How Do I Crack Satellite and Cable Pay TV?

Video in TIB AV-Portal: How Do I Crack Satellite and Cable Pay TV?

Formal Metadata

How Do I Crack Satellite and Cable Pay TV?
Title of Series
Part Number
Number of Parts
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Follow the steps taken to crack a conditional access and scrambling system used in millions of TV set-top-boxes across North America. From circuit board to chemical decapsulation, optical ROM extraction, glitching, and reverse engineering custom hardware cryptographic features. This talk describes the techniques used to breach the security of satellite and cable TV systems that have remained secure after 15+ years in use. Topics include: chemical decapsulation and delayering of ICs in acids, microphotography and optical bit extraction of ROM, binary analysis using IDA and homebrew CPU simulators, datalogging and injection of SPI and serial TS data, designing and using a voltage glitcher, extracting secret keys from RAM of a battery-backed IC, analyzing hardware-based crypto customizations, studying undocumented hardware peripherals, MPEG transport streams and non-DVB-standards, QPSK demodulation, interleaving, randomization, FEC of OOB (out-of-band) cable data. The result is knowledge of the transport stream scrambling modes and knowledge of the conditional access system used to deliver keys. Strong and weak points are identified, advanced security features implemented nearly 20 years ago are compared to modern security designs. A softcam is designed and tested using free software, working for cable and satellite TV.
Building Pay television Variety (linguistics) Multiplication sign Electronic program guide 1 (number) Streaming media Mereology Code Frequency Operator (mathematics) Computer hardware Encryption System programming Cuboid Information security Firmware Computing platform Module (mathematics) Standard deviation Information File format Set-top box Decipherment Type theory Data management Computer animation Musical ensemble Digitizing
Service (economics) Pay television Link (knot theory) Differential (mechanical device) Patch (Unix) Range (statistics) Device driver Streaming media Disk read-and-write head Computer programming Theory Different (Kate Ryan album) Computer hardware System programming Associative property Condition number Module (mathematics) Information Key (cryptography) Electronic mailing list Sound effect Interface (computing) Bit Set-top box Cryptography System call Type theory Message passing Data management Hexagon Computer animation Radio-frequency identification American Physical Society Right angle Table (information) Asynchronous Transfer Mode
Computer animation Information Transport Layer Security Adaptive behavior Cuboid Interface (computing) System programming Database Musical ensemble Streaming media Function (mathematics) Table (information)
Standard deviation Information File format Electronic program guide Plastikkarte Interface (computing) Virtualization Streaming media Computer programming Number Connected space Logikanalysator Prime ideal Computer animation Software Lecture/Conference System programming Cuboid Digital Equipment Corporation Musical ensemble Table (information)
Randomization Service (economics) Electronic program guide 1 (number) Set (mathematics) Open set Streaming media Function (mathematics) Code Event horizon Computer programming 2 (number) Mathematics Operator (mathematics) System programming Cuboid Information security Descriptive statistics Condition number Form (programming) Information Key (cryptography) Counting Set-top box Bit Peg solitaire Fehlererkennung Cryptography Frame problem Category of being Data management Message passing Befehlsprozessor Exterior algebra Computer animation Software Internet service provider Chain Order (biology) Resultant
Serial port State of matter Connectivity (graph theory) Content (media) Set-top box Microcontroller Bit Peg solitaire Streaming media Cryptography Code Revision control Frequency Arithmetic mean Message passing Process (computing) Bus (computing) System programming Cuboid MiniDisc Musical ensemble Information security Firmware
Personal identification number Serial port Observational study Interface (computing) Set-top box Funktionalanalysis Function (mathematics) Peg solitaire Cryptography Code Revision control Word Computer animation Information security
Point (geometry) Ocean current Implementation Serial port Pay television Observational study Real number Execution unit Set (mathematics) Streaming media Function (mathematics) Mereology Computer programming Bus (computing) Cuboid Energy level Address space Personal identification number Boss Corporation Key (cryptography) Information Software developer Interface (computing) Set-top box Entire function Category of being Message passing Sparse matrix Befehlsprozessor Computer animation Software output
Digital photography Programming paradigm Process (computing) Natural number Range (statistics) Energy level Social class 10 (number)
Medical imaging Word Semiconductor memory Logic Planning Data structure Mereology
Area Block (periodic table) Surface Multiplication sign ACID Sound effect Planning Drop (liquid) Perturbation theory Mereology Product (business) Logic Liquid Resultant Reading (process)
Point (geometry) Area Addition Wage labour Length Consistency Multiplication sign Image processing Sound effect Bilderkennung Bit 3 (number) System call Medical imaging Mathematics Digital photography Process (computing) Computer animation Software Row (database)
Overlay-Netz Greatest element Bit Black box Price index Revision control Medical imaging Digital photography Computer animation Software Visualization (computer graphics) Cuboid Representation (politics) Pattern language Error message Row (database)
Area Content (media) Bit Streaming media Code Mikroarchitektur Medical imaging Type theory Befehlsprozessor Computer animation Vector space Semiconductor memory String (computer science) Core dump System programming Pattern language Right angle Table (information) Address space Spacetime Computer architecture Disassembler
Source code Execution unit Streaming media Computer Computer programming Operator (mathematics) Operating system Address space Computer architecture Task (computing) Addition Simulation Information Key (cryptography) Computer simulation Interface (computing) Bit Set-top box Cartesian coordinate system Cryptography Message passing Befehlsprozessor Process (computing) Computer animation Software Factory (trading post) Nilpotente Gruppe Sinc function Disassembler Asynchronous Transfer Mode
Filter <Stochastik> Point (geometry) Heat transfer Streaming media Function (mathematics) Login Computer programming Peripheral Computer hardware Bus (computing) Authorization System programming System on a chip Domain name Algorithm Simulation Focus (optics) Key (cryptography) Information Keyboard shortcut Content (media) Interface (computing) Set-top box Cryptography Error correction model Category of being Message passing Computer animation Software Telecommunication Surreal number Quicksort Freeware Resultant Asynchronous Transfer Mode
Slide rule Service (economics) Pay television Key (cryptography) Information Counting Bit Streaming media Cryptography Error correction model Computer programming Frame problem Category of being Message passing Computer animation Internet service provider Operator (mathematics) Computer hardware Authorization Information security Asynchronous Transfer Mode
Pay television Information Key (cryptography) Block (periodic table) Set (mathematics) Peg solitaire Mereology Computer programming Frequency Category of being Process (computing) Computer animation String (computer science) Authorization Series (mathematics)
