ACP analysis and command creation tool
-
- Junior Member
- Posts: 21
- Joined: Wed Jul 27, 2005 9:16 pm
- Location: NewYork&Chicago
- Contact:
-
- Junior Member
- Posts: 164
- Joined: Sun May 06, 2007 10:24 am
- Location: Everythings bigger in Texas
off topic question
Hey guys i have a question about different versions of firmware off topic... Okay so this version of the motorola cable box has been around for years and years. Lets say cc/tw/ect... have been using tools similar to ours for years and years and have already found all the important backdoors to finding what is really needed to "craxk the code". Maybe if we find very old firmware versions we can test for stuff they haven't found.....just a thought Cheers. Krunk
-
- Junior Member
- Posts: 164
- Joined: Sun May 06, 2007 10:24 am
- Location: Everythings bigger in Texas
Cheers
okay, but what im saying is if we could find a box that was manufactured after the first release of these boxes years ago (an original) it might have backdoors that were not yet covered up by General Instruments or Motorola. As Anybody done any testing with a GI box before? Cheers
-
- Junior Member
- Posts: 21
- Joined: Wed Jul 27, 2005 9:16 pm
- Location: NewYork&Chicago
- Contact:
about the response form XC chip still getts diferent response even if XC chip is same.....
i dotn get it then how does this chip function then why is a diferent response from each box? like afther you E11 shouldnt be same? is diferent i am puzzled now.....
so i am gona give up..the xc chip is hard to crack into...somehow i still belive is more then the key inplanted in there i still thing that each serial of xc chip has a particular key + somehting else...
or once the uide is programed it completes the code? wel since uid can be changed but GI never changes then thats the connection.....GI number and XC serial...
cipher if you wana help maibe you can amek something out of it i can send you responses from 2 E11 boxes with same xc chip serial only the last 4 digits of GI number are diferent ....
i dotn get it then how does this chip function then why is a diferent response from each box? like afther you E11 shouldnt be same? is diferent i am puzzled now.....
so i am gona give up..the xc chip is hard to crack into...somehow i still belive is more then the key inplanted in there i still thing that each serial of xc chip has a particular key + somehting else...
or once the uide is programed it completes the code? wel since uid can be changed but GI never changes then thats the connection.....GI number and XC serial...
cipher if you wana help maibe you can amek something out of it i can send you responses from 2 E11 boxes with same xc chip serial only the last 4 digits of GI number are diferent ....
-
- Junior Member
- Posts: 673
- Joined: Thu Jul 21, 2005 4:02 pm
Re: Cheers
yes all of mine are GI boxes. alot of them are as they didn't change to motorola until a couple of years ago. the boxes come from the factory with a default firmware already on them. the problem is i don't think there has been any updates to the digicipher II system since it came out. no need since it hasn't been cracked.krunkcraig wrote:okay, but what im saying is if we could find a box that was manufactured after the first release of these boxes years ago (an original) it might have backdoors that were not yet covered up by General Instruments or Motorola. As Anybody done any testing with a GI box before? Cheers
-
- Junior Member
- Posts: 21
- Joined: Wed Jul 27, 2005 9:16 pm
- Location: NewYork&Chicago
- Contact:
-
- Junior Member
- Posts: 164
- Joined: Sun May 06, 2007 10:24 am
- Location: Everythings bigger in Texas
-
- Junior Member
- Posts: 40
- Joined: Tue Feb 06, 2007 3:46 pm
adrianbv6, I have been investigating a bit on 3des and for what I see whenever encrypt a data, a chain of beginning of 16 bits of length is use for complicating the desencryption.
See here:
http://www.atrevido.net/blog/PermaLink. ... bc5f1f5899
Is it due to it that every response of the XC changes?
Sorry if I am wrong, I am trying to contribute something.
See here:
http://www.atrevido.net/blog/PermaLink. ... bc5f1f5899
Is it due to it that every response of the XC changes?
Sorry if I am wrong, I am trying to contribute something.
-
- Junior Member
- Posts: 21
- Joined: Wed Jul 27, 2005 9:16 pm
- Location: NewYork&Chicago
- Contact:
it might be true takeing in consideration this
box A diferent GI number E11 box same XC serial(thinking each XC has hard coded one key per serial)
Box B diferent GI numer E11 box same XC serial.(thinking each XC has hard coded one key per serial)
box A and box B still get diferent response only thing diferent now that i think is diferent it might be that the key is contriuted from GI number and XC seial....since the 2 boxes have 2 diferent GI and same XC chip key is still diferent go figure that out this system is crazy and is only my idea dosent mean is true but seems most logical.....taking in consideration xc has ram and flash....if we can access the flash part we are done.... even if we acces the ram part we cant change keys to the box...maibe only the categoryes even those maibe not. i noticed in nvram there are commands like 80 00 00 00 xx xx yy yy something like that the last yy yy seem to be encrypted or....category..
box A diferent GI number E11 box same XC serial(thinking each XC has hard coded one key per serial)
Box B diferent GI numer E11 box same XC serial.(thinking each XC has hard coded one key per serial)
box A and box B still get diferent response only thing diferent now that i think is diferent it might be that the key is contriuted from GI number and XC seial....since the 2 boxes have 2 diferent GI and same XC chip key is still diferent go figure that out this system is crazy and is only my idea dosent mean is true but seems most logical.....taking in consideration xc has ram and flash....if we can access the flash part we are done.... even if we acces the ram part we cant change keys to the box...maibe only the categoryes even those maibe not. i noticed in nvram there are commands like 80 00 00 00 xx xx yy yy something like that the last yy yy seem to be encrypted or....category..
-
- Junior Member
- Posts: 164
- Joined: Sun May 06, 2007 10:24 am
- Location: Everythings bigger in Texas
IV
So we could find the difference between the two response you get adrianbv6 from those two boxes and find out one the keys to that box? or the IV key...
-
- Junior Member
- Posts: 21
- Joined: Wed Jul 27, 2005 9:16 pm
- Location: NewYork&Chicago
- Contact:
Who is online
Users browsing this forum: No registered users and 1 guest