hi
in this post I will try to explain
how to Decode Encrypted Viaccess Word
For now I will use SOLTV Example,
beacause last byte of the Key is Even (94).
key09=06 E8 27 3B 2F C3 24 94
so you do not need to change the crypted word
I will post later how to change the crypted word after I explain the
Signture chack Algo.
Example of SLOTV
-----------------
Incoming ECM Instruction
CA 88 00 09 21
ACK 88
Received Encrypted Data
E2 03 2B 28 01 EA 10 B0 BD D8 4D 71 77 CF DD C4
27 54 7A 9F 30 1A B5 F0 08 6F 06 0A C1 02 1D B7 7F
90 00
Signature OK!!
Request Decrypted CW
CA C0 00 00 12
Reply Decrypted CW
C0 EA 10 EF 30 66 85 5A B0 88 92 2A 72 94 30 7E 15 EC 7F
90 00
--------------------------------------------------------
CA 88 instruction send to the card the encrypted word
The P2 byte (09 in the example) is the key number to be used
to decode the encrypted data obtained shortly.
The P3 byte indicates the number of bytes to be received by the card,
in this example hex 21 decimal 33.
In the 21 byte string are two encrypted 8 byte words which have to be
decrypted using the 7 byte of the key.
The card must send 88 ACK to the Reseiver in order to receive the P3 21
bytes.
Finally the card sends 90 00 if the Signature ok.
21 bytes breaks down to:-
-------------------------------------------------------
E2 03 :date nano & length
2B 28 01 :date 2001-09-08 (third byte unknown)
EA 10 :encrypted words nano & length
B0 BD D8 4D 71 77 CF DD :encrypted 1
C4 27 54 7A 9F 30 1A B5 :encrypted 2
F0 08 :Signature nano & length
6F 06 0A C1 02 1D B7 7F :Signature word
then the card send the 2 decrypted words
decrypted 1 =EF 30 66 85 5A B0 88 92
decrypted 2 =2A 72 94 30 7E 15 EC 7F
----------------------------------------------------------
before decoding first 7 keybytes are rotated left by 2 bytes.
key(k1 k2 k3 k4 k5 k6 k7 k8) -> key(k3 k4 k5 k6 k7 k1 k2 k8)
key09=06 E8 27 3B 2F C3 24 94 -> 27 3B 2F C3 24 06 E8 94
to decode do folowing steps 16 times
-key preparation
-data manipulation
-Viaccess mode
-Expansion or E-Table
-Substitution or S-Boxes
-Permutation or P Table
-PROCESS ITERATION
KEY PREPARATION
****************
We use only 7 byte or 56 bit of the key
which we split into two 28 bit halves and
we rotate each half 1 or 2 bits to the left depending on which of the
16 rounds we're on then put the two halves together.
A single rotation left means that the first
(most significant or left hand) bit moves to the last
(least significant or right hand) position and all the other bits move
one to the left.
The exact number of left rotations is determined by the table:
Round 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
No of rotations 1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
We then create a new 48 bit key by reordering 48 of the bits
in the 56 bit shifted key according to the pattern:
14 17 11 24 1 5
3 28 15 6 21 10
23 19 12 4 26 8
16 7 27 20 13 2
41 52 31 37 47 55
30 40 51 45 33 48
44 49 39 56 34 53
46 42 50 36 29 32
This means that the new 1st bit is the 14th old bit, new 2nd bit is
old 17th and so on with the new 48th bit being the old 32nd bit.
The old bits 9, 18, 22, 25, 35, 38, 43, 54 are not used.
This operation is called a Permutation and the table is called
Permuted Choice 2 or PC-2 in DES terminology.
then we split the result up into eight 6-bit blocks
Preparation of the key is now complete for a single round.
Note that the net result is that we have a new 48 bit in form
eight 6-bit blocks key for use later on.
DATA WORD MANIPULATION
**********************
The encrypted word is 8 bytes or 64 bits long.
