Nagra 3 exploit using a blocker.
- Thread starter Mr_Spark
- Start date
Mr_Spark
Newbie
Ok in laymans:
- All third party boxes with a slot for the Card can in theory be made to block the kill command (in a thing called the softcam code )
- A genuine VM box would need an inline filter (sort of logger) running a filter for the kill command
- Source code is the code that needs altering on a third party box to block the killer command - or its a matter of coding up from scratch
- Because a Dreambox is open source and all the work as been done by our spanish friends its by FAR the easiest to code up ( 1 hour for someone who can understand a bit of code )
- This is not a hack because the Tier dates will expire and give us a blank screen
- now if we could block and alter the tier dates ...... well.......
Hope this explains
S
j4v3d
VIP Member
how easy is it to understand the coding then? At the moment is it working for you then? without the need of connecting it to the internet? and just say when the screen goes black how easy is it to get this back up and running?
Mr_Spark
Newbie
At the moment its like the old days no card share no internet etc; when the tier dates run out (they will) their is no way as yet of sorting it. Thats why I say if we in Laymans block the "turn off command" and then somehow (and its been done on some overseas N3 cards) alter the tier dates to way in the future we have won.
However doing the latter is beyond me, we would need to write some code to the card (I know this has been done on other earlier N3 cards); but without getting technical I see no easy way. But I am a stuborn bar steward and will continue
S
However doing the latter is beyond me, we would need to write some code to the card (I know this has been done on other earlier N3 cards); but without getting technical I see no easy way. But I am a stuborn bar steward and will continue
S
j4v3d
VIP Member
and we shall be here egging you on in ensuring you run out supreme :)
is it worth investing in a dreambox and getting the card - coding it up and then watching the box for free? are there any vulnerabilities?
Mr_Spark
Newbie
Vulnerabilities ? Not sure what you mean ?
As for a Dreambox, if you are in it for the hobby then of course it is worth getting 1; there is so much info out there and you can learn a lot from starting to play with the code. Also a DVB card for your PC is a useful tool for logging; we can then start to look at the traffic and even take calculated guesses as to the EMM`s that are Global and not; we can even test out on the card via sending out the EMM`s.
S
As for a Dreambox, if you are in it for the hobby then of course it is worth getting 1; there is so much info out there and you can learn a lot from starting to play with the code. Also a DVB card for your PC is a useful tool for logging; we can then start to look at the traffic and even take calculated guesses as to the EMM`s that are Global and not; we can even test out on the card via sending out the EMM`s.
S
Mr_Spark
Newbie
Not a dig but thats why the whole tech side of this is undeground on secret forums and rooms - Unless it changes the UK will probably never see a public Hack again. YES you can learn - If I can you can. If anyone tries and posts on this forum I will point in the right direction and assist with coding etc; but nobody is going to do it for you.
You need to ask a Question; do you want "free TV" or a hobby ???
S
j4v3d
VIP Member
how about you inbox me with what to start off with then? its on a open forum so i think it would be best to keep it underground as you say. If that is allowed.
sinno
VIP Member
Mr Spark can a box be used with a still active account,i have 2 boxes in the house and would like to add a third,im assuming the third would be detected and not allowed,so would the kill comand come into play here,also would the tier dates come into it if i still have a active account or would i just have to re code
Mr_Spark
Newbie
You get me wrong; I am one of the stubborn ones who has not given up with the scene in the uk.
I am more than willing to help right here on open forum; but I am not going to spoon feed you or give you the answer; you are going to have to work for it :)
Lets start with some basics.
1) Do you understand how a card in Nagra 1 gives you pictures on the screen ?
2) Do you understand the structure of a ROM ? The bits and what they do ?
3) Have you used something like EMM studio to dissasemble an EMM ?
4) Do you understand AVR cards ?
Just a few Q. to see where everyones at ...
S
Last edited:
Mr_Spark
Newbie
@ THE MONK as stated the Tier dates will expire and we will lose the channels; it will happen slowly in blocks; its not about free TV for me, Never as been. Its what you learn along the way.
There have been ways to write the Tiers on other N3 cards; however its not possible at the moment on UK ROM`s
S
There have been ways to write the Tiers on other N3 cards; however its not possible at the moment on UK ROM`s
S
j4v3d
VIP Member
1 - No
2 - No
3 - No
4 - No
Im a total fail lol -i think you may have to point me in to where you do your research so i can research and stuff find out as much as possible - talking to you now and trying to answer the questions will be a waste of your valuable time. I hardly know anything about the cards - i know there are diff type of cards and that is all.
Mr_Spark
Newbie
Unfortunately the ROM142 and ROM180 are very different; the ROM180 is actually a SECA design and not Atmel ! Atmel may make the thing but they have not designed it.
We must not get confused by “Nagra 3” – Nagra 3 does not exist; its merely a name given by the scene; Kudelski just updates his system constantly; the ROM180 is a product of this. We could call it Nagra 4 because of its custom design.
The RAM has chk sum protection and the actual Core clock of a ROM180 is not constant; this means cmd`s take different times to execute and the actual Code flow timing differs each cycle; this is to make glitching a known point well challenging...
We also have the SECA architecture – which when you look at the dye of the chip is custom designed.
It will not be perfect and we know Kudelski has made mistakes ( just look at the hash he made of the pairing code – schoolboy errors )
I bet we will have a nipper style login
We continue
S
---------- Post added at 11:50 AM ---------- Previous post was at 11:48 AM ----------
Just Google my questions - be a good start :)
i have 3 dreambox, 3 atmel, a card with a sub running on dreambox as a card share, that i no longer use but is still running ( running 3 active emu's rqcs+fsef+rqcamd3, and i have all of the numbers necessary for cardshare, dt08 etc ), and also a detonator X card reader. i just need to know what to do next was just getting to know the innerworkings and along came the big site shutdowns and everything seem to end. but i do have some understanding, not a lot