Is there a way to change the MAC or IP address?
It is easy to walk up to a box that has what you need if you can just change the MAC or IP it will clone the box right?
Is there a way to change the MAC or IP address?
-
- Junior Member
- Posts: 4
- Joined: Mon Aug 29, 2005 6:05 pm
-
- Junior Member
- Posts: 8981
- Joined: Mon Jul 18, 2005 9:33 pm
The real unit address are stored in the XC chip. If you just want to the external look of the address change, a firmware can do that.
Here is a copy of the original forum.
Here is a copy of the original forum.
The real XC chip protocal is still under investigation.Here is code I use on one of my E11 box and box does not show E11 any more.
This is not really fix for E11. Just let you get rid of E11 and provide a faked unit address. in here 0011664D91
Which is unitaddress 0000291917201148
Firmware V.07.93
org $4A58B0
SPI05Data:
dc.b $FF,$16,$00,$11,$66,$4D,$91,$20,$00,$6C
MOVE.L A0,-(A7)
MOVE.L A1,-(A7)
MOVE.B (A2),D0
CMP.B #$05,D0
BNE SPINormal
LEA SPI05Data,A0
MOVE.L A2,A1
ADD.L #2,A1
MOVEQ #$00,D0
MOVE.B ($0001,A2),D0
SPIFakeMoveLoop:
MOVE.B (A0)+,(A1)+
DBRA D0,SPIFakeMoveLoop
SPINormal:
CLR.B D3
CLR.W (A3)
CLR.W D2
MOVE.L (A7)+,A1
MOVE.L (A7)+,A2
RTS
END
Change
00464840 4203 CLR.B D3
00464842 4253 CLR.W (A3)
00464844 4242 CLR.W D2
to
00464840 4EB9004A58BA JSR 004A58BA
-
- Junior Member
- Posts: 8981
- Joined: Mon Jul 18, 2005 9:33 pm
cipher had successfully log the auth command from another box by faking the unit address. I made the same success. If there is interest drop me a message and I will email you the firmware. I will post the firmware latter when several others made the same success. Share your story please.
Here is how, use one DCT2000 box(I use one bad E11 box) and modify to the unit address of another box, (could be yours or friends or in the electronic shop), program the firmware. All the auth command send to that box can be logged by your box. It is that simple.
All the auth command will have NO effect on your box. You will not get the same channel of that box, you get auth command ONLY!!
You can use your DCT 2000 to log the auth command to your DCT 2500!! This is tested and worked. You MIGHT be able to log other boxes (HDTV) etc, that is not tested and do not know if it will work or not.
Here is how, use one DCT2000 box(I use one bad E11 box) and modify to the unit address of another box, (could be yours or friends or in the electronic shop), program the firmware. All the auth command send to that box can be logged by your box. It is that simple.
All the auth command will have NO effect on your box. You will not get the same channel of that box, you get auth command ONLY!!
You can use your DCT 2000 to log the auth command to your DCT 2500!! This is tested and worked. You MIGHT be able to log other boxes (HDTV) etc, that is not tested and do not know if it will work or not.
-
- Junior Member
- Posts: 49
- Joined: Sun Sep 04, 2005 8:32 pm
- Location: Massachusetts
-
- Junior Member
- Posts: 8981
- Joined: Mon Jul 18, 2005 9:33 pm
Just uploaded the firmware that can do a fake unit address. Download at http://www.usbjtag.com/firmware.php.
Put your address at $4a5953.
Put your address at $4a5953.
-
- Junior Member
- Posts: 21
- Joined: Wed Jul 27, 2005 9:16 pm
- Location: NewYork&Chicago
- Contact:
-
- Junior Member
- Posts: 381
- Joined: Fri Oct 28, 2005 8:43 am
No it will not work. I log from unauthed good working units all the time. I spoof the address of the authorized UID's on the network to do this. The XC command sequence is encrypted with the UID as part of the encryption key. There are the following functions performed with the encryption.
UNITKey(XOR)HighAddress(XOR)LoAddress(XOR)ChosenDecryptionKey = Obscured DecryptionKey to be used
UNITKey(XOR)HighAddress(XOR)LoAddress(XOR)ChosenAuthenticationKey = Obscured Authentication hash Key to be used
You will find the more detailed info in the patents as well.
http://www.freepatentsonline.com/6061449.pdf
The DAC takes the UID address and a cipher key which is selected with the EPOCH version from the XC chip and an authentication key which performs a hash for the target box to compare to the UID verifying the command came from the authorized DAC system.
It is not easy to defeat, it is complex and has some minor weaknesses.
For example the hash can be attacked with a birthday method. Difficult with a small hash value but the small value also makes its subject to a compression exploits. Thats why you see patterns in the hash data.
I posted the info for that somewhere on the site search for cryptography. It's a hard read though. Brush up on serious math or it will blow you mind.
UNITKey(XOR)HighAddress(XOR)LoAddress(XOR)ChosenDecryptionKey = Obscured DecryptionKey to be used
UNITKey(XOR)HighAddress(XOR)LoAddress(XOR)ChosenAuthenticationKey = Obscured Authentication hash Key to be used
You will find the more detailed info in the patents as well.
http://www.freepatentsonline.com/6061449.pdf
The DAC takes the UID address and a cipher key which is selected with the EPOCH version from the XC chip and an authentication key which performs a hash for the target box to compare to the UID verifying the command came from the authorized DAC system.
It is not easy to defeat, it is complex and has some minor weaknesses.
For example the hash can be attacked with a birthday method. Difficult with a small hash value but the small value also makes its subject to a compression exploits. Thats why you see patterns in the hash data.
I posted the info for that somewhere on the site search for cryptography. It's a hard read though. Brush up on serious math or it will blow you mind.
Who is online
Users browsing this forum: No registered users and 1 guest