Re: NDS vs KUDELSKI(na 3)
The European pay-tv satellite provider Premiere, running NDS encryption Videoguard, has been hacked and running Emulation. Files are available now for FREE download on PUBLIC forums.
Now remember just because Premiere has been opened in no way means dave(dtv) is open or will be anytime soon but does give a gleamer of hope when you think about it.
The NDS Videoguard Conditional Access System, which was recently selected by Premiere to provide better content security, has reportedly been compromised by hackers. It is reported that since September 30, it has been possible to view the newly encrypted signals using emulation.
According to the information, DF said there was an interception of a firmware update to Premiere set-top boxes.
Already in August, there were indications of a potential problem, and Hackers became very interested. Internet reports say they were able to discover a new vPlug 2.3.8 designed for the new DVB cards, which are temporary support for some Premiere "program packets."
Emulation has been able to decode Premiere programming channels Direkt, Blue Movie, (one of the erotic channels) as well as Premiere 1-4. Other channels have been confirmed working as well.
The NDS System has been recognized as one of the safest sytems in the World, even though experts know this is not true. There may now be a problem with other platforms including Sky Digital, Sky Italia, Viasat, or German cable networks like Tele Columbus.
In a statement, NDS and Premiere have responded by reminding people that Unauthorized Decoding Schemes are illegal, and may lead to imprisonment.
Premiere is a large German Pay-TV company, involved in both satellite and cable. Around April of this year they changed from Nagravision as their provider of security and switched to NDS's videoguard method of encryption. NDS is also the provider of security or encryption for DTV. Though there have been rumors of hackers having limited success coming out of Europe, there has been no full blown hack.
That is till now. The European pay-tv satellite provider Premiere, running NDS encryption Videoguard, has been hacked and running Emulation. Files are available now for FREE download on PUBLIC forums.
nds.jpg
I wonder how long before we see a North American hack???
NDS: New Vulnerability premiere?
Leipzig - The newly assigned at Premiere NDS coding is apparently already been victims of hacker attacks become.
In a series of Digitalreceivern has in recent months by a software update the coding used by NDS, Nagra changed (DF reported). So customers until the arrival of the new NDS smart card is not on the premiere program had to forgo, the updated set-top boxes for a period of two weeks pay for all packages of the provider released.
Targeted by recording the update data and an analysis of this, have managed to pirate software, already nearly two months after the activation of the NDS system that at least partially to circumvent. DIGITAL TELEVISION (DF) had already in August warned against this possibility.
Now circulating on the Internet in various forums already emulators for the hack. The DF is an editorial as "cryptanalysis" designated protocol before the vulnerability described in detail. Based on this shows that all programs except the direct channels as well as the erotic portal, illegally released them.
So far, was the NDS VideoGuard encoding as one of the safest in the world. It will premiere next in line with major European pay-TV provider BSkyB, Sky Italia and Viasat and the cable networks of the Tele Columbus Group and Kabel Baden Wuerttemberg used. As hacked on the Internet is the "soft-CAS solution", ie the premiere of cards without using words in the receiver will be decoded by pirates. To what extent this impacts on the "hard-coding NDS", is not to say.
Premiere and NDS VideoGuard, we have asked for an opinion. At this point, we once again pointed out that the unlawful decoding of pay content is a criminal offense and punishable with prison sentences will be.
08.10.08
Premiere and NDS deny Vulnerability
Leipzig - The pay-TV provider Premiere and NDS encryption providers have the security gap in the coding system NDS
VideoGuard denied.
Compared DIGITAL TELEVISION NDS in a divided opinion with: "The encryption system NDS VideoGuard is still on all platforms world's completely safe."
Even a Premiere spokesman denied the occurrence of a security gap. He told DF compared with: "The changeover to the new encryption system is scheduled to expire. At the end of October, all uncertain security, which are currently in operation are shut down. The reception of the premiere programs is still only about NDS VideoGuard and the new version of Nagravision possible. Premiere has time before Christmas a secure encryption system. "
As DF today reported circulating in various Internet forums already emulators with which the newly assigned NDS system at least partly can be circumven...
