Pay TV FAQ by John McCormac
John McCormac
FAQ - Decoding Pay TV (European Scrambling Systems) - 1.4 (Part 1 Of 2)
===========================
Last Update: 20-Nov-95
===========================
0.0 Disclaimer / Explanation
1.0 What is a scrambling system?
1.1 Overview of scrambling in Europe
1.2 Characteristics of the major European Scrambling Systems
2.0 Hacking Pay TV
2.1 Is it legal ?
2.2 VideoCrypt Smart Cards
2.3 What is Season or Omigod software ?
2.4 Where can I get the Season software ?
2.5 The Season Cardadapter
2.6 I can't ftp, Can someone post the file for me ?
2.7 What are blockers and what is Phoenix ?
2.8 Is there a D2-Mac Eurocrypt M version of Season ?
2.9 Is there a hack on Nagra ?
2.10 PIC source code for hacks.
2.11 Other smart card projects for hacks.
3.0 Finding out more
3.1 Who / what is the TV-crypt, how can I join ?
3.2 Reading List
4.0 Netiquette On The Newsgroups
5.0 Credits
0.0 Disclaimer / Explanation :
==============================
Please read the following carefully :
This FAQ is provided for educational purposes only and will be
posted every two weeks in alt.satellite.tv.europe,
alt.satellite.tv.crypt. What you do with the information herein is
your business. The contributors to this FAQ do not necessarily
condone the illegal use of the devices or programs mentioned here.
The contributors to this FAQ are in no way liable for any damage
to equipment, revenue, or sanity as a result of the use or misuse
of this information.
1.0 What Is A Scrambling System ?
-===============================-
A scrambling system is applied to a television signal to ensure
that it is only receivable by the audience for which it is
intended. The more cynical amongst us may rephrase that to "those
who have paid to receive it". Therefore a good scrambling system
is one that can effectively make the picture unusable to all
except those who have paid.
There are two basic types of scrambling system: dumb and
addressable. The dumb system does not have any over-the-air (OTA)
addressing. As a result the channel cannot turn a subscriber's
descrambler off. This type of system is cheap and offers minimal
security. As a result it is not used for high value channels.
An addressable scrambling system is more complex in that it allows
the channel to individually turn on and off descramblers. Most
systems in operation today are addressable.
The basis of a scrambling system is the method by which it renders
the picture unwatchable. The early scrambling systems were
analogue. These systems interfered with the synch pulses or
inverted the video either on a frame, field or line basis. Some
actually delayed each line by one of three delays on a pseudo-
random basis.
All of the analogue scrambling systems were vulnerable and offered
little protection to the channel using them. It was trivial to
build a descrambler that worked in an identical manner to the
official descrambler.
As the years and technology advanced, more complex systems came
into operation. These systems were digital based systems. They
digitised the picture or sound information and manipulated it. In
order to descramble or decode the picture, the picture had to be
digitised and then decoded.
VideoCrypt, D2-MAC EuroCrypt M & S and Nagra Syster are all
digital systems. They all digitise the video in order to decode
it. VideoCrypt and D2-MAC use line cut and rotate to scramble the
picture. Nagra Syster uses Line Shuffle to scramble the picture.
It takes a block of lines and changes the order.
All of the above systems are smart card based. They rely on the
fact that the smart card can be economically replaced in the event
of a hack. The concept behind this is that of "The Secure
Detachable Microcontroller". The older systems designs were based
on the "Secure Embedded Microcontroller" concept. This concept was
fundamentally flawed in that if there was a hack on the secure
microcontroller (the chip that held the system's secrets), then
all of the decoders would have to be replaced or upgraded.
1.1 Overview of scrambling in Europe
-==================================-
There are about six or seven different systems in use in various
parts of Europe. The three most common ones are VideoCrypt,
EuroCrypt and Nagravision. Of course there are variants of each
of these systems. VideoCrypt 1 and VideoCrypt 2 are good examples
of this variants concept. VideoCrypt comes in two versions,
VideoCrypt I and VideoCrypt II. They are parallel, and the idea
is that VC I is to be used inside the UK and Ireland, and VC II
in the rest of Europe.
