المشاركات : 90
المواضيع : 21
الإنتساب : May 2019
السمعة :
1
الإعجاب المعطى : 96
الإعجاب المحصل : 85
السلام عليكم
هل من الممكن إعتبار تشفير القنوات الفضائية نوع من التشفير ويمكن تشفير الملفات به أو هو تشفير خاص بالارسال والاستقبال للملفات والأكواد فقط؟
هل هناك من له دراية بعلم تشفير القنوات الفضائية وقام بدراسة التشفيرات القديمة (الارديتو ،الأكسس ... ) أن يقدم لنا لمحة على كيفية عملها؟
أرجو التفاعل
أعضاء أعجبوا بهذه المشاركة : rce3033
المشاركات : 559
المواضيع : 25
الإنتساب : Nov 2018
السمعة :
7
الإعجاب المعطى : 513
الإعجاب المحصل : 497
نعم التشفير هو نفسه بكل الاحوال
وهو ان ترسل حزم البيانات مشفرة بكود وعندما تستقبل يتم الفك بنفس الكود المشفر به ويم جلبه من الكارت الخاص بالباقة
وهدا للتوضيح فقط الامر واقعيا اعقد من هدا بكثير
المشاركات : 90
المواضيع : 21
الإنتساب : May 2019
السمعة :
1
الإعجاب المعطى : 96
الإعجاب المحصل : 85
28-12-2019, 10:18 PM
(آخر تعديل لهذه المشاركة : 28-12-2019, 10:19 PM بواسطة الباحث.)
شكرا على الرد
أعلم بأن الأمر ليس سهلا وهذا ما صعب التوصل لفك تشفير القنوات
ولكن أردت الخوض في هذا المجال وأردت من يشرح لي الطريقة
وجدت عمل نظام الارديتو القديم وأردت فهمه هل من مساعد
The basic working of the IRDETO card is explained in this document, as it is a widely used encryption system.
This is only for the sake of interest!!!!!!!!!
On start up the IRD will request some information from the card to commence operation.
1) The IRD will reset the card and the card will respond with the ATR message. This message also contains the cards software version i.e. IRDETO ACS V1.2
3B 9F 21 0E 49 52 44 45 54 4F 20 41 43 53 20 56 31 2E 32 A0
3B 9F 21 0E 49 52 44 45 54 4F 20 41 43 53 20 56 32 2E 32 98 (IRDETO2)
2) The country code is requested.
01 02 02 03 00 00 3D
The card will respond with
01 02 00 00 02 03 10
02 01 99 06 01 06 02 06 03 06 04 07 41 Co Co Co Cs
3) The cards ASCII serial number is requested used only for information in the cam info display window.
01 02 00 03 00 00 3F
The card will respond with
01 02 00 00 00 03 14
3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 43 38 31 33 31 36 41 20 20 20 Cs
4) The cards hex serial number is requested (used when the card is initialized).
01 02 01 03 00 00 3E
The card will respond with
01 02 00 00 01 03 00 10
FF FF FF 00 00 00 00 00 00 00 02 00 Hs Hs Hs 18 Cs
4a) The cards hex serial number is requested (used when the card is initialized). For IRDETO2 the hex serial number will let the IRD know how many providers are on the card.
01 02 01 03 00 00 3E
The card will respond with
01 02 00 00 01 03 00 10
FF FF FF 00 00 00 00 00 00 00 04 07 Hs Hs Hs 18 Cs
5a) The provider id for provider 00 is requested
01 02 03 03 00 00 3C
The card will respond with
01 02 00 00 03 03 00 18
Pg Pi Pi Pi 00 00 00 00 00 00 Dt Dt 3B 00 00 00 00 00 00 00 00 00 00 00 Cs
5b) The provider id for provider 10 is requested
01 02 03 03 01 00 3C
The card will respond with
01 02 00 00 03 03 01 18
Pg Pi Pi Pi 00 00 00 00 00 00 Dt Dt 3B 00 00 00 00 00 00 00 00 00 00 00 Cs
5c) The provider id for provider 20 is requested (IRDETO2)
01 02 03 03 02 00 3C
The card will respond with
01 02 00 00 03 03 00 18
Pg Pi Pi Pi 00 00 00 00 00 00 Dt Dt 3B 00 00 00 00 00 00 00 00 00 00 00 Cs
5d) The provider id for provider 30 is requested (IRDETO2)
01 02 03 03 03 00 3C
The card will respond with
01 02 00 00 03 03 01 18
Pg Pi Pi Pi 00 00 00 00 00 00 Dt Dt 3B 00 00 00 00 00 00 00 00 00 00 00 Cs
6) The card’s configuration is requested
01 02 08 03 00 00 37
The card will respond with
01 02 00 00 08 03 00 20
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Cs
6a) The card’s configuration is requested (IT**TO2 the card replys with 64 bytes)
01 02 08 03 00 00 37
The card will respond with
01 02 00 00 08 03 00 40
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Cs
7) The card’s card file 1 is requested
01 02 0E 02 00 00 30
The card will respond with
01 02 00 00 0E 02 00 40
( 64 Bytes of data) Cs
The card’s card file 2 is requested
01 02 0E 03 00 00 31
The card will respond with
01 02 00 00 0E 03 00 40
(64 Bytes of data) Cs
9) Enter home shopping pin (only on DSD720 & 720I IRD’s) Later versions utilizing interactive shopping.