REALLY????????????????????????????????????????????????????????????????
Re: NDS vs KUDELSKI(na 3)
A little bit of decoding NDS (which?:D)*
DESCRIPTION DETAILED OF THE PROCESS OF DECODING NDS :D
The system NDS Direct TV founds him on the packets of data envoys to the respective decoders together with the data video. Some of these data are selected by the ricevitore/decoder before passing them to the smart card so that to form an united individually authorized. In practice only certain data among million the transit you/they can be passed card to your smart. In this way to your smart cards won't arrive all that turned useless data to other smart card/decoder. Quite a lot packets of data will pass toward the smart card however. I am to dozens and among these of it some they are of vital importance!
The first vital packet is 4840, that it is how much it is immediately gotten after a new channel tunes in him (and also to regular intervals). An example could be as this:
48 40 00 00 XX 40 09 10 10 00 01 4a 12 34 02 41 03 33 42 00 0cs aa bb cc dd ee
let's break him/it in parts:
48 40 00 00 XX I two byte 48 40 describe the type of packet and XX it points out the number of byte that you/they follow;
40 are an echo of the card toward the decoder to point out that you/he/she is working;
09 10 10 00 here 09 are the command that sect the key that will subsequently be used. In this case you/he/she is pointed out the 10 that it is a generic key used by all the smart card. The smart card uses an algorithm that produces 10 (in decimal?; NdT) byte every time that a new byte is acquired. For these 10 byte it uses the preceding value and the new value memorized in the register Á. or accumulator. Once sent forth the command 09, every byte subsequently read almost passes through this algorithm producing a new set of 10 byte. This way the only way to know in advance these 10 byte is immediately after a command 09 are sent card to the smart. The algorithm is sufficiently complex to discover, would also ask for years of elaboration to the super faster computers!!
01 4a 12 34 The command 01 position the time and the date, where 4a represent the month and 12 34 the digital time (not necessarily correlated to the 24 hours). you/he/she must be made to notice, after the preceding description of the "10 byteses key", that the acquisition of these 4 byte will produce one "10 byteses key" absolutely only and not repeatable in how much tied up to temporal values. Then every interception or attempt to change dates it will be translated in an issue of wrong key.
02 41: The command 02 furnish the state of visibility of the program. In the case the byte that follows the "4" it means that for the vision the subscription is necessary, while if it were "8" the vision is free or in preview. The second figure represents the "parental rating" (forbidden to the smaller ones; NdT). However you/he/she must be repeated that every attempt to intercept and to change the 41 (vision with subscription) in 81 (free vision) it will produce one "10 byte key" wrong that all of our efforts it will invalidate.
03 33 42 00: The command 03 verification that our subscription allows the vision of the tuned in channel, in this case 33 42 (Ch-id; NdT). And to this point that smart card will respond in different way to second if we have or we don't have the qualification to the vision of the channel inside our smart card. Also in this case it is not possible to intercept and to change the identificativo of channel to make to believe in the card to have the subscription, without altering and therefore to invalidate quotes her/it 10 byteses key. The command 03 can be repeated more times in how much every single channel can have different Ch-id to it associates and one of these will be recognized or less from our smart card. (This has been done for simplifying and to optimize the offer of the subscriptions to the various packets of programs). In the events Pay For View (PPW) the command 03 are replaced by 06, however the result is the same. (Only that in this case the qualification to the vision of the channel is temporary! NdT).
0c aa bb cc dd ee: 0c is the command that verifies the integrity of all the byteses received after the 09 initial thin to inclusive ee. The five byteses after the 0c (aa bb cc dd ee) you/they are compared with the first 5 byteses of the "10 byteses key" produced and memorized in the accumulator of the smart card (as we have seen to every acquired byte it corresponds a new "10 byteses key";NdT). If for whatever reason, troubles e/o attempts of intercettazione/modifica, these 5 byteses don't coincide, the process of generation of the key of decoding won't be activated. Besides it is not easy to guess these byte in how much 256x256x256x256x256s there are combinations (they are so many!). In this way it finishes the packet 4840.
