BF on Via2 is go!

I

Ididndoit

Guest
[updated:LAST EDITED ON 07-May-02 AT 00:54 AM (GMT)]BF DAY - THE LITTLE GUYS STRIKE BACK!

It's finally here! Your chance to make the "year of the black tubes" maybe a little shorter. Nobody any longer needs to sit and wait for somebody to put a crack in Via2 for them. Whether you have been programming cards for years or only owned a satellite receiver or PC for a week, you can be a part of the greatest brute-force crew ever assembled.
All you need is a PC or PCs (permanent Internet connection not necessary) and the ability to read. Click on any of the links below, choose the language of your choice and read what you should do next. It's that simple!

http://keysearch.da.ru
http://keysearch.ubb.cc
http://keysearch.start.at

Let's roll,
THE DREAM TEAM



PS - If launch site is down due to heavy use, you can go direct to new member register page here: http://ucs2000.tsb.cx/newmember.asp
Registration is now automated. It should take 30 minutes maximum for you to be accepted. You will then get a mail with username and pass, and can access the members page to download UCSKeyfinder4 and order areas.



Have left this one up and running Ididndoit as it needs maximum attention, but normally cross posting is frowned upon and duplicate posts are deleted. Rolf
 
I

Ididndoit

Guest
Thanx, rolf. Apologies.
Don't know if it worked, but I just tried amending the original post. Good news - registration is now automated. Getting username and pass is now automated and will take no longer than 30 minutes after registering at new member site.
I have written two step-by-step FAQs about what to do next and how to use UCSKeyfinder4. Happy to post them here if there is a need.

Cheers to all here for support,
ID
 

rolfw

Believe it when I see it Admin.
Staff member
Joined
May 1, 1999
Messages
38,292
Reaction score
1,615
Points
113
My Satellite Setup
Technomate 5402 HD M2 Ci, DM7000s, Transparent 80cm Dish, Moteck SG2100 DiseqC motor, lots of legacy gear. Meters: Satlook Digital NIT, Promax HD Ranger+ spectrum analyser.
My Location
Berkshire
No problem Ididndoit, if you want to post the FAQ in the other thread, you can link to it from this one.

rolf
 
I

Ididndoit

Guest
Thanx. Step-by-step FAQs posted in the Viaccess forum. Have a go everybody. Will take 10 minutes of your time. You register, get a username and pass, download keyfinder, order some areas, they are sent to you by email, you save them into same folder as keyfinder, double click keyfinder, press start and you're searching - it's that easy!

FAQs are in the Viaccess section here: http://www.satellites.co.uk/scripts/webforum/DCForumID37/137.html#2
 

w hole

Regular Member
Joined
Jan 1, 2000
Messages
591
Reaction score
0
Points
0
My Location
uk
I can guess in essence what this is about, but purely for educational purposes, can you explain what is actually happening.

Regards

W.H.
 
I

Ididndoit

Guest
Sure . . . there are strong indications with Via2 that they are using the same algo as Via1 (unlike with Seca, which has made changes to algo). But indications need to be proved, one way or the other. The trick with Via2 seems to be a new super-secure card. We can't get in at all. Old backdoors commands don't work and even sophisticated tricks like Differential Power Analysis won't work. So . . .
While the hard work goes on to get in by sophisticated methods (and is going nowhere fast), we also devised a way that everybody can do something while they are watching the screens go black. They'd be waiting anyway, so better to wait and do something.
Effort has to be easy, or most people (lazy sods that we human beings are) won't do anything. Instead, just say, someone will crack it for me tomorrow. Ironically, same thing as they were saying about Conax about five years ago. So we what we do is design a system that takes about 10 minutes to learn, and about five minutes thinking about a week.
We are testing an algo and hunting an 08 key (which never changes for any Via provider at same time). We do this by testing op keys that would turn two things taken from a log - an Encrypted CW into a Decrypted CW. Op keys decrypt one to the other. And it is the decrypted CW in all encryption systems that actually gives you picture!
We have 2^64 keys to search for just a single op key that will turn Encrypted CW into Decrypted CW for the provider we chose. Massive numbers requiring massive numbers of PCs. And can take a long time. We will eventually find a key. We test this against other CW pairs taken for same provider while still using 08 key, and if it decrypts them also, hey presto everybody who took part found Viaccess kept same algo.
They may also get some TV back.
Instructions might seem difficult. What it actually amounts to for people who take part is . . . downloading a keyfinder, unzipping it, pressing a button to order some areas to search, and saving an area.text file that comes by email into same directory/folder they unzipped keyfinder. You double click keyfinder.exe, press search and that's it.
You are part of the biggest BF ever.
Current key and search key files are all created automatically by the program. When you've searched an area, you just return to member site and get it verified. You will have eliminated about 138 billion keys from the list of possibles and we'll never have to search them again.
Unusually for the satellite world, it is something every single person can do, not just hackers :)
 