Since Europe is still a multi-copyrights area, there is often the
need to sell the programming on one channel to two markets. Rather
than create two separate channels, it is often easier to use the
same channel, with the same scrambling system but two distinct
datastreams.
The scrambling system is the same - line cut and rotate, but the
information to descramble it is encrypted in the VideoCrypt 1 and
VideoCrypt 2 datastreams. The datastreams are sent out on the one
channel. Therefore the channel is available both in the UK and
the continent using what on the surface appears to be two
different systems. Of course this underlines an important flaw in
using two or more datastreams on one scrambling system - if only
one of these datastreams is hacked, then there is effectively no
more protection for the channel.
Almost all efforts at cracking VideoCrypt has concentrated on
VideoCrypt 1 variant. VideoCrypt 2 has not been much of a target
as there is not enough premium programming available to warrant a
hack. There are VideoCrypt 1 <> VideoCrypt 2 adaptors. These are
plug-in boards with the switchable 68705 / 8752s that allow a
VideoCrypt 1 decoder to be converted to use as a VideoCrypt 2
decoder and vice versa.
JSTV is the only broadcaster that broadcasts Europe wide using
VideoCrypt I. This channel differs from the standard in that it is
a very high fee channel but it is also very much a minority
interest channel since it broadcasts programmes for the Ex-pat
Japanese market.
Multiplexed Analogue Component (MAC) is a transmission standard.
The scrambling system overlay is EuroCrypt. EuroCrypt comes in a
number of variants (M, S, S2) but according to European law,
EuroCrypt-M is the European standard. Nobody takes much notice of
that anyway.
France Telecom developed EuroCrypt. Since the system is open as
regards the scrambling algorithms, France Telecom chose a modified
form of the US Data Encryption Standard algorithm. They removed
the initial and end permutations to make it run faster in the
smart card. They also believed that this algorithm would be top
secret and unhackable.
Eurocrypt-M is the commonest. Only four channels (Sweden 1 and 2,
Norway 2 and TV Erotica) use Eurocrypt S, the two first in the
less used D-MAC variant.
An older MAC variant, B-MAC, is used by the American Forces Radio
and Television Service, The Satellite Information Services Racing
Channel and several business TV applications. Gradually this
system is fading out of use.
The B-MAC system applies relatively simple line delay scrambling
to the MAC video and hard encrypts the digital audio and teletext
services. The hacks on this system involve cloning a valid
subscriber identity number and then arranging for a continual
supply of weekly keys. These keys are programmed into an EEPROM
chip in the decoder.
There are two flavours of B-MAC in operation in Europe: B-MAC 525
and B-MAC 625. The numbers refer to the line numbers. The 525
variant is used for the US AFRTS service and the 625 version is
used for the Racing Channel. Pirate decoders for these services
are expensive, typically costing in excess of five hundred pounds.
The problem of course is arranging the continual flow of keys.
Nagravision is also known as Syster and as Nagra, and is used in
France, Spain, Turkey and Germany. Unlike VideoCrypt and
Eurocrypt, Nagravision decoder boxes are not for sale. They
are only rented out to subscribers, but still operate with a
smart card. Nagravision has not been cracked, and there are no
known pirate cards. Nagravision is now replacing the older and
less secure Discret system in France.
Apart from these three big systems, others include Luxcrypt, used
by the Dutch RTL networks (a box, no card - decoders easily
available) and Smartcrypt (box & card, used by the French RTL
channel; boxes now available for sale in France). Even the old
SATPAC system as used by FilmNet before they switched to D2-MAC
has been used lately.
