Analogue Nagravision (Syster) encoder

Captain Jack

Burnt out human
Joined
Oct 21, 2006
Messages
11,797
Reaction score
7,980
Points
113
My Satellite Setup
See signature
My Location
North Somerset
@homercartman I've pushed the latest version to generate C+ France "free access" mode control words. Enable it with --syster cfrfa.

Now, on my system, two white keys work with random CWs, one white keys only works with fixed ones and the grey one with a different ATR does not respond (it's blank - no dates on it). I would be very interested to know in how it performs on your setup - C+ France and C+ ES keys. My grey key expects VBI data on different lines from white ones. So you need to edit this line from -1 to -3.


I expect some C+ France keys to work - at least in fixed mode (controlled by _CFR_FIXED flag in syster.h). I would hope that C+ ES keys at least trigger the decoder but I don't know what the ATR for it is and therefore I don't know what lines it expects VBI data to come in on. It probably won't do anything. You can play with the value above as well to see if any of them start poking the key.

C+ France key will force the decoder to permute the entire line, so PAL mode will lose colour. Use one of the SECAM ones.

Lastly, would you be able to translate Note_cle.pdf file for me? I ran it through Google Translate but it doesn't do a good job. I am interested in getting more detail into the structure of 06 messages and what makes it valid or invalid. There are mentions that changing single bits on either of the 8-byte halves will make the key respond with 0A, though, as I've found above, some C+ France keys will take random ones in free access mode.
 

homercartman

Member
Joined
Oct 25, 2019
Messages
42
Reaction score
6
Points
8
My Satellite Setup
Cubsat 50, DVBSky S960, RPi3
My Location
France
Hi @Captain Jack

I did some tests. Here they are (I'm referring to plastic keys as cards, as it could be confusing when talking about encryption keys)
card #​
country​
subscriptions​
result with cfrca and no code mod​
result with cfrfa and _CFR_FIXED​
result with cplca​
result with cfrfa and vbioffset = -4​
result with cfrfa and vbioffset = -3​
result with cfrfa and _vbioffset = -3 and _CFR_FIXED​
1​
fr​
Feb 2005​
none​
none​
none​
none​
quick lock unlock​
quick lock unlock​
2​
fr​
none​
none​
none​
none​
none​
quick lock unlock​
quick lock unlock​
3​
fr​
none​
none​
none​
none​
none​
quick lock unlock​
quick lock unlock​
4​
es​
Jan 03​
none​
none​
quick lock unlock​
quick lock unlock​
none​
none​
5​
es​
none​
none​
none​
quick lock unlock​
quick lock unlock​
none​
none​
6​
es​
Jan 04​
none​
none​
quick lock unlock​
quick lock unlock​
none​
none​

quick lock unlock means: 0.5 second of sound then vanish. I wish to stand corrected regarding my previous post: there is no 32 lign align. Only audio.

Is there something to do with k64 and the cards? Unfortunately I have no means to read my own key-shaped cards.

In a spanish document I found, the ATR is supposed to be 1C 38 0C 01 FF 14 E1 E5 .


As for the MS/MF discussion in Note_cle.pdf, here is my translation and inlined interpretation.

Basically it says the following:

06 frames contain the header (06) with the audience (11), then a "fixed word" (so called "MF") of first 8 bytes -- that is supposed to go along with the audience--, then a "variable word" (so called "MS") of other 8 bytes.

Then it says there is a correspondence between the contents of MF and the response from the card ("dmf", I guess: "decoded MF").
Same for MS.
It guesses that dmf corresponds to the 4 last bytes of the card response.
It guesses that dms corresponds to the 4 first bytes of the card response.

Then it enumerates several synthetic tests and observations:
Test A -
MF = fixed value, consistent with the audience
(note: I guess "MF fixed consistent" means: always use THE first 8 byte half that has been actually sent by decoder as part of ONE authentic 06 11 message )
MS = chosen with sliding mask
-> dmf is constant
-> dms is variable

Test B -
MF = variable consistent value, changing at every test
(note: I guess "variable consistent" means: use ANY first 8 byte half that has been actually sent by decoder as part OF A SET OF authentic 06 11 messages )
MS = 0.
-> dmf varies but is always even
-> dms is always 0x025C9753 (but can depend on the key chosen by audience).
(author says it should be tried with other keys and audiences)

Ttest C - varying 1 bit of MS radically changes dms
note from myself: reading this document at this point, encryption is likely at stake for those 2x8 bytes (MS, MF) and I guess it works with 64 bit word frontiers.

