Here are the ways to do this:
- in one special case (Irdeto v1 using a FreeCAM) it is possible to enter the Irdeto plainkeys into the CAM using either a hex editor on the firmware and then loading the firmware in the CAM, or else directly using the remote-control and a special menu that the CAM presents on screen.
- in some cases such as D2MAC and Mediaguard v1, it is possible to enter new keys into the card using the remote control of the receiver while the card is inserted. This piggybacks the facility normally used to update the parental-code/PIN of the machine. It requires that the card software has been written to allow this "remote update" facility
- in all cases, it is possible to enter the keys into the hex files that you load into the card. Almost always, it is the "eeprom" file that you need to edit, since that is the one containing the keys (I only know of a few exceptions to this, where the keys were contained in the PIC file rather than the eeprom file). Getting the keys into that hex file can be done in two ways. Either directly using a hexadecimal editor (such as Frhed). Or else by using a special key-editor that is designed to work with that particular eeprom-file design.
Some key editors can work with a wide range of files, for a wide range of cards. Perhaps the single most powerul is PicBinEdit.
When entering the keys (by whatever method) it is important to understand something about the key structure. EG the difference between operational keys and master keys.
If you have an auto-updating (AU) card, then you will get away with updating it less frequently (if at all). An AU card is one loaded with AU-capable program (PIC/flash) file, and master-keys of some description in the eeprom. There are heirarchies of masterkeys (and the specific terms/structure vary from encryption system to encryption system). The degree to which your card is AU will depend on the type of (master)key you put in there.
As well as key-changes, a provider can also use other tricks. These are usually referred to as "attacks" although that's a silly term since actually it is a defence (against the pirates). They exploit the fact that no card hack is identical to the original card. In other words, the way a hobby card reacts to certain provider-initiated control messages/commands may be different to the way an official subscriber card reacts. So they can cause pirate cards to switch off without affecting subscriber cards, and without having to change the keys themselves.
2old