The smart card puts again him waiting for the next packet. What has been memorized however, it is a set of 10 byteses and the state of visibility or less to the vision of the channel. Till now the ricevitore/decoder doesn't know the status of visibility yet and doesn't show any signal video.
This way, the other packet of vital importance immediately comes later: 48 54. This has a simpler format: 48 54 00 00 00 and nothing more. The smart card recognizes 48 54 and ago echo with a 54. Then it makes use of the data created with the precedent packet 48 40 to produce a further version of the "10 byteses key" and "it beats" the all in way Hardware (so that to make the complicated thing with an emulator, also from the point of view of the speed; NdT).
Then ago a cryptaggio software and he/she sends her/it so gotten "10 byteses key" and the status of visibility to the ricevitore/decoder.
For this further "smanazzamento" of key, just described, the correct status is necessary however for that channel at that time, otherwise she will be sent "10 byteses key" gotten by the precedent packet 48 40 that it behaves the access denied to the channel.
If however everything is OK her "10 byteses key" you/he/she is sent MPEG that will finally furnish us the signal video to the decoder. (The audio is not codified but he/she remains in "molts" until the coding video is not correct).
To this point we have learned that: these two packets are fundamental, if we launch whatever byte of the pachetto 48 40 among the command 09 and the end of the packet, we will have her/it "10 byteses key" wrong with any decoding.
We can now add others you command to the packet 4840 besides the simple 01 (the time and date), 02 (visibility of the program), 03 (verification of the data of subscription), to pact that the final result of the 5 byte of verification is correct and correlated to the commands sent card to the smart. We can for example include the command 60 followed by a lace of sottocomanto BF:
60 BFs 81 23 01
This command ago him that her "10 byteses key" is produced again for 8 times, once for every byte found in the EEPROM beginning from the location 81 23. It is possible to specify the number of blocks from 8 byteses to verify (the example shows only 01 for a block) or a list of addresses to be verified. The real address would be able not to be 8123 but another address (or edges of address) in the area 8xxx that corresponds to the codes altered by the "pirates!"
If we address an area of the eeprom in which we know that there are some fixed values in every legitimate smart card, then every legitimate smart card will produce the same one "10 byteses key" valid for the decoding, but if, as in the case of the cards pirate, also an only byte was different, we will get some wrong keys and therefore anybody decoding.
NdT: they follow then some considerations on fact what this last control is not evidently performed since they have been being around for months card pirate (D*S-DirectTV) funzionanti while with this control you/they would be put all KOs. Is it a choice of the broadcaster? Who knows?
Precise besides that how much above it refers to the system American N*S and as such you/he/she could slightly differ from the European version.
=va urma=:)
Re: NDS vs KUDELSKI(na 3)
Some bugs of NDS :arrow1:
The system Videoguard is currently the surest in circulation, also because the bouquets that it protects don't interest granchè in the hackers of the satellite. Of there are however some bugses that must not be neglected. It is known only for now the bug that allows to add the credit on the paper for the pay for view. Sending a simple script of the kind can be added some credit on the paper:
This script will be censored in some parts of his so that he cannot be used for illegal purposes
;PREP 09
48 42 00 00 1D
R01
09 1A 00 00 30 60 C9 0D 00 ** ** ** ** 00 09 24 09
24 09 24 22 22 BB 00 0C 02 9C 62 95 FA
R02
;PREP 09
48 42 00 00 1D
R01
09 1A 00 00 30 60 C9 0D 00 01 80 00 00 09 24 09
24 09 24 22 22 BB 00 0C 16 FC ** ** **
R02
;USW a 1B
48 42 00 00 1C
R01
09 1A 00 00 30 60 D2 ** ** ** ** ** **
