OK here's an idea (not a claim of a working test):

This would require a sub and two IRD's. Based on the theory that if you have both the encrypted and decrypted you can calculate the algorythm.

With IRD1 you have a basic sub tuned to a basic channel. The encrypted is obtained from IRD1 from a card that's inserted in with the standard card. The decrypted is obtained through the output, or by connecting wires to the decrypted digital signal before it's turned to analog.

Either a device or a PC then take both the encrypted and decrypted to create an algorythm that is used to decrypt the signal of IRD2 by inserting a emu card into IRD2.

The point? To get more then basic chans.

Alternative method:

The same is done but instead of a realtime approach record the decrypted and encrypted of IRD1, as well as the encrypted of the desired channel from IRD2 that is not subbed. And on a PC it is calculated into a video file that's played on the PC or burnt to disk. Reason for this alternative method is incase realtime of above is not possible.

Crazy?

The decrypt keys change every 8 seconds I believe, and they're time stamped and digitally signed. Even if you could replicate them, they'd be no good. Good idea in theory but I'm pretty sure it wouldn't work.

I understand, and that's why you'd have to constantly process the data from IRD1 to have an up to date algorythm to use on IRD2. You'd never be able to turn IRD1 off or cancel because you'd need it to make the algorythm constantly since it changes so often. If not possible in real time it sounds more feasible if you took all the data to process it off line as suggested in the alternative method.

Ah, I get what you're sayin, record the whole stream and the decrypt keys, then replay them later when they're decyphered. Interesting thought.

Sort of. You'd record the stream, and the decrypted signal of IRD1 and the stream of IRD2 all at the same time, all 3 needed to process and decrypt want you want.

Unfortunately, you would have to have advanced knowledge of encryption systems and magic powers to create an algorithm based on comparison on the encrypted and decrypted packets. While simple schemes that involve byte shifting and lookup tables could indeed be addressed that way, encryption science has improved in the last 50 years since those systems were popular.
The encryption algorithm in the ASIC in the H card was never publicly broken, nor was the ZKT test, even though the cards were otherwise completely compromised. For the ZKT test, all of the basic information and how it worked was fully known, but the factoring of the number that it was based on was beyond the capability of computing systems at that time, and still is unless you have access to a Cray or similar power in a computing array and enough time ( approximately 3 weeks minimum) to run it unnoticed.
And using the key from one ird on another is a McCormack hack, popular in Europe but difficult since the irds have to be cloned ( since the ird number is used by the card) and the keys are not the same on other channels.
Recording the video and VA seeds for replay later was done by the European Voyager program, but it is cumbersome to the extent that it isnt worth doing unless you have no life.

Hmmm.. interesting thought anyway. :)

On a side note I happened to think, couldn't you get both the encrypted and decrypted streams straight from the card while it was in operation? (as apposed to getting the decrypted signal elsewhere as i originally stated)

that would be emulation by auxing the card to do the work and the pc to pull the strings.

Perhaps you could do some studying of how cards work so your questions would make some sense.
The card takes a VA packet and calculates the video seed from it, that is sent to the Mpeg2 chip to be used for decoding the video packet. The card never sees the video packet. You can intercept video packets at the transport IC or at the MPEG2 chip.