Point (geometry) Implementation Execution unit Numbering scheme Mereology Software bug Peripheral Causality Computer hardware System programming Address space Identity management Area Standard deviation Algorithm Information Key (cryptography) Bit error rate Mathematical analysis Bit Category of being Message passing Process (computing) Computer animation Software Optics Musical ensemble
Point (geometry) Observational study Length Multiplication sign Control flow Inverse element Mereology Rule of inference Formal language Normal operator Sign (mathematics) Strategy game Causality Energy level Cuboid Software testing Series (mathematics) Dependent and independent variables Key (cryptography) Sound effect Bit Oscillation Process (computing) Computer animation Network topology output
Point (geometry) Axiom of choice Web page Dataflow Multiplication sign Code Formal language Programmer (hardware) Roundness (object) Strategy game Semiconductor memory Single-precision floating-point format Software testing Hydraulic jump Address space Computer architecture Area Addition Multiplication Matching (graph theory) Software developer Memory management Interface (computing) Funktionalanalysis Opcode Message passing Process (computing) Computer animation Software Normal (geometry) Resultant Computer worm
Point (geometry) Coroutine Code Computer programming 2 (number) Latent heat Roundness (object) Permanent Meeting/Interview Semiconductor memory Operator (mathematics) Core dump Address space Backdoor (computing) Area Addition Key (cryptography) Data storage device Bit Cartesian coordinate system Measurement Demoscene Uniform resource locator Computer animation Factory (trading post) Order (biology) Linearization Video game Right angle Speicheradresse Tuple Computer worm
Point (geometry) Dependent and independent variables Bit error rate Connectivity (graph theory) Content (media) Bit Set-top box Mereology Code Computer programming Connected space Force Frequency Category of being Process (computing) Exterior algebra Computer animation Semiconductor memory Optics Core dump Error message Resultant Row (database) God
Personal identification number Point (geometry) Order (biology) Planning Computer simulation Cuboid Set-top box Flux Connected space
Point (geometry) Multiplication sign Set (mathematics) Real-time operating system Function (mathematics) Streaming media Heat transfer Code Theory Number Roundness (object) Peripheral Different (Kate Ryan album) Computer hardware Daylight saving time Encryption Cuboid Software testing Oracle Area Time zone Standard deviation Email Key (cryptography) Block (periodic table) Bit Funktionalanalysis Cryptography Oscillation Category of being Computer animation output Resultant Reverse engineering Asynchronous Transfer Mode
Multiplication sign Modal logic Theory 2 (number) Number Frequency Mathematics Single-precision floating-point format Computer hardware System programming Logic gate Oracle Key (cryptography) Copyright infringement Block (periodic table) Forcing (mathematics) Sound effect Bit Maxima and minima Funktionalanalysis Cryptography Loop (music) Process (computing) Computer animation Software Auditory masking Order (biology) Pattern language Resultant
Point (geometry) Algorithm Touchscreen Key (cryptography) Block (periodic table) Source code Bit Cryptography Event horizon Computer programming Category of being Broadcasting (networking) Mathematics Population density Computer animation Vector space Software Computer hardware System programming Asynchronous Transfer Mode
Point (geometry) Group action Pay television Multiplication sign Execution unit Combinational logic Code Rule of inference Field (computer science) Software bug Mechanism design Roundness (object) Hacker (term) Different (Kate Ryan album) Cuboid System programming Address space Computer architecture Social class Vulnerability (computing) Area Complex analysis Multiplication Key (cryptography) Copyright infringement Mathematical analysis Data storage device Bit Cryptography Process (computing) Exterior algebra Computer animation Software Linearization Asynchronous Transfer Mode Spacetime
Point (geometry) Randomization Key (cryptography) Interior (topology) Projective plane Bit Streaming media Cryptography Process (computing) Bit rate Causality Software Lecture/Conference Normal (geometry) Right angle Musical ensemble Address space
Computer animation
and half dead time and
even there you do a new new new and
and and
hello my name's chris Galinski I am I talking today about how I cracked digital cable and satellite TV security I studied in access control platform that's widely used across Canada and USA 1 of the 2 common platforms using cable TV building uses satellite t 1 of the 2 Canadian satellite TV operators as far as I know the system has been secure since their introduction in the late 19 nineties so I was curious if I can understand the system based on the older set-top boxes some of them were 15 years old and they're still in use and those devices haven't been upgrade of any security hardware in that time so I started to look at how the system works so our satellite and cable digital television are pretty similar for the most part there are a variety of signal modulations used the relevant ones here are a Q S at about 27 megabits and 8 PSK turbofan and about 38 megabits for satellites and QA and 256 at about 38 megabits for cable there's also an odor band channel used by cable which is QPS PSK at 2 megabits the other than channel carry subscription management program guide information firmware upgrades etc. while you change channels on the cable box to answer different frequencies the other band channel remains to and so the box continuously receives this data no matter what TV channel you into in satellite TV this type of data is included within the main transport stream the video is sent as an MPEG-2 or H . 264 transport stream the this is a standard format for carrying video streams so it can be played by any hardware video decoder or suffer decoder of the encryption system is that decipher to and the system doesn't follow the DVB standards added normally use in the US the world the the MPEG
transport stream is made up of packets of 188 bytes each packet appeared this is used to differentiate different types of data to the bit range from 0 to uh hacks one-half F each of these bids carries either in em peg packetized elementary streams the that's a video or audio stream or the pit may carry 1 or more service information tables Service information Table 7 8 that table IT and CRC see on them of the table ID identifies the type of data that's going to be expected in the table but some of the common table that are found in stable 0 is a program association table this is a list of all the programs on this transport stream and this list has the PMT paired for each program the table 2 is the program map table and this contains a list of the packetized elementary streams that make up the video and audio for each channel the ECM head is where the entitlement control messages are sent and they contain information that is used to generate the key to the decrypt the packetized elementary streams this system uses 2 types of ECM table hacks 14 I call ECM 40 dental hex 41 I call ECM 41 unpaired 1 there may be 1 or more conditional access tables these tables identify appeared that carries the amounts entitlement management messages these messages are used to set the access rights for individual set-top boxes with subscription information such as what channels are available this is a hardware