01 8F 2F FF BB 00 0C D0 24 2F 61 D7
R02
;USW a 1C
48 40 00 00 1A
r01
09 22 00 00 30 60 c0 06 00 ** ** ** 81 bb 00
09 10 00 00 0C 71 3C 6B 7D FF
r02
;USW a 1D
48 42 00 ** **
R01
09 22 00 00 30 60 C0 08 00 1D 88 5E 00 00 00 00
BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;USW a 1E
48 42 00 00 20
R01
09 22 00 00 30 60 C0 0c 00 1E 88 62 00 00 00 00
00 00 00 00 BB 00 09 ** ** ** 0C 71 3C 6B 7D FF
R02
;USW a 1F
48 42 00 00 20
R01
09 22 00 00 30 60 ** ** ** 1F 88 6A 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;Setta USW a 00
48 40 00 00 1b
r01
60 d0 16 8e 84 06 d0 85 93 02 50 11 d5 85 dc 85
** ** ** ** 00 00 00 00 ef bb 00
r02
;azzera DTV $$ Amount
48 40 00 00 1b
r01
60 ** ** ** ** ** ** ** ** ** 50 11 d5 85 dc 85
a7 85 00 00 00 00 00 01 ef bb 00
r02
;azzera USB $$ Amount
48 40 00 00 1b
r01
60 d0 16 8e 83 E4 d0 85 93 02 50 11 d5 85 dc 85
a7 85 00 00 00 ** ** ** ** ** **
r02
;azzera PPV Area #1
48 42 00 00 20
R01
09 12 00 00 30 60 C0 0C ** ** ** ** ** ** ** **
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #2
48 42 00 00 20
R01
09 12 00 00 30 60 C0 0C 00 02 80 30 00 00 00 00
00 00 00 00 BB 00 09 10 00 00** ** ** ** ** **
R02
;azzera PPV Area #3
48 42 00 00 20
R01
09 12 00 00 30 60 C0 0C 00 03 80 38 00 00 00 00
** ** ** ** ** ** ** ** 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #4
48 42 00 00 20
R01
09 12 00 00 30 60 C0 0C 00 04 80 40 00 00 00 00
** ** ** ** ** ** ** **10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #5
48 42 00 00 20
R01
** ** ** ** ** **0 C0 0C 00 05 80 48 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #6
48 42 00 00 20
09 12 00 00 30 60 ** ** ** ** ** ** ** 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #7
48 42 00 00 20
R01
09 12 00 ** ** ** ** ** ** ** 80 58 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #8
48 42 00 00 20
R01
09 12 ** ** ** ** ** ** C 00 08 80 60 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #9
48 42 00 00 20
R01
** ** ** ** ** ** **C0 0C 00 09 80 68 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #10
48 42 00 00 20
R01
** ** ** ** ** ** ** **0C 00 0A 80 70 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #11
48 42 00 00 20
R01
** ** ** ** ** ** **C0 0C 00 0B 80 78 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #12
48 42 00 00 20
R01
** ** ** ** ** ** ** C0 0C 00 0C 80 80 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #13
48 42 00 00 20
R01
** ** ** ** ** ** ** 0C 00 0D 80 88 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #14
48 42 00 00 20
R01
** ** ** ** ** ** ** 0C 00 0E 80 90 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #15
48 42 00 00 20
R01
** ** ** ** ** ** ** 0C 00 0F 80 98 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #16
48 42 00 00 20
R01
** ** ** ** ** ** ** 0C 00 10 80 A0 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #17
48 42 00 00 20
R01
** ** ** ** ** ** ** 0C 00 11 80 A8 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #18
48 42 00 00 20
R01
** ** ** ** ** ** ** 0C 00 12 80 B0 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #19
48 42 00 00 20
R01
** ** ** ** ** ** ** 00 13 80 B8 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #20
48 42 00 00 20
R01
** ** ** ** ** ** ** 0C 00 14 80 C0 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #21
48 42 00 00 20
R01
** ** ** ** ** ** ** 0C 00 15 80 C8 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #22
48 42 00 00 20
R01
** ** ** ** ** ** ** 0C 00 16 80 D0 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #23
48 42 00 00 20
R01
** ** ** ** ** ** ** 00 17 80 D8 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #24
48 42 00 00 20
R01
** ** ** ** ** ** **C0 0C 00 18 80 E0 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;azzera PPV Area #25
48 42 00 00 20
R01
** ** ** ** ** ** ** C0 0C 00 19 80 E8 00 00 00 00
00 00 00 00 BB 00 09 10 00 00 0C 71 3C 6B 7D FF
R02
;Chiude 09 e aggiorna a 26
48 40 00 00 19
r01
** ** ** ** ** ** ** C0 05 00 1A 8F 2F 09 BB 00 09
10 00 00 0C 71 3C 6B 7D FF
R02
'D u like to watch boom tv for free,'DN'T U?:D
Re: NDS vs KUDELSKI(na 3)
These Viasat channels from sirius working with FAUSTO.
