Dodgy Sky boxes

FREETV · 19-06-2013 07:26PM

If it had enough processing power then maybe it could be designed to track the logo display signal like a fast screen refresh rate does in Hz scanning permanently and cover it in a white or black pigmented block? 600Hz for instance.

MrFrisp · 19-06-2013 07:33PM

I hope this is staying on the Legal side of things for this Thread here?

It's great that the mods are allowing this to continue,and I think it's one of the longest running Threads about this subect to be kept going in a long while.

It's very very interesting,and would be a shame to have it locked. So far it's been proved that the subject can be discussed,without breaking the rules.
.

STB · 19-06-2013 08:43PM

theblueirish wrote: »

The ruling was about copyright infringement, the judges ruled that something that hasn't happened yet cannot be copyrightable. Sky have tried to get round this by making foreign providers broadcast the premier league logo during games.

The EPL anthem and pundits can be classed as copyrightable and cannot legally be shown in a pub.

The FA Premier League you mean. And even that has now been turned on its head since the UK didnt transpose the EU Copyright protections laws correctly to cover replays. TV AD tech, a UK company has successfully won its case to replace the so called copyright materials with adverts.

Getting back to my main reason for posting here. Dreamboxes.......

I see constant reference to them as being something dodgy. ALL satellite boxes currently on the market that have an ethernet port a USB port or a serial port can be made do something else other than normal use.

The new HD box rollout is to enable Sky to marry the card to the new HD receivers chip (hardware) ID via streams. It cannot be implemented on older SD boxes. Unfortunately the whole point of what it is being implemented has already been compromised, just not in emulator format currently widespread. Meanwhile dodgy underground factories are no doubt mass producing boxes with hacked chips as we speak.

Nobody has advised on how to access anything illegal from what I have read. Given that this a technical forum, I welcome that we are being afforded a technical discussion on the subject. I don't condone or use any of the methods myself.

The thread title is the only thing dodgy in my opinion and hopefully doesn't invite the wrong type of poster.

MrFrisp · 19-06-2013 09:22PM

STB wrote: »

Nobody has advised on how to access anything illegal from what I have read. Given that this a technical forum, I welcome that we are being afforded a technical discussion on the subject. I don't condone or use any of the methods myself.

The thread title is the only thing dodgy in my opinion and hopefully doesn't invite the wrong type of poster.

Agreed..

Hopefully if it does attract the wrong type of poster,that post will be removed,and the poster banned.

It would be a shame to have the whole Thread closed.

And,,fair dues to yourself for raising the subject at all.
.

Manc-Red · 19-06-2013 09:37PM

Premium/HD channels on 28e that are encrypted by NDS will soon be in the black for CS subscribers, Sky are rolling out the new pairing software that won't be breached for a long long time - maybe never.

Just too many now using that system via the net & a dish.

IPTV will be the next big way round viewing those channels I suspect though.

Trick of the Tail · 19-06-2013 10:18PM

I'm glad sense has prevailled with this thread, a techie discussion is exactly what I meant.

Interesting times.

Only today I was advising a friend who had ideas about selling these receivers - advising against it for a number of reasons: Legality for one, morality (irrespective of what your opinions about Sky themselves) and the fact that once the system is defeated, there will be a lot of angry customers.

jmcc · 19-06-2013 11:27PM

Pairing was one of the first of News Datacom's countermeasures for this hack. (Originally the Fiat-Shamir Zero Knowledge Test was to be used to authenticate the smartcard but the code in the decoder didn't work properly and one of the strongest elements in the system was useless.) From what I've read, many of the more recent countermeasures have been aimed at timing and jitter introduced by the internet path. Hard to think that this hack is now over 20 years old. I know - I invented it.

Regards...jmcc

Manc-Red · 19-06-2013 11:34PM

Trick of the Tail wrote: »

I'm glad sense has prevailled with this thread, a techie discussion is exactly what I meant.

Interesting times.

Only today I was advising a friend who had ideas about selling these receivers - advising against it for a number of reasons: Legality for one, morality (irrespective of what your opinions about Sky themselves) and the fact that once the system is defeated, there will be a lot of angry customers.

CS is just a workaround - a loophole that will be plugged well before this time next year.

The real issue is Sky's extraordinarily high subs they charge to customers for the right to have EPL on it..... Morally speaking.... they are an absolute disgrace.

