Log in
Register
Menu
Log in
Register
Home
What's new
Latest activity
Authors
Forums
New posts
Search forums
What's new
New posts
Latest activity
Members
Current visitors
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Forums
Satellite TV receivers & systems support forums
Analogue systems
Analogue Nagravision (Syster) encoder
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Captain Jack" data-source="post: 1078139" data-attributes="member: 243342"><p>Yes, I did notice that as well - I've no idea why it does this.</p><p></p><p>I am pretty sure there's another hidden descrambler available in that box. It's probably Smartcrypt - this was used by RTL9 I think. Cut and rotate...</p><p></p><p>At 2:38.</p><p>[MEDIA=youtube]45B97yjUeb0:158[/MEDIA]</p><p></p><p>I can even very briefly activate it by having a weaker signal to TV/decoder, which spontaneously scrambles the picture (while already decoding Syster).</p><p></p><p>[MEDIA=youtube]obl5rgQ-GxY[/MEDIA]</p><p></p><p>Beyond that, I don't know how else it works - I cycled 0x00 > 0xFF on the mode byte and didn't see anything beyond what you describe.</p><p></p><p>What hardware are you using? I've seen this before with a 'pirate' card but simply removing it and putting it back in sorts it. I never got to the bottom of it (though I never really investigated).</p><p></p><p>[MEDIA=youtube]ODJ7Eltt8aU:12[/MEDIA]</p><p></p><p></p><p>AFAIK, there were only two. One used by everyone before 1998 and then another one used by France post 1998 to combat pirate decoders. I don't think I ever managed to select this second table through VBI.</p><p></p><p></p><p>I did know the second frequency but cannot remember it. It's certainly not controlled by encryption. In fact, there's a pin on the TDA8xxx(?) chip in the decoder that you can set to high, which will enable this audio inversion.</p><p></p><p>I have been looking for French C+ tapes for ages! We have C+ Poland dumps and Premiere Germany, though [USER=410643]@fsphil[/USER], the main man behind this work, did not see many differences.</p><p></p><p>That said there definitely are as C+ Poland VBI never activates Premiere key and vice versa. I traced it down to ATR sent by the card during initialisation (02 00 command).</p><p></p><p>Premiere ATR:</p><p> (14:27:54) Q :02 00</p><p> (14:27:54) R :02 <strong>1C381405FF14E1E5</strong> 00</p><p> </p><p> C+ France:</p><p> (14:30:39) Q :02 00</p><p> (14:30:39) R :02 <strong>18381200FF148083</strong> 00</p><p> </p><p> C+ Poland:</p><p> (14:33:12) Q :02 00</p><p> (14:33:12) R :02 <strong>1CE00C01FF14E1E5</strong> 00</p><p> </p><p> NTV+:</p><p> (14:31:07) Q :02 00</p><p> (14:31:07) R :02 <strong>22E01600FF14E1E5</strong> 00</p><p></p><p>However, I have not traced it down to which part of this data actually determines whether the key is correct for the transmission.</p><p></p><p>If I have any time at all (difficult these days), I will investigate this further again.</p><p></p><p>It's fairly simple to get the dump. You just need a capture device and preferably a Linux OS to make this easier. Then just run $ cat /dev/vbi0 > vbidata.dat for a few minutes.</p><p></p><p>The key to success is a good quality recording and a VCR with preferably TBC (timebase correction) function. This allows to stabilise a relatively fast data rate of Syster VBI.</p><p></p><p>The other mystery is how does the decoder work out what s,r values to use given an 8-bit seed that it gets from the card. I am sure there is some LFSR shifting going on in multiple registers but, again, haven't looked at it in great detail. Pretty sure it does not rely on permutation tables for this.</p><p></p><p>If you have any info on the above, do let me know.</p></blockquote><p></p>
[QUOTE="Captain Jack, post: 1078139, member: 243342"] Yes, I did notice that as well - I've no idea why it does this. I am pretty sure there's another hidden descrambler available in that box. It's probably Smartcrypt - this was used by RTL9 I think. Cut and rotate... At 2:38. [MEDIA=youtube]45B97yjUeb0:158[/MEDIA] I can even very briefly activate it by having a weaker signal to TV/decoder, which spontaneously scrambles the picture (while already decoding Syster). [MEDIA=youtube]obl5rgQ-GxY[/MEDIA] Beyond that, I don't know how else it works - I cycled 0x00 > 0xFF on the mode byte and didn't see anything beyond what you describe. What hardware are you using? I've seen this before with a 'pirate' card but simply removing it and putting it back in sorts it. I never got to the bottom of it (though I never really investigated). [MEDIA=youtube]ODJ7Eltt8aU:12[/MEDIA] AFAIK, there were only two. One used by everyone before 1998 and then another one used by France post 1998 to combat pirate decoders. I don't think I ever managed to select this second table through VBI. I did know the second frequency but cannot remember it. It's certainly not controlled by encryption. In fact, there's a pin on the TDA8xxx(?) chip in the decoder that you can set to high, which will enable this audio inversion. I have been looking for French C+ tapes for ages! We have C+ Poland dumps and Premiere Germany, though [USER=410643]@fsphil[/USER], the main man behind this work, did not see many differences. That said there definitely are as C+ Poland VBI never activates Premiere key and vice versa. I traced it down to ATR sent by the card during initialisation (02 00 command). Premiere ATR: (14:27:54) Q :02 00 (14:27:54) R :02 [B]1C381405FF14E1E5[/B] 00 C+ France: (14:30:39) Q :02 00 (14:30:39) R :02 [B]18381200FF148083[/B] 00 C+ Poland: (14:33:12) Q :02 00 (14:33:12) R :02 [B]1CE00C01FF14E1E5[/B] 00 NTV+: (14:31:07) Q :02 00 (14:31:07) R :02 [B]22E01600FF14E1E5[/B] 00 However, I have not traced it down to which part of this data actually determines whether the key is correct for the transmission. If I have any time at all (difficult these days), I will investigate this further again. It's fairly simple to get the dump. You just need a capture device and preferably a Linux OS to make this easier. Then just run $ cat /dev/vbi0 > vbidata.dat for a few minutes. The key to success is a good quality recording and a VCR with preferably TBC (timebase correction) function. This allows to stabilise a relatively fast data rate of Syster VBI. The other mystery is how does the decoder work out what s,r values to use given an 8-bit seed that it gets from the card. I am sure there is some LFSR shifting going on in multiple registers but, again, haven't looked at it in great detail. Pretty sure it does not rely on permutation tables for this. If you have any info on the above, do let me know. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Satellite TV receivers & systems support forums
Analogue systems
Analogue Nagravision (Syster) encoder
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top