01 02 0A 00 02 02 00 00 36
The card will respond with
01 02 50 00 0A 00 02 00 Cs
10) The IRD will now send public keys to be encrypted
01 02 11 00 00 40
( 64 bytes of data ) Cs
The card will respond with (Suspected that a RSA encryption is used) Used by banks for their networks and ATM machines data encryption.
01 02 58 00 11 00 00 40
(64 bytes of encrypted data) Cs
11) Send home shopping pin
01 02 0A 02 02 02 00 00 34
The card will respond with
01 02 5E 00 0A 02 02 00 Cs
12) The IRD will now send the cam key to be used
01 02 09 Kn 00 40
( 8 packets of 8 bytes to be used) Cs
The card will respond with
01 02 55 00 09 Kn 00 00 Cs
Kn: - Key number to extract out of message (packet of 8 bytes) 00 – 07
13) Now the IRD will start sending ECM’s and EMM’s to the card from the provider.
Cs: - Checksum All bytes xored and last xor with 0x3F
Co: - Country code
3x: - ASCII serial number
Hs: - Hex serial number
Pg: - Provider type
Pi: - Provider ID
Dt: - Date code
Kn: - CAM key number to be used
Structure and use of EMM’s
EMM commands: - Update of Masters keys
String composition.
01 01 00 00 00 LB
C3 Hs Hs Hs 00 Lb 62 03 Co Co Co 68 0D Pg 00 Mk Mk Mk Mk Mk Mk Mk Mk Pi Pi Pi S1 S2 S3 S4 S5 Cs
LB: - Length byte excluding checksum.
Lb: - Second length byte excluding checksum.
Hs: - Hex serial number.
62 03 Country code NANO
Co: - Country code
68 0D: - Master key update NANO
Pg: - Provider group. This sets the card for the provider ID to associate with this master key. This number is also sent to the IRD when the IRD requests the provider ID (after the length byte) (01 = Provider 00) (12 = Provider 10).
Normally the system uses 00 for provider 00 and 10 for provider 10.
Mk: - Master key (encrypted) Decrypt using the key decrypt algorithm.
Pi: - Provider ID
S1 – S5: - Signature calculated using the 10-byte hex master key.
Cs: - Checksum calculated starting with 0x3F and xoring the bytes with each other.
EMM commands: - Update of Plain keys
String composition.
01 01 00 00 00 LB
Pg Pi Pi Pi 00 Lb 40 02 Dt Dt 50 52 Pn Pk Pk Pk Pk Pk Pk Pk Pk Pn Pk Pk Pk Pk Pk Pk Pk Pk S1 S2 S3 S4 S5 Cs
LB: - Length byte excluding checksum.
Lb: - Second length byte excluding checksum.
Pg: - Provider Group that is addressed.
02(hex) This is normally used for provider 00
0A(hex) Provider Group 00 only first two bytes of address are used. (Used now)
Can be - 0000 0010 (bin) 02 (hex) Common address. (Normally used)
0000 1010(bin) 0A(hex) Provider 00 address if configuration is set to address
Provider 00 as if it is provider 10. (Used by SA system)
03(hex) This is normally used for provider 00
0B(hex) Provider ID 00 all three bytes of address are used. (Used now)
Can be - 0000 0011 (bin) 03 (hex) Common address.
0000 1011(bin) 0B(hex) Provider 00 address if configuration is set to address
Provider 00 as if it is provider 10. (Used by SA system)
0A(hex) This is normally used for provider 10
12(hex) Provider Group 10 only first two bytes of address are used. (Used now)
Can be - 0000 1010 (bin) 0A (hex) Common address.
0001 0010(bin) 12(hex) Provider 10 address if configuration is set to address
Provider 00 as if it is provider 10. (Used by SA system)
0B(hex) This is normally used for provider 10
13(hex) Provider ID 10 all three bytes of address are used. (Used now)
Can be - 0000 1011 (bin) 0B (hex) Common address.