The first thing to do is to split this into two halves each 32 bits
long or 4 byte called L and R.
Example:
encrypted word =B0 BD D8 4D 71 77 CF DD
L=B0 BD D8 4D
R=71 77 CF DD
Viaccess mode
**************
to change the first byte of R
1-8th byte of key multiplied by the first byte of R
(to get 2 byte or 16 bits word).
2-the first byte of R is added to result
(add 1 to upper byte if there was a carry with the lower byte).
3-8th byte of key is added to result on the same way.
4-the upper byte is subtracted from the lower byte.
(If there was a carry in this subtract then add 1)
Example:
--------
key(7)=94 // 8th byte of key
R(0)=71 // the first byte of R
1)- 94 * 71 = 4154
2)- 94 * 71 + 94 = 41E8
3)- 94 * 71 + 94 + 71 = 4259 (upper byte = 42 lower byte=59)
4)- 59 - 42 = 17
-------------------with carry
key(7)=94
R(0)=AB
1)- 94 * AB =62DC
2)- 94 * AB + 94=6370
3)- 94 * AB + 94 + AB=641B (upper byte = 64 lower byte = 1B)
4)- 1B - 64 = B7 with carry 1
B7 + 1=B8
---------
Expansion or E-Table
********************
Then we build a new R called R1 of length 48 bits
by using the pattern:
32 1 2 3 4 5
4 5 6 7 8 9
8 9 10 11 12 13
12 13 14 15 16 17
16 17 18 19 20 21
20 21 22 23 24 25
24 25 26 27 28 29
28 29 30 31 32 1
This means our R1 has its 1st bit as old R's last bit,
its 2nd bit as old R's 1st bit and so on with its last bit being
the ols R's 1st bit.
As you can see, some of old R's bits are used more than once.
The table is called the Expansion or E-Table.
then we split the result up into eight 6-bit blocks
Substitution or S-Boxes
*************************
We now XOR one block of R1 with one block of key we prepared earlier,
Each of these blocks is used to locate an entry in one of the eight
tables below, called Substitution or S-Boxes.
Substitution Box 1
E0 00 40 F0 D0 70 10 40
20 E0 F0 20 B0 D0 80 10
30 A0 A0 60 60 C0 C0 B0
50 90 90 50 00 30 70 80
40 F0 10 C0 E0 80 80 20
D0 40 60 90 20 10 B0 70
F0 50 C0 B0 90 30 70 E0
30 A0 A0 00 50 60 00 D0
Substitution Box 2
0F 03 01 0D 08 04 0E 07
06 0F 0B 02 03 08 04 0E
09 0C 07 00 02 01 0D 0A
0C 06 00 09 05 0B 0A 05
00 0D 0E 08 07 0A 0B 01
0A 03 04 0F 0D 04 01 02
05 0B 08 06 0C 07 06 0C
09 00 03 05 02 0E 0F 09
Substitution Box 3
A0 D0 00 70 90 00 E0 90
60 30 30 40 F0 60 50 A0
10 20 D0 80 C0 50 70 E0
B0 C0 40 B0 20 F0 80 10
D0 10 60 A0 40 D0 90 00
80 60 F0 90 30 80 00 70
B0 40 10 F0 20 E0 C0 30
50 B0 A0 50 E0 20 70 C0
Substitution Box 4
07 0D 0D 08 0E 0B 03 05
00 06 06 0F 09 00 0A 03
01 04 02 07 08 02 05 0C
0B 01 0C 0A 04 0E 0F 09
0A 03 06 0F 09 00 00 06
0C 0A 0B 01 07 0D 0D 08
0F 09 01 04 03 05 0E 0B
05 0C 02 07 08 02 04 0E
Substitution Box 5
20 E0 C0 B0 40 20 10 C0
