News in 10 mins.

mili

And I quote.

"These blackouts are due to the session key stuff they are playing with.I guess they don't want to fuck their customers, so they are doing it every couple of hours on select receivers like the 2700. Once they are sure subs won't be affected, everyone else is going down, rest assured.
Heres how:

1. They will stop sending video packets to the old firmware, thereby forcing everyone to upgrade to the new firmware.
2. The new firmwares will negotiate the session key using 768 bit RSA instead of 512 bit RSA. In layman's term, calculating the session key will become computationally more intensive.
3. In older firmware, the session key was only negotiated at bootup and stayed static. It seems they will now attempt to negotiate a new session key more often. It is even possible they will do it every 15 seconds for each new video packet. Kind of like the old CMD 02 for Nagra 1.

In layman's terms: They will be "speeding up" the datastream. Not literally speeding it up, but requiring the CAM to do more computations, which is equivalent to speeding things up.

The end result will be that the hacks that can't keep up will become history. Logs will be provided tonight"

So. Go call me a fear monger now.

mili

DONT NOT FILL THIS THREAD WITH YOUR QUESTIONS. Start a new one or join in one already in progress!!!!!!!!!
This one will be watched. only post on topic and if you know what you are saying.

it's about damn time, I must admit I'm nervously excited!! digital locks on and locked,.....check, Rom 102 programmed and in the stream,.......check. allright, I think i'm ready.

It seems all non plastic hacks are affected, would be nice to know how FTA is doing.

mili

yes I wished I had my 2700 hooked up so I can compare tsops and what not.

It seems all non plastic hacks are affected, would be nice to know how FTA is doing.
mili

FTA is working ok. Autoroll picked up the new keys today and all is good. Viewsat Platinum.

Whatever it was they have pulled it. Only thing spooling in the stream right now are the latest keys. Stay tuned.

mili

damn it charlie, WTF, I'm tired of watching TV. TAke me, take me damn you!!! I'm about to give you my cam id, my boxkeys, ird number and SK number just so I can have something to do!!! hehe, j/k, I have a friend with several pansats, I will give him a call and post back.

sometimes I wonder if they have the wrong Indians working for them?
Dont know if it is job security or a bunch of fat heads.

Did the rom10 autoroll, roll the keys or crash and burn too????

Did the rom10 autoroll, roll the keys or crash and burn too????
http://www.dssftp.com/forum/showthread.php?t=60942

is ok!

this one is working just fine no problems detected so far. I am going to program my atmega with new keys now and is it working? Yes it is. I also had for the first time used my 101 with no rsa mod and it auto rolled the keys no problem.

rom102 with blocker up and running fine here... no problems, not one single black channel

http://www.dssftp.com/forum/showthread.php?t=60942

is ok!

sorry sir, must have missed that thread. Anyhow, at least it passed that test.

So what now? You mean I gotta learn to READ again!! And then read and read and read and read and read!!! And then test and test and test and test!!! And then spend and spend and spend on new stuff!!! OMG!!!!, now I have a life again!!!

lol means nothing yet. Damn sure broke up the boredom as of late.

still early on could be weeks before they try to do anything else.

As long as they wait till after May 27th to try something Im happy.

Running 10to102 autoroll no rsa mod 3900 p3.50 no problems now but earlier today the receiver turned off and restarted. It went through all the connections setups and was working fine. The box has never just restarted like it did though.

Can anyone fiqure why its all Firmware before keychange are all we all waiting for someone else to see what they are doing? Does anyone want to be FIRST?

Software Version: X834CSCD-F

Is this the latest? If not what is the latest version, and how can I update my receiver? What equipment I need and software? what files should I be looking for?

Regards,

cAN WE DO ANYTHING IN PUBLIC HERE ?

Running 10to102 autoroll no rsa mod 3900 p3.50 no problems now but earlier today the receiver turned off and restarted. It went through all the connections setups and was working fine. The box has never just restarted like it did though.

Thanks for confirming this. Your problem should have been around 12:30 P.M. Eastern time. Do you recall if your screen turned green before the re-boot?

cAN WE DO ANYTHING IN PUBLIC HERE ?

Sure, strap on your glasses & don't look directly at the blast.

Understood stocko. Just thought we might think for ourselfs.

Just to clear it up FTA is OK like wingster said autoroll good. Chanells are still there.

Keeping an eye out.

wrong night or wrong site here. Did not know everyone jumpted ship. All have seen that I was here....... So let me make it perfectly clear, Saw some shit thatmight make it clear....... so I'll just keep it near to dear.

