People have been asking me what this "brute force" and "statistical" fix people keep talking about.
There are two different approaches to bypass the latest MAP57 timer ECMS. One is to use a table of possible answers one by one trying each "password" to see if one of them will get video or not until you hit the correct one and bingo.
The other is to come up with the correct mathematical solution to this ECM and at the end of the calculations come up with only ONE password but the correct one.
While brute force is currently working it may not in the future. With the previous round of MECM they looped through the MAP call 4 times and the brute force approach was marginally able to come up wiht the right value within the alotted time. THis round of MECM loops through MAP57 only once and brute force is once again marginally able to tackle the problem. If they however loop through MAP57 4 times as with the MAP3E before that means 4 billion brute force rounds to do in 4 seconds or less. Hardly an option.
The question is now why they only looped through MAP57 twice and not 4 times? I think because they want fixes to come out. There is no other explanation. If someone has the brains to come up with these ECMs rest assured he is not stupid enough to leave the back door open.
The only emulator platform NOT using a brute force approach is the USBAtmega256 card from Fab5. All other FTA and DVB cards rely on a lookup table and are brute forcing the problem. If Charlie gets his head out of his ass and loops through the code 2 more times everyone will have to try to do the solution the hard way and so far I don't see the mathematical skill necessary to tackle the problem displayed by the happysat people who write these DVB and FTA codes.

mili

:confused:if the table is known, wouldn't that imply that some kind of algorithym or routine is known since that's what created the table in the first place? This is an honest question...

I am no mathematician but I am sure they did not pull that table out of their asses.

mili

I am no mathematician but I am sure they did not pull that table out of their asses.

mili

neither am I, which is why I'm thinking that some formula created that table. just my $0.02 worth.

just wondering all this playing around with the latest ecms does it take out some legal customers or loop some legal cards if it dose it seems like charly would back off

over the years between DTV and Dishnet may subs have gone down and been brought back up without an issue, im sure most if not all here remember a few lovely days back in the day when EVERYONE was blacked out and EVERYONE had to br brought back up by DTV, this does happen, and eventually Dishnet will start needing to think about a card swap, only so much you can do with a processor, think about your computer for example, and the amount of ram you have, there is only a certain amount of things you can do before your computer will just take a shit on your and freeze up and leave you no solution other then shutting it down or upgrading, this in theory is the same concept, hence the card swaps, increased space, more algorthisms, higher bit encryption but in the end coders hackers freetvers whatever you call call yourselves will still prevail if man made it, it can be hacked, there is no such thing as an unhackable system, and dont start in with the well DTV still isnt done, and do you all know the main reason why? because its not world wide where N2 is a worldwide system hence being a more popular choice for all. just my 2 cents worth

Plastic is King/killable but the usb256 is a prince with longevity without risk of loosing a card. I run emu with card the card always has the map but it is expensive if they kill it hardly 90 bucks. Thank I will get me one of the usb devices they are simple and easy and durable with great support.

Joe

The primary reason DTV has not been publically hacked is that it is so easy to hack ech*star. Why would people devote time and effort to hacking a difficult system if you can get the exact same channels on free-to-air??

Now if Dish does do a card swapout, expect the DTV cards to get some poking and prodding.

i like my fta but thinking about getting a usb amega im just hoping it dont turn out like the box of ice scrapers i have like the majic cards when they get tird of supporting it they just give you a program to kill the card

The USB 256 is great! just wish they'd make them a bit longer seems that the processor on the endhits in the recivers and makes the end that has to touch the card slot about 1mm above where it needs to be