Test D -
MF = fixed consistent value, as in test A
MS = variable consistent MF
-> dmf is constant
-> dms is somehow constant, either 0x1101FF or 0x110140 (might depend on the key).

Test E -
MS = fixed yet inconsistent MF (ie: first 8 byte half sent as part of ONE authentic 06 xx message where xx != 11)
-> dmf is constant
-> dms varies, contrarily to test D

Test F - each process entry is 64 bits, the result is 32 bit". I guess it means: decoder sends 64 bits, card gives back 32. Obviously, some input data from decoder is dedicated to encrypted CW, some other to encrypted card management (subscription dates?) and the card only replies the decrypted CW.
Test G - whatever MF, dmf MSByte is always <= 0x1F. ie dmf is always < 0x1FFFFFFF.
Test H - whatever MS, dms MSByte is always<= 0x7F. ie, dms is always < 0x7FFFFFFF.


Hope this helps.

EDIT: found this in my old archives:

which might be of great help regarding command 06.
 
Last edited:

homercartman

Member
Joined
Oct 25, 2019
Messages
42
Reaction score
6
Points
8
My Satellite Setup
Cubsat 50, DVBSky S960, RPi3
My Location
France
Argh, damn time limit. I wanted to edit my array in my previous post, but it was too late. So here is an updated version that cancels and replaces the previous one (just a clarification, no news really)

card number​
country​
subscriptions​
result with cfrca and no code mod​
result with cfrca and _CFR_FIXED​
result with cplca​
result with cfrca and _vbioffset = -4​
1​
fr​
Feb 2005​
quick lock unlock​
quick lock unlock​
none​
none​
2​
fr​
none​
quick lock unlock​
quick lock unlock​
none​
none​
3​
fr​
none​
quick lock unlock​
quick lock unlock​
none​
none​
4​
es​
Jan 03​
none​
none​
quick lock unlock​
quick lock unlock​
5​
es​
none​
none​
none​
quick lock unlock​
quick lock unlock​
6​
es​
Jan 04​
none​
none​
quick lock unlock​
quick lock unlock​
 

Captain Jack

Burnt out human
Joined
Oct 21, 2006
Messages
11,797
Reaction score
7,980
Points
113
My Satellite Setup
See signature
My Location
North Somerset
Hi @Captain Jack
I did some tests. Here they are (I'm referring to plastic keys as cards, as it could be confusing when talking about encryption keys)
OK, so one thing that's clear is that the 'new' French C+ card doesn't work with audience 11 from the old key. They have different ATRs and therefore different VBI lines. This suggests to me that C+ at one point or another did a card change and ran encryption on both - sort of like simulcrypt.

The quick lock/unlock means the decoder found VBI data but key responded with 0A - so it stopped descrambling.
In a spanish document I found, the ATR is supposed to be 1C 38 0C 01 FF 14 E1 E5
Same as Canal+ Poland. Can you try it with cplfa?

Many thanks for the translation. Most of it I already knew through disassembling the PIC code.
-> dmf varies but is always even
-> dms is always 0x025C9753 (but can depend on the key chosen by audience).
(author says it should be tried with other keys and audiences)
Interestingly, they used audience 11 key used in C+ France card to get this value.

Test G - whatever MF, dmf MSByte is always <= 0x1F. ie dmf is always < 0x1FFFFFFF.
Test H - whatever MS, dms MSByte is always<= 0x7F. ie, dms is always < 0x7FFFFFFF.
That makes sense. The two halves of the answer depend on each other and there's some masking going on. Only 60 bits are actually used to seed the decoder.
EDIT: found this in my old archives:
The DES function is already in my fork - that's how I can generate random CWs. I will look through the code and see if there's anything I missed.

One thing that is a mystery still is how does the key validate whether the 2x 8-bytes halves are valid. There doesn't seem to be a hash in use so it's likely to be some date, theme and operator bytes that are somehow masked with other values.

I need to read that Spanish doc and see if it gives any clues. It seems to have good info on what audience levels correspond to what keys within the card.
 

homercartman

Member
Joined
Oct 25, 2019
Messages
42
Reaction score
6
Points
8
My Satellite Setup
Cubsat 50, DVBSky S960, RPi3
My Location
France
cplfa indeed triggers quick lock unlock with ES keys.
 

Captain Jack

Burnt out human
Joined
Oct 21, 2006
Messages
11,797
Reaction score
7,980
Points
113
My Satellite Setup
See signature
My Location
North Somerset
Command 06 file is excellent - it's exactly what I wanted to see. It explains at least the first part of 8-bytes (not the last though, sadly). it all.