I have 2 301-10 , 510, and 3900 all using rom 102 with v23 blocker all up and running no problems. They are all updated to latest version and i selected ask before downloading on system upgrades. not sure if that will help stop ecm but worth a try.

Understood stocko. Just thought we might think for ourselfs.

Oh, for sure we want to think for ourselves. I take Mili's post (top of thread) to mean keep your firmware updated and put your money on the horse that can keep up with the 768 bit RSA.

I think my rig is on life support just based on the old firmware, but other than a simple key change it's been nothing but tv so far. I'll see whom is standing after the battle and re-rig accordingly.

Bell reception on FTA may be under some type of attack. Currently I've found 7 channels that are black screened and are also out on IRD's as well. These channels are up on subs.

some subs on bev are not working right either according to other sites....probally just a provider problem...just keep us informed...

Try doing a bline scan all working good here on Bell. What channels?

Thanks for confirming this. Your problem should have been around 12:30 P.M. Eastern time. Do you recall if your screen turned green before the re-boot?

Not 100% sure but if it did it was only for a second or two. I don't think it was a green screen but like I said not totally sure. It was around that time though and when it rebooted it went through steps 1 - 5 then video and all came back up working fine. No missing channels that I have noticed. Now for fta that recevier was in another room so I have no clue on it but it is working fine right now and not missing anything that I have noticed. It's a viewsat plat. running the newest bin out.

By the way this is for dish and my 3900 was already at p3.50 along time ago. Have bev also but moved dishes this weekend and need a longer cable for the bev. Will check it out tomorrow.

Confirming There is about 7 channels that are missing on Bell inc HGTV.CA

2503
2600
2082
2083
2139
2140
2197

May be more but those are the ones I've found so far

Its going to be interesting. C&P

Internal ECM memo and legal action

--------------------------------------------------------------------------------

Internal ECM memo and legal action

...now that both of these broadcasters have openly admitted that their Nagravision encryption has been compromised, why aren't they doing anything about it?

The FCC and CRTC should take note: both of these broadcasters are in violation of their responsibilities to secure their signals and compete fairly with other broadcasters for new business. ...the CRTC even threatened to revoke the broadcast license of ExpressVu if piracy was not eliminated.

...neither Echostar or ExpressVu has shown any willingness or due diligence to secure their recently compromised broadcast signals.
...[Either the CEOs of these organizations are incompetent bungling fools or shrewd men of business.] Securing the Nagravision Encrypted signal, at least partially, is trivial and a technical method for doing so will be recommended.

In the interim, competing satellite broadcasters and cable companies should know that the North American market is now being flooded by cheap Chinese exported Free-to-Air (FTA) receivers that can decode both Echostar and ExpressVu signals without any monthly fees. Some of these FTA receivers are selling for as little as $50 and are being sold in electronics outlets throughout North America. A competing broadcaster, who has suffered damages and continues to suffer damages, has estimated that over 500,000 of these units have entered the US market alone since September of 2005. ...from affidavits requested from major [FTA] manufacturers.

..the response from Echostar and ExpressVu so far has been silence. Neither broadcaster has attempted any serious electronic counter
measures. Both broadcasters have periodically changed their public keys but the majority of FTA models have not been affected. Ergen would not respond to their complaints. Neither would Kudelski.

A team of engineers at our broadcasting facility were asked to study Echostar's security problem and advise us on whether this problem could be countered with software upgrades or whether a complete card swap would be required.

Technical research obtained, written by Mr.X.Y, Lead Electrical Engineer (Communications Group)


Excerpt

Echostar/ExpressVu Piracy Problem - Complaints to FCC and CRTC
Respectively

RE: Memo to communications staff - March 12, 2006
RE: FTA Piracy rampant - March 12, 2006
RE: Counter Measure Proposals - March 13, 2006
RE: Nagravision Signal Integrity: Study - March 14, 2006
RE: Complaints to FCC and CRTC - Pending Approval


Report Findings:


1. "101 ROM" cams compromised February 2005. Invasive attack from Spain most likely source for this compromise. Cam-IRD session handshaking protocol intact.
2. IDEA Broadcaster keys for Echostar start to circulate on public forums in August 2005. FTA piracy starts.
3. Public non-invasive attack compromises "102 ROM" cams in October 2005. ExpressVu is now also compromised. Modifications of receiver
firmware to counter Cam-IRD session handshaking protocol are widespread. Numerous pirate cams, cards and other electronics to facilitate piracy are being sold.
4. Echostar swapping out "101 ROM" cams by June 2006. No other card swap is planned.