interface to receive satellite data is the genepix Skywalker 1 of the DC to q PSK modulation isn't really widely supported in the USB devices and the APS cater effect is even less common so that this gen pixel-wise has a broad modulator that supports both of these modes and it works really well but the Linux drivers for it to have to be recompiled there's some patches for it that have been published by daily there's some links theory and find that online the for cable there's a variety of different
adapters that supports the QAM 256 demodulation I use this USB HVR 950 Q tuna but to the out band channel is generally not supported by these interfaces the cable box it's handled within the Integrated chips set and for the clear QAM these devices are marketed for and the access the other than is required so they don't put that in the inside with a satellite and cable
interfaces DVDs you can be used to view a lot of information about the transport stream is really enough information the overwhelming so the trick to using it is to build a sift through the output for relevant information and DVDs beast you also does not recognize all of the D. C 2 tables because DC to such a non-standard system and EVB superstar for the standard systems so might not tell you everything about this the Transport stream but it is a useful tool for all the information that it will provide you the so databases
and most the tools and documentation are designed for the DVD standard or other standards like ATS C and it is DigiCipher cable and satellite systems use a lot of non-standard tables so for cable TV some of them are standardized by ETSI E 65 there is no or be a t st t as there would be in DVB you instead there's a virtual channel table that maps transport streams and programs the channel numbers in the electronic program guide is also not standard so you don't even get current and next program information in any kind of standard format what another
cable TV adapter is the age home run Prime it's a network connected 3 to a device and this 1 has cable cards support the this set top boxes I studied predate cable cards but newer boxes do use cable cards that support DEC to with cable card support that means that the issue home run prime has the tumor and QPS STD modulated handle the the band channel so it can pass that the the cable car but the issue home run doesn't make that older than data available other than by that cable card interface to access the demodulated out of and data I tapped into DHT woman prime with the cable card inserted in connected logic analyser to data and clock signals I wrote software using
Visalia STK to capture the QPS the modulated data perform the D. interleaving the randomization forward error correction and open in em peg Transport Stream this is all defined in the SET 55 standard so using a prime connected to Seillier connected to a PC running the software the output is a standard 2 megabit transport stream and this transport stream includes the conditional access management messages in the program guide information and all this kind of service information doing their MPEG transport
stream scrambling there's 2 bits in each packet that indicate if the packet scrambled wasn't even key or not he forfeits unscrambled all this has is changed at very short intervals DVB systems will typically change at every 5 to 30 seconds on the DigiCipher system they change it every 133 milliseconds or sometimes they slow down to 1 2nd the key used for decryption alternates between even and odd the autism is useful the even is updated the mall even his is updated encryptor transport stream is sent by the cable or satellite it passes through the scrambler In the inside the ACP the access control processor and the result is a D cryptid transport stream that can be played by the M PEG decoder this descrambler use the working the this is a 56 that desk key it changes every 133 milliseconds and the working he is generated by encrypting the frame count value that's found in an easy and 40 packet with the program the the program keep another desk comes from the same 41 message and is encrypted with the category key the program his unity channel and changes daily or a Frege pay-per-view event on a pay-per-view channel the category keys which are also deaths are shared by all the set-top boxes that are authorized for any channels on this provider the category sent each set top box individually in any amount the category key typically changes monthly but actually the cable operators on changing the keys very frequently the to the crib the amount In order to get the category kesey keys are used the each set top box has a set of 56 bit does CPs in battery-backed RAM the initialize during manufacturing for the lifetime the set-top box these keys are used to security amounts so this forms a chain from the CPs initialize remanufacturing and changing all the way to the description of the empire transport stream inside a
set-top box for uh satellite system we can see the main components of the signal enters the tuna is passed through the demodulator which outputs a serial transport stream the Transport Stream passes through the ACP the access control processes and is then sent to the M PEG decoder which outputs of reducing off the TV this is 68 k microcontroller that acts as the set-top box mean controller it communicates with the MPA decoded as well as with the ACP why an SPI bus the battery is used to provide a backup power the ACP so it always retains its RAM contents even if the box is employed there's a TV pass slot near the power supply this is an upgrade slot with a cottage connected to allow for security upgrades the system state security so the TV Barcelos never used and the numerous the set-top box they actually take this the the inside a cable set-top box it's
similar the satellite set-top box the cable box then to be a little bit more integrated the signal enters the tuna and passes through a broad concept that handles the demodulation and this also handle the M PEG decoding after the transport stream is sent through the CP for disk for decryption as 68 k microcontroller acts as the main controller again it talks to the ACP why as the there's a battery for the backup power the CPE and also for some non around use within the cable box and there's a TV past thought that underneath the board in this box but again the newer versions of the box they they no longer support the TV pass lot the cable set-top boxes include a set a 2nd tuna which is used to receive the out band data the other band tuna operates independently of the main tuna and on a separate frequency range and so on this way it always stays in when you're on any channel and this is where all your firmware upgrades ends and all this kind of stuff comes through this is the ACP chip it's a
100 PMT QFP package from the markings we can see the customs chip me for General Instrument Corporation GIC all the decryption is performed by the ACP and all decryption keys a kept only inside this check the newer set-top boxes have newer versions of this ACP my study focused on the original ship that we see here as long as the set top boxes are actively used it's still relevant target whether the new word chips include more advanced security features or if they exist only for a cost-saving due to die shrinkage I don't really know interesting pins on the ACP