1.2 Characteristics of the major European scrambling systems
-==========================================================-
VideoCrypt 1:
TV Standard: PAL
Video: Line Cut And Rotate
Audio: None
Smart Card: Yes
Users: BSkyB Multichannels, Adult Channel, Eurotica, JSTV etc.
Hack Status: 10 Card In Operation - One Claimed Hack
Pirate Cards: Not Yet
Season Programs: Not Yet
VideoCrypt 2:
TV Standard: PAL
Video: Line Cut And Rotate
Audio: None
Smart Card: Yes
Users: Discovery, FilmNet.
Hack Status: Secure due to lack of interest.
Pirate Cards: No
Season Programs: No
D2-MAC EuroCrypt-M:
TV Standard: D2-MAC
Video: Line Cut And Rotate on Chroma And Luma
Audio: Encrypted Digital
Smart Card: Yes
Users: FilmNet, TV1000, TV3, Canal Plus.
Hack Status: Hacked
Pirate Cards: Yes
Season Type Programs: Yes
D2-MAC EuroCrypt-S:
TV Standard: D2-MAC
Video: Line Cut And Rotate on Chroma And Luma
Audio: Encrypted Digital
Smart Card: Yes
Users: TV Erotica.
Hack Status: Hack advertised.
Pirate Cards: Advertised
Season Type Programs: No
Nagra Syster:
TV Standard: PAL
Video: Line Shuffle
Audio: Spectrum Inversion
Smart Card: Yes, key shaped rather than conventional card shape.
Users: Premiere, Canal Plus.
Hack Status: Possible, shortage of decoders prevents major damage.
Pirate Cards: No
Season Type Programs: No
LuxCrypt:
TV Standard: PAL
Video: Frame / Average Peak Level Inversion with synch replacement
Audio: Digital PCM but not used
Smart Card: No. Just a dumb and cheap system.
Users: RTL-4 Veronique
Hack Status: Totally compromised
Pirate Cards: No
Season Type Programs: No
B-MAC:
TV Standard: B-MAC
Video: Line Delay
Audio: Hard Encrypted with DES like algorithm
Smart Card: No
Users: AFRTS, SIS Racing Channel
Hack Status: Hacked. Cost of decoders / key feeds are a problem.
Pirate Cards: No
Season Type Programs: No
2.0 HACKING PAY TV
==================
2.1 Is it legal ?
-===============-
The cynical answer would be that it is only illegal if you get
caught. The legal position on hacking varies from country to
country. Basically a good rule is that a channel being uplinked
from a particular country is probably going to be protected
by that country's laws. For example hacking Sky in the United
Kingdom is illegal under that country's laws. However hacking
FilmNet in the UK may not be directly protected under the UK's
law. TV1000 on the other hand is partially uplinked from the UK
and is therefore protected under UK law even though the
pornography transmitted on the channel would not be permitted to
be uplinked from the UK. A rather sly sidestep gets around this
issue - the hardcore pornography is not uplinked from the UK.
In fact, TV1000 has threatened UK dealers with legal action
many times but with few results. The problem of piracy on TV1000
in the UK has got to such a state that taking legal action against
one or two dealers would not have any greater effect.
Europe is still a multi-copyright area. It is therefore possible
for Sky and FilmNet to purchase the rights to show the same film.
Perhaps in the future, the copyright issue will be worked out and
we will have a single copyright area for Europe, but for now we
have to cope with the current mess.
To date most of the prosecutions for piracy in the UK have been
against people who have been too visible. It is not economically
viable for a channel to prosecute every user of a pirate smart
card. Instead they will generally concentrate on dealers and
distributors.
Of course they may also decide to make an example of an individual
pirate card user. The logic of the legal departments of channels
is not as predictable as that of their engineering departments.
If you get caught you are unlikely to be able to plead any clever
excuse that you may come up with. More importantly, could you
afford the expensive legal mouthpiece to argue your case?