Another step closer to random words.
 
Last edited:

Captain Jack

Burnt out human
Joined
Oct 21, 2006
Messages
11,797
Reaction score
7,980
Points
113
My Satellite Setup
See signature
My Location
North Somerset
Thanks to @homercartman's docs, I was able to create properly formatted ECMs on the fly. With a bit of luck and following wind, we were able to get Premiere, Polish, older French and Spanish cards working in 'free access' mode.

One mystery is still around the grey key, which is not working still (same for Russian NTV+ card).

I think one thing left to try is using switching to the permutation table used by French decoders to combat pirate SECAM ones.
 

Captain Jack

Burnt out human
Joined
Oct 21, 2006
Messages
11,797
Reaction score
7,980
Points
113
My Satellite Setup
See signature
My Location
North Somerset
Here's what I think various bits in msg1[0] byte do.

Code:
    b = 0 << 7;    /* ?? Unused */
    b |= 0 << 6;    /* ?? Unused */
    b |= 1 << 5;    /* 0: clear, 1: scrambled */
    b |= 1 << 4;    /* Audio inversion frequency: 1: 12.8kHz, 0: ?kHz */
    b |= 0 << 3;    /* 0: full frame scrambling, 1: half-frame scrambling */
    b |= 0 << 2;    /* Seems to enable cut-and-rotate on some decoders (+ msg2[1] = 0x29) */
    b |= 1 << 1;    /* Scrambling type: 0: Discret 11, 1: Syster */
    b |= 0 << 0;    /* 6th high bit of audience level */

It's similar to @homercartman's findings. I am still not able to force the French decoders to use the new permutation table and I don't know how it's controlled.

German decoders also have videocrypt-like cut and rotate function. It's unclear yet whether the c/r sequences are affected by card's seed or not (Discret11 isn't). Nor what PRBS function is used but likely to be similar to others'.

It's a little different from Videocrypt in that the cut point can be anywhere in the frame. It doesn't seem to be limited to 256 points. Might be wrong though.
 

orizatriznyak

Member
Joined
Dec 12, 2019
Messages
32
Reaction score
6
Points
8
My Satellite Setup
Vu+Duo4kSE, Vu+Solo2, Wavefrontier T90 (via satip)
My Location
Budapest,Hungary
Old frequency charts identified the encryption system of Canal+ Espana as Nagravision & Videocrypt.
I didn't receive this channel back then, but maybe this cut&rotate function was used on this channel.
 

Captain Jack

Burnt out human
Joined
Oct 21, 2006
Messages
11,797
Reaction score
7,980
Points
113
My Satellite Setup
See signature
My Location
North Somerset
How weird. I wonder if someone mistook whatever c/r system was used for Videocrypt?
 

neo7530

Member
Joined
Nov 27, 2019
Messages
14
Reaction score
4
Points
3
Age
45
My Satellite Setup
Cable / Hacktv
My Location
Berlin
Finally found the key for all Premiere Keys 06 00 = 00 00 00 00 00 00 12 34 :D
Also i'm able to dump Premiere Keys now to extract all data we need.
 

E333&

Member
Joined
Jan 18, 2020
Messages
12
Reaction score
3
Points
3
Age
57
My Satellite Setup
TBS6983, Gtmedia V8x, Astra 19.2e, Hotbird 13e, Atlantic Bird 9e, Eutelsat 5w,
My Location
france
Hello everyone and sorry for bad english
First of all thank you to Captain jack and fsphil which I also thank and which allows to replay with the old materials of the years 80-90. I like very much even if everyone around me doesn’t understand the interest.
I experimented with some possibilities and I use dvblast to bring the stream video to Hacktv. I encrypt free channels and everything works. It reminds me of my youth and I use discret11.
Today I discovered steeviebops gui for windows and I also liked even if I prefer to stay under Linux.
Another big thank to all for allowing us to experiment.
See you soon
 

E333&

Member
Joined
Jan 18, 2020
Messages
12
Reaction score
3
Points
3
Age
57
My Satellite Setup
TBS6983, Gtmedia V8x, Astra 19.2e, Hotbird 13e, Atlantic Bird 9e, Eutelsat 5w,
My Location
france
analog french encryption was supplemented by purple lines. Is it possible to create this effect with the software?
Thank you
 

Captain Jack

Burnt out human
Joined
Oct 21, 2006
Messages
11,797
Reaction score
7,980
Points
113
My Satellite Setup
See signature
My Location
North Somerset
Hopefully soon. This mode uses a different permutation table to defeat illegitimate descramblers on SECAM channels. We haven't yet found a way to enable it in decoders.