labeled here In 1 is marked at the top left corner there's an SPI slave interface on pins 1 5 that's used to communicate with the main controller there's a battery backup in that's connected to 3 volt battery that keeps around contents intact and there's a serial Transport Stream Input underpins 88 to 92 which receives the data from the demodulator and then there's a serial Transport Stream output functions 22 33 which since the decrepit Transport Stream the M PEG decoder to be with the TV to monitor the data passed between the
set-top box main controller and the ACP on the STI bus Euzenat now let's make a development board I configured to STI ports a slave with the master and slave in single connected to 1 and master and slave out signal connected to the master over slave in input of the 2nd part so from 1 port I get bytes ever sent from the set-top box controllers from the other port I get the bytes and from the ECB if I wanna talk directly to 0 1 of them I only have to can act as both the pins properly for the SBI and I can hold the main controller reset and then you can talk to the ECP directly without interfering at 1 point I wrote software for any of your 32 device that has a synchronous serial peripheral that could handle the 27 megabits ertrac serial transport stream my implementation a little bit ugly but rather than the that I was able to use it as it was it was limited to a 64 kilobyte chunk of of reclaimed logging which was good enough for what I needed to do what it did show me is that the full Transport Stream passes through the ACP various selected pins that'd be corrupted and so on the output of the ACP we have the entire transport stream but 1 of the programs has been neglected of so many of you 32 logging interface had diagonal limited use and later on it it's a more thorough research now at that point I pull the ACP often put on a board and then I could control the serial clock it was much easier to use just the next major the by logging the SPI
boss between the main control of the CPU please see that information about the current access level is sent from the CPU the ACP also receives the EM from the STI bus the members are filtered by the unit address the set what's real number so only the so the ACP only receives messages intended for that specific box this command for which it tells you what the current category key part and the key selected is this command 5 that includes the unit address command 13 gives you some much information about what subscription tears are authorized there's also the set-top box main controller tells the ACP which PIDs it should crypt and it tells that which appeared as the easy and then that's them by the SPI interface the c p never sends any keys on the SDI bus and it only receives a category keys in in proteome ends on the sparse the the so next i started in invasive study
of the chip setting under a microscope the microscope class range from 100 of dollars to tens of thousands of dollars or even higher for electron microscopes this kind of thing I use a mutual UFsub the microscope for the photos will see here the FS 70 is used typically for microprogrammed but you can use it for other things also the I use it because I had it available to me I really for studying this level of technology you could use a lot more basic equipment but if you have something higher and it's always nice reviews the higher and the to look at the chip
under the microscope after encapsulated so use hematite human nature Gasser for this the chip is immersed in heated red fuming nitric acid this reactor the plastic packaging removes that the chip is then rinsed in acetone and clean that i the proba alcohol in an ultrasonic bath and then you have a nice clean paradigm the the major gasses aggressive it's important and look carefully but the process really is very straightforward most people wouldn't wanna do this inside the home to use a fume would you have set up the garage the the the after the cancelation
the bare chips were left of bonding yeah so attached to them so those words again be plucked off just to get them out of the way already we can vaguely see some of the large structures on the chip half of it is covered with a metal plane and the other half this show some visible circuitry this is an image of the chip under
a microscope there was this together from several smaller images so that we have an overview looking at the castellated ship under a microscope we can see the bond that is around the outside of the metal claimed that covers the top part of the chapter and wires on the bottom part of the chip this is spaghetti logic with lines running all over the place and there's a couple structures in the corner that look like a memory so to see more of the chapter FIL have it'll be necessary to do it the did you hear the chip I use hydrofluoric
acid to perform a wet etch I use the wing resting remover product is available at hardware stores all over the USA it dialup H. F. solution that works really well for you is the small amount when click it in a beaker heated on a hot plate drop to the councilor died in using a pipe that I agitate the liquid to disturb the double the bubbles that form on the surface chip and then the acid edges which have more evenly you probably don't wanna read in these films so do this in the gradual so if you the etching result isn't perfect some parts of the chip again get etched deeper than other parts but I have gotten useful results using this technique
of so after a short time in the heated wing solution the chip was rinsed and put back under the microscope the top metal plane is then removed now we can see what's below there's some visual effects that we can see on it from the etching being a little bit uneven but overall it turned out pretty well at the top left of the tall rectangles around and the forward blocks at the top right or wrong and then there some logic kind in to the big logic area below the I was interested in
finding where the bits are encoded in ROM so I continue delivering the chip another dip in wind another let metal layers been removed I didn't see bits in wrong yet so as going continue you layering so at this point we see even more the visual effects from the uneven a change but it's still usable after a 3rd depth in length more medals been removed at this point the dealer is becoming more and more and even we can see the wrong lots of it and have sexual lower layer with half of the upper layer remaining the wet etching process is difficult to perform in a very consistent manner without additional steps such as polishing I didn't have that available at the time some areas of wrong are now showing visible bits so but the other is haven't been etched deeply enough so I continue to add further to try to get a clear on so now we can see the wrong dates the
quite clearly visible now so they're arranged in rows and columns and in this image if a black dot is visible that indicates that the bit is a 1 now image call these important the better the photographs the more consistently the bits will be visible but doesn't have to be really perfect you can't use image processing you can delay a multiple chips so that you can combine the clean areas from them of for myself with this example is able to deal with only 1 it turned out pretty well with the visible bits exposed and photographs taken the bits can be extracted using a software image analysis tool where you can even do a manually this from this 32 kilobytes so that's over 260 thousand bits so manual extraction is a bit labor intensive but not impossible suffer tool is a little bit more efficient by wrote some
software to analyze the images and identify the 1 and 0 bits here's the marked with yellow boxes 0 bits and a blue what for 1 bits so users offer to analyze the image and then I can quickly check it over and see if it made any obvious errors after extracting the the