2.2 VideoCrypt Smart Cards
-========================-
On 31/10/95 Sky switched over to the new 10 card. The fundamental
result of this is that ALL season programs and pirate smart cards
do not work anymore.
Pirate smart cards are cards that have been manufactured to hack a
channel. They are, in most cases totally different from official
smart cards. The majority of these cards are based on the PIC16Cxx
series of microcontrollers. Other variations have been seen but
the PIC16Cxx cards are the commonest.
Over the past few months, the more expensive end of the market has
tended towards the Battery Cards. These cards use the Dallas
Semiconductors FP5002 secured microcontroller and are updatable by
the card user. It is simply a question of dialing a phone number
and getting the set of numbers to punch into the Battery Card.
There is also a trade in what are referred to as Grey Market smart
cards. These are official cards, that are exported to another
country. Generally it is a one for one trade with the broker
taking a commission. For example, a Sky subscription would be
taken out in the UK and a FilmNet subscription would be taken
out in Sweden. The cards would then be swapped via a
broker. The subscriptions would be kept up to date by both
parties. The legal position on this activity is not clear as
the channels benefit from the transaction in that they both get
subscriptions. It does rely on mutual trust.
Purchasing a pirate card involves risk. There is a probability
that the pirate card will be killed in the future. The channels
will implement electronic countermeasures to try and kill the
pirate cards. Technically speaking, no pirate card can ever be
100% safe. This point has been proven too frequently over the
last few months.
The system used by FilmNet Plus and TV1000 (among others) is
EuroCrypt-M. This system has been continually hacked since 1992.
In terms of value for money, users of EuroCrypt-M pirate smart
cards have fared better. This is because the channels have not
frequently implemented countermeasures. Of course the recent
countermeasure by TV1000 has had a devastating effect. Most of the
pirate smart cards have been knocked out.
The VideoCrypt system, as used by Sky and the Adult Channel, has
been updated more regularly. The present Sky card is issue 10 or
in technical terms, the 0A card. It is commonly referred to as
issue 10 but the reason for the 0A reference is purely technical.
In hexadecimal, the number 10 is represented as 0A.
In addition to issuing a new smart card every year or so, Sky
and News Datacom also implement countermeasures to knock out
pirate smart cards. Over the last few months, the time between
these countermeasures has only been a few weeks. For about a month
preceding the switch to 10, Sky was in a transition from issue 09
to 10. Therefore they did not execute that many ECMs during that
period. This is because the 10 card only had a simplified version
of the 09 algorithm in order to cope during this transition stage.
As a direct result ECMs such as key changes, many of the pirate
cards have had to be sent back to the dealer for upgrade. Some
innovative pirates have designed their cards (The Battery Cards)
so that they can be upgrade by the customer. The solutions for
the countermeasures are recorded as a set of numbers on an
answering machine. The customer rings the phone number with the
answering machine and gets the update numbers. He then enters
them into the pirate card via a key pad. Other solutions
such as a modem on the pirate card have also been seen.
In real terms, anyone purchasing a pirate card is taking a risk.
The pirate card will eventually be hit by a countermeasure. If it
is not, then the channel may issue a new smart card with the
consequence that all of the old pirate smart cards will be knocked
out.
The cost of the new pirate 10 cards, when they hit the market,
will be in the region of two hundred pounds or so. At present a
price of 498 DM is being quoted by one pirate card vendor.
-- end part 1 --
FAQ - Decoding Pay TV (European Scrambling Systems) - 1.4 (Part 2 Of 2)
===========================
Last Update: 20-Nov-95
===========================
2.3 What is Season or Omigod software?
-====================================-
At the time of writing, NONE of the Season programs are working on
channels encrypted with the 10 codes. There have been at least two
spoof attempts over the last few weeks. One of this is named
SEASON10.ZIP and is very definitely a fake.