Legality aside, I don't think anyone gives a cr*p if they're paying a lot less for something that really should be that price over a year - a tonne or so per sub.

I pay 10 fold that for that legally - I don't blame anyone for looking for a cheaper way, sure most smoke the illegal cigs because of the same reason.

In recessions people will try get the maximum they can for as cheap as possible.

Trust me we've all cut corners at some stage.

IPTV will slash open a new market for the cheaper option very soon after this door has been shut.

A door shuts... someone will open another.

Just my 2 cents.

Manc-Red · 19-06-2013 11:36PM

jmcc wrote: »

Pairing was one of the first of News Datacom's countermeasures for this hack. (Originally the Fiat-Shamir Zero Knowledge Test was to be used to authenticate the smartcard but the code in the decoder didn't work properly and one of the strongest elements in the system was useless.) From what I've read, many of the more recent countermeasures have been aimed at timing and jitter introduced by the internet path. Hard to think that this hack is now over 20 years old. I know - I invented it.

Regards...jmcc

It's not a hack m8.

jmcc · 19-06-2013 11:39PM

Manc-Red wrote: »

It's not a hack m8.

It is. It even says so in the News Datacom (and others) patents.

Regards...jmcc

Manc-Red · 19-06-2013 11:42PM

jmcc wrote: »

It is. It even says so in the News Datacom (and others) patents.

Regards...jmcc

That door is not opened publicly & you know it - if it was Sky would be gone.

CS is just a way round from a legal source. A hack is a different baby altogether if public.

jmcc · 19-06-2013 11:53PM

Manc-Red wrote: »

That door is not opened publicly & you know it - if it was Sky would be gone.

The advantage of this hack is that it relies on transmitting and receiving a very small packet of data periodically. From a legal point of view, it has been challenged in a few jurisdictions.

CS is just a way round from a legal source. A hack is a different baby altogether if public.

I'm not sure you understand pay TV security issues. The limiting factor for this hack is that it is not a general solution as were the old pirate Sky smartcards. They effectively decapitated the system by removing the conditional access management element of a legitimate card and produced a card that only contained (simple explanation) the algorithms and keys necessary to generate the key. Where this hack differs is that it effectively parallelises the situation with one card virtually plugged into a number of decoders. The risk is that as the number of decoders running off one card increases, the possibility of detection increases. As such it is a more sporadic kind of hack than a general solution in that it involves an element of complexity for the end user (moreso than a pirated card) and a card server to provide the decrypted key stream.

Regards...jmcc

Manc-Red · 19-06-2013 11:57PM

jmcc wrote: »

The advantage of this hack is that it relies on transmitting and receiving a very small packet of data periodically. From a legal point of view, has been challenged in a few jurisdictions.

I'm not sure you understand pay TV security issues. The limiting factor for this hack is that it is not a general solution as were the old pirate Sky smartcard. They effectively decapitated the system by removing the conditional access management element of a legitimate card and produced a card that only contained (simple explanation) the algorithms and keys necessary to generate the key. Where this hack differs is that it effectively paralellises the situation with one card virtually plugged into a number of decoders. The risk is that as the number of decoders running off one card increases, the possibility of detection increases. As such it is a more sporadic kind of hack than a general solution in that it involves an element of complexity for the end user (moreso than a pirated card) and a card server to provide the decrypted key stream.

Regards...jmcc

The Cam to provide this share is still not a hack - there is still an activated card at source shared over the net.

A hack doesn't need a source card.

jmcc · 20-06-2013 12:23AM

Manc-Red wrote: »

The Cam to provide this share is still not a hack - there is still an activated card at source shared over the net.

A hack doesn't need a source card.

I can see that Wotsat et al has reduced the knowledgebase considerably.

A hack can use a "source", or more precisely a legitimately subscribed card and one of the earliest hacks on a Sky system limited the programming voltage (the smartcard used EPROM memory rather than EEPROM) so that a legitimate card for which the subscription was discontinued could not be switched off. Another one did something similar by stopping the control packet with the card's deactivation instruction reaching the card. That one involved replacing the decoder's smartcard interface microcontroller with a reprogrammed version but it was not a widespread hack.

