X-Chip Location (SWAP)

XC chip, auth and block SPI command.
Junior Member
Posts: 225
Joined: Tue Nov 27, 2007 10:45 am

Post by GideonOmega »

maybe usbbdm will post it in the files section? if not could someone also PM me with the info.

Junior Member
Posts: 21
Joined: Wed Jul 27, 2005 9:16 pm
Location: NewYork&Chicago

Post by tester5 »

you cant program the xc chip for now..
Junior Member
Posts: 225
Joined: Tue Nov 27, 2007 10:45 am

Post by GideonOmega »

Thats what I thought -- might still be a handy program though?
Junior Member
Posts: 245
Joined: Wed Jan 03, 2007 8:57 pm

Post by elkora »

tester5 wrote:you cant program the xc chip for now..
tester5 so in order to program XC CHIP we need to know the commands for SPI? or we need new tool for cloning the XC CHIP Info.

Any body have the Datasheet for the xc420061?

Thank You...
Junior Member
Posts: 67
Joined: Sun May 03, 2009 8:46 pm
Location: Merida , Yucatan Mexico

did some investigation about that XC chip you are talking about.

Post by Alonso »

first you all have to know why that XC chip exists.
a little background history

have some things to say about that chip.
1.-My father since 1989 had a legit VC2 satellite system so since i was 12 years old i remember him saying sorry no more tv again when codes went down.
(Still to the date i have some VC2 boards that i have studied deep in hardware and software).
since i was a little boy that waked up my interest in electronics and encryption then i studied electronics engineer and ended up my career in 2005
after having this background then i could understand the solution that general instruments and motorola gave to the trouble of piracy.
In the old days somehow the datasheets of the parts leaked from somewhere then every body was able to manipulate codes and even share working keys.
With digicipher the platform solution is shared with several receivers but basically the same datasheets are very well hidden i can even order those xc chips brand new and instead swaping them it could be more interesting to install a new one just to see what it shows as UID is it empty is it otp programed dont know yet but im willing to find .
2.-GI and motorola solution to piracy a DES processor. yes in the shape of hardware solution data comes in encrypted and comes out clear.
IF seed keys come out of that des processor via spi probably they are encrypted so that the whole process isnt exposed it all happens inside your famous xc chip AKA DES PROCESSOR.So the mistakes of the old days in VC2 that left the process happen in front of our eyes totally exposed is now hidden that was an elegant solution i should say.
3.- I suggest reading this patent info.
US Patent 5687237 - Encryption key management system for an integrated circuit
here is a brief explanation

It is an object of the present invention to present a system wherein should an intruder gain access to the encryption key, the intruder would still be unable to properly decrypt or encrypt system data.

It is a further objective of the present invention to present an encryption/decryption system wherein the option is provided to utilize one of three DES keys provided for use by the DES engine wherein at least one of the DES key are maintained internal to the IC chip.

A typical system includes a digital encryption engine is presented to the system in form of an integrated circuit (IC)chip. An encryption (or decryption) key is loaded into the DES Key Register which form part of the IC chip. The IC chip also has a DES Data Register that is loaded with the data to for encrypting or decrypting by the DES engine. The encryption or decryption process is selected by a microcontroller that presents to the IC chip the appropriate control signals.

In the improved system the DES Key can be input to the DES Engine Key Register as is conventional, but also a fixed DES key internal to the IC chip can be used. As a further alternative a derived third DES key set in a feedback path from the output from the DES Engine is available. A multiplexer is used to select which of the three DES keys available will be used to encrypt or decrypt data for the DES engine.

During the manufacturing process, a first DES key (Kv) is caused to be stored a non-volatile Kv register of IC chip. A second DES Key (Ke) is stored in the system non-volatile memory unit in encrypted form. In operation, the encrypted encryption key (Ke) is loaded into a DES Key register and data is loaded into the DES Data Register of the IC chip under the control of the system microcontroller. The Kv Register is selected to drive the DES Key input to the DES Engine. The decryption process is then selected. The resulting decrypted DES key (Ki) will be directed to the internal key register. The output of the internal key register being directed back to the input of the DES engine. The value in the internal key register can now be used to for further operations with the DES Engine.

Note that neither the value in the Kv register nor the value in the internal key register is available to the data bus. These values are held internal to the IC and can not be recovered except by destroying the IC devices.

Selection of the Kv Register as the source for the DES Key input will automatically force the DES Output to the Internal Key Register. This prevents an attacker from using the IC repetitively to ascertain the value of Kv.

So this pushes to the idea that installing a blank chip and watch for the UID could be a good idea.
Junior Member
Posts: 16
Joined: Mon Nov 13, 2006 2:43 am

Post by henrysmooth »

The pads are test contacts of the MPEG stream too and from the BCM7015. This stream is tuned and fed to the ACP for decryption and if the right key is used it is returned as a decrypted mpeg signal.

Assuming You cant jump THEM to cause the stream to return and work.(needs decription)
Also Assuming You cant replace the idea with a seperate key bank chip.(to do the decrypting)
~ Just Sayin
Junior Member
Posts: 5014
Joined: Sat Dec 27, 2008 3:25 pm

Post by CAPONE »

WOW the Last Post is 2 Years Old.

I would say its a DEAD ISSUE. :D
"If you give a man a fish you feed him for a day. If you teach a man to fish you feed him for a lifetime."

Who is online

Users browsing this forum: Bing [Bot] and 1 guest