The Season software began life as an attempt by Markus Kuhn and
others to watch the final season of Star Trek: TNG. The final
season was season 7. As a result, the first working PC program
that decoded Sky was named SEASON7. The first version of this
program appeared in March of 1994. At the time, the current
issue of the Sky card was Issue 7. Therefore some confusion
arose.
The term Omigod (Oh My God!) was also used to describe the
programs. Well the preceding hack using the PIC cards was known as
the Ho Lee Fook hack! Over the months from March to May 1994,
versions for different computers appeared. Many of these were
posted on the alt.satellite.tv.europe newsgroup.
On May 18th 1994 Sky changed from issue 07 cards to their new
issue 09 card. In hacker terms, May 18th is referred to as Dark
Wednesday. The 09 card proved harder to hack but a temporary
solution appeared in June of that year. It only lasted a few week
before Sky changed codes again. Though some attempts at an issue
09 SEASON hack were made, the change of code by Sky stopped it
cold. Well at least until just before Christmas.
Last Christmas, no less than three versions of the SEASON hack
appeared. Two of them worked on the PC and the other one worked on
the Apple MAC. Of course Sky was paying attention and on January
4th 1995, they implemented a countermeasure that knocked out
pirate cards and all of the SEASON hacks. The war between Sky and
the pirates had recommenced. Updated versions of the SEASON hacks
became available. This spiral of countermeasure and update has
continued until the present. The issue of the new Sky card, has
changed the situation somewhat. The VideoCrypt SEASON hack is now
living on borrowed time.
The algorithm in the 09 card issue is far more complex than the
one used in the 07 card. While the 07 algorithm was not really
designed to be extremely upgradable, the 09 algorithm is an
extremely flexible algorithm. No doubt the 10 card algorithm will
build heavily on the lessons of the 09.
At present only The Adult Channel (UK soft porn) and Eurotica (UK
Hard Core Porn) are decoded by VideoCrypt SEASON programs. None of
the official Sky channels will be decoded by any of the SEASON
programs available.
2.4 Where can I get the software from ?
-======================================-
Currently there are working versions of the SEASON hacks for the
Adult Channel and Eurotica available on almost every European BBS.
There are many ftp and webpages (WWW) where the programs are
freely available. There are no known versions that cover
VideoCrypt 2. (A hack on JSTV was claimed a few months ago).
There are many version of SEASON: Voyager, SEASON, Freeview etc.
All of these have stopped working on the Sky channels since Sky
switched to their 10 cards. However in the meantime, these
programs are available at all good sites, a few of which are
listed below.
ftp:
ftp.uni-erlangen.de
/pub/Multimedia/VideoCrypt/
ftp.paranoia.com
/pub/users/defiant
ftp.ua.pt
/pub/misc/satellite
helvetica.gw.chnet.ch
Note the capital letters and the forward slashes (/). They do make
a difference as most of the ftp sites are run on UNIX systems
where the case of the characters makes a difference.
2.5 The Season Cardadapter
-========================-
The computer has to be connected to the VideoCrypt decoder via an
interface. This interface is sometimes referred to as an Omigod or
Season interface. It is essentially a simple design that allows
the RS232 serial port of the computer to be connected to the TTL
levels of the card socket. Most of the versions of the Season
software include a text file on the construction details of this
interface in a file called ADAPTER.TXT.
Details of the adapter are on Erlangen in the directory :
/pub/Multimedia/VideoCrypt/cardadapter/
The artwork for making the PCB interface is available in postcript
form at:
ftp harley.pcl.ox.ac.uk
/pub/crypt/smartpc/smart.ps
ftp joule.pcl.ox.ac.uk
/pub/mark/smart.ps
http://joule.pcl.ox.ac.uk/~mark/sat.html
http://www.paranoia.com/~defiant
http://www.gpl.net/paulmax
This software uses very accurate timing for the decoding, there
are several reports that this software runs OK on some machines
and not on others. Please expect problems and try slowing your CPU
down as a first fix. Problems are reported about different COMM
cards, Memory Managers and so called Serial Device drivers (like
fossils). It's best to run the Season software on a 'clean'
machine
2.6 I can't ftp. Can someone post it for me ?
-===========================================-
If you can't use ftp from your account then get yourself
acquainted with ftpmail. As well as allowing you to get the
software yourself and keeping traffic in the group down, it will
also enable you to get any software on any subject !
