ENCRYPTION - HOW IT ALL WORKS

Kui soovid välja käia mingi tarkusetera siis postita siia. Vastusteks olgu ainult teema edasiarendused.
Kasutaja avatar
admin
Admin
Postitusi: 594
Liitunud: 15:06, 11 Jaan 2003
Asukoht: Saaremaa
    unknown unknown
On tänanud: 6 korda
On tänatud: 22 korda
Kontakt:

ENCRYPTION - HOW IT ALL WORKS

PostitusPostitas admin » 07:01, 14 Jaan 2003

ENCRYPTION - HOW IT ALL WORKS (DICKY)

ONUNO wrote this, The credite goes to him

Terminology.
Management Keys
Every card has MKs, which are hard to decrypt due to DES. They never change, are different for each card, and are used to decrypt operational keys.
Operational Keys (Op-Keys)
Can be changed every few hours (Sex-View), days (SCT) or every month (Seca). These are encrypted using a method known as DES. Every card for a given provider has the same op key. Op keys are used to decrypt the CW.
The CW
This is used to decode the video signal in real time. The video signal is encoded using a simple algorithm

Encoding/Decoding - weak scrambling system used on the video data
Encryption/Decryption - strong scrambling systems used for keys

OVERVIEW:
video signal (weakly encoded) is decrypted by CW.
Op- keys (strongly encrypted in DES) are used to decrypt the CW
management keys (strongly encrypted in DES) used to decrypt the op keys.

Full explanation
To prevent unauthorised veiwing of a channel, the service provider has to encode the video signal. However they can't use a very strong encoding algorith to do this because they would not be able to encode the video signal fast enough, and your receiver would not be able to decode fast enough, for you to watch it. Remember the video signal contains megabytes of data every second!!

So they encode the video signal by a very basic method. One such basic method is to use the logical operation XOR which stands for eXclusive OR.

XOR operates on ever single bit of the video signal (a bit is a binary digit - either a zero or a one) It works like this.

If the data bit is 0 and the key bit is 0 then the result bit is 0
If the data bit is 0 and the key bit is 1 then the result bit is 1
If the data bit is 1 and the key bit is 0 then the result bit is 1
If the data bit is 1 and the key bit is 1 then the result bit is 0

For example this is how we encode data using XOR

01101000 = clear video data
10101011 = encoding key
11000011 = result (encoded video data)

To understand the above example, read the ones and zeros in each vertical column, a one and a zero in a column produce a one in the result , two zeros or two ones in a column produce a zero in the result.

Decoding is just a matter of applying the same key to the encoded video data like this:

11000011 = encoded video data
10101011 = decoding key
01101000 = result - which you will see is the same as the original clear video data!

Using a method such as logical XOR is a very quick way of encoding a lot of data, but it is not a very secure way of doing it. One easy way to break XOR encoding for instance, is to look for parts of the data that would have originally been a long sequence of zero's. When you encode all zero data with XOR this is what happens:

00000000 = clear data
10101011 = key
10101011 = result which is the same as the key!

Please remember that these above examples are not necessarily the actual technique used for Viaccess encoding, In fact as of yet I have been unable to determine the exact method used. However they do demonstrate the basic principle. Also the above examples used a key that was only 8 bits long - in reality we use one which is 64 bits long. In other words a sequence of 64 ones and zeros!

Also remember that the decoding of the video signal itself takes place in the CAM/Reciever - NOT in the smartcard.



« Last Edit: - by » Logged



dicky96
Member
Member



Posts: 83
« on: 19.02.2002 15:48 »

------------------------------------------------------------
--------------------
PART TWO
-----------

The problem with these simple encoding methods is that it would be fairly easy to devise special hardware that could determine the key used for XOR encoding almost in real time. Although they used a different method to the one I've demonstrated here, old scrambling systems such as Filmnet/Teleclub/RTL4 are a good example of pirate decoders that were able to decode the video signal without needing the encoding key.