wolsty

"Satellite Expert"
Joined
Jan 1, 2000
Messages
787
Reaction score
4
Points
18
Age
78
My Satellite Setup
VU+ Duo, Humax IRCI5400z, Sony Bravia KDL-32EX403, 1.1m Triax, Technomate TH-2600 DiSEqC mount, Sony BDV-E280 Home Cinema system, ancient Logik Freeview PVR.
My Location
Kernow
Have a look at my posting (earlier today) on vulnerable smart cards in the Keys forum. Does it help?
 

wolsty

"Satellite Expert"
Joined
Jan 1, 2000
Messages
787
Reaction score
4
Points
18
Age
78
My Satellite Setup
VU+ Duo, Humax IRCI5400z, Sony Bravia KDL-32EX403, 1.1m Triax, Technomate TH-2600 DiSEqC mount, Sony BDV-E280 Home Cinema system, ancient Logik Freeview PVR.
My Location
Kernow
Whoops!

The posting seems to have disappeared. I'll have another go.:-(
 
I

Ididndoit

Guest
Nothing helps with Via2 cards so far . . . not even a hammer and chisel :(. All old backdoors to reading cards shut down. So we'll go in mob-handed. There's more than one way to skin a cat ;)
 

wolsty

"Satellite Expert"
Joined
Jan 1, 2000
Messages
787
Reaction score
4
Points
18
Age
78
My Satellite Setup
VU+ Duo, Humax IRCI5400z, Sony Bravia KDL-32EX403, 1.1m Triax, Technomate TH-2600 DiSEqC mount, Sony BDV-E280 Home Cinema system, ancient Logik Freeview PVR.
My Location
Kernow
Rolfw advises that my posting may have been too long, so I've edited the text and reposted the article as Smartcard Vulnerability in the Keys Forum. I've checked and it's there.

It's not quite a hammer and chisel approach, but it does require a cheap flashgun and an optical microscope. Since the technique was developed at Cambridge University by a former Soviet Union missile engineer and his UK buddy, it may be worth a look!



:)
 
I

Ididndoit

Guest
Ah yes, Cambridge University . . . the great Marcus Kuhn country; such a pity he went over to the other side. Yep, I'll have a look. Read much of this stuff before - even NDS could kill a lot of cards by it. But thanx. :)
 

wolsty

"Satellite Expert"
Joined
Jan 1, 2000
Messages
787
Reaction score
4
Points
18
Age
78
My Satellite Setup
VU+ Duo, Humax IRCI5400z, Sony Bravia KDL-32EX403, 1.1m Triax, Technomate TH-2600 DiSEqC mount, Sony BDV-E280 Home Cinema system, ancient Logik Freeview PVR.
My Location
Kernow
I freely admit that this stuff is completely outside my competence, but from my understanding of academic research, papers tend not to be published unless they've been peer-reviewed and have some merit. Of course, there's always the sobering effect of the cold fusion claims to keep us sceptical, but if there's a chance that there's something in it, a short time spent reading the paper would pay dividends. Good luck!

You'll be pleased to know, Ididndoit, that in the tradiion of the belt and braces approach, I've followed up your request for a BF attack.



:-)
 
I

Ididndoit

Guest
Many thanx,
Every last man and woman counts . . . and we're starting to get a surprisingly large amount of them. May be a novelty to prove an algo one way or the other, rather than waiting for one to leak.
And it's certainly given everyone something to do as each new eclipse comes with the monthly moon almost these days. Even Nagra appears to be getting itchy feet. Since I don't watch much TV, this is actually more fun for me. But I appreciate most people don't see things that way. Indeed, getting normal service to resume, may take a little more effort than some are used to . But not much ;)
Thanx for pointing out the paper.
 
Top