Analogue Nagravision (Syster) encoder

Captain Jack

Captain Jack

Модератор
Staff member
Messages
10,982
My Satellite Setup
See signature
My Location
North Somerset
@homercartman I've pushed the latest version to generate C+ France "free access" mode control words. Enable it with --syster cfrfa.

Now, on my system, two white keys work with random CWs, one white keys only works with fixed ones and the grey one with a different ATR does not respond (it's blank - no dates on it). I would be very interested to know in how it performs on your setup - C+ France and C+ ES keys. My grey key expects VBI data on different lines from white ones. So you need to edit this line from -1 to -3.


I expect some C+ France keys to work - at least in fixed mode (controlled by _CFR_FIXED flag in syster.h). I would hope that C+ ES keys at least trigger the decoder but I don't know what the ATR for it is and therefore I don't know what lines it expects VBI data to come in on. It probably won't do anything. You can play with the value above as well to see if any of them start poking the key.

C+ France key will force the decoder to permute the entire line, so PAL mode will lose colour. Use one of the SECAM ones.

Lastly, would you be able to translate Note_cle.pdf file for me? I ran it through Google Translate but it doesn't do a good job. I am interested in getting more detail into the structure of 06 messages and what makes it valid or invalid. There are mentions that changing single bits on either of the 8-byte halves will make the key respond with 0A, though, as I've found above, some C+ France keys will take random ones in free access mode.
 
H

homercartman

Member
Messages
39
My Satellite Setup
Cubsat 50, DVBSky S960, RPi3
My Location
France
Hi @Captain Jack

I did some tests. Here they are (I'm referring to plastic keys as cards, as it could be confusing when talking about encryption keys)
card #​
country​
subscriptions​
result with cfrca and no code mod​
result with cfrfa and _CFR_FIXED​
result with cplca​
result with cfrfa and vbioffset = -4​
result with cfrfa and vbioffset = -3​
result with cfrfa and _vbioffset = -3 and _CFR_FIXED​
1​
fr​
Feb 2005​
none​
none​
none​
none​
quick lock unlock​
quick lock unlock​
2​
fr​
none​
none​
none​
none​
none​
quick lock unlock​
quick lock unlock​
3​
fr​
none​
none​
none​
none​
none​
quick lock unlock​
quick lock unlock​
4​
es​
Jan 03​
none​
none​
quick lock unlock​
quick lock unlock​
none​
none​
5​
es​
none​
none​
none​
quick lock unlock​
quick lock unlock​
none​
none​
6​
es​
Jan 04​
none​
none​
quick lock unlock​
quick lock unlock​
none​
none​

quick lock unlock means: 0.5 second of sound then vanish. I wish to stand corrected regarding my previous post: there is no 32 lign align. Only audio.

Is there something to do with k64 and the cards? Unfortunately I have no means to read my own key-shaped cards.

In a spanish document I found, the ATR is supposed to be 1C 38 0C 01 FF 14 E1 E5 .


As for the MS/MF discussion in Note_cle.pdf, here is my translation and inlined interpretation.

Basically it says the following:

06 frames contain the header (06) with the audience (11), then a "fixed word" (so called "MF") of first 8 bytes -- that is supposed to go along with the audience--, then a "variable word" (so called "MS") of other 8 bytes.

Then it says there is a correspondence between the contents of MF and the response from the card ("dmf", I guess: "decoded MF").
Same for MS.
It guesses that dmf corresponds to the 4 last bytes of the card response.
It guesses that dms corresponds to the 4 first bytes of the card response.

Then it enumerates several synthetic tests and observations:
Test A -
MF = fixed value, consistent with the audience
(note: I guess "MF fixed consistent" means: always use THE first 8 byte half that has been actually sent by decoder as part of ONE authentic 06 11 message )
MS = chosen with sliding mask
-> dmf is constant
-> dms is variable

Test B -
MF = variable consistent value, changing at every test
(note: I guess "variable consistent" means: use ANY first 8 byte half that has been actually sent by decoder as part OF A SET OF authentic 06 11 messages )
MS = 0.
-> dmf varies but is always even
-> dms is always 0x025C9753 (but can depend on the key chosen by audience).
(author says it should be tried with other keys and audiences)

Ttest C - varying 1 bit of MS radically changes dms
note from myself: reading this document at this point, encryption is likely at stake for those 2x8 bytes (MS, MF) and I guess it works with 64 bit word frontiers.

