Log in
Register
Menu
Log in
Register
Home
What's new
Latest activity
Authors
Forums
New posts
Search forums
What's new
New posts
Latest activity
Members
Current visitors
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Forums
Satellite TV receivers & systems support forums
Analogue systems
Analogue Nagravision (Syster) encoder
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="homercartman" data-source="post: 1081692" data-attributes="member: 414304"><p>Hi [USER=243342]@Captain Jack[/USER]</p><p></p><p>I did some tests. Here they are (I'm referring to plastic keys as cards, as it could be confusing when talking about encryption keys) </p><table style='width: 100%'><tr><td><p style="text-align: left">card #</p> </td><td><p style="text-align: left">country</p> </td><td><p style="text-align: left">subscriptions</p> </td><td><p style="text-align: left">result with cfrca and no code mod</p> </td><td><p style="text-align: left">result with cfrfa and _CFR_FIXED</p> </td><td><p style="text-align: left">result with cplca</p> </td><td><p style="text-align: left">result with cfrfa and vbioffset = -4</p> </td><td><p style="text-align: left">result with cfrfa and vbioffset = -3</p> </td><td><p style="text-align: left">result with cfrfa and _vbioffset = -3 and _CFR_FIXED</p> </td></tr><tr><td><p style="text-align: left">1</p> </td><td><p style="text-align: left">fr</p> </td><td><p style="text-align: left">Feb 2005</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">quick lock unlock</p> </td><td><p style="text-align: left">quick lock unlock</p> </td></tr><tr><td><p style="text-align: left">2</p> </td><td><p style="text-align: left">fr</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">quick lock unlock</p> </td><td><p style="text-align: left">quick lock unlock</p> </td></tr><tr><td><p style="text-align: left">3</p> </td><td><p style="text-align: left">fr</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">quick lock unlock</p> </td><td><p style="text-align: left">quick lock unlock</p> </td></tr><tr><td><p style="text-align: left">4</p> </td><td><p style="text-align: left">es</p> </td><td><p style="text-align: left">Jan 03</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">quick lock unlock</p> </td><td><p style="text-align: left">quick lock unlock</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td></tr><tr><td><p style="text-align: left">5</p> </td><td><p style="text-align: left">es</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">quick lock unlock</p> </td><td><p style="text-align: left">quick lock unlock</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td></tr><tr><td><p style="text-align: left">6</p> </td><td><p style="text-align: left">es</p> </td><td><p style="text-align: left">Jan 04</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">quick lock unlock</p> </td><td><p style="text-align: left">quick lock unlock</p> </td><td><p style="text-align: left">none</p> </td><td><p style="text-align: left">none</p> </td></tr></table><p></p><p>quick lock unlock means: 0.5 second of sound then vanish. I wish to stand corrected regarding my previous post: there is no 32 lign align. Only audio.</p><p> </p><p>Is there something to do with k64 and the cards? Unfortunately I have no means to read my own key-shaped cards.</p><p></p><p>In a spanish document I found, the ATR is supposed to be 1C 38 0C 01 FF 14 E1 E5 .</p><p></p><p></p><p>As for the MS/MF discussion in Note_cle.pdf, here is my translation and inlined interpretation.</p><p></p><p>Basically it says the following:</p><p></p><p>06 frames contain the header (06) with the audience (11), then a "fixed word" (so called "MF") of first 8 bytes -- that is supposed to go along with the audience--, then a "variable word" (so called "MS") of other 8 bytes.</p><p></p><p>Then it says there is a correspondence between the contents of MF and the response from the card ("dmf", I guess: "decoded MF").