For details of how to use ftpmail send a message with the word
"help"in the body to:
bitftp@wm.gmd.de
ftpmail@ftp.uni-stuttgart.de
ftpmail@grasp.insa.lyon.fr
ftpmail@ieunet.ie
ftpmail@plearn.edu.pl
ftpmail@doc.ic.ac.uk
The files will be returned in a format known as uuencoded. You'll
need a uudecoder to make these into useful files. These are widely
available for all platforms although if you can't ftp you'll have
to work out how to get one. More details on email use of the net
are on Super Channel CNBC text page 188.
2.7 What are blockers and what is Phoenix?
-========================================-
In the middle of the summer of 1994, there was little success in
hacking Sky. A program was written in the TV-CRYPT for testing a
theory. The theory dealt with the over the air addressing system
on VideoCrypt. The question was: "could the presently available
knowledge be used to switch on or off a Sky card?". At that time,
the available knowledge consisted of the fragment of the 09 code
that was killed in June and a working knowledge of how Sky encoded
card numbers in their over the air addressing system. The
available knowledge was sufficient.
The computer program written to test the theory was called
Phoenix. Since most of the cards experimented upon were
Quickstarts that Sky had killed, Phoenix, the mythical bird that
rises from its own ashes seemed a good name.
Of course the program fell into the hands of commercial pirates.
The Phoenix program on its own was useful to switch on the 09
Quickstarts that Sky had killed. It was also being used to switch
on all channels on a Sky card with only the Multichannels
subscription. It was a Musketeer hack - all for one and one for
all. But that hack name had already been used.
Unfortunately these reactivated cards were only lasting a few days
before being killed again by Sky. Then when Sky increased their
kill cycle the cards only lasted a few hours. Some solution had to
be found.
The solution lay in a hack of 1992 - the KENtucky Fried Chip. This
was a modified version of the smart card - decoder microcontroller
in the VideoCrypt decoder. It stopped Sky from turning off a card
by examining each over the air packet for the identity number of
the card in the card socket and stopping such a packet from
reaching the smart card. Sky could not kill the card because the
card never received the kill instruction.
Of course the chip used in the decoder was too expensive and there
was a rather large number of redundant PIC16C84 chips available.
The first blockers to hit the market had the blocking program in a
PIC16C84. They consisted of a card socket, a PIC16C84 and a PCB.
The official card, having being activated by the Phoenix program
would then only be used in the blocker. Luckily it was not named
the Condom hack.
Of course the popularity of these devices soon meant that
individually activating the Quickstart cards with the Phoenix
program was taking too much time. The solution was to incorporate
the Phoenix routines in the PIC16C84. These new blockers were more
successful. Over the months from August to November, they were
given a bewildering array of names; Genesis, SunBlocker,
Sh*tblocker, Exodus.
Naturally Sky were a little upset with this resurrection of their
dead cards. Their response, at first was purely technical. Later
in 1994, they took legal action in the Uk against some people
supplying blockers.
There was more to the VideoCrypt 09 smart card than people
realised. The most important aspect was that Sky could actually
write to the card. The instructions for doing this were carried in
the same packets that carried the activation and deactivation
instructions.
The blockers only looked for the specific identity number of the
card in the card socket. As long as that identity number did not
appear in the packet, it was let straight through to the card. Sky
had managed to knock out a number of cards while they were in the
blockers.
Some of these countermeasures were reversible in that the card
itself was not completely dead. One of Sky's countermeasures did
actually hit the card in a manner that effectively locked it. At
that point, the blockers were becoming irrelevant - there were
working pirate smart cards for VideoCrypt.
