It consists of data mixing + DES + XOR + 3DES + XOR + DES + data mixing + XOR
Code:
- ECM: 80 70 54 00 90 03 02 3B 08 E2 03 3B 94 41 E2 03 3B 94 0D E2 03 3B 94 0B E2 03 3B 94 0E E2 03 3B 94 42 E2 03 3B 94 43 E2 03 3B 94 44 E2 03 3B 94 45 E2 03 3B 94 46 E2 03 3B 94 4A EA 10 B3 4C F5 49 87 A8 02 43 14 83 2E 08 F0 06 27 A0 F0 08 26 93 8A AE 84 F1 86 BC
- CWs: B34CF54987A8024314832E08F00627A0
- processDw->inputCW:B34CF54987A80243
- CW->After data mixing:B64EC6EDF88603D6
- indata after 1st Des:BA6196510E7401E6
- CW->After xxor:69DFC91227AEFE2F
- CW->After 3Des:2F4759CF1FD2746D
- CW->After xxor:FCF9068C36088BA4
- CW->After Des:23A5FC7AE5D8BF23
- processDw->outputDW after data mixing:4FE5F07A65D2D25E
- processDw->inputCW:14832E08F00627A0
- CW->After data mixing:74BFEF1866459E3A
- indata after 1st Des:329BF948FD68EA6A
- CW->After xxor:E125A60BD4B215A3
- CW->After 3Des:20FC03BC9975012C
- CW->After xxor:F3425CFFB0AFFEE5
- CW->After Des:7163657AF1294A88
- processDw->outputDW after data mixing:A5E58E73DEE66951
- Final DW after xor: F9827BF6E770B91016A97B3A594E6B12
Incoming Viaccess ECM packet...
80 70 54 00 90 03 02 3B 08 E2 03 3B 91 41 E2 03
3B 91 0D E2 03 3B 91 0B E2 03 3B 91 0E E2 03 3B
91 42 E2 03 3B 91 43 E2 03 3B 91 44 E2 03 3B 91
45 E2 03 3B 91 46 E2 03 3B 91 4A EA 10 8B 87 E0
50 9F A1 D3 C7 D2 30 28 E2 0D 7F C4 B0 F0 08 A2
56 6F F2 70 E8 AE 4B
CW1: 7A 25 FF 9E 27 A1 F7 BF
CW2: 11 52 1C 7F 08 AA 68 1A
Incoming Viaccess ECM packet...
81 70 59 00 90 03 02 3B 08 E2 03 3B 91 41 E2 03
3B 91 0D E2 03 3B 91 0B E2 03 3B 91 0E E2 03 3B
91 42 E2 03 3B 91 43 E2 03 3B 91 44 E2 03 3B 91
45 E2 03 3B 91 46 E2 03 3B 91 47 E2 03 3B 91 4A
EA 10 3D D8 14 86 55 1F 50 5D A8 00 F4 29 E1 B7
B2 7F F0 08 59 8D 28 51 2C FA 6F E2
CW1: 5C 3F DF 7A BD DF 5C F8
CW2: 01 43 1B 5F 90 0B 05 A0
void via26_decode(unsigned char *data) {
unsigned char tmp[8];
for (int i = 0; i <= 7; i++) tmp[i] = data_023B00[MASKTABLE+data[i]];
for (int i = 0; i <= 7; i++) data[i] = tmp[data_023B00[PERMTABLE+i]];
des_des(data,&data_023B00[DES***],DES_ENCRYPT);
xxor(data, 8, data, &data_023B00[XORTABLE]);
des_des(data,&data_023B00[TRIPLEDES*** ],DES_DECRYPT);
des_des(data,&data_023B00[TRIPLEDES***+8],DES_ENCRYPT);
des_des(data,&data_023B00[TRIPLEDES*** ],DES_DECRYPT);
xxor(data, 8, data, &data_023B00[XORTABLE]);
des_des(data,&data_023B00[DES***],DES_DECRYPT);
for (int i=0; i<=7; i++) tmp[data_023B00[PERMTABLE+i]] = data[i];
for (int i=0; i<=7; i++) data[i] = data_023B00[MASKTABLE+tmp[i]];
}
//via26_decrypt(source+9,source[2]-6,dw,dw+8));
int via26_decrypt(byte *data, int len, byte *des_data1, byte *des_data2) {
int msg_pos; // current position on rx_msg
int encStart;
unsigned char signature[8];
// clear buffer
msg_pos = 0;
// for all sub messages in data
while(msg_pos<len) {
switch(data[msg_pos]) {
case 0xea: // encrypted bytes
encStart = msg_pos + 2;
memcpy(des_data1,&data[msg_pos+2],8);
memcpy(des_data2,&data[msg_pos+2+8],8);
break;
case 0xf0: // signature
memcpy(signature,&data[msg_pos+2],8);
break;
}
msg_pos += data[msg_pos+1]+2; // move to next position
}
via26_decode(des_data1);
via26_decode(des_data2);
xxor(des_data1, 8, des_data1, &data_023B00[CW1XOR]);
xxor(des_data2, 8, des_data2, &data[encStart]);
dl(misc_printf("CW1: "))
dl(misc_dump(des_data1, 8))
dl(misc_printf("CW2: "))
dl(misc_dump(des_data2, 8))
return 1;
}
alıntıdır...
