CSat smartcards SECA 3 pairing on HD channels (nano 01)
Heel aparte uitspraak. Er is nl geen sprake van pairing, is gewoon postprocessing controlwords.
Mogelijk toegevoegd om de verkoop wat te doen stijgen?!
Posted 15 October 2013 - 19:38
CSat smartcards SECA 3 pairing on HD channels (nano 01)
Heel aparte uitspraak. Er is nl geen sprake van pairing, is gewoon postprocessing controlwords.
Mogelijk toegevoegd om de verkoop wat te doen stijgen?!
@Camping: ZGemma H.2S, Technisat Multytenne 4-in-1 @Home: Edision Mini 4K, Wave Frontier T55, EMP Centauri EMP DiSEqC 8/1 switch, 4x Inverto Ultra Black single LNB
Posted 15 October 2013 - 21:31
Heb je de encryptie er al af dan? ongeachte welke cpu moet er leesbare tekst inzitten en die ontdek ik nog niet.
Voordat de encryptie en daarna vermoedelijk comprimering eraf is heeft disassembling geen zin.
@Camping: ZGemma H.2S, Technisat Multytenne 4-in-1 @Home: Edision Mini 4K, Wave Frontier T55, EMP Centauri EMP DiSEqC 8/1 switch, 4x Inverto Ultra Black single LNB
Posted 15 October 2013 - 21:47
Posted 15 October 2013 - 22:04
Ook gezien... En van dat andere model zitten er vergelijkbare patronen in het begin van die file. Ik heb al eens een aanname gedaan dat het 00-en moesten zijn en er een xor op losgelaten maar dat was geen succes.
Maar laten we niet vergeten dat de firmare OTA altijd geinstalleerd wordt door een up and running tuner.
Als ik de programmeur zou zijn geweest zou ik bv eerst de firmware downloaden, decrypten, daarna checksummen, daarna uitpakken en indien versie > actuele versie pas gaan flashen.
Enfin, omdat receivers 2 jaar in een doos gezeten kunnen hebben moeten die ook nog OTA firmware kunnen doen. Dus provider kan niet maar zo encryptie van dat systeem aanpassen. Jah, tenzij het kwestie van downloaden is en dan een jump naar vast entrypoint van die gedownloade code. Met alle risico's van dien. niet logisch maar kan natuurlijk wel. In dat geval kan de OTA firmware doen waar die zin in heeft en is alles zo flexibel als wat.
Misschien Rayhtec eens benaderen, die programmeerde vroeger altijd firmware voor philips tuners. Wellicht dat hij nog een tip heeft?
@Camping: ZGemma H.2S, Technisat Multytenne 4-in-1 @Home: Edision Mini 4K, Wave Frontier T55, EMP Centauri EMP DiSEqC 8/1 switch, 4x Inverto Ultra Black single LNB
Posted 15 October 2013 - 23:47
http://computer-fore...alware-analysis
http://blog.didierst...om/?s=xorsearch
Binwalk (tutorial) http://www.devttys0....inksys-wag120n/
Edited by theparasol, 15 October 2013 - 23:48.
@Camping: ZGemma H.2S, Technisat Multytenne 4-in-1 @Home: Edision Mini 4K, Wave Frontier T55, EMP Centauri EMP DiSEqC 8/1 switch, 4x Inverto Ultra Black single LNB
Posted 16 October 2013 - 18:40
False positives van binwalk als je het mij vraagt.
Die zipfile van de 801: kan je wel uitpakken maar ik vindt het een raar ding, de size klopt niet en als je de .zip waar je mee start aan het einde bekijkt lijkt daar wel code te zitten.