The Phoenix program, in various guises, still works. Of course
some of the newer smart cards from Sky have been found to be
resistant to being activated with Phoenix.
At present there is some PIC source code that has been labeled
10BLOCK.ZIP. It is believed that this is not actually the code for
a 10 Blocker but merely 09 Blocker code that does not work on 10.
Using this code in the hope that it would stop a 10 card being
killed is dangerous to say the least.
2.8 Is there a D2-MAC EuroCrypt-M Version of The Season Hack?
-===========================================================-
The simple answer is yes. The main program is MACcess. Though the
original author of the MACcess program did not update it due to
the sheer abuse of the program. The comments from a few ungrateful
idiots wanting the new version and at the same time insulting the
original author for not supporting the program irritated not only
the author but many hackers as well.
Someone has patched the new FilmNet and TV1000 keys into an early
version of the program. The patched program is available on BBSes
and ftp sites as MAXS-15A.ZIP
The EuroCrypt-M system is DES based. In an ironic way the
system's greatest strength was its greatest weakness. Again the
progression from pirate smart card to computer program was
apparent.
Another key change by FilmNet is expected in the next few weeks.
2.9 Is there a hack on Nagra?
-============================-
There is no OMIGOD program for hacking Nagra. What occurred was
that some JAFA from the English consumer publication, "What
Satellite" heard about a program for monitoring the Nagra card-
decoder communications and ignorantly assumed that it was an
OMIGOD hack.
Though there is possibly a smartcard based hack, the main problem
is getting an adequate supply of Syster decoders. Of course
marketing the hack in the home area of the channel would be
suicidal.
It would be easy to replicate the pirate smart card but the
decoders are not easy to get. Therefore with access to the
decoders controlled it is a very good demonstration of the
philosophy of total access control.
2.10 PIC Source code for hacks
-============================-
Since late April, there has been no security on the PIC16C84
microcontrollers. This is ironic because this microcontroller
formed the backbone of the European piracy business. In late
April, the information on popping (extracting the protected
contents of the chip's memory) the PIC16C84 was published in a
USENET newsgroup. An article on this can be found on the following
webpages:
http://www.hackwatch.com/~kooltek/picbust
http://www.iol.ie/~kooltek/picbust
As a result of this information being published on the USENET,
result everybody found out how to pop the PIC. All the code for
the D2-MAC hacks and the Sky hacks were laid bare.
The source code for the PIC based D2-MAC cards is widely available
on the net. The following WWW pages have D2-MAC code:
http://www.paranoia.com/~defiant
http://www.gpl.net/paulmax
2.11 Other Smart Card Projects
-============================-
A number of designs of DIY smart cards for VideoCrypt appeared
during the lifetime of the 09 card. With the switch to 10, most of
these became redundant unless the software could be converted for
D2-MAC. As soon as we establish which ones are converted or are in
the process of being converted, we will list them in this FAQ.
3.0 FINDING OUT MORE
====================
3.1 Who are / what is the TV-CRYPT and how can I subscribe ?
-==========================================================-
The TV-CRYPT is a closed mailing list. It was set up to enable the
discussion of the methods and technology of TV scrambling systems.
It is more of a forum for the exchange of ideas than anything
else.
Contrary to popular belief, it is not a private means of
distributing the most recent copies of software for hacking Sky.
Neither is it an "elite" group of super hackers whose sole intent
is to hack channels just to watch the movies.
It is an "by invitation only" list. If you can demonstrate a
knowledge of scrambling systems through your posts here in the
newsgroup, then you may be invited to join.
3.2 Reading List
-==============-
Obviously the new developments will be listed in further versions
of this FAQ. Since this FAQ will be posted every few weeks from
now on, it should be a fairly good source of information.