Report Recommendations:

Although the Nagravision Encryption for certain cams is publically compromised, it will be proposed to Echostar and ExpressVu via the FCC and CRTC respectively, that the following counter measures be implemented immediately:

1. Restoration of CAM-IRD handshake protocol and counter measures against firmware modifications. It will be proposed that the CONTROL
WORDS be ciphered with the 64 byte Primary RSA key in IRD firmware in a convoluted manner difficult to reverse-engineer from firmware
disassemblies. Any modifications to the Primary RSA key will result in incorrect CONTROL WORDS. Without knowledge of the convolution process, FTA and DVB piracy will be eliminated.

2. Increase the length of the RSA exponent used for public key decryption to 512 bits. This will render atmel based piracy devices and
older generation ROM cards useless.

3. Traditional electronic counter measures against compromised "102 ROM"
cams.

atmegas running fine for now will be interesting to see what happens when they speed up the stream however. Wondering what B*v's up to with channel 340 showing..if you see this channel you have a technical problem. Call us . Anyone care to phone, lol.

hmm, channel 600 & 503 gone blank on b*v, they up to something.

what's is that mean avr-x is down we can't use them any more plase little explanation

what's is that mean avr-x is down we can't use them any more plase little explanation
where did you see this??

Milli since I am a newbie does this mean that avrx card done deal or can there still a glimmer of hope. Some one threaded "digital locks on rom 102 in stream" what is he saying and can I do something on my dp301-013 softwarep342,unit keeps turning on and off

guys please someone explain why avr-x not working with 2,06 and if theres a solution

guys please someone explain why avr-x not working with 2,06 and if theres a solution
maybe start a thread in the avr-x discusision board explaining that your avr-x is not working

darnit, really getting scary for b*v most ppv's gone & probably all channels will be gone by tonight!!

All PPV are all gone on Bell confirm down for FTA.

TSN & porn also gone

bring it on baby.
finally, I can do something else
thank you b#v

bring it on baby.
finally, I can do something else
thank you b#v
lmao

Bell Chanells are falling like flies. Almost all gone here.

All Bell Channels are down on FTA as of now.

Guys chill out, the AVR-X is the only system beside ex-subscribed ROM/Receiver combos that does not depend on you to modify the TSOP. It also has the horsepower to deal with stronger encryption. We will see what the future brings but rest assured this is only a speed bump. People who want instant gratification may be disappointed, you think BEV and DIsh spends all that effort and money going into securing their signal to have it defeated in 30 minutes? SO if you are down a day or two it will give you a chance to READ and spend time with the wife (not necessary a good thing I know)
mili

spend time with the wife?? She's the one bitching bout the tv, lol, time to go on a loooong walk with the dog!!

No one is taking me for a walk tinhorse LOL

Lol.
Anyway. To all those who ridiculed my predictions. How does the fucking crow taste like now?

mili

So why is FTA down if this ECM attempt is resulting as firmware/cam speed encryption?

Well Mili I can say I did doubt it. But then I seen today all what was happening and said no shit it is happening.

So why is FTA down if this ECM attempt is resulting as firmware/cam speed encryption?

From what I understand, B3v has simply sped up the stream. My 2500A is down as well.

Like Mili says, just chill out peeps and there will probably be a fix before the weekend is over.

i did doubt as well....u did say ecm in process and did warn ahead of time....i thought it would be for dish, not bev though...didnt read anywhere on what system u said would be hit...maybe next time, if you know, you could give us a heads up on what system(ie dish, bev) thanks mili!

All Bell Channels are down on FTA as of now.


Not the case here. Only PPV and Venus along with some others. The majority are still up on my VS 2000. I'm sure it's not gonna last though.

All Bell Channels are down on FTA as of now.

I'm getting all 200 to 298 and lots in the 600's on the CS5000. Dish seems to be working good

plastic rom 102 is out on bev too, so I am saying either my blocker is blocking the stream speedup or they have knocked out subs too. Maybe something completely different as well.

Ok this may be a stupid question but I'm new in this area on the satellite systems.

Will any of this that is going on affect the cardless recievers? I don't know much about the new systems (yet) but I suppose to be getting one so any help would be appreciated, also I believe in the nasty news thread someone said that it wouldn't effect the cardless recievers so I just want to make sure.

Like I said I don't know much about it but the system I suppose to be getting is cardless and it has all the channels including the PPV and Porn channels.

ex sub with married rec. latest updates and rev blockers are running fine for me.

Ariza 700 with 2.74 working fine with Charles, no Bev working

Lol.
Anyway. To all those who ridiculed my predictions. How does the fucking crow taste like now?

mili

Probably like the crow you ate after steadfastly denying the AVR-X was made by Magician.