11.747 V [27500]
TV4
11.785 V [27500]
SVT1 ABC
SVT1 Gavledala
SVT1 Mittnytt
SVT1 Nordnytt
SVT1 Østnytt
SVT1 REG
SVT1 Smalandsnytt
SVT1 Sydnytt
SVT1 Tvarsnytt
SVT1 Varmlandsnytt
SVT1 Vasterbottensn
SVT1 Vastnytt
SVT2 ABC
SVT2 Gavledala
SVT2 Mittnytt
SVT2 Nordnytt
SVT2 Østnytt
SVT2 REG
SVT2 Smalandsnytt
SVT2 Sydnytt
SVT2 Tvarsnytt
SVT2 Varmlandsnytt
SVT2 Vasterbottensn
SVT2 Vastnytt
11.823 V [27500]
DR1
DR2
11.862 V [27500]
ztv.se
11.881 H [27500]
SVT Barnkanalen
SVT1
SVT2
11938 V [27500]
TV3 Mitt
TV3 Norr
TV3 Øst
TV3 Syd
TV3 Vast
11.958 H [27500]
3+ Baltics
3+ Baltics E
TV3 Latvia
11.977 V [27500]
TV3+
Viasat4
12.015 V [27500]
NRK Super/NRK3
NRK1
NRK1 Midtnytt
NRK1 More og Romsda
NRK1 Nordland
NRK1 Nordnytt
NRK1 Østafjells
NRK1 Østfold
NRK1 Østnytt
NRK1 Rogaland
NRK1 Sorlandet
NRK1 Tegnsprak
NRK2
12.054 V [27500]
TV3 Denmark
TV3 Norge
TV3 Stockholm
TV6
12.092 V [27500]
TV7
12.476 V [27500]
TV 2/Bornholm
TV 2/Fyn
TV 2/Lorry
TV 2/Midt-Vest
TV 2/Nord
TV 2/Øst
TV 2/Østjylland
TV 2/Syd
They're working with FAUSTO,also working with Diablo light + FAUSTO + Season Interface,but also Also works with diablo wifi + Add on!:D Si sunt codate in...=vedeti pe lygsat,king of sat(nu le vad pe toate din cauza puterii respetivilor tp!:comp:)
Re: NDS vs KUDELSKI(na 3)
si asta Fausto unde il gasim si cit costa?Ai o idea?
Re: NDS vs KUDELSKI(na 3)
vai de sufletele voastre:wellcome:
fausto e pt DIABLO dar inutil ..canalele resple vezi depe 1w:cheers:
ca si chestie acum
nu a fost spart nedese
este doar o adaptare reusita si la Opticum sau Neotion si altele pt a deveni ca si receptoarele orijinale Viasat , resp recept vad aceste canale la liber
Re: NDS vs KUDELSKI(na 3)
@deidei ,believe what u want...
I konw these channels are "free" on 1w too!
Where I wrote NDS 3 was hacked??? :ideea::o
Re: NDS vs KUDELSKI(na 3)
Hi,
I'm new here can any one tell me.... is NDS Videoguard hacked or are there a chance to view the Channel with an Emulator ?
Thanks
SAMIOL
Re: NDS vs KUDELSKI(na 3)
Re: NDS vs KUDELSKI(na 3)
Thanks skycleaner,
only with CS ! Were can I found Server for Cardsharing?
Fast :clap: Thanks
lg