Als je unzipped flikker je dat gewoon opzij. als je daarna binwalk die m.bin laat analyzeren krijg je dit:
DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------------------- 192079 0x2EE4F mcrypt 2.2 encrypted data, algorithm: DES, mode: CBC, keymode: 8bit 13130010 0xC8591A LZMA compressed data, properties: 0x40, dictionary size: 4194304 bytes, uncompressed size: 4096 bytes 13169278 0xC8F27E LZMA compressed data, properties: 0x40, dictionary size: 16777216 bytes, uncompressed size: 16843780 bytes 13176495 0xC90EAF Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13176588 0xC90F0C Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13176709 0xC90F85 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13177258 0xC911AA Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13177427 0xC91253 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13177740 0xC9138C Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178453 0xC91655 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178557 0xC916BD Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178658 0xC91722 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178875 0xC917FB Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13185203 0xC930B3 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13188612 0xC93E04 Copyright string: " 1998-2008 NexGen Software., " 15672898 0xEF2642 LZMA compressed data, properties: 0x40, dictionary size: 33554432 bytes, uncompressed size: 2048 bytes 15672914 0xEF2652 LZMA compressed data, properties: 0x40, dictionary size: 16777216 bytes, uncompressed size: 2304 bytes 15672930 0xEF2662 LZMA compressed data, properties: 0x40, dictionary size: 8388608 bytes, uncompressed size: 2560 bytes 15672946 0xEF2672 LZMA compressed data, properties: 0x40, dictionary size: 4194304 bytes, uncompressed size: 2816 bytes 15672962 0xEF2682 LZMA compressed data, properties: 0x40, dictionary size: 2097152 bytes, uncompressed size: 3072 bytes 15672978 0xEF2692 LZMA compressed data, properties: 0x40, dictionary size: 1048576 bytes, uncompressed size: 3328 bytes 15672994 0xEF26A2 LZMA compressed data, properties: 0x40, dictionary size: 524288 bytes, uncompressed size: 3584 bytes 15673010 0xEF26B2 LZMA compressed data, properties: 0x40, dictionary size: 262144 bytes, uncompressed size: 3840 bytes 15673026 0xEF26C2 LZMA compressed data, properties: 0x40, dictionary size: 131072 bytes, uncompressed size: 4096 bytes 16184100 0xF6F324 YAFFS filesystem
@Camping: ZGemma H.2S, Technisat Multytenne 4-in-1 @Home: Edision Mini 4K, Wave Frontier T55, EMP Centauri EMP DiSEqC 8/1 switch, 4x Inverto Ultra Black single LNB
Posted 16 October 2013 - 19:14
Ik heb van de canaldigitaal website ff de 2.04a gedownloaded. Die ziet er heel anders uit. Ik weet niet waar dat .zip bestand vandaan komt maar hij gaat bij mij de digitale vuilnisbak in
http://www.canaldigi...01_MM_2.04a.hdt
DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------------------- 45156 0xB064 Copyright string: " 1995-2003 Mark Adler " 65653 0x10075 gzip compressed data, was "m.bin", from FAT filesystem (MS-DOS, OS/2, NT), last modified: Fri May 31 01:47:16 2013{epoch:1369957636}
Edited by theparasol, 16 October 2013 - 19:18.
@Camping: ZGemma H.2S, Technisat Multytenne 4-in-1 @Home: Edision Mini 4K, Wave Frontier T55, EMP Centauri EMP DiSEqC 8/1 switch, 4x Inverto Ultra Black single LNB
Posted 16 October 2013 - 19:51
Dit is gedeelte met in elk geval cam module erin.
(voor mij) duidelijk herkenbare historical bytes van diverse ATRs
Ik heb alleen geen idee welke cpu ik moet kiezen in IDA, wat het moet zijn staat er in elk geval niet tussen.
@Zuppelan: kan die ST workbench ook disassembleren?
Edited by theparasol, 16 October 2013 - 19:51.
@Camping: ZGemma H.2S, Technisat Multytenne 4-in-1 @Home: Edision Mini 4K, Wave Frontier T55, EMP Centauri EMP DiSEqC 8/1 switch, 4x Inverto Ultra Black single LNB
Posted 16 October 2013 - 20:31
Posted 16 October 2013 - 21:30
Ik heb de st40 cpu manual gevonden... alle opcodes staan erin. Weet ik tenminste wat een instructie doet
x86 assembly lees ik ok maar dit is "crypt" u maar zonder handleiding.
@Camping: ZGemma H.2S, Technisat Multytenne 4-in-1 @Home: Edision Mini 4K, Wave Frontier T55, EMP Centauri EMP DiSEqC 8/1 switch, 4x Inverto Ultra Black single LNB
Posted 17 October 2013 - 20:07
root@ik-virtual-machine:/home/ik/m/diff# binwalk sat801_mm_2.02a.hdt DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------------------- 45133 0xB04D Copyright string: " 1995-2003 Mark Adler " 65630 0x1005E gzip compressed data, was "m.bin", from FAT filesystem (MS-DOS, OS/2, NT), last modified: Thu Apr 4 01:57:12 2013
root@ik-virtual-machine:/home/ik/m/diff# binwalk sat801_mm_2.03a.hdt DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------------------- 45156 0xB064 Copyright string: " 1995-2003 Mark Adler " 65653 0x10075 gzip compressed data, was "m.bin", from FAT filesystem (MS-DOS, OS/2, NT), last modified: Wed Apr 24 02:04:26 2013 root@ik-virtual-machine:/home/ik/m/diff# binwalk sat801_mm_2.04a.hdt DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------------------- 45156 0xB064 Copyright string: " 1995-2003 Mark Adler " 65653 0x10075 gzip compressed data, was "m.bin", from FAT filesystem (MS-DOS, OS/2, NT), last modified: Fri May 31 01:47:16 2013Daarna uitgepakt op de aangewezen hex positie's en unzipt. Vervolgens de m.bin door binwalk gehaald.