For the record I got no idea who makes the AVR-X still. That is what I always said so go and find yourself another topic to troll about.

mili

any more info mili on whats going on? you said last nite you were gonna post logs or something like that.

basically if you do not have the latest 244 revision on your 102 card (I'm talking about b*v not d*sh. you don't get channels. they incorporated another command into this revision, and untill they know what it is, we might go w/o tv or run blockerless and take the update which will lock you out of your card. I wouldn't be surprised if charlie follows.

I'd say your right .

No instant gratificatin. Be patient. Believe me the moment I got anything you will know about it.

mili

I just ran blockerless on bev, I am now at rev 244 and all channels are in. NOw if we can glitch back in. we might know what we were dealing with. I am missing ppv movies though, don't know if I forgot to put them on the bin, I didn't use the 3m, I figured if I was going blockerless I would just put real tiers on it and ppv strings to try to make it look a little more legit. I have a d*sh card ready to do the same thing if the moment arises.

Must be nice to have them extra cams crazy1.

Must be nice to have them extra cams crazy1.
I bought 10 of them for over 400 dollars, so I am doing the expensive testing, the good news is, I just popped a 244 with the current rom10x reader, I had to change the script so it wouldn't error out when rev 244 was detected. But I have it. I have the image.

===========================================
Glitch Success!! DE CA FE C0 FF EE
Card is Unlocked!!!
VCC = 08 (~0.147058823529412 vdc)
Glitch Delay = 3A13
Glitch type 07
===========================================

I'D love to see that script and would sure buy you one at x.

same script for 243, I only took out the 244 rev so it wouldn't think it was a rev it couldn't pop. I gambled and I won. Way down near the bottom of the winex script it has a section of script that says

If T4 = 108 or T4 = 244 or T4 = 285 Then
Sc.MsgBox("This Script does not support REV: " & T4 & "!")
CheckCard = 0
Exit Function
End If

I just took one 4 out of 244 and made it look like this
If T4 = 108 or T4 = 24 or T4 = 285 Then
Sc.MsgBox("This Script does not support REV: " & T4 & "!")
CheckCard = 0
Exit Function
End If
and the script ran it and popped it.

Added to your rep to crazy1 79

I seen that, thanks bud, if I ever figure out how to do it, got one coming right back at ya! I didn't do the hard work, we know who gets the credit for freeware, I just took the gamle. marked my OTP so now I am not comfortable putting that card back into the stream w/o a blocker. but I guess I helped!

First as seen in public to me. One heck of a gutsy move. Were you on to something beforehand? Cant believe chuck didn't close that.

no clue beforehand, just had a hunch it was going to be similiar to the A23 to A24 update back in the rom 10 days, it scared us, but the same scripts would pop it. they already chocked the cards full of 83 opcodes. what more could they have possibly done to it in such short amount of time? I don't think it's so much as him closing it, he's just setting us up for the marked otp's were all getting. huge target for him to aim at in the furture. I'm now wondering about the rev 108's. I'm about to update one in the chuck stream just to find out!! j/k, if the time comes I'll do it, but I don't have the same confidence in that one. Now we need the big cheese to give us a blocker for the 244 and we are back in business.

??? You think chuck has downsized so much that he does not know new rev has been glitched?

Are their enough people here to do it?

i'm feeling froggy, I'm going to try putting a blocker back on it and put it back in the stream, first lets see if I can ppv movies back!

oh shit, I just realized how bad we're hijacking this thread 1one. we better move over to bev 102 programming, SORRY GUYS!!!!

May need to start a new tread. I believe that if we follow the same logic as penga on previous blocker that the rev are not that different. Still would like to know why OTP was marked.

http://www.dssftp.com/forum/showthread.php?p=368589#post368589

B*v is completely wiped out.

there are fixes all over tinhorse7911

sorry just a key change

Software Version: X834CSCD-F

Is this the latest? If not what is the latest version, and how can I update my receiver? What equipment I need and software? what files should I be looking for?

Regards,

No.854p.You're tsop is flagged.Should be X834cscd-N.I don't know the consequences of a flageed tsop but you could do a search here.I think it's been covered.

yep he is right
flagged eprom is a ecm target and also I dont think It will update ever.

Flash it with proper virgin eprom that you make using flashedit. whatever your build is.
There is a way to make one to out of yours but I forget, maybe someone knows.
I think it is zeroing out every thing but the first 48 bytes of the eprom using hexedit. and saving it and flash ird with it.