Sky and News Datacom's idea to use a custom CAM approach was a good on in that it did limit attacks for a while however such things are of limited use as technology progresses. This means that such defenses and hacks have a limited lifespan. The technological resources of the attacker increase and the Conditional Access System provider is forced to keep increasing and tweaking defences. The problem for Sky is that its subscriber base is now so large that the initial "moving target" theory of a three to six month card cycle (new cards would have been released every three to six months making it commercially non-viable for a hack to be executed and marketed) is no longer commercially viable and it is, again from what I've read, a last resort. Again from what I've read, some of the non-Sky systems are interested in using a more hardware sensitive and focused CAM that is more difficult to emulate in software. Ironically this custom hardware solution was tried first by Sky and News Datacom with the microcontroller and ASIC smartcard.

The key stages of a hack, just in case you don't know, are execution, weaponisation and monetisation. The first part is self-explanatory. The second is where the hack is turned into something that is marketable.The third determines if the hack is a major threat to the Pay TV operator's business. Because of the sporadic nature of this hack and the complexity for the enduser (stage 2), it is not a major threat to the core business of a Pay TV operator as a general solution smartcard based hack. Monetising it is also difficult because the pirates effectively encounter many of the same problems as the Pay TV operator.

Regards...jmcc

Manc-Red · 20-06-2013 12:27AM

jmcc wrote: »

I can see that Wotsat et al has reduced the knowledgebase considerably. A hack can use a "source", or more precisely a legitimately subscribed card and one of the earliest hacks on a Sky system limited the programming voltage (the smartcard used EPROM memory rather than EEPROM) so that a legitimate card for which the subscription was discontinued could not be switched off. Another one did something similar by stopping the control packet with the card's deactivation instruction reaching the card. That one involved replacing the decoder's smartcard interface microcontroller with a reprogrammed version but it was not a widespread hack.

Sky and News Datacom's idea to use a custom CAM approach was a good on in that it did limit attacks for a while however such things are of limited use as technology progresses. This means that such defenses and hacks have a limited lifespan. The technological resources of the attacker increase and the Conditional Access System provider is forced to keep increasing and tweaking defences. The problem for Sky is that its subscriber base is now so large that the initial "moving target" theory of a three to six month card cycle (new cards would have been released every three to six months making it commercially non-viable for a hack to be executed and marketed) is no longer commercially viable and it is, again from what I've read, a last resort. Again from what I've read, some of the non-Sky systems are interested in using a more hardware sensitive CAM that is more difficult to emulate in software. Ironically this custom hardware solution was tried first by Sky and News Datacom with the microcontroller and ASIC smartcard.

The key stages of a hack, just in case you don't know, are execution, weaponisation and monetisation. The first part is self-explanatory. The second is where the hack is turned into something that is marketable.The third determines if the hack is a major threat to the Pay TV operator's business. Because of the sporadic nature of this hack and the complexity for the enduser (stage 2), it is not a major threat to the core business of a Pay TV operator as a general solution smartcard based hack. Monetising it is also difficult because the pirates effectively encounter many of the same problems as the Pay TV operator.

Regards...jmcc

Barring the dig at the start I enjoyed that

Touché.

jmcc · 20-06-2013 12:38AM

Manc-Red wrote: »

Barring the dig at the start I enjoyed that

Touché.

I must be getting grumpier as I get older.

Sorry about that. The limiting factor on the iptv idea would be the upchannel bandwidth for an attacker. The ideal situation would be a data centre with its own satellite TV system and a few interface servers. But that provides a single point of attack for countermeasures (technical and legal). Also the availability of movies on the web and the delay between cinema and Pay TV releases as taken some of the heat off the Pay TV channels in that they are no longer such a major target for piracy. The big threat to Pay TV operators is from services like Netflix and that's why they were all rushing to implement on-demand services.

Regards...jmcc

Karl Stein · 20-06-2013 12:45AM

jmcc wrote: »

<MOD EDIT: SNIP.>

You're right there Ted.

Manc-Red · 20-06-2013 01:03AM

jmcc wrote: »

I must be getting grumpier as I get older. Sorry about that. The limiting factor on the iptv idea would be the upchannel bandwidth for an attacker. The ideal situation would be a data centre with its own satellite TV system and a few interface servers. But that provides a single point of attack for countermeasures (technical and legal). Also the availability of movies on the web and the delay between cinema and Pay TV releases as taken some of the heat off the Pay TV channels in that they are no longer such a major target for piracy. The big threat to Pay TV operators is from services like Netflix and that's why they were all rushing to implement on-demand services.

Regards...jmcc

Regarding Netflix, most definitely are they causing some serious headaches for Uncle Rupert - premium content for less than a price of legal (lol) fags is something I've jumped onto.

