an isp question

Newbie post here.
Locked
junctionbox
Junior Member
Posts: 449
Joined: Sat Oct 21, 2006 6:19 am

an isp question

Post by junctionbox »

how soon it will be when we can authorize tiers and change the isp so we can use any dct on any system? :D :mrgreen: :?:
krunkcraig
Junior Member
Posts: 164
Joined: Sun May 06, 2007 10:24 am
Location: Everythings bigger in Texas

Post by krunkcraig »

I was think about that to. We could do What everybody does with something that involves mother boards! find a hardware to copy all info from firm, or just xc chip from a legal box, then use spi (assuming the I.v.'s are the same) and send the known spi sequence...and bam! Just like that one guy that got caught. I herd it was an expensive operation. He find a way to re-program one of those HD-Cable cards that go into your Big-Screens that contain the xc chip and he copied his good cable card that he had purchased service for and then just re-programmed the card to be a clone of his account, cable company found out and went to jail, but i suppose it would be hard to catch a chamillion since he can change his color's at a click with some numbers and letters. But what are all those other pins for on our motherboards for the dct2000 series? I'm sure if all were connected you reprogram something good. Could you give a detail to what each set of pins do anybody? Cheers
junctionbox
Junior Member
Posts: 449
Joined: Sat Oct 21, 2006 6:19 am

response

Post by junctionbox »

dont get me wrong about the isp of coarse the cable cards was cloned and the guy was caught and jailed but were dealing with a box thats 15 years old my assumption is the security thats in place for the cable cards didnt exist for the dct20000 series boxes name one incident that occurred to someone cloning the dct2000 series when you take nvram from your active box the upm is exactly the same and you order vod so my assumption is these cards there more advance than the dct20000 series when it comes to securities we should be working extremely hard on the dct2000 series as far as isp and vod my belief is cc is 15 years behind in their security of these units the security is as old as apple pie cc is more concern in securing cable cards than the dct2000 series units. thanks goodness for directv and dishnet work cards because at this point in time thier focus has been on cards and not securing the dct . to me it seems memory in the dct is all used up for one look at earlier boxes with first firm ware when first plugged in unit comes on fast compared to 0.796 firm inwhich takes minutes when first plugged in.i say go go with isp and channel allowance
krunkcraig
Junior Member
Posts: 164
Joined: Sun May 06, 2007 10:24 am
Location: Everythings bigger in Texas

Post by krunkcraig »

True but you missed my point, i meant reprogramming the whole thing, not just firmware, all chips, then use spi...
those other pins have to do something.....the xc chip is like a memory stick with a big list of formula's and if then statements why couldn't we modify our firmware to make it run faster, or use older firmware with the software bdm made to log spi then run a machine to keep trying authorization sequences until the goal is reached? It would take a long time....i dunno maybe it wouldn't take so long.
krunkcraig
Junior Member
Posts: 164
Joined: Sun May 06, 2007 10:24 am
Location: Everythings bigger in Texas

Post by krunkcraig »

Well duh, but isn't their a programmer for the xc chip. When the battery is disconnected the data is lost the data is gone...No luck reprogramming it by replacing it or trying to take it out but you there are no PIN's Like the 10 port BDM or one of the other sets that would have access to info of the other chips. In the firmware there is lots of extra code, now if there was a fpga for those pins we have this idea would work. and RTL type program if i can recall. I remember cipher talking about it back in some old form. Can anybody tell me how the I.V. Works? Does this hint to finding the Spi checksum's needed to authorizes all channels? The I.v. is it just the sequence to tell the box's chips to start processing information, because we intercept it is how we get into BDM mode. So wouldn't the information needed be floting around inside the box in the calculations that are encrypted to the outside world but accessible if the box could be put into a different mode that could allow you to access information about theses calculation that the XC Chip performs and sends back to another chip to check when you do send commands via spi serial connection? Like a supervisor mode or something?
junctionbox
Junior Member
Posts: 449
Joined: Sat Oct 21, 2006 6:19 am

my conrads lets call on the great cipher

Post by junctionbox »

we need the great cipher to answer our question conrads. earthleens to cipher calling on cipher come in cipher :D
krunkcraig
Junior Member
Posts: 164
Joined: Sun May 06, 2007 10:24 am
Location: Everythings bigger in Texas

Post by krunkcraig »

Very true, but aren't all XC chips different but the same. Just different Keys. What goes in encrypted comes out encrypted. So let me ask this, is there a supervisor mode because if we were in supervisor mode then the operation stacks ".s19" would reveal more? I feel lied to some how, this thing is so old and its no cracked, hacked, or been jacked.
patsfan
Junior Member
Posts: 673
Joined: Thu Jul 21, 2005 4:02 pm

Post by patsfan »

i would say the uid is programmed into the xc chip. any box i have ever seen that has come back from repair from motorola, always has a sticker warning to update the inventory system as the uid has been changed. the gi number is still the same though.
krunkcraig
Junior Member
Posts: 164
Joined: Sun May 06, 2007 10:24 am
Location: Everythings bigger in Texas

Post by krunkcraig »

So the chips are hard coded, their's no chance of changing anything with the Xc besides the spi....So can we do a inventory, maybe theirs only 50 or so that are the same but different. Maybe do a poll or something, i know their are about a million of boxes around. How can i learn how to do some "advanced Program"? I want to use my usbbdm to do more. Maybe somebody could point me in a direction thanks.
afallison
Junior Member
Posts: 27
Joined: Tue Jan 23, 2007 10:01 am