0001 0011(bin) 13(hex) Provider 10 address if configuration is set to address
Provider 00 as if it is provider 10. (Used by SA system)
If Pg. = C3 (hex) 1100 0011(bin) The card is addressed by its hex serial number.
Pi: - Provider ID.
Dt: - Date code.
10 09: - Update 1 key NANO
50 52: - Update 2 key NANO
50 E4: - Update 4 key NANO
Pn: - Plain key number
Pk: - Plain key (encrypted) Decrypt using the key decrypt algorithm.
S1 – S5: - Signature.
Cs: - Checksum.
Structure and use of ECM’s
01 05 00 00 Kr LB
Cd Cd Pg Kn 00 Lb 00 02 Dt Dt 78 12 Kn Pn Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk S1 S2 S3 S4 S5 Cs
LB: - Length byte excluding checksum.
Lb: - Second length byte excluding checksum.
Kr: - Key to return from ECM 02 = Two keys 00 = One key.
Cd: - Channel ID.
Pg: - Provider Group keys to use 10(hex) = Provider 00 20(hex) = Provider 10.
Kn: - Plain key number to use.
Dt: - Date code.
78 12: - ECM key NANO
Pn: - After decryption key i.e. (Key 1 or Key 2) to send back.
Sk: - Keys to decrypt 2 x 8 bytes.
S1 – S5: - Signature.
Cs: - Checksum.
Basic information
The IRDETO card contains the hexmaster key, ASCII serial number and hex serial number that is programmed in by the manufacturer.
When a person phones in to subscribe he reads the ASCII serial number to the operator. The operator then enters the number into a computer with a lookup table that will match the hex serial number to the ASCII serial number. The computer will now encrypt the master key with the hexmasterkey in the lookup table and setup the provider id and send it to the transmission station, the card will now receive this EMM and setup the provider id and save the decrypted master key.
The cards will still not work until an EMM message containing the plainkey is sent to the provider ID programmed into the card. The plainkey is decrypted using the decrypted masterkey.
The service provider must also send the channel ids to the card for the user to watch a certain channel.
The card will now decrypt the session keys in the ECM message using the decrypted plainkey. Then encrypt the sessionkey using the CAMKEY and send it to the CAM. The CAM will decrypt these keys and use them to descramble the raw data to rebuild the picture and sound and send the analog signal to a TV set.
The ECM is sent to the IRDETO card +/- every 15 seconds.
If ECM’s are sent slower this will enable the system to have more airtime to send EMM’s. This normally happens if masterkeys are being changed.
The EMM to update the plainkeys is sent +/- every 10 to 15 minutes.
The EMM to update the masterkey is sent +/- every 10 hours while the masterkey for that provider group is being changed. It normally happens every 3 weeks for 3 days
The provider can change the masterkeys, plainkeys and provider ID’s.
The system normally uses a common number as the masterkey. This number is then encrypted with the provider group and used as the masterkey for that group. Plainkeys are the same for all provider ID’s after being decrypted.
The signature must be calculated after decrypting the encrypted keys. The key used to decrypt with must be used to calculate the signature. The IRD uses the return codes from the card to display error messages on the screen.
If the plainkey is not valid you will get E30 Service is currently scrambled. If the masterkey is still valid this message will only be displayed until the plainkey is updated.
If the channel ID is not present or the timer has expired you will get E16 Service is currently scrambled.
If the provider ID for a bouquet is not programmed or enabled you will get E38 Service is currently scrambled.
The IRDETO card will not act on commands or save keys if the signature or checksum does not match.
IRDETO ALGO’S
IRDETO 2
The new version is somewhat different in that the messages sent to the cards are encrypted after the second length byte.
01 01 update commands
String composition.
01 01 00 00 00 LB
C3 Hs Hs Hs 00 Lb
B11 B12 B13 B14 B15 B16 B17 B18
B21 B22 B23 B24 B25 B26 B27 B28
B31 B32 B33 B34 B35 B36 B37 B38
S1 S2 S3 S4 S5 S6 S7 S8
Cs
The process is as follows ???
1) The signature is calculated.
2) The MK and PK’s are encrypted and put into the string.
3) The string is encrypted using the HMK for serial number addressed updates and the PMK for provider ID addressed updates.
4) I think the same algo’s are used for this encryption as what is used to encrypt the keys and the high part of the HEX SN and the PROV ID is used as the date code.