To prevent the current systems being hacked in this way the encoding key used is changed very often, usually every 5 to 10 seconds! This key (according to various different documentation) is called the "Control Word", "Check Word" or "Command Word". We will simply call it "CW"

In order for your receiver to decode the video signal, it needs to know the correct CW to use and it has to receive a new CW every 5 seconds or so. In Viaccess this CW is sent to the receiver in a message called an "Entitlement Control Message" or ECM.

To prevent pirates from intercepting the ECM (and the CW it contains) the CW is encrypted using a powerful encryption technique called DES. DES itself is the topic of another FAQ, all we need to say here is that it is very difficult to break DES encryption without knowing the key used.

The ECM is passed by the receiver to the smart card, which contains the DES algorithm, and the necessary key to decode it. A smart card can easily handle using DES to decrypt one CW every five or ten seconds The smart card takes the encrypted CW contained in the ECM, decrypts it using a key, and passes the decrypted (or clear) CW back to the receiver to decode the video signal. The key used to decrypt the CW is called an operational key, or op-key. Some documentation also refers to this key as SOK, or service operators key. We'll use the term "op-key". These op-keys are the ones you see posted on boards such as Vkeys - key 08: 09; etc.

There a couple other points about ECMs that are worthy of note:

Firstly the smart card actually contains a whole set of op-keys, and the ECM tells it which one to use to decode the CW.

Secondly the ECMs actually contain two CWs. The one being used now, and the one to be used next, this allows the card enough time to decrypt the next CW (using DES) before it is required to be used. This prevents any breakup of the video signal when it switches to the new CW.

Obviously there is only one video data stream being transmitted on one channel at a time, so all receivers have to use the same CW to decode it. Because there is not enough time to transmit different encrypted ECMs to different receivers every 5 seconds, it also stands to reason that each receiver gets the same encrypted CW and needs the same key to decrypt. So all smart cards for a given channel contain the SAME SET of op-keys!

But there is a problem with this. If all cards have to contain the same set of keys, then once pirates have access to those keys the service is hacked, and the service operator would have to replace all the cards it has issued, which is very costly and time consuming.

So to get around this problem the op-keys are sent to the smart card in a message called an EMM, or Entitlement Management Message. This means thet the op-keys can be changed without replacing all the cards. The EMM containing the op-keys is again encrypted with DES, and in this case it is decrypted using a key called a Management Key or MK.

Because new op-keys only need to be sent to the card periodically (say every month, week, or in the case of Sexveiw, every 8 hours), it is perfectly feasible to have a different MK in each card, and to address a specific EMM to each card that can only be decrypted with that cards MK. In fact this is exactly what is done. Each card has a specific unique address UA and a specific set of Master keys MK00 - MK07.

The EMM tells the smart card which MK it needs to use to decrypt the op-key contained in the EMM, and the EMM is also addressed to a specific card using the UA. In practice some large service provides who have lots of cards use groups of 256 or 4096 cards which have the same shared address (SA) and the same master keys.

The EMMs containing the new op-keys are sent out over and over again during the days/hours before an op-key change so that each card has chance to receive the new key at least once before that key is used.

The idea behind the above system was that if pirates broke into a card and found the MKs, as soon as those keys became public the service operator could "kill" the official card using those MKs and at the same time "kill" all the clones of that card. If the pirate cards just contained the op-keys then those cards would only last until the next op-key update, which could be only a few hours away.

The current weakness in this system is of course the Internet. At the time it was designed, no one imagined we would have boards such as Vkeys instantly accessible to thousands of people and containing the current op-keys, which of course are the same for all cards. And of course thanks must go to all the kind people who log those channels for EMMs and kindly post the op-keys for the rest of us![/u]

Mine

Kes on foorumil

Kasutajad foorumit lugemas: Registreeritud kasutajaid pole ja 12 külalist