I didn´t know they could use keys from master provider. There´s only two active, 00 01, so I thought that was the list of providers. The system i am logging is a national wide cable-tv system in Sweden. Master Provider is called FF F4 10, the other provider is 00 88 00 which cover all channels, thankfully. I saw another Master Provider on an other system in Sweden where it was called FF F5 10.
It would make sense if it was a mk1 update because the have been using mk1 but uses mk4 at the moment. I´ve only seen those two mk´s in old logs. I just wonder what makes you think it´s an mk1 update. The ca 18 command tells you that it should decrypt it with mk1 from master but theres no indication of where to put it. Anyway, next step is to figure out how to get the mk´s in plain. BruteForce is out of the question so there has to be another way into the card.
Thanks for your help, if you have any other comments I would be glad to hear more from you.
Jowi