70 40 A0 70 B0 D0 60 10
80 50 50 00 30 F0 F0 A0
D0 30 00 90 E0 80 90 60
40 B0 20 80 10 C0 B0 70
A0 10 D0 E0 70 20 80 D0
F0 60 90 F0 C0 00 50 90
60 A0 30 40 00 50 E0 30
Substitution Box 6
0C 0A 01 0F 0A 04 0F 02
09 07 02 0C 06 09 08 05
00 06 0D 01 03 0D 04 0E
0E 00 07 0B 05 03 0B 08
09 04 0E 03 0F 02 05 0C
02 09 08 05 0C 0F 03 0A
07 0B 00 0E 04 01 0A 07
01 06 0D 00 0B 08 06 0D
Substitution Box 7
40 D0 B0 00 20 B0 E0 70
F0 40 00 90 80 10 D0 A0
30 E0 C0 30 90 50 70 C0
50 20 A0 F0 60 80 10 60
10 60 40 B0 B0 D0 D0 80
C0 10 30 40 70 A0 E0 70
A0 90 F0 50 60 00 80 F0
00 E0 50 20 90 30 20 C0
Substitution Box 8
0D 01 02 0F 08 0D 04 08
06 0A 0F 03 0B 07 01 04
0A 0C 09 05 03 06 0E 0B
05 00 00 0E 0C 09 07 02
07 02 0B 01 04 0E 01 07
09 04 0C 0A 0E 08 02 0D
00 0F 06 0C 0A 09 0D 00
0F 03 03 05 05 06 08 0B
we now form a new R called R2 from
the 1st block uses Box-1 + the 2nd Box-2 to form frist byte of R2
the 3rd block uses Box-3 + the 4th Box-4 to form second byte of R2
the 5th block uses Box-5 + the 6th Box-6 to form third byte of R2
the 7th block uses Box-7 + the 8th Box-8 to form forth byte of R2
Example:
---------
1st block of key = 2D
1st block of R1 = 22
2D xor 22 = 0F (decimal 15)
this is the location 15 in the frist box (which is = 10)
2nd block of key = 0F
2nd block of R1 = 2E
0F xor 2E = 21 (decimal 33 )
this is the location 33 in the second box (which is = 0D)
so frist byte of R2 is 10 + 0D =1D
----------
Permutation or P Table
************************
The last operation is to create a (third and final) R called R3 from
R2 by using the following Permutation or P Table:
16 7 20 21
29 12 28 17
1 15 23 26
5 18 31 10
2 8 24 14
32 27 3 9
19 13 30 6
22 11 4 25
This means that the 1st bit of R3 is the 16th of R2, the 2nd is the 7th and
so on, with the 32nd being the 25th bit of R2.
PROCESS ITERATION
******************
The net result of the previous sections was to split the encrypted word into
two halves, ignore the left-hand one L and eventually create a new
right-hand one R3.
Now we XOR L and R3 together, and we've finished a decryption round.
For the next round, we treat old R (before applay viaccess mode)
as the left-hand half of a new data word and the result of
the XOR operation as the right-hand half and
**************************************************
*******************
We do this 16 times and we end up with a last left-right pair of 32 bits
each. Put these together and we have a decrypted 8 byte word.
Continue the whole decryption process for the second encrypted word obtained
from the 88 instruction dialogue and then both can be sent to the Receiver
via the C0 instruction dialogue and the TV picture is unscrambled!