Test D -
MF = fixed consistent value, as in test A
MS = variable consistent MF
-> dmf is constant
-> dms is somehow constant, either 0x1101FF or 0x110140 (might depend on the key).

Test E -
MS = fixed yet inconsistent MF (ie: first 8 byte half sent as part of ONE authentic 06 xx message where xx != 11)
-> dmf is constant
-> dms varies, contrarily to test D

Test F - each process entry is 64 bits, the result is 32 bit". I guess it means: decoder sends 64 bits, card gives back 32. Obviously, some input data from decoder is dedicated to encrypted CW, some other to encrypted card management (subscription dates?) and the card only replies the decrypted CW.
Test G - whatever MF, dmf MSByte is always <= 0x1F. ie dmf is always < 0x1FFFFFFF.
Test H - whatever MS, dms MSByte is always<= 0x7F. ie, dms is always < 0x7FFFFFFF.


Hope this helps.

EDIT: found this in my old archives:

which might be of great help regarding command 06.
 
Last edited:
H

homercartman

Member
Messages
39
My Satellite Setup
Cubsat 50, DVBSky S960, RPi3
My Location
France
Argh, damn time limit. I wanted to edit my array in my previous post, but it was too late. So here is an updated version that cancels and replaces the previous one (just a clarification, no news really)

card number​
country​
subscriptions​
result with cfrca and no code mod​
result with cfrca and _CFR_FIXED​
result with cplca​
result with cfrca and _vbioffset = -4​
1​
fr​
Feb 2005​
quick lock unlock​
quick lock unlock​
none​
none​
2​
fr​
none​
quick lock unlock​
quick lock unlock​
none​
none​
3​
fr​
none​
quick lock unlock​
quick lock unlock​
none​
none​
4​
es​
Jan 03​
none​
none​
quick lock unlock​
quick lock unlock​
5​
es​
none​
none​
none​
quick lock unlock​
quick lock unlock​
6​
es​
Jan 04​
none​
none​
quick lock unlock​
quick lock unlock​
 
Captain Jack

Captain Jack

Модератор
Staff member
Messages
10,982
My Satellite Setup
See signature
My Location
North Somerset
Hi @Captain Jack
I did some tests. Here they are (I'm referring to plastic keys as cards, as it could be confusing when talking about encryption keys)
OK, so one thing that's clear is that the 'new' French C+ card doesn't work with audience 11 from the old key. They have different ATRs and therefore different VBI lines. This suggests to me that C+ at one point or another did a card change and ran encryption on both - sort of like simulcrypt.

The quick lock/unlock means the decoder found VBI data but key responded with 0A - so it stopped descrambling.
In a spanish document I found, the ATR is supposed to be 1C 38 0C 01 FF 14 E1 E5
Same as Canal+ Poland. Can you try it with cplfa?

Many thanks for the translation. Most of it I already knew through disassembling the PIC code.
-> dmf varies but is always even
-> dms is always 0x025C9753 (but can depend on the key chosen by audience).
(author says it should be tried with other keys and audiences)
Interestingly, they used audience 11 key used in C+ France card to get this value.

Test G - whatever MF, dmf MSByte is always <= 0x1F. ie dmf is always < 0x1FFFFFFF.
Test H - whatever MS, dms MSByte is always<= 0x7F. ie, dms is always < 0x7FFFFFFF.
That makes sense. The two halves of the answer depend on each other and there's some masking going on. Only 60 bits are actually used to seed the decoder.
EDIT: found this in my old archives:
The DES function is already in my fork - that's how I can generate random CWs. I will look through the code and see if there's anything I missed.

One thing that is a mystery still is how does the key validate whether the 2x 8-bytes halves are valid. There doesn't seem to be a hash in use so it's likely to be some date, theme and operator bytes that are somehow masked with other values.

