagra 2 encrypts the CONTROL words using IDEA before
it sends them to the receiver. But, what does it use for the boxkeys? The
same boxkeys as the Nagra 1 cards? Remember, IDEA requires a keylength of 16
bytes, whereas the original boxkeys we all know about are only 8 bytes long.
If we knew what boxkeys are being used for Nagra 2, then theoretically, we
could decrypt both the CONTROL words for Nagra 1 and NAgra 2 and compare to
see if they are the same! If they are, then we have found the boxkeys used
by Nagra 2, confirmed that 16 byte IDEA is being used and are well on our
way to decrypting Nagra 2 video.

Clearly, the 16 byte boxkeys being used must reside somewhere on the
receiver firmware. We can easily dump the firmware and store the hex values
in a text file. Now, write a high level C program that implements the IDEA
algorithm. See Schneir for the mathematical details -- the coding should be
straight forward. Next, write a routine that takes 16 bytes from the
firmware dump and tries to use that as the boxkeys for Nagra 2. Try
decrypting the Nagra 2 CONTROL words and see if they match the ones we know
from Nagra 1. IF they don't match, try different bytes from the firmware
dump. Keep trying! Most likely, the boxkeys for IDEA will be near or
adjacent to the serial number of the card in the firmware! Also, compare
the dumps of 2 different subbed Nagra 2 systems (with the exact same
subscription). Where the dumps differ is most likely the location of the
boxkeys!

Before you can try this, you will need to log the NAgra 1 and 2 streams and
tune into the same channel simultaneously. Log a few command $13 packet
responses and their corresponding Nagra 2 responses SIMULTANEOUSLY. If
someone is willing to do this and post it for us, it would make it a lot
easier to proceed with our Boxkey experiment!

Feedback from all the experts in this hobby would be greatly appreciated!

Good Luck!

nagraman

Excellent process, bud. Good to see somone of your skill level visiting us.

Regarding IDEA/DES (taken from another website)

DES is an algorithm developed in the 1970s. It was made a standard by the US government, and has also been adopted by several other governments worldwide. It is widely used, especially in the financial industry.
DES is a block cipher with 64-bit block size. It uses 56-bit keys. This makes it fairly easy to break with modern computers or special-purpose hardware. DES is still strong enough to keep most random hackers and individuals out, but it is easily breakable with special hardware by government, criminal organizations, or major corporations. In large volumes, the cost of beaking DES keys is on the order of tens of dollars. DES is getting too weak, and should not be used in new designs.


IDEA (International Data Encryption Algorithm) is an algorithm developed at ETH Zurich in Switzerland. It uses a 128 bit key, and it is generally considered to be very secure. It is currently one of the best public known algorithms. It is a fairly new algorithm, but it has already been around for several years, and no practical attacks on it have been published despite of numberous attempts to analyze it.
IDEA is patented in the United States and in most of the European countries. The patent is held by Ascom-Tech. Non-commercial use of IDEA is free. Commercial licenses can be obtained by contacting idea@ascom.ch.

Several implementations of IDEA are freely available. See e.g. SSLeay, PGP source code, and Ssh source code, idea86, Crypto++.



Cryptographic systems need cryptographically strong random numbers that cannot be guessed by an attacker. Random numbers are typically used to generate session keys, and their quality is critical for the quality of the resulting systems. The random number generator is easily overlooked, and becomes the weakest point of the system.

Some machines may have special purpose hardware noise generators. Noise from the leak current of a diode or transistor, least significant bits of audio inputs, times between interrupts, etc. are all good sources of randomness when processed with a suitable hash function. It is a good idea to acquire true environmental noise whenever possible.

Examples of cryptographic random number generators can be found e.g. in PGP source code, Noiz, and Ssh source code.

Disclaimer: Any opinions and evaluations presented here are speculative, and the author cannot be held responsible for their correctness.

Come on guys how many times do we have to read about the way Idea works??? There's at least 3 post using different words that say the same thing using different words explaining how IDEA works. Lets move on to NagraMan's experiment, as he has a good point on being sure we are up against IDEA in the first place. Anyone logging both streams??? If I had logging equipment I would be the first to offer my help...


Godspeed on your exp Nagraguy sivarT

All good programmers know that you cannot just BLINDLY go on and try to crack an encryption without understanding the principals involved.

If we want to crack IDEA, we need to understand what it does, and how to crack it.

Lets not get caught up in cutting people down, but trying to figure this out.

Nagra 2: Boxkey Experiment

Backgound:

In our previous experiment we discussed the CONTROL words used in Nagra 1
and Nagra 2 and proposed a "thought" experiment whereby one could
conclusively determine if the CONTROL words are the same for both streams.
We introduced the IDEA encryption algorithm and suggested that this is the
cryptographic technique used with Nagra 2. Without attempting the actual
experiment, we concluded based on bandwidth considerations alone, that the
same MPEG-2 stream is being used for both Nagra 1 and Nagra 2 (i.e. - the
provider would be foolish to use twice as much video bandwidth to transmit
the same pictures to us---satellite bandwidth costs hundreds of millions of
dollars). Based on this, we concluded with a great deal of certainty that
the CONTROL words (which are used to "put together" the decoded MPEG-2
packets) were the same. Of course, with Nagra 1, we know that the CONTROL
words are encrypted using the cryptographic algorithm called DES. We also
know the Key0 and Key1 which is used with DES. Thus, we have no problem
decrypting the CONTROL words for the Nagra 1 stream.