People have been asking me what this "brute force" and "statistical" fix people keep talking about.
There are two different approaches to bypass the latest MAP57 timer ECMS. One is to use a table of possible answers one by one trying each "password" to see if one of them will get video or not until you hit the correct one and bingo.
The other is to come up with the correct mathematical solution to this ECM and at the end of the calculations come up with only ONE password but the correct one.
While brute force is currently working it may not in the future. With the previous round of MECM they looped through the MAP call 4 times and the brute force approach was marginally able to come up wiht the right value within the alotted time. THis round of MECM loops through MAP57 only once and brute force is once again marginally able to tackle the problem. If they however loop through MAP57 4 times as with the MAP3E before that means 4 billion brute force rounds to do in 4 seconds or less. Hardly an option.
The question is now why they only looped through MAP57 twice and not 4 times? I think because they want fixes to come out. There is no other explanation. If someone has the brains to come up with these ECMs rest assured he is not stupid enough to leave the back door open.
The only emulator platform NOT using a brute force approach is the USBAtmega256 card from Fab5. All other FTA and DVB cards rely on a lookup table and are brute forcing the problem. If Charlie gets his head out of his ass and loops through the code 2 more times everyone will have to try to do the solution the hard way and so far I don't see the mathematical skill necessary to tackle the problem displayed by the happysat people who write these DVB and FTA codes.

mili
Good read mili :)

I still dont get why FTA has to use this brut force thing are they missing emprom or somthing like that or not enought info on the cam.

Thanks for clearing this up me too I did not know what that ment LOL

The USB 256 is great!

I hope they are. I just ordered one. :D

just wondering all this playing around with the latest ecms does it take out some legal customers or loop some legal cards if it dose it seems like charly would back offThe mecm updates should in no way effect a sub cam. The cam should take the update and not miss a beat. Unless the receiver was unhooked for a bit and didn't take the mecm update, but it would update with in minutes after hooking it back up. Thats also why they stream the update for a couple of days before making it active. To make sure everyone got the mecm update that should have. Unless the cam was tampered with I don;t see it effecting a sub. I would bet they will not be backing off anytime soon. It seems to be working for the most part at keeping emu type devices down.

People have been asking me what this "brute force" and "statistical" fix people keep talking about.
...
The other is to come up with the correct mathematical solution to this ECM and at the end of the calculations come up with only ONE password but the correct one.

mili
That doesn't sound very statistical. I assumed that it meant you made a series of guesses with a high probability of being correct and tried those first. Brute force would be considered "random" since each value would have the similar (low) probability of being correct

IncaTrails, Its still brute forcing no matter what way you look at it.
Statistical method or 'brute force'...
brute force just says try this, no, try this, no.. until its accepted, which won't always work down the road.
statistical is well, considering this, and this, we can assume it won't be X or Y... we should get by on Z.

Kinda like instead of determining the complex key, just guess its hash value..

A sound statistical analysis should yield a formula for calculating the correct time a very high percentage of the time. Brute force is simply trial and error. Big difference in my book. The statistical approach does not produce a guess, it produces a calculation based on thousands of test runs and a 'best fit' analysis. I feel this is an ideal application for the statistical approach. There should exist a formula that will nail the right answer at an acceptible level of accuracy.

wouldn't enough *correct* brute force results begin to give a pattern which can then be fit into a formula?

Statistical approach does not produce a guess, it produces a calculation based on thousands of test runs and a 'best fit' analysis.
Poor choice of words on my part. I used "guess" since it was statistical method and you could not be sure that it would yield the right answer the first time.

I am surprised that this works. Shouldn't the encrypted output look random and you would need millions/billions on observations to discern a pattern?

not sure how many observations would be needed. with enough observations a formula/algo could be tested. it's possible that an initial formula could yield sufficient answers. as time goes by the formula could be fine tuned to give a more accurate and faster answer. quite possible that there could be more than one formula, or transformations of the same formula into other formulas. I'm just basing my thoughts on my limited math background...

over the years between DTV and Dishnet may subs have gone down and been brought back up without an issue, im sure most if not all here remember a few lovely days back in the day when EVERYONE was blacked out and EVERYONE had to br brought back up by DTV, this does happen, and eventually Dishnet will start needing to think about a card swap, only so much you can do with a processor, think about your computer for example, and the amount of ram you have, there is only a certain amount of things you can do before your computer will just take a shit on your and freeze up and leave you no solution other then shutting it down or upgrading, this in theory is the same concept, hence the card swaps, increased space, more algorthisms, higher bit encryption but in the end coders hackers freetvers whatever you call call yourselves will still prevail if man made it, it can be hacked, there is no such thing as an unhackable system, and dont start in with the well DTV still isnt done, and do you all know the main reason why? because its not world wide where N2 is a worldwide system hence being a more popular choice for all. just my 2 cents worth


Your Right..... Been Wondering when you'd Post.........