Viaccess 2.6 şifreleme sistemi kırılmıştır
Code:
- ECM: 80 70 54 00 90 03 02 3B 08 E2 03 3B 94 41 E2 03 3B 94 0D E2 03 3B 94 0B E2 03 3B 94 0E E2 03 3B 94 42 E2 03 3B 94 43 E2 03 3B 94 44 E2 03 3B 94 45 E2 03 3B 94 46 E2 03 3B 94 4A EA 10 B3 4C F5 49 87 A8 02 43 14 83 2E 08 F0 06 27 A0 F0 08 26 93 8A AE 84 F1 86 BC
- CWs: B34CF54987A8024314832E08F00627A0
- processDw->inputCW:B34CF54987A80243
- CW->After data mixing:B64EC6EDF88603D6
- indata after 1st Des:BA6196510E7401E6
- CW->After xxor:69DFC91227AEFE2F
- CW->After 3Des:2F4759CF1FD2746D
- CW->After xxor:FCF9068C36088BA4
- CW->After Des:23A5FC7AE5D8BF23
- processDw->outputDW after data mixing:4FE5F07A65D2D25E
- processDw->inputCW:14832E08F00627A0
- CW->After data mixing:74BFEF1866459E3A
- indata after 1st Des:329BF948FD68EA6A
- CW->After xxor:E125A60BD4B215A3
- CW->After 3Des:20FC03BC9975012C
- CW->After xxor:F3425CFFB0AFFEE5
- CW->After Des:7163657AF1294A88
- processDw->outputDW after data mixing:A5E58E73DEE66951
- Final DW after xor: F9827BF6E770B91016A97B3A594E6B12
Incoming Viaccess ECM packet...
80 70 54 00 90 03 02 3B 08 E2 03 3B 91 41 E2 03
3B 91 0D E2 03 3B 91 0B E2 03 3B 91 0E E2 03 3B
91 42 E2 03 3B 91 43 E2 03 3B 91 44 E2 03 3B 91
45 E2 03 3B 91 46 E2 03 3B 91 4A EA 10 8B 87 E0
50 9F A1 D3 C7 D2 30 28 E2 0D 7F C4 B0 F0 08 A2
56 6F F2 70 E8 AE 4B
CW1: 7A 25 FF 9E 27 A1 F7 BF
CW2: 11 52 1C 7F 08 AA 68 1A
Incoming Viaccess ECM packet...
81 70 59 00 90 03 02 3B 08 E2 03 3B 91 41 E2 03
3B 91 0D E2 03 3B 91 0B E2 03 3B 91 0E E2 03 3B
91 42 E2 03 3B 91 43 E2 03 3B 91 44 E2 03 3B 91
45 E2 03 3B 91 46 E2 03 3B 91 47 E2 03 3B 91 4A
EA 10 3D D8 14 86 55 1F 50 5D A8 00 F4 29 E1 B7
B2 7F F0 08 59 8D 28 51 2C FA 6F E2
CW1: 5C 3F DF 7A BD DF 5C F8
CW2: 01 43 1B 5F 90 0B 05 A0
void via26_decode(unsigned char *data) {
unsigned char tmp[8];
for (int i = 0; i <= 7; i++) tmp[i] = data_023B00[MASKTABLE+data[i]];
for (int i = 0; i <= 7; i++) data[i] = tmp[data_023B00[PERMTABLE+i]];
des_des(data,&data_023B00[DES***],DES_ENCRYPT);
xxor(data, 8, data, &data_023B00[XORTABLE]);
des_des(data,&data_023B00[TRIPLEDES*** ],DES_DECRYPT);
des_des(data,&data_023B00[TRIPLEDES***+8],DES_ENCRYPT);
des_des(data,&data_023B00[TRIPLEDES*** ],DES_DECRYPT);
xxor(data, 8, data, &data_023B00[XORTABLE]);
des_des(data,&data_023B00[DES***],DES_DECRYPT);
for (int i=0; i<=7; i++) tmp[data_023B00[PERMTABLE+i]] = data[i];
for (int i=0; i<=7; i++) data[i] = data_023B00[MASKTABLE+tmp[i]];
}
//via26_decrypt(source+9,source[2]-6,dw,dw+8));
int via26_decrypt(byte *data, int len, byte *des_data1, byte *des_data2) {
int msg_pos; // current position on rx_msg
int encStart;
unsigned char signature[8];
// clear buffer
msg_pos = 0;
// for all sub messages in data
while(msg_pos<len) {
switch(data[msg_pos]) {
case 0xea: // encrypted bytes
encStart = msg_pos + 2;
memcpy(des_data1,&data[msg_pos+2],8);
memcpy(des_data2,&data[msg_pos+2+8],8);
break;
case 0xf0: // signature
memcpy(signature,&data[msg_pos+2],8);
break;
}
msg_pos += data[msg_pos+1]+2; // move to next position
}
via26_decode(des_data1);
via26_decode(des_data2);
xxor(des_data1, 8, des_data1, &data_023B00[CW1XOR]);
xxor(des_data2, 8, des_data2, &data[encStart]);
dl(misc_printf("CW1: "))
dl(misc_dump(des_data1, 8))
dl(misc_printf("CW2: "))
dl(misc_dump(des_data2, 8))
return 1;
}
alıntıdır...
Viaccess 2.6 şifreleme sistemi kırılmıştır
Yorum