I need to read that Spanish doc and see if it gives any clues. It seems to have good info on what audience levels correspond to what keys within the card.
 
H

homercartman

Member
Messages
39
My Satellite Setup
Cubsat 50, DVBSky S960, RPi3
My Location
France
cplfa indeed triggers quick lock unlock with ES keys.
 
Captain Jack

Captain Jack

Модератор
Staff member
Messages
10,982
My Satellite Setup
See signature
My Location
North Somerset
Command 06 file is excellent - it's exactly what I wanted to see. It explains at least the first part of 8-bytes (not the last though, sadly). it all.

Another step closer to random words.
 
Last edited:
Captain Jack

Captain Jack

Модератор
Staff member
Messages
10,982
My Satellite Setup
See signature
My Location
North Somerset
Thanks to @homercartman's docs, I was able to create properly formatted ECMs on the fly. With a bit of luck and following wind, we were able to get Premiere, Polish, older French and Spanish cards working in 'free access' mode.

One mystery is still around the grey key, which is not working still (same for Russian NTV+ card).

I think one thing left to try is using switching to the permutation table used by French decoders to combat pirate SECAM ones.
 
Captain Jack

Captain Jack

Модератор
Staff member
Messages
10,982
My Satellite Setup
See signature
My Location
North Somerset
Here's what I think various bits in msg1[0] byte do.

Code:
    b = 0 << 7;    /* ?? Unused */
    b |= 0 << 6;    /* ?? Unused */
    b |= 1 << 5;    /* 0: clear, 1: scrambled */
    b |= 1 << 4;    /* Audio inversion frequency: 1: 12.8kHz, 0: ?kHz */
    b |= 0 << 3;    /* 0: full frame scrambling, 1: half-frame scrambling */
    b |= 0 << 2;    /* Seems to enable cut-and-rotate on some decoders (+ msg2[1] = 0x29) */
    b |= 1 << 1;    /* Scrambling type: 0: Discret 11, 1: Syster */
    b |= 0 << 0;    /* 6th high bit of audience level */
It's similar to @homercartman's findings. I am still not able to force the French decoders to use the new permutation table and I don't know how it's controlled.

German decoders also have videocrypt-like cut and rotate function. It's unclear yet whether the c/r sequences are affected by card's seed or not (Discret11 isn't). Nor what PRBS function is used but likely to be similar to others'.

It's a little different from Videocrypt in that the cut point can be anywhere in the frame. It doesn't seem to be limited to 256 points. Might be wrong though.
 
O

orizatriznyak

Member
Messages
22
My Satellite Setup
Vu+Duo2+T90
My Location
Budapest,Hungary
Old frequency charts identified the encryption system of Canal+ Espana as Nagravision & Videocrypt.
I didn't receive this channel back then, but maybe this cut&rotate function was used on this channel.
 
Captain Jack

Captain Jack

Модератор
Staff member
Messages
10,982
My Satellite Setup
See signature
My Location
North Somerset
How weird. I wonder if someone mistook whatever c/r system was used for Videocrypt?
 
N

neo7530

Member
Messages
14
My Satellite Setup
Cable / Hacktv
My Location
Berlin
Finally found the key for all Premiere Keys 06 00 = 00 00 00 00 00 00 12 34 :D
Also i'm able to dump Premiere Keys now to extract all data we need.
 
E

E333&

New Member
Messages
1
My Satellite Setup
Technotrend 3200& CI slot, disecq 1.0 astra 19.2e, eutelsat 5w
My Location
france
Hello everyone and sorry for bad english
First of all thank you to Captain jack and fsphil which I also thank and which allows to replay with the old materials of the years 80-90. I like very much even if everyone around me doesn’t understand the interest.
I experimented with some possibilities and I use dvblast to bring the stream video to Hacktv. I encrypt free channels and everything works. It reminds me of my youth and I use discret11.
Today I discovered steeviebops gui for windows and I also liked even if I prefer to stay under Linux.
Another big thank to all for allowing us to experiment.
See you soon
 
Top