bits from the photograph now I have a binary version of the wrong data this is a visual representation representation of the bits that were extracted from the black box the 1 that's white box the 0 bits the In
this image I overlay the extracted bottom 13 rows of bits over the photograph you can see some visual patterns within the bits and this is a really good indication that the wrong is probably not encrypted they're heavily scrambled
this image shows at the end of the Rome area and we have some really large pattern visible here this is because there's filler bytes that occupy the unused space at the end of the on then at the very end of wrong this pattern is interrupted this is because this is where the vector stable exists at the top end of memory this is where they have the reset address the addresses of the interrupt handlers this kind of thing so the wrong has empty space of all these filler bytes at the end and that the vector table is that addresses F F F 6 through FF FF right at the very end so after extracting the bits in decoding the megabytes text and can be studied the there is a copyright 1997 CH C ASCII string in ROM so this is very helpful to identify when you that the decoder the wrong correctly the the decoding is just a matter of organizing the bits and bytes in it's in a really straightforward manner there's no scrambling or anything like that so now with the wrong contents extracted
sulfur can be disassembled analyzed the 1st step was to identify the CPU architecture setting the binary dump it appeared to be an 8 bit CPU but was not a 51 hours 1605 or the other processor trait types they tried 1st eventually I try disassembling 65 0 2 in the code made sense the later I remember looking at an older access control from the same manufacturer which was used in the previous system video safer to plus it's an ancestor deciphered on the solar chip there was actually copyright notice from WTC who licenses the 65 0 2 core IP visible directly on the chip die under a microscope so this would be a good clue to CPU architecture fight actually notice it earlier for the disassembly I use Ida it includes support for 65 0 2 it's very powerful the the
in addition to disassembling I use 65 0 2 simulations software to study it in a virtual CPU the simulation is really helpful assembling the software it provides a lot of insight into what's going on in the software since 65 0 2 is a well known architecture it was not difficult to find an existing simulators even free with source code the 65 0 2 was used in 8 bit computers like the Apple to Commodore 64 so there's a lot of enthusiasm a great deal of information about this architecture as I gain understanding of a system-on-chip through disassembling the software I added some features the simulator so that I could emulate some of the peripheral that exist inside the CP in 1 of the 1st things I saw the disassembly
was that there were 2 operating modes during start-up values in Ramah chat and at the ACP has not been initialized that enters a personalisation mode this is use manufacturing to assign the unit address and the keys in normal conditions after the set-top boxes left the factory this personalization software is bypassed and the always runs the main application the next thing I found was that the application was not a really simple program this 65 0 to run the task-switching operating system 8 tasks around which supports decryption of up to 2 channels at the same time from the 1 show so there are 2 tasks that are dedicated to processing the ECM 40 messages and those generate working he's that are used for the transport stream decryption the there's 2 tasks that handle processing of the ECM 41 messages those generate program keys that are used to process the ECM 40 1 task handle the EMM Processing there is also a task to handle the TV pass interface and there's a task to handle messages that come in from the SDI interface since CCP is a custom
system-on-chip there's no documentation available describing the hardware capabilities so this only was studied and I O registered had to guess based on the usage of software there's an SPI slave peripheral for communication with the set-top box main controller the STI peripheral senses receive data directly around as signals set to indicate when a transfer is complete there's a desk crypto peripheral the key data and operating mode are set on registers and 1 complete the result can be red from additional registers the there's a Transport Stream descrambler the Working he is set in a hardware register and then a the scrambler well seamlessly output that he could to transport stream on the surreal Transport Stream interface there are also pin filters these the set by the main controller the set-top box over the SPI bus so these filters select which of the video and audio streams will be descrambled and it selects which they had has the ECM packets that the ECB should receive and process the receive ECM replaced and random 65 0 2 is notified that this exists by a register of it
so at this point and certainly again idea of how the system works have studied the M PEG Transport Stream and log ECM EMM data avoid the SBI bus and I understand the messages the domain controller of the the I was able to track the entire wrong contents optically I disassemble the software never rendered in simulation there are some keys found around fixed which never change these are use when a channel goes into a free preview weekend or something of the sort any set top box that has ever had any kind of authorization the pass is able to decrease these channels that are encrypted using the fixed keyboard mode so now the focus is on understanding the ECM and EMM algorithms that are found in the wrong software at this point and still missing some important information from the ACP all the keys category keys program keys exist only around the so to decrypt any channels not free preview is possible
these young 40 message is used to generate the working the use that to the scramble the unpaid streams there's a service IT used to identify each channel a free count that is used with the program key to calculate the working here the frame count increments with every CM impacted there's a crypt mode by that identifies if the channels operating unencrypted or the fixed key or with the normal securities that are used and there's a byte I've labeled hardware that has 1 bit said in it this lecture Special decryption mode that I'm going to come back to a little bit later the ECM
41 contains encryptor program key that's needed to correctly process these young 40 the provider D. that indicates which TV operators subscribers should process the CM 41 and there's the same service ID that matches the ECM 41 the ECM 40 message the category epoch identifies which category cues in use there's also information about how long this program he will be valid for the him 41 contains 1 or more subscriptions years that must be found within the customers ACP to allow this message to be processed the subscription tears are written to the ACP when the EMM containing authorization details as received and again there's a hard worker to select by that it's going to be a topic that I come back to so this slide shows what a half
2nd of ECM Forty NEC and 41 activity might look like to build a scramble the program piece the ACP must process occurring deceive ECN 41 to get the program the and then process and ECM 40 to get the working the the Working heat is then used by the scrambler to discover the M PEG strings the Working he's of a short lifetime only 133 ms to a series of museums shown here is with a period of a half a 2nd In an XOR-split into 4 parts