Feedback from all the experts in this hobby would be greatly appreciated!

Good Luck!

nagraman

C&P

EchoStar Will Go To MPEG-4 In '05

11/22/2004

ENGLEWOOD, Colo. — The start of EchoStar's planned transition from MPEG-2 to the more efficient MPEG-4 digital compression standard for its DISH Network direct broadcast satellite television service is “about a year away,” the company's CEO Charles Ergen told analysts on conference call.

Ergen said his company had planned to begin transitioning customers to MPEG-4 in 2004, in order to carry more channels on the satellite TV service. In particular, EchoStar is looking to add additional HDTV channels, which require significantly greater bandwidth than standard-definition channels.

He added the start date was pushed back, in order to handle the massive upgrading effort. The company has had difficulty obtaining chipsets and getting standards done, Ergen said.

The CEO said EchoStar has not added new channels to its HDTV programming lineup in recent months because it has not had the bandwidth capacity aboard its satellite fleet. It also has not been more aggressive about promoting its HDTV services lately because plans for the MPEG-4 transition were in the works, Ergen said.

The transition to MPEG-4 will require replacement of existing set-top boxes in subscribers' homes. The change-out is expected to take four years to complete.

Ergen said the process will be handled in phases, with DISH Network HDTV customers expected to be in the first wave of equipment upgrades. During the transition period, DISH Network programming will be transmitted in both MPEG-2 and MPEG-4 formats.

New MPEG-4 decoder boxes will be backward-compatible with MPEG-2 transmissions, but legacy MPEG-2 boxes will not be able to receive the new MPEG-4 signals, Ergen said.

Rival DirecTV is also expected to move to the MPEG-4 compression standard in the future, as it looks to offer HDTV channels in its local-TV station packages. Voom is also planning a transition to the MPEG-4 system in 2005.
By the way YES the "control word" is the same for both Nagra1 and Nagra2, But there's A LOT more to it then just knowing the control word...

Yoshie you old friend, Good to see you.
Mpeg 4 is a very bitter issue with me, The company that inveted it I had 29,000 shares of, Sony stole the technology and the lawsuit between them bankrupted MPEG on the NASDAQ.
Been having any luck keeping nagra2 stable lately?, Something started about 2 weeks ago in the stream and having problems now myself, Not getting ecm'd but kicked back to desubbed.

does this mean significant progress is at least being made?

it sure the hell sounds like it

Good, cause like fuck I am going up on the roof to move my dish to Dishnetwork
Porn sucks and the only channel worthwhile that Bev does not carry is Fox

If nagra 2 was so easy to crack, why would they be realesing it? What a waste of money it would be, to release something and it is cracked before its out

I had a 301 I burned up that had a yellow card with it. After the last bout of ecm's that targeted 301's I actually tried to use it to restream it after erasing the sector, I think they may have killed the card when I did this, I cloned my new 301 using the above mentioned method to see if my theory proves true, I could swear I could get the history channel before on this card and my old receiver, now the history channel is in red, it is not coming in and not working like it would had the box keys been wrong, I am getting the nasa channel but am not sure if that is a free channel or not, I don't think so, on some other channels I am getting the your smart card is not authorized nag but am waiting to see if the keys will roll since the card has been out of the stream for so long,n so basically because I used the card to restream and never seen if I got history channel after that, I can not be certain if it will work or not since the card has been or may have been compromised. Damn it, I had this brilliant idea and was in the process of proving or disproving it and now I am at a impass. I am throwing this out in the open for someone to try. I know a couple people that sub but untill they get the new cards in the mail I will not be able to test this again.

It appears the tiers expire on Nagra2 if the card is kept out of the stream. Nasa is a free channel, Ch 120 History is in the basic lowest package so you should get it. I'd try a NV ram dump and let it sit overnight turned off in the stream.
If that doesn't work, Reflash the ird to virgin with the ird and boxkeys edited to match the sub card, Virginize the eeprom, Now put the Nagra2 in and follow the new installation setup, It should go to 061 nag updating the marriage and ird firmware them.

It appears the tiers expire on Nagra2 if the card is kept out of the stream. Nasa is a free channel, Ch 120 History is in the basic lowest package so you should get it. I'd try a NV ram dump and let it sit overnight turned off in the stream.
If that doesn't work, Reflash the ird to virgin with the ird and boxkeys edited to match the sub card, Virginize the eeprom, Now put the Nagra2 in and follow the new installation setup, It should go to 061 nag updating the marriage and ird firmware them.
I would birdie, but this is the 301 that wouldn't program the last one percent write protected area of the tsop and I manually entered it two bytes at a time, I'm not going to try it because I really don't want to have to do that again. It wouldn't program by itself but I could manually write to it in jkeys. Don't know why, had one area of the write protect that didn't erase but that isn't the section that it stopped programming at. The nv ram dump I may try.

Crazy, While I like to keep all topics publc, And the final fix will be, In the meantime PM me and lets test.

Birdie, you have a pm

guys, i hope ya aint just getting us excited and pullin our leg. :)

Its not your leg their pullin... :D

I wanna know what u 2 r up to I got some cards to play with & IRD's...!!!! LOL

Interesting About Microprobing For The Nagra Man Opening Smartcard

Crazy, While I like to keep all topics publc, And the final fix will be, In the meantime PM me and lets test.

pm me the bin
>:)