How to Decode Encrypted Viaccess - part 1

[admin]

mrtoolate wrote this, The credite goes to him

in this post I will try to explain
how to Decode Encrypted Viaccess Word
For now I will use SOLTV Example,
beacause last byte of the Key is Even (94).

key09=06 E8 27 3B 2F C3 24 94

so you do not need to change the crypted word
I will post later how to change the crypted word after I explain the
Signture chack Algo.


Example of SLOTV
-----------------
Incoming ECM Instruction
CA 88 00 09 21
ACK 88
Received Encrypted Data
E2 03 2B 28 01 EA 10 B0 BD D8 4D 71 77 CF DD C4
27 54 7A 9F 30 1A B5 F0 08 6F 06 0A C1 02 1D B7 7F
90 00
Signature OK!!
Request Decrypted CW
CA C0 00 00 12
Reply Decrypted CW
C0 EA 10 EF 30 66 85 5A B0 88 92 2A 72 94 30 7E 15 EC 7F
90 00
--------------------------------------------------------

CA 88 instruction send to the card the encrypted word
The P2 byte (09 in the example) is the key number to be used
to decode the encrypted data obtained shortly.
The P3 byte indicates the number of bytes to be received by the card,
in this example hex 21 decimal 33.
In the 21 byte string are two encrypted 8 byte words which have to be
decrypted using the 7 byte of the key.
The card must send 88 ACK to the Reseiver in order to receive the P3 21
bytes.
Finally the card sends 90 00 if the Signature ok.

21 bytes breaks down to:-
-------------------------------------------------------
E2 03 :date nano & length
2B 28 01 :date 2001-09-08 (third byte unknown)
EA 10 :encrypted words nano & length
B0 BD D8 4D 71 77 CF DD :encrypted 1
C4 27 54 7A 9F 30 1A B5 :encrypted 2
F0 08 :Signature nano & length
6F 06 0A C1 02 1D B7 7F :Signature word

then the card send the 2 decrypted words
decrypted 1 =EF 30 66 85 5A B0 88 92
decrypted 2 =2A 72 94 30 7E 15 EC 7F
----------------------------------------------------------



before decoding first 7 keybytes are rotated left by 2 bytes.
key(k1 k2 k3 k4 k5 k6 k7 k -> key(k3 k4 k5 k6 k7 k1 k2 k
key09=06 E8 27 3B 2F C3 24 94 -> 27 3B 2F C3 24 06 E8 94



to decode do folowing steps 16 times
-key preparation
-data manipulation
-Viaccess mode
-Expansion or E-Table
-Substitution or S-Boxes
-Permutation or P Table
-PROCESS ITERATION



KEY PREPARATION
****************
We use only 7 byte or 56 bit of the key
which we split into two 28 bit halves and
we rotate each half 1 or 2 bits to the left depending on which of the
16 rounds we're on then put the two halves together.

A single rotation left means that the first
(most significant or left hand) bit moves to the last
(least significant or right hand) position and all the other bits move
one to the left.

The exact number of left rotations is determined by the table:

Round 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
No of rotations 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1

We then create a new 48 bit key by reordering 48 of the bits
in the 56 bit shifted key according to the pattern:

14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32

This means that the new 1st bit is the 14th old bit, new 2nd bit is
old 17th and so on with the new 48th bit being the old 32nd bit.
The old bits 9, 18, 22, 25, 35, 38, 43, 54 are not used.
This operation is called a Permutation and the table is called
Permuted Choice 2 or PC-2 in DES terminology.

then we split the result up into eight 6-bit blocks
Preparation of the key is now complete for a single round.
Note that the net result is that we have a new 48 bit in form
eight 6-bit blocks key for use later on.



DATA WORD MANIPULATION
**********************

The encrypted word is 8 bytes or 64 bits long.
The first thing to do is to split this into two halves each 32 bits
long or 4 byte called L and R.

Example:
encrypted word =B0 BD D8 4D 71 77 CF DD
L=B0 BD D8 4D
R=71 77 CF DD



Viaccess mode
**************

to change the first byte of R
1-8th byte of key multiplied by the first byte of R
(to get 2 byte or 16 bits word).
2-the first byte of R is added to result
(add 1 to upper byte if there was a carry with the lower byte).
3-8th byte of key is added to result on the same way.
4-the upper byte is subtracted from the lower byte.
(If there was a carry in this subtract then add 1)


Example:
--------
key(7)=94 // 8th byte of key
R(0)=71 // the first byte of R
1)- 94 * 71 = 4154
2)- 94 * 71 + 94 = 41E8
3)- 94 * 71 + 94 + 71 = 4259 (upper byte = 42 lower byte=59)
4)- 59 - 42 = 17
-------------------with carry
key(7)=94
R(0)=AB
1)- 94 * AB =62DC
2)- 94 * AB + 94=6370
3)- 94 * AB + 94 + AB=641B (upper byte = 64 lower byte = 1B)
4)- 1B - 64 = B7 with carry 1
B7 + 1=B8
---------



Expansion or E-Table
********************

Then we build a new R called R1 of length 48 bits
by using the pattern:

32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1

This means our R1 has its 1st bit as old R's last bit,
its 2nd bit as old R's 1st bit and so on with its last bit being
the ols R's 1st bit.
As you can see, some of old R's bits are used more than once.
The table is called the Expansion or E-Table.
then we split the result up into eight 6-bit blocks


end of part one