Lool..................







.

Good read mili :)

I still dont get why FTA has to use this brut force thing are they missing emprom or somthing like that or not enought info on the cam.

Thanks for clearing this up me too I did not know what that ment LOL


Lool.............

I stated memory and speed a few days ago...........











Lool...................











.

Lool.............

I stated memory and speed a few days ago...........

Lool...................
.

I highly doubt it since if this was the case why would the cardless EMUs be having issues? Duel Core machines with Gigs of Ram :)

i think i remember reading that there are 2 more revs on the cams for both providers to play with yet, so i'm not sure how stretched the cam capabilities are.....if this is the case then depending on how long it takes to defeat this one's capabilities, and each of the next ones, could set the time frame for the next swap.....well that, and perhaps if/when dtv buys out dishnet


my bad....asked around and 10c is last rev so i musta read that a rev or 2 ago

If you are really interested in how this ecm was defeated and why a 'quick and dirty fix' by mfong for dvb was implemented, go to happysat and have a read. Everything you need to know about this latest hit is there. Mili, I can assure you that the coders there have more than enough mathematical skill to solve this problem using either solution, however, they have no financial interest in it whatsoever, and chose the easier method (which is working great, BTW). Mfong also recomended that others pursue a 'proper' fix, but only time will tell if ...either... fix (if Fab5's is indeed that much different, only he really knows) will lead to a faster recovery from the next hit, or produce more uptime (dvb the current champion). I guess when the next mecm comes tomorrow and then they send down the key, we will know. But a fix, is still after all, a fix.

My 4cents worth


...clockspeed...

the reason there is no public dave fix is he would pursue the first person to post such a hack and make an example out of them.. No one wants to go to jail over T.V

Or get killed.

mili

If you are really interested in how this ecm was defeated and why a 'quick and dirty fix' by mfong for dvb was implemented, go to happysat and have a read. Everything you need to know about this latest hit is there. Mili, I can assure you that the coders there have more than enough mathematical skill to solve this problem using either solution, however, they have no financial interest in it whatsoever, and chose the easier method (which is working great, BTW). Mfong also recomended that others pursue a 'proper' fix, but only time will tell if ...either... fix (if Fab5's is indeed that much different, only he really knows) will lead to a faster recovery from the next hit, or produce more uptime (dvb the current champion). I guess when the next mecm comes tomorrow and then they send down the key, we will know. But a fix, is still after all, a fix.

My 4cents worth


...clockspeed...
its here too http://www.dssftp.com/forum/showthread.php?t=75189

Lool.............

I stated memory and speed a few days ago...........











Lool...................











.
mayby the case for older models that have only 1 meg prosesser other than that MAP EMU will half to be added to the bins in order to run the same way atmega 256 does & PCI.

The FTA coders or patch enablers LOL will half to find out or $$ for the same info as PCI or 256 in order to get ride of these 'brute force'... TEMP bin releasess

But it can be done on FTA

While brute force is currently working it may not in the future. With the previous round of MECM they looped through the MAP call 4 times and the brute force approach was marginally able to come up wiht the right value within the alotted time. THis round of MECM loops through MAP57 only once and brute force is once again marginally able to tackle the problem. If they however loop through MAP57 4 times as with the MAP3E before that means 4 billion brute force rounds to do in 4 seconds or less. Hardly an option.

mili
Sounds to me like this is a perfect place to make use of a few FPGAs running in parallel (i.e. 4 or 8). Clock them at a few hundred MHz, and you have the speed to do the brute force search. Obviously this would make for more expensive hardware, but at least you'd have the capability to deal with any future changes to the encryption scheme.