</p><p>Same for MS.</p><p>It guesses that dmf corresponds to the <strong>4 last bytes </strong>of the card response.</p><p>It guesses that dms corresponds to the <strong>4 first bytes</strong> of the card response.</p><p></p><p>Then it enumerates several synthetic tests and observations:</p><p>Test A -</p><p>MF = fixed value, consistent with the audience</p><p>(note: I guess "MF fixed consistent" means: always use <strong>THE</strong> first 8 byte half that has been actually sent by decoder as part of <strong>ONE</strong> authentic 06 11 message )</p><p>MS = chosen with sliding mask</p><p>-> dmf is constant</p><p>-> dms is variable</p><p></p><p>Test B -</p><p>MF = variable consistent value, changing at every test</p><p>(note: I guess "variable consistent" means: use <strong>ANY</strong> first 8 byte half that has been actually sent by decoder as part OF <strong>A SET OF </strong>authentic 06 11 message<strong>s</strong> )</p><p>MS = 0.</p><p>-> dmf varies but is always even</p><p>-> dms is always 0x025C9753 (but can depend on the key chosen by audience).</p><p>(author says it should be tried with other keys and audiences)</p><p></p><p>Ttest C - varying 1 bit of MS radically changes dms</p><p><strong>note from myself: reading this document at this point, encryption is likely at stake for those 2x8 bytes (MS, MF) and I guess it works with 64 bit word frontiers.</strong></p><p></p><p>Test D -</p><p>MF = fixed consistent value, as in test A</p><p>MS = variable consistent MF</p><p>-> dmf is constant</p><p>-> dms is somehow constant, either 0x1101FF or 0x110140 (might depend on the key).</p><p></p><p>Test E -</p><p>MS = fixed yet inconsistent MF (ie: first 8 byte half sent as part of ONE authentic 06 xx message where xx != 11)</p><p>-> dmf is constant</p><p>-> dms varies, contrarily to test D</p><p></p><p>Test F - each process entry is 64 bits, the result is 32 bit". <strong>I guess it means: decoder sends 64 bits, card gives back 32. Obviously, some input data from decoder is dedicated to encrypted CW, some other to encrypted card management (subscription dates?) and the card only replies the decrypted CW.</strong></p><p>Test G - whatever MF, dmf MSByte is always <= 0x1F. ie dmf is always < 0x1FFFFFFF.</p><p>Test H - whatever MS, dms MSByte is always<= 0x7F. ie, dms is always < 0x7FFFFFFF.</p><p></p><p></p><p>Hope this helps.</p><p></p><p>EDIT: found this in my old archives:</p><p>[URL unfurl="true"]https://we.tl/t-5osIXTjW4J[/URL]</p><p>[URL unfurl="true"]https://we.tl/t-zLTVJXXJst[/URL]</p><p></p><p>which might be of great help regarding command 06.</p></blockquote><p></p>
[QUOTE="homercartman, post: 1081692, member: 414304"] Hi [USER=243342]@Captain Jack[/USER] I did some tests. Here they are (I'm referring to plastic keys as cards, as it could be confusing when talking about encryption keys) [TABLE] [TR] [TD][LEFT]card #[/LEFT][/TD] [TD][LEFT]country[/LEFT][/TD] [TD][LEFT]subscriptions[/LEFT][/TD] [TD][LEFT]result with cfrca and no code mod[/LEFT][/TD] [TD][LEFT]result with cfrfa and _CFR_FIXED[/LEFT][/TD] [TD][LEFT]result with cplca[/LEFT][/TD] [TD][LEFT]result with cfrfa and vbioffset = -4[/LEFT][/TD] [TD][LEFT]result with cfrfa and vbioffset = -3[/LEFT][/TD] [TD][LEFT]result with cfrfa and _vbioffset = -3 and _CFR_FIXED[/LEFT][/TD] [/TR] [TR] [TD][LEFT]1[/LEFT][/TD] [TD][LEFT]fr[/LEFT][/TD] [TD][LEFT]Feb 2005[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]quick lock unlock[/LEFT][/TD] [TD][LEFT]quick lock unlock[/LEFT][/TD] [/TR] [TR] [TD][LEFT]2[/LEFT][/TD] [TD][LEFT]fr[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]quick lock unlock[/LEFT][/TD] [TD][LEFT]quick lock unlock[/LEFT][/TD] [/TR] [TR] [TD][LEFT]3[/LEFT][/TD] [TD][LEFT]fr[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]quick lock unlock[/LEFT][/TD] [TD][LEFT]quick lock unlock[/LEFT][/TD] [/TR] [TR] [TD][LEFT]4[/LEFT][/TD] [TD][LEFT]es[/LEFT][/TD] [TD][LEFT]Jan 