each part contains a portion of the subscription information for the set of blocks a category including a category key is calculated from each of the four parts and that he is calculated for each part must match or the easier Menzel will be rejected and all the authorization data in category T will be wiped out so this is an example of
any amount the each of the 4 EMM parts contains some common information like the unit address in which category epoch the EMM contains information for the MMP can contain 2 category keys there's 1 for the current about 1 for the next epoch so that when the part changes the ACP has the new key available already to the cryptic category from the amount the same is contained in these ACP areas the CG the unique to each ACP and are assigned remanufacturing EMM the transmitted out of band for cable systems but the pass to the ACP in exactly the same way as for satellite systems so at this point it should be possible to
decode the channel they're using a fixed scheme the analysis of Roma showing the algorithms use a process easier and generate working key the fixed keys are known because they're in wrong there could be some question about the possibility of bit errors from the optical wrong extraction process but the fixed keys can be confirmed as correct because the wrong software performs a check some of the 256 byte area containing keys successfully running the checksum on extracted wrong indicates the extracted keys for should be correct the but when identity could to fix the channel there's a problem it and work so whether it was a bug in my implementation or whether something else is going on with this was unclear but I had noticed that a bit in the same 48 was set the causes a bit in the ACP hardware peripherals to be set the purpose of the but was unclear but it's address suspiciously close to the descrambler key so I start suspect there may be some encryption under other than the standard that's at play the the the so I started to work on other glitches to
study at the chip a little bit more in depth the timing tests I did on the CPU suggested that the 65 0 2 was running from an internal clock source so this rules of the clock which attack voltage good make sense of the age of this chip it seemed pretty reasonable to expect a could be susceptible clutching the stronger protections they're generally more recent so I that to design is pretty simple it's based on the X. mega board and a breadboard the I use the X may go to communicate with the ACP why STI and a control the glitch a 74 series 40 53 analog switches used to quickly switch the CC supply between 2 voltages the normal level and the glitch level I use a bench DC power supply was to open its the psych easily adjust both the normal level and at which level the other parts of the breadboard an oscillator provides some the clock inputs that are necessary for the EC Peter and there's an inverse and 98 that I used to work at the clock 0 tree the glitch time to simplify the test set up as much as possible I remove the ACP from the setup box they sorted into a break apart In this process the battery-backed RAM is disconnected so keys are lost but for the purpose of developing a glitch this was OK so this simple red word-based which was very flexible the red board can be modified to test different ideas and the reconfigure quickly and I don't really make anything more advanced than this the so to test if the
glitter will work and define what voltage levels of to set it to we can send a command of the language and see if responses unusual the general strategy here is to lower the voltage just to the point where the chip sometimes resets do little glitch by adjusting voltage levels English length and timing when the glitch will and as succeeded to cause ACP responses to be altered the Czech someone SPI packets is really convenient 1 unusual data was received from the ACP with a valid checksum this is a really good sign that the glitch cause temporary fault and then the CPU resume normal operation depending when the glitches delivered different effects seen we can see that generally as the glitches moved later it's a later bytes of the response packet yet changed so this point looks like glitter works and is able to cause the brief fault this chapter since I had an effective
glitch I take the circuit from the breadboard match simple PCB that could plug directly onto the x mega development board this performs exactly the same function as the breadboard dead but I'm a lot less likely Daxin employed where from the red board repair
the circuit was simple enough to create a 1 sided PCB so I just edited at home the the now my goal is to have the
ACP execute the code of my choice because the 65 0 to the von Neumann architecture all the code and data memories share the same address space from this offer disassembly have seen that there doesn't appear to be any kind of paging MMU features the software the round is fully self-contained there is no problem and the RAM is never use a hold executable code so there's no jumps in these areas to exploit and it wasn't really clear at this time if there was anything actually preventing code execution outside of the wrong so I decided to take a chance and test of Iran's executable I send a message why SPI I know that this is going to be stored in round this message contains 65 0 to executable code that will copy itself to an end user around execute from this area send an ACK indicating it was successful because I've already studied the use of the SPI interface I was able to create this executable payload that will continue to receive commands why SPI after taking control of the C. P. so my strategy is the same quarter the chip workers and around then glitch to cause an instructive you misinterpreted hoping to cause a jump into the area in RAM were my payload sets to try to maximize the chances of success I look through the wrong code for multibyte instructions which of broken out contained within them a jump opcode with a destination that should lead to a my executable payload was placed since the ACP has a single address space this gives really a lot of opportunities for quitting because the execution to reach the code payload there is uh multiple scenarios possible in addition to the 1 that I selected to target stack corruption is the possibility and really any normal programme flow has some possible the the might eventually led to my code Paul von Neumann architecture without strong memory memory management is really fertile ground for anything around potentially could be executed at this point the several uncertainties but so far I wasn't able to rule out this being possible the ACP does run from an internal clock source and the interrupt-driven task-switching as a little bit of for the timing uncertainty so I will send the could payload delay language and see the result 1 is unsuccessful I change the delay and try again I tried it for the instruction of identified as possibly corruptible to a job but there's so many unknowns that the process is like fishing for all I know to hope and sometimes fishing is good
relatively quickly the ACP returned that that told me that a successful which this for successful glitch took some hours find after that it was possible to make it work repeatedly within a matter of minutes the often even seconds so now I have executable code sitting around the unable to send the ECP additional pieces of code to be executed so at this point I can read any memory address I can write any address to perform any of the other operations that are possible with a 65 0 2 so I wrote a