Post by afallison »

im kinda lost in this conversation, but i thought i would put in my 2 cents. as far as i know, the GI number is a number that the cc assigns a box that is paired with the uid.

the GI # is a number given to the cc for "inventory" and "billing". for example - if you were to call your cc and say your box isn't working correctly for whatever reason, they may attempt to verify the box # (GI). they don't go by your uid, network address, or upm because they have a number that they can associate everything with - the GI #.

as far as i have seen, the GI number never appears anywhere in the nvram or code - only SPI, and not even really there. i may be wrong but this is what i have noticed. the GI # and UID seem to be one in the same. ie - the cc wants to send a refresh "hit" to a box, they dont use the uid - they use the GI, which is "paired" to the uid it is essentially trying to target.

as far as the xc chip goes - it sucks we dont have more info on this thing - especially after all these years. but the incredible thing is there are ways around it using basic "testing" methods via a usbbdm cable and an already available header to connect to.

bottom line is get a good nvram and get things running from there. and enjoy using the 2000/700/2500 series boxes while they still last. the FCC is pushing for these new "smart cards" for security features. some "external" security features - google it - i dunno. i give it another year or 2 before these boxes become obsolete. especially after cable goes all digital next year.

and adrian is correct. somehow the cc have made this system secure for all these years in a sick way of utilizing the xc chip against us all because they knew we couldn't beat it.

kudos to the cc and motorola for the outstanding security measures they have taken keeping us in the dark about the xc chip. but in the mean time, all i can say is thanks for all the premiums and vod. love the pr0n.

:)
krunkcraig
Junior Member
Posts: 164
Joined: Sun May 06, 2007 10:24 am
Location: Everythings bigger in Texas

Post by krunkcraig »

adrianbv6 wrote:my theory from what i done


XC chip has one main decoding key...not video keys decoding encrypt.


since i seen some 10 boxes with same XC chip stamp on it XC YYYYYY ect

gives me the idea that the boxes have 3 things in commun

GI number+xc serial(maibe offset of encryption)+uid=cocktail of hard to decrypt data.


GI number and UID and XC serial are somehow connected together
more then less GI and Xc serial are more important i think because i was logging SPI

from 2 DCT with E11 and i was still getting diferent response from both even thow UID and XC serial is same only thing left diferent now was the GI number that must be programed permanent into the XC flash area and uid is programmed into the ram area.
So the UID has to be the factory original in order to correctly Authorize and use the commands in spi? So how long is the Gi number? 256b's?
junctionbox
Junior Member
Posts: 449
Joined: Sat Oct 21, 2006 6:19 am

about dct unts

Post by junctionbox »

these units be around until the end of the world my belief is these units memory is filled up to capacity if you take a box with 0.796 firm look how long it takes to come on when first plugin compared to first firmware with 0.700 firmware which comes on quickly . they never expected these units would never have loopholes so they never change security of the dct it always remain the same since its introduction they always thought it would be an internal chip to attempt to authorize the dct they never expected it would be cloned now 85% of the world use them. now the second month of 2009 consumers will be allowed to buy set top units and purchase cable cards from your local cable company the law always allowed this even when analog was around most countries allowed you to buy your on unit from radio shack best buy etc. at this point cc is unable to afford to change their dct system theyre still bringing out units like the dct700 their focus is more directed toward cable cards and their security against us is deauthorizing ch.
krunkcraig
Junior Member
Posts: 164
Joined: Sun May 06, 2007 10:24 am
Location: Everythings bigger in Texas

Post by krunkcraig »

So James are you saying cutting down the firmware might allow some extra room to figure some stuff out?
junctionbox
Junior Member
Posts: 449
Joined: Sat Oct 21, 2006 6:19 am

response

Post by junctionbox »

i believe theres no room left to figure something out my belief is theyre to tied up securing the cable cards thats why cc been getting extension from the ccf .originally cable cards and set top boxes suppose been implemented in 2006 it went to 2009 thats let us all know they were ironing out the kinks. the only thing is left for them is deauthoring ch.thats why use both securities upm and uid they have 2 defenses to attack not just one remember every nv has its own upm so fake it. the ground work for the cable cards was implemented 10yrs ago when everyone did directv and dishnet work cards im pretty sure cc is not tring to make the same mistakes :D
patsfan
Junior Member
Posts: 673
Joined: Thu Jul 21, 2005 4:02 pm

Post by patsfan »

the problem with the firmware is that the older boxes like the 2000 series are still in use in most CC's. these boxes only have 2megs of ram so the firmware fills up very quickly with VOD etc. so the CC's are stuck supporting boxes with low memory capabilities. the other option would to be swap out every box to a newer model (2500,700) but that gets expensive when you have humdreads of thousands to change out.

one of the delays with cable cards was the CC's looking to push back the removal of analog signals from the cable stream. by late 2009 all ch's have to be digital with analog shut off. remember this is only in the USA. not sure of any other countries that have the same push on, but Canada has no madate for this. so all along CC's have been renting you a box for a monthly fee and now they have to supply you with a cable card. why would they be in a hurry to lose that revenue.

as far as security goes i believe the CC's still have alot more cards to play. why bother though when only a handfull of people have tried to hack it and the best they can do is keep a few ch's going. once the hacking becomes more widespread you will see more effort to stop it. i see no reason why the xc chip can't support rolling key change for channel auth, and if you have your uid faked th box won't get them. if you don't fake your uid the box gets deauth'd.

my $0.02
Locked

Who is online

Users browsing this forum: No registered users and 5 guests