However, if you just want to see it in action, you can make a quick code change.

Uncomment this section in syster.c:

https://github.com/captainjack64/ha...292ca186fffffc360bf49c26f1/syster.c#L126-L143

Change _key_table1 to _key_table2 on this line:

https://github.com/captainjack64/hacktv/blob/77a791d02ef536292ca186fffffc360bf49c26f1/syster.c#L325

Run hacktv in SECAM mode (either d, k or l). Your TV must support SECAM obviously...
 

E333&

Member
Joined
Jan 18, 2020
Messages
12
Reaction score
3
Points
3
Age
57
My Satellite Setup
TBS6983, Gtmedia V8x, Astra 19.2e, Hotbird 13e, Atlantic Bird 9e, Eutelsat 5w,
My Location
france
Thanks a lot. I will make some tests ASAP.
see you soon.
 

E333&

Member
Joined
Jan 18, 2020
Messages
12
Reaction score
3
Points
3
Age
57
My Satellite Setup
TBS6983, Gtmedia V8x, Astra 19.2e, Hotbird 13e, Atlantic Bird 9e, Eutelsat 5w,
My Location
france
Yes it works, I can see it in action in SECAM mode. As you said, it can't be enable with pic file and white keys.
Thank you.
 

E333&

Member
Joined
Jan 18, 2020
Messages
12
Reaction score
3
Points
3
Age
57
My Satellite Setup
TBS6983, Gtmedia V8x, Astra 19.2e, Hotbird 13e, Atlantic Bird 9e, Eutelsat 5w,
My Location
france
You fixed it. Could you please make a pic file for cfrfa?
Thanks for all
 

Captain Jack

Burnt out human
Joined
Oct 21, 2006
Messages
11,797
Reaction score
7,980
Points
113
My Satellite Setup
See signature
My Location
North Somerset
Yes, table 2 is now available. It was a single bit but there were a few things that threw me off.

I will make a cfrfa/ca PIC file next week.
 

Captain Jack

Burnt out human
Joined
Oct 21, 2006
Messages
11,797
Reaction score
7,980
Points
113
My Satellite Setup
See signature
My Location
North Somerset
There's an odd feature on Premiere decoders (and only those) that allows descrambling of cut-and-rotate transmissions, similar to Videocrypt. It's different to Videocrypt as uses a different sampling rate as well as different number, and location, of cut points on screen (225 possible cuts here vs 256 in Videocrypt/Eurocrypt).

It's not clear why it was implemented here and noone seems to have seen this being used anywhere. It could be similar to or even partially compatible with Smartcrypt, used on RTL9 in Luxembourg and Cryptovision used on BFBS on 27.5W and apparently cablenets in Ireland. If anyone has any video recordings of these, it would be useful to see the data there.

The side effect of this feature is that it's possible to enable BOTH, line shuffling (traditional Syster) and cut-and-rotate at the same time! Here's an example:


This is what it looks like with just cut and rotate, without line shuffling.

 

weakbit

Member
Joined
Feb 10, 2021
Messages
28
Reaction score
2
Points
3
Age
55
My Satellite Setup
T90 Wavefrontier 5°;0,8°W-4,8°7°;9°;10°;13°;16°;19,2°;21,5°;23,6°;26°;31,5°;33;39°;42°
My Location
Vienna Austria
@Captain Jack - but about the 31lines is also some thing to tell. This 31 lines each half picture are the top part and in the transmission are this 31 lines on the bottom side of the picture? why? The answer is simple V-RAM was in the early days of Videomemory expensive so they come to the idea to split the picture in 10parts each 31line - 625 line a fullframe, the vertical signal is 15*32µs. A half frame is 312,5lines - 1st half picture line1,3,5... 2nd half picture line 2,4,6... and so on. First the V-RAM are store the scrambled lines on the bottom sideof the picture. After storage the scrambled lines in the V-RAM(Video lines are scrambled write to V-RAM) then the vertical impulse occur. A new half picture is begin. The first line will be read out of the V-RAM (descrambled Video) and will sort in correct position to the 1st line, 3rd line, 5th line... and so on. During this time the 2nd V-RAM(Video lines are scrambled write to 2nd V-RAM) will be written with the scrambled Videolines. After this time the 2nd V-RAM will read out and sort the scrambled lines in correct order by line32.... and so on.
The V-RAM was so expensive and the slit the half screen into line blocks of 10times with 31lines. Only the line is changed not the Black should where is the Burst with 4,43361875MHz PAL625. So long weakbit
 
Last edited:
Top