simple application that performs a click searches and then can interact with my code payload backdoor Ivan sold around this program allows you to enter an address in life and have data returned order right memory etc. there's also support for setting the key in data and performing death incorrect or using the harbor peripheral inside at this point I noticed a few points of few points about this chip there's a 2 kilobyte area from that if I attempted to read because the chip 3 set this area of wrong contains a personalisation routines and those are never supposed to use after the device leaves the factory there's also protection against modifying the scene keys in RAM trying to store of value to these locations appeared to do nothing their specific addresses within round that can't be red or the tuple walk up these are clever traps but in as a safety measure the 7 bytes 56 bit keys stored in RAM straddle these that addresses so any potential explained that could cause a linear dump of memory will be stopped before you can even read a completely when the chip is reset this means that I have to gleichen again because my code payload exists only in around there really is no ways of hooking up any kind of permanent act or
the since we can execute code on the ACP receive response we can read the wrong and have its contents without any of the years from the optical extraction process so I compare the results from the optical run extraction with a proper down by God I can see how many errors were in the optical answer extraction the marked in red overall the attraction was pretty good it was good enough for me to get to this point there also was only actually 1 byte within the dump that had more than 1 bit incorrectly flipped and many of these errors are actually obvious when disassembling the software because if an instruction looks really out of place but changing a single bit makes it sensible probably it's a bit air so I didn't actually keep detailed records about this but I think I probably got about half of the bit errors during the disassembly process the so the interesting
he is in the ACP are all story around only this includes the working the program the category and the the RAM as battery-backed if the seed user ever lost for around the ACP can no longer process EC ends you can no longer process ends and so it's totally useless it's possible to glitch the period of memory but my culture works with ACP that's been removed from the set top box when the is circuit the connection the other components and it having 16 VCC connected in impose a bit of a problem so the glitzy CP circuit is going to require some modifications the set-top box disconnecting from the other parts or another alternative was removed the ACP from the set-top box and they celebrate board without losing battery waiting around so rather than modify the
set-top box and where each of the several different models were going to require unique qualifications I decided to try removing the ACP with a battery so without much the plan is to carefully lift the ACP battering ground pins while set-top powered up so that provides the C. C. plays a small tool I me from a razor blade I cut using a Dremel tool by attaching to handle screwdriver this tool to be wedged under a pen and then some order on the slaughter will release the pain in the pin cumulative straight up without damaging any the other pens the so this
point I would have and ACP inside of a set-top box that I have an external battery connected to its still inside of the box is still working so at this point I can now lot of again flux put some hot air on it and very carefully lift up the chip without letting the US sorta on the battery connections now
so now I haven't looked up to my collection which is now inside of a box it looks much nicer and I can now start to glitch the chip with the battery on it so the RAM is valid or what I started to to glitch I found that my timing change so I wasn't really sure if this was users from different oscillator settings or if there's a different code path because the other chips had way but anyways by modifying the time my which I was able to get the same pledge to work in that I was it'll facts to my code on the chip valid so for the Transport Stream scrambling
the since I can now run my own code on the CPU it was found really study this in depth the so there's a hardware register bit that is set cleared based on 1 of the bytes in the ECM 40 when this but is clear standard DB use when it said the descrambler ax differently there's also an 8 bit hardware register in the desk peripheral area when it 0 it's standard free the value that's differently so this point I started to wonder if I might be looking at actually do a gate-level reverse engineer the chip to understand this functionality is using technology that's older so it should really be feasible to do it but if fossil like to avoid it will be a lot of extra work time-consuming and in my tend to give imperfect results like the optical wrong extraction so I saw was trying to characterize the scrambling modes the Transport Stream packets is available for byte header and 23 blocks of 8 bytes each S. operates on these 8 biter 64 bit blocks by flipping 1 bit in the encrypted input the C B C B C or OFB modes can be differentiated flipping 1 that causes an 8 byte block to be corrupted and corrupt corresponding bit in the following block to be flipped this indicates the B C motor the news tiny the transfer stream input compared to the trip output was measured with a descrambler the standard mode and the customer no timing differences seen this suggests that the internal properties of the deaths haven't really changed same number of rounds all this and this makes sense because the decryption has to be done in real time so it can really change the timing also by using ACP the decryption oracle I determined that this customization was affecting each of these 23 blocks of the pack it a bit differently so next I tested the hardware using gas we keys he's a certain keys that are not recommended to use the test because the properties we can the cryptographic strength a key of all 0 or all 1 will cause the deaths encryption and decryption to be identical that means that running the same data through encrypt or decrepit will give you the same results the I can son an ACP configured for standard desk decryption and see the expected we behavior when I tested with the this custom mode the we keep behavior changed using a cue 0 or 0 1 doesn't produce the same results in encryptor Negro modes I also tested the desk peripheral with different values in the 8 bit registered and using the we keys and it showed that the desk we keep behavior did still exist so at this point my hunch as that 1 customization affects the key and the other a customization affects the data at this point I can't be certain but they have a good feeling about the theory so I continue to investigate it