01 05 update command
01 05 00 00 02 LB
CH CH Pg Kn 00 Lb
B11 B12 B13 B14 B15 B16 B17 B18
B21 B22 B23 B24 B25 B26 B27 B28
B31 B32 B33 B34 B35 B36 B37 B38
B41 B42 B43 B44 B45 B46 B47 B48
S1 S2 S3 S4 S5 S6 S7 S8
Cs
The process is as follows ???
1) The signature is calculated.
2) The Session keys are encrypted and put into the string.
3) The string is encrypted using the PK.
4) I think the same algo’s are used for this encryption as what is used to encrypt the keys and the channel id is used as the date code.
Known facts
Table 1 is still the same.
The card crypt routine using the CAM key is still the same.
The Session keys are still 64 bit keys.
أعضاء أعجبوا بهذه المشاركة :
المشاركات : 173
المواضيع : 29
الإنتساب : Nov 2018
السمعة :
0
الإعجاب المعطى : 360
الإعجاب المحصل : 279
وعليكم السلام و رحمة الله تعالى وبركاته
نعم أخي الكريم نفس الخوارزميات المستعملة لتشفير البرامج هي لتشفير القنوات الفضائية منها و على جميع أنواعها .
لكن فك التشفير صعب نسبيا و يتطلب دراسة عميقة في فك تشفير البيانات المشفرة و تختلف صعوبت فك التشفير من خوارزمية إلى أخرى.
أعضاء أعجبوا بهذه المشاركة : الباحث
المشاركات : 90
المواضيع : 21
الإنتساب : May 2019
السمعة :
1
الإعجاب المعطى : 96
الإعجاب المحصل : 85
لقد حاولت تتبع بعض الدروس وأدركت أن الامر يتطلب خبرة كبيرة ولقد طال كثيرا كسر هذه الشفرات ولم استطع الفهم جيدا لهذا لم أهتم به كثيرا وإن كانت لك خبرة فأشرح لنا قليلا وجزاك الله خيرا
أعضاء أعجبوا بهذه المشاركة :
المشاركات : 90
المواضيع : 21
الإنتساب : May 2019
السمعة :
1
الإعجاب المعطى : 96
الإعجاب المحصل : 85
بالفعل حاولت سابقا تعلم ومعرفة عمل هذه الأنظمه حيث يقوم مزود الخدمه إرسال مجموعة من البيانات تسمى ECM وتكزن بصيغة و MPEG-2 Transport Stream حيث تكون مشفرة ويقوم الكثير بتحليل هذه الحزمه من البيانات من صوت وصوره وغيرها ولكن لسرعة تغيير الشفرات لم يتمكن أحد من تتبع التشفير .
حليا توقفت على الخوض في هذا المجال لشح المعلومات
أعضاء أعجبوا بهذه المشاركة :
المشاركات : 173
المواضيع : 29
الإنتساب : Nov 2018
السمعة :
0
الإعجاب المعطى : 360
الإعجاب المحصل : 279
04-04-2020, 04:14 PM
(آخر تعديل لهذه المشاركة : 04-04-2020, 08:01 PM بواسطة [email protected].)
خوارزمياث التشفير عامة تنقسم إلى تلاثة أقسام
ال one way encrytion ك ال md5
ال asymetric ك ال rsa public key private key
ال symetric ك ال rc4 stream cipher
فك تشفير البيانات المشفرة يحتاج إلى جمع عدد كبير من البيانات المشفرة و تطبيق عدة مقاربات عليه لكشف المفتاح المستعمل كال frequency analysis attack
....etc.
أعضاء أعجبوا بهذه المشاركة : الباحث
المشاركات : 262
المواضيع : 55
الإنتساب : Apr 2019
السمعة :
4
الإعجاب المعطى : 488
الإعجاب المحصل : 351
06-04-2020, 09:13 AM
(آخر تعديل لهذه المشاركة : 06-04-2020, 09:14 AM بواسطة Polia.)
اتدكر في منتدي من المنتديات المعروفة و المشهورة في قسم من الأقسام الخاصة بها
كان هناك عضو يدعي Kassita Boutounu هو مغربي الأصل ويسكن في بلجيكا كان يضع دروس في تشفير وفك تشفير القنوات سنة 2009 - 2010
يوجد في الأرشيف ابحث عنه اخي ستجده حقيقة كنت اتابع مواضيعه لكني في دالك الوقت كنت لا افقه شيئا في or و and و xor و not في الأمر هو هندسة عكسية بحتة اخي
دركتني يا اخوان هو وانسان واحد بين المليار موضيعه ساجمعها في pdf واقدمه واضعه هنا خوفا من ضياع الأرشيف
رَبِّ إِنِّي لِمَا أَنْزَلْتَ إِلَيَّ مِنْ خَيْرٍ فَقِيرٌ