-----------------------------------
complete decode log for 16 rounds
DECODING START
----------------------------------------
DES_Round=0
**********
(L)=B0 BD D8 4D (R)=71 77 CF DD
Shift Key=4E 76 5F 86 48 0D D0
PC2= 2D 0F 28 15 1C 25 12 28 //6 bits only in evry byte
R(0)=17 //applay viaccess mode
R1=22 2E 2E 2F 39 1F 3B 3A //6 bits only in evry byte
Key Xor R1=0F 21 06 3A 25 3A 29 12 //6 bits only in evry byte
R2=1D E2 CD 19
R3= 1B 4D 69 1E
L xor R3=AB F0 B1 53
new R=AB F0 B1 53
DES_Round=1
**********
(L)=71 77 CF DD (R)=AB F0 B1 53
Shift Key=9C EC BF 0C 90 1B A0
PC2= 3F 07 34 06 02 2F 30 06
R(0)=B8
R1=37 31 1E 21 16 22 2A 27
Key Xor R1=08 36 2A 27 14 0D 1A 21
R2=26 F6 39 A2
R3= 74 43 37 95
L xor R3=05 34 F8 48
new R=05 34 F8 48
DES_Round=2
**********
(L)=AB F0 B1 53 (R)=05 34 F8 48
Shift Key=73 B2 FC 22 40 6E 83
PC2= 18 2A 1D 1D 0B 04 16 30
R(0)=7A
R1=0F 34 06 29 1F 30 09 10
Key Xor R1=17 1E 1B 34 14 34 1F 20
R2=BA B3 34 67
R3= E4 DA 0F AE
L xor R3=4F 2A BE FD
new R=4F 2A BE FD
DES_Round=3
**********
(L)=05 34 F8 48 (R)=4F 2A BE FD
Shift Key=CE CB F0 99 01 BA 0C
PC2= 13 1D 10 37 22 14 21 03
R(0)=61
R1=2C 02 25 15 17 3D 1F 3A
Key Xor R1=3F 1F 35 22 35 29 3E 39
R2=D5 E6 09 23
R3= 10 C3 FD 16
L xor R3=15 F7 05 5E
new R=15 F7 05 5E
DES_Round=4
**********
(L)=4F 2A BE FD (R)=15 F7 05 5E
Shift Key=3B 2F C2 74 06 E8 32
PC2= 39 38 27 3A 31 2C 08 10
R(0)=C1
R1=18 03 3E 2E 20 0A 2B 3D
Key Xor R1=21 3B 19 14 11 26 23 2D
R2=F5 C8 55 B8
R3= 2A 85 E7 5B
L xor R3=65 AF 59 A6
new R=65 AF 59 A6
DES_Round=5
**********
(L)=15 F7 05 5E (R)=65 AF 59 A6
Shift Key=EC BF 09 C0 1B A0 C9
PC2= 2F 2E 0A 23 24 10 1D 0C
R(0)=22
R1=04 05 15 1E 2B 33 34 0C
Key Xor R1=2B 2B 1F 3D 0F 23 29 00
R2=9F 12 13 1D
R3= 6E E8 68 32
L xor R3=7B 1F 6D 6C
new R=7B 1F 6D 6C
DES_Round=6
**********
(L)=65 AF 59 A6 (R)=7B 1F 6D 6C
Shift Key=B2 FC 27 30 6E 83 24
PC2= 2E 31 3C 1A 26 09 0A 00
R(0)=E4
R1=1C 08 03 3E 2D 1A 2D 19
Key Xor R1=32 39 3F 24 0B 13 27 19
R2=C0 C9 71 80
R3= A0 85 A1 C1
L xor R3=C5 2A F8 67
new R=C5 2A F8 67
DES_Round=7
**********
(L)=7B 1F 6D 6C (R)=C5 2A F8 67
Shift Key=CB F0 9C E1 BA 0C 90
PC2= 1B 03 0B 1D 14 06 18 25
R(0)=CB
R1=39 16 25 15 1F 30 0C 0F
Key Xor R1=22 15 2E 08 0B 36 14 2A
R2=11 00 7A 9C
R3= 3A 24 40 A3
L xor R3=41 3B 2D CF
new R=41 3B 2D CF
DES_Round=8
**********
(L)=C5 2A F8 67 (R)=41 3B 2D CF
Shift Key=97 E1 39 D3 74 19 20