based on the idea that the harbor customization is only affecting the key people and the decryption tiny static I thought the simplest customization would be an X or mask that gets applied to the key before it goes to the desk decryption x or requires only a single gate in series with the engine so if it's all requirements a fast and simple to implement in hardware a change of even 1 single bit and the key would cause the of the effects I observed flipping more than 28 bits of the key is pointless because that's really the same as inverting the key and then flipping fewer more flipped bits would also mean that they have to add more gates into the customization so it seemed reasonable to expect that they might flip minimal number of bits within the key the so I wrote this very nice for a loop that's nested 16 levels deep but to test the decryption results after flipping 1 bit of the key then flipping 2 bits then 3 bits and so on up to 16 bits to test all possible Jesus way is going to take a long time but if only a few of the bits were flipped then it might be identifiable in shorter period of time and promising results did come quickly it turns out that the theory holds up and some of the blocks have as few 3 bits the this took only seconds for the solver to identify after verifying that these acts or masks did work on these blocks I left the software running it was able to find all the 23 x or masks this very simple brute force method worked I right after a couple of days to get all the 23 blocks by analyzing which of the bits are being flipped in the early results are received the pattern can be found so you can limit the search a bit more using this technique a software for cracker can complete the process of identifying all the 23 x or masks in 1 2nd the so after successfully solving the
1st were customization the theory that the 2nd personalization is the data X or really look promising so it made sense to leave that 1 or more X or gates on the data will be enabled by each bit of the 8 bit harder register using the ACP as a decryption oracle unknown key indeed were cryptid with all values of the 8 bit register so for attack this function was successful and 255 x or masks were identified with behavior matching exactly what I expected no I haven't actually seen this hardware customization years I presume the functionality was saved so they can be used as a countermeasure against pirate devices if necessary but it is never necessary since the system was never reached In order to
implement a soft on this is a software implementation of a descrambler a few more cryptographic details the divided identified but at this point I have all the tools to do so the initialization vector used for CBC mode can be found through a simple x or and the handling of short blocks lose less than the 64 bit dense block size can be identified likewise now with all these details a software implementation of the EMM decryption of category T and ECM decryption of program key and working cues can be made the Transport Stream descrambler can also be implemented in software the rapid key changes in the use of DeSR with the hardware customizations make it a bit different to implement compared to a soft camphor typical DVD system but overall the concept was the same the and
now works the as it was tested is fully working on both the satellite and cable systems this is a screen that's broadcast before pay-per-view event goes alive the pay-per-view like all the other channels community should be decrypted by the soft and using the algorithms learned in these sky extracted so I identified some
weaknesses within the system when I was studying at the 1st was that it's now pretty old technology this makes it a lot easier for an invasive analysis today the QFP 100 package was actually pretty easy to deal with compared to what some of the modern alternatives are the chip is susceptible voltage which the von Neumann architecture was no strong MMU protection meant that I could easily put my code and Ramadan that have executed they don't include any possibility for any kind of code updates so they have no sulfur date mechanism for any countermeasure purpose it really the hierarchical customizations were pretty simple and stable against them but the strengths I I was pretty impressive the system overall actually of the key handling and the decryption contained within 1 single chip makes it really difficult to do any kind of a key sharing the fast teaching general would also make keychain very difficult and the fact that there's no possibility for code update means that there's no way that you can write a permanent back door also overall I think that this feature is actually more of a strength and a weakness because at the point when you need to do a code update in the field you chips already hacked the hackers already have the ability to reject it anyways the internal clock 65 0 2 meant that I couldn't clock and it made little bit harder to handle the glitch possession the dead addresses that they put in the middle of the key space is very nice this prevents the Linear readout of keys and really stop a whole class of attacks against the personalization Aryan wrong that they used to break the unit address the CPs initially seems to be accessible once they complete that mode all of the keys exist only inside of round so you have to have the battery all the time so this rules out a lot of different invasive attacks to try and read the Quixote of also the keys I wasn't able to rewrite them around when I would try to store of value there's nothing would change so this is a nice protection against us cloning a box to the be an exact copy of another subscribed unit the all of the amends are addressed to individual boxes they don't send anything down to a group so this means that if you want get active keys you have to actually pull he's from a box with an active subscription so they send the key that is addressed to you the generally the software will appeared pretty well designed and written I didn't notice any glaring software bugs inside of it novel they're using 56 bit desk they use 3 desk using in combination when the processing the amounts and in all these yams they're using multiple rounds of gas they would really increase group cost complexity I didn't see any obvious weaknesses in in that area and so
uh I know about 10 TV piracy I I don't advise tired and sigh later cable TV there's really nothing going on I looked it's not worthwhile fj the thank you I
really appreciate the chance to talk this is a really exciting for me I had a lot of fun with this project I learned a lot the I if there's any questions there or anything I would be happy to take some that this is what I have it Ch yes that the for the main transport stream of the Outer Band transport stream OK for the out band Transport Stream I wrote some software that say that randomization these things on on the raw Transport Stream because I was getting indirectly or the QPS demodulator for the main transport stream all the demodulation is done in complete before it goes into the ACP so it looks like a normal transport stream Justin corrected so after the software decryption then I could feed rate the VLC you can just repeat the question so it here had the the question was if there was any at any processing on the transport stream that I had to do after decryption yes that thank you I'm about to that address is and with that actually close uh Archie look at or uh wiping answer keys also as what was the the impact did you have to did you use a few chips of GATT and had to get with no a as far as I can tell all it does is cause they preset on the dead address that is because the any problem because when studying the software I could see that they would read specifically from either 0 1 to skip a byte 4 5 6 7 so this slippery very unusual and took me off that there was something going on there and then at the point when I actually had access to talk inside of the chip that I could poke around a little bit but no 1 would those that Sparta
hit there's no there's no bad reaction just reset the censorship side and then lose any to that the right well thank you very much for a was there really appreciate the chance to talk this is the right thank