The de-facto standard text on encryption and scrambling systems is
John Mc Cormac's Black Book. Currently in edition 4, the book
gives the reader a complete overview of the industry and systems
in use in Europe.
European Scrambling Systems - Black Book 4
ISBN 1-873556-03-9
Waterford University Press
MC2 (Publications Division)
22 Viewmount
Waterford
Ireland
Fax +353-51-73640
BBS +353-51-50143
e-mail jmcc@hackwatch.com
4.0 Netiquette On A.S.T.E & A.S.T.C & R.V.S.E
=================================================
The first rule is that there are no hard and fast rules. There
are, however some protocols designed to reduce the risk of
incineration.
The newsgroups alt.satellite.tv.europe and alt.satellite.tv.crypt
are the groups where overt discussion of scrambling systems and
attacks on scrambling systems are considered worthy topics.
A few months ago, there was a schism in the newsgroups. The
standard European satellite television newsgroup,
alt.satellite.tv.europe split into two. The first
rec.video.satellite.europe, became part of the REC hierarchy. This
is the proper group for discussion of general European satellite
television topics. Please do not post messages asking for the
latest hack on the R.V.S.E group. The second group became
alt.satellite.tv.crypt.
The alt.satellite.tv.crypt newsgroup is where the discussion of
scrambling systems and hacking is meant to be conducted. It
started out as a European group but there are many non-European
readers. The alt.satellite.tv.europe group was supposed to be
phased out but this does not seem to have happened yet.
Please bear in mind that some people have to pay to download the
newsgroups. In the past few months there have been a few flame
wars about posting UUENCODED binaries into the
alt.satellite.tv.crypt and alt.satellite.tv.europe groups. The
argument on this is that the procedure is now to upload any file
to a popular ftp site and announce that it is available there
rather than posting it as a UUENCODED message.
Advertising of devices on the newsgroups is another subject that
draws strong reactions. It is unfortunately now a fact of life. If
you have to advertise, then observe the standard Usenet protocol
of including the word AD or ADVERT in the subject line. Only post
to the groups where relevant. If you are posting an advert for a
device with European usage do not post in the US satellite
newsgroups.
In many European countries there are complex legal rules
regarding 'goods to be used for criminal purpose'. If we keep
the discussion at an 'educational' level, for personal use the
group should attract much less attention. There is also a grey
area of the law that is presently untested. This surrounds the
possible prosecution of Internet service providers because of
material they carry. If the newsgroup becomes a source of
software for hacking pay TV you may find your site removes it,
just as some providers strip the alt.binaries.pictures.erotica
groups.
5.0 CREDITS
===========
Major contributors :
John McCormac (jmcc@hackwatch.com)
Knut Vikor (knut.vikor@smi.uib.no)
Contributors:
Martyn Williams (martyn@euro.demon.co.uk)
Rene Vreeman (renev@intouch.nl)
Linus Surguy (lis@mfltd.co.uk)
Brian McIlwrath (bkm@starlink.rutherford.ac.uk)
Maintained By: John McCormac (jmcc@hackwatch.com)
Please send any corrections to faqman@hackwatch.com with the
subject ERROR or CORRECTION.
********************************************
John McCormac * Hack Watch News
jmcc@hackwatch.com * 22 Viewmount,
Voice&Fax: +353-51-73640 * Waterford,
BBS: +353-51-50143 * Ireland
********************************************
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzAYipsAAAEEALG4YPhxWa1oYexjamDpej0c9xap5/jDYk7mwVsEHr6Crh9O
7DN5SWqai7eN7WTWTnH7yaz7KOuEllneMOTkzfi4jXfJV4ucdiTy32l6XGRnA7Lg
0QLttAa9FoWg/fBbcXCj1059POVg2IfhG60hNZDjTILK2stU1h2xG2ju3k8ZAAUR
tBdtYzJAY2l4LmNvbXB1bGluay5jby51aw==
=/y7Z
-----END PGP PUBLIC KEY BLOCK-----