03[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]quick lock unlock[/LEFT][/TD] [TD][LEFT]quick lock unlock[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [/TR] [TR] [TD][LEFT]5[/LEFT][/TD] [TD][LEFT]es[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]quick lock unlock[/LEFT][/TD] [TD][LEFT]quick lock unlock[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [/TR] [TR] [TD][LEFT]6[/LEFT][/TD] [TD][LEFT]es[/LEFT][/TD] [TD][LEFT]Jan 04[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]quick lock unlock[/LEFT][/TD] [TD][LEFT]quick lock unlock[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [TD][LEFT]none[/LEFT][/TD] [/TR] [/TABLE] quick lock unlock means: 0.5 second of sound then vanish. I wish to stand corrected regarding my previous post: there is no 32 lign align. Only audio. Is there something to do with k64 and the cards? Unfortunately I have no means to read my own key-shaped cards. In a spanish document I found, the ATR is supposed to be 1C 38 0C 01 FF 14 E1 E5 . As for the MS/MF discussion in Note_cle.pdf, here is my translation and inlined interpretation. Basically it says the following: 06 frames contain the header (06) with the audience (11), then a "fixed word" (so called "MF") of first 8 bytes -- that is supposed to go along with the audience--, then a "variable word" (so called "MS") of other 8 bytes. Then it says there is a correspondence between the contents of MF and the response from the card ("dmf", I guess: "decoded MF"). Same for MS. It guesses that dmf corresponds to the [B]4 last bytes [/B]of the card response. It guesses that dms corresponds to the [B]4 first bytes[/B] of the card response. Then it enumerates several synthetic tests and observations: Test A - MF = fixed value, consistent with the audience (note: I guess "MF fixed consistent" means: always use [B]THE[/B] first 8 byte half that has been actually sent by decoder as part of [B]ONE[/B] authentic 06 11 message ) MS = chosen with sliding mask -> dmf is constant -> dms is variable Test B - MF = variable consistent value, changing at every test (note: I guess "variable consistent" means: use [B]ANY[/B] first 8 byte half that has been actually sent by decoder as part OF [B]A SET OF [/B]authentic 06 11 message[B]s[/B] ) MS = 0. -> dmf varies but is always even -> dms is always 0x025C9753 (but can depend on the key chosen by audience). (author says it should be tried with other keys and audiences) Ttest C - varying 1 bit of MS radically changes dms [B]note from myself: reading this document at this point, encryption is likely at stake for those 2x8 bytes (MS, MF) and I guess it works with 64 bit word frontiers.[/B] Test D - MF = fixed consistent value, as in test A MS = variable consistent MF -> dmf is constant -> dms is somehow constant, either 0x1101FF or 0x110140 (might depend on the key). Test E - MS = fixed yet inconsistent MF (ie: first 8 byte half sent as part of ONE authentic 06 xx message where xx != 11) -> dmf is constant -> dms varies, contrarily to test D Test F - each process entry is 64 bits, the result is 32 bit". [B]I guess it means: decoder sends 64 bits, card gives back 32. Obviously, some input data from decoder is dedicated to encrypted CW, some other to encrypted card management (subscription dates?) and the card only replies the decrypted CW.[/B] Test G - whatever MF, dmf MSByte is always <= 0x1F. ie dmf is always < 0x1FFFFFFF. Test H - whatever MS, dms MSByte is always<= 0x7F. ie, dms is always < 0x7FFFFFFF. Hope this helps. EDIT: found this in my old archives: [URL unfurl="true"]https://we.tl/t-5osIXTjW4J[/URL] [URL unfurl="true"]https://we.tl/t-zLTVJXXJst[/URL] which might be of great help regarding command 06. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Satellite TV receivers & systems support forums
Analogue systems
Analogue Nagravision (Syster) encoder
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top