PC2= 0E 17 17 34 08 0D 22 05
R(0)=43
R1=28 06 27 36 25 1B 39 1E
Key Xor R1=26 11 30 02 2D 16 1B 1B
R2=8C BD 24 FE
R3= 8E 9A 15 FD
L xor R3=4B B0 ED 9A
new R=4B B0 ED 9A
DES_Round=9
**********
(L)=41 3B 2D CF (R)=4B B0 ED 9A
Shift Key=5F 84 E7 6D D0 64 80
PC2= 35 04 37 19 00 22 12 37
R(0)=0F
R1=01 1F 36 21 1D 1B 33 34
Key Xor R1=34 1B 01 38 1D 39 21 03
R2=99 D5 86 6F
R3= 8D BB 5D 2A
L xor R3=CC 80 70 E5
new R=CC 80 70 E5
DES_Round=10
**********
(L)=4B B0 ED 9A (R)=CC 80 70 E5
Shift Key=7E 13 9D 97 41 92 03
PC2= 15 3E 0C 35 2B 30 26 01
R(0)=DA
R1=3B 35 10 00 0E 21 1C 0B
Key Xor R1=2E 0B 1C 35 25 11 3A 0A
R2=B2 25 C6 5F
R3= CB B6 1A 2E
L xor R3=80 06 F7 B4
new R=80 06 F7 B4
DES_Round=11
**********
(L)=CC 80 70 E5 (R)=80 06 F7 B4
Shift Key=F8 4E 76 5D 06 48 0D
PC2= 23 39 36 07 00 24 0D 13
R(0)=CA
R1=19 14 00 0D 1E 2F 36 29
Key Xor R1=3A 2D 36 0A 1E 0B 3B 3A
R2=A4 C6 9C 23
R3= 31 C3 1F 18
L xor R3=FD 43 6F FD
new R=FD 43 6F FD
DES_Round=12
**********
(L)=80 06 F7 B4 (R)=FD 43 6F FD
Shift Key=E1 39 D9 74 19 20 37
PC2= 1E 32 0B 2F 15 38 04 04
R(0)=42
R1=28 04 08 06 2D 1F 3F 3A
Key Xor R1=36 36 03 29 38 27 3B 3E
R2=76 7A 6C 28
R3= 5C 45 86 DE
L xor R3=DC 43 71 6A
new R=DC 43 71 6A
DES_Round=13
**********
(L)=FD 43 6F FD (R)=DC 43 71 6A
Shift Key=84 E7 65 F0 64 80 DD
PC2= 2E 1D 12 28 30 00 17 08
R(0)=20
R1=04 00 08 06 2E 22 2D 14
Key Xor R1=2A 1D 1A 2E 1E 22 3A 1C
R2=6B 4D 9E 5C
R3= FB 39 D2 68
L xor R3=06 7A BD 95
new R=06 7A BD 95
DES_Round=14
**********
(L)=DC 43 71 6A (R)=06 7A BD 95
Shift Key=13 9D 97 E1 92 03 74
PC2= 34 00 2F 3E 12 0B 08 0D
R(0)=0E
R1=21 1C 0F 35 17 3B 32 2A
Key Xor R1=15 1C 20 0B 05 30 3A 27
R2=C5 DF 27 57
R3= 86 F3 F9 F8
L xor R3=5A B0 88 92
new R=5A B0 88 92
DES_Round=15
**********
(L)=06 7A BD 95 (R)=5A B0 88 92
Shift Key=27 3B 2F C3 24 06 E8
PC2= 0C 2E 3B 32 0A 08 11 29
R(0)=C2
R1=18 05 16 21 11 11 12 25
Key Xor R1=14 2B 2D 13 1B 19 03 0C
R2=6F 87 90 0B
R3= E9 4A DB 10
L xor R3=EF 30 66 85
new R=EF 30 66 85
Final Result=EF 30 66 85 5A B0 88 92
----------------------------------------
DECODING END
----------------------------------------
1- I hope you find this helpful. If you think you have any improvements
or errors to correct leave me a message
here you found this topic and I'll be happy to update it.
2- if you have any questions I'll be happy to answer.
Odpověď s citací
Původně odeslal admsat
Záložky