I was though referring to the illegal end of IPTV, I'm not so sure at this early stage that pinpointing & carrying out countermeasures on this end of the medium is possible just yet.

Putting up hexed viewing card numbers was laughable by Sly on screen. - very amateur.

These data centers could do a fair bit of damage before they're shut down- just look at admc that was widely available last season via IPTV.

snaps · 20-06-2013 08:24AM

Manc-Red wrote: »

Premium/HD channels on 28e that are encrypted by NDS will soon be in the black for CS subscribers, Sky are rolling out the new pairing software that won't be breached for a long long time - maybe never.

Just too many now using that system via the net & a dish.

IPTV will be the next big way round viewing those channels I suspect though.

But surely sky customers with SD boxes receiving premium content will be affected? The excuse sky have said is that everything is being upgraded for on demand services that cant be received on these old receivers.

Zardoz · 20-06-2013 01:45PM

snaps wrote: »

But surely sky customers with SD boxes receiving premium content will be affected? The excuse sky have said is that everything is being upgraded for on demand services that cant be received on these old receivers.

The new pairing system only applies to the HD receivers, SD receivers will be unaffected for the time being.
Their main aim with this new pairing system is to stop HD channels being shared like Viasat did a while back.

Manc-Red · 20-06-2013 06:06PM

snaps wrote: »

But surely sky customers with SD boxes receiving premium content will be affected? The excuse sky have said is that everything is being upgraded for on demand services that cant be received on these old receivers.

Zardoz wrote: »

The new pairing system only applies to the HD receivers, SD receivers will be unaffected for the time being.
Their main aim with this new pairing system is to stop HD channels being shared like Viasat did a while back.

It will take some time but apparently they will offer a HD Box to all who don't have one.

What happens eventually if you don't avail of this is anyones guess at this time though.

excollier · 20-06-2013 06:13PM

You save money:D

Manc-Red · 20-06-2013 06:15PM

excollier wrote: »

You save money:D

Is that possible with Sky??!!:D

excollier · 20-06-2013 06:17PM

No Sky service, no pay Sky, save money!! Simples!!

Manc-Red · 20-06-2013 06:21PM

excollier wrote: »

No Sky service, no pay Sky, save money!! Simples!!

Ah they're necessary evil in my home though unfortunately - can't live without football.

That aint available FTA anywhere unfortunately.

excollier · 20-06-2013 06:23PM

We all have our cross to bear..........

fish fingers · 20-06-2013 11:22PM

Manc-Red wrote: »

Ah they're necessary evil in my home though unfortunately - can't live without football.

That aint available FTA anywhere unfortunately.

Xbmc is the only job these days manc-red. I gave up on the foreign sats a few years ago.

Bubonic · 20-06-2013 11:24PM

I notice people mentioning that the numbers using them went up in recent times but surely that just coincided with the introduction of Nagra 3 by the cable providers, so the same market moved elsewhere.

Skull Murphy · 21-06-2013 12:29AM

excollier wrote: »

It breaks my heart to see RM and his company not making quite as much profit as he would like.

There but by the grace of God etc.

Excollier, do you code Linux yourself? Or just rely on others to provide your OS?

Do you pay a UK tv licence? Help fund "free" sat?

Relying on the goodwill of others or just pure good luck is no reason to feel smug. Hope you read this before its deleted.

jmcc · 21-06-2013 01:30AM

Manc-Red wrote: »

It will take some time but apparently they will offer a HD Box to all who don't have one.

Possibly a way of hardening the CAM against software emulation. When they have the full subscriberbase upgraded, they can move to newer protocols and perhaps a new smartcard release towards the end of the switchover. It will be marketed as an upgrade rather than a switchover.

What happens eventually if you don't avail of this is anyones guess at this time though.

It could be a slow system transition from an old system with vulnerabilities to a newer one. Remember that the threat environment has changed from the time when Sky Digital launched. Widespread broadband really didn't exist then and this kind of temporarily backwards compatible changeover is how such a switch is implemented. When they have enough of the market covered, an indication could be that all new subscribers will only get the newer box, the old version will be on borrowed time. It will be marketed as a compulsory upgrade though and at some date, the older services will be switched off. Because of the number of subscribers involved, the process could be staggered over a year or more.

Regards...jmcc

Dodgy Sky boxes

Comments