root@ik-virtual-machine:/home/ik/m/diff# binwalk 202/m.bin DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------------------- 192079 0x2EE4F mcrypt 2.2 encrypted data, algorithm: DES, mode: CBC, keymode: 8bit 13129998 0xC8590E LZMA compressed data, properties: 0x40, dictionary size: 4194304 bytes, uncompressed size: 4096 bytes 13169266 0xC8F272 LZMA compressed data, properties: 0x40, dictionary size: 16777216 bytes, uncompressed size: 16843780 bytes 13176483 0xC90EA3 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13176576 0xC90F00 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13176697 0xC90F79 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13177246 0xC9119E Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13177415 0xC91247 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13177728 0xC91380 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178441 0xC91649 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178545 0xC916B1 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178646 0xC91716 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178863 0xC917EF Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13185191 0xC930A7 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13188600 0xC93DF8 Copyright string: " 1998-2008 NexGen Software., " 15672898 0xEF2642 LZMA compressed data, properties: 0x40, dictionary size: 33554432 bytes, uncompressed size: 2048 bytes 15672914 0xEF2652 LZMA compressed data, properties: 0x40, dictionary size: 16777216 bytes, uncompressed size: 2304 bytes 15672930 0xEF2662 LZMA compressed data, properties: 0x40, dictionary size: 8388608 bytes, uncompressed size: 2560 bytes 15672946 0xEF2672 LZMA compressed data, properties: 0x40, dictionary size: 4194304 bytes, uncompressed size: 2816 bytes 15672962 0xEF2682 LZMA compressed data, properties: 0x40, dictionary size: 2097152 bytes, uncompressed size: 3072 bytes 15672978 0xEF2692 LZMA compressed data, properties: 0x40, dictionary size: 1048576 bytes, uncompressed size: 3328 bytes 15672994 0xEF26A2 LZMA compressed data, properties: 0x40, dictionary size: 524288 bytes, uncompressed size: 3584 bytes 15673010 0xEF26B2 LZMA compressed data, properties: 0x40, dictionary size: 262144 bytes, uncompressed size: 3840 bytes 15673026 0xEF26C2 LZMA compressed data, properties: 0x40, dictionary size: 131072 bytes, uncompressed size: 4096 bytes 16183920 0xF6F270 YAFFS filesystem203:
root@ik-virtual-machine:/home/ik/m/diff# binwalk 203/m.bin DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------------------- 13130010 0xC8591A LZMA compressed data, properties: 0x40, dictionary size: 4194304 bytes, uncompressed size: 4096 bytes 13169278 0xC8F27E LZMA compressed data, properties: 0x40, dictionary size: 16777216 bytes, uncompressed size: 16843780 bytes 13176495 0xC90EAF Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13176588 0xC90F0C Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13176709 0xC90F85 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13177258 0xC911AA Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13177427 0xC91253 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13177740 0xC9138C Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178453 0xC91655 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178557 0xC916BD Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178658 0xC91722 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178875 0xC917FB Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13185203 0xC930B3 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13188612 0xC93E04 Copyright string: " 1998-2008 NexGen Software., " 15672898 0xEF2642 LZMA compressed data, properties: 0x40, dictionary size: 33554432 bytes, uncompressed size: 2048 bytes 15672914 0xEF2652 LZMA compressed data, properties: 0x40, dictionary size: 16777216 bytes, uncompressed size: 2304 bytes 15672930 0xEF2662 LZMA compressed data, properties: 0x40, dictionary size: 8388608 bytes, uncompressed size: 2560 bytes 15672946 0xEF2672 LZMA compressed data, properties: 0x40, dictionary size: 4194304 bytes, uncompressed size: 2816 bytes 15672962 0xEF2682 LZMA compressed data, properties: 0x40, dictionary size: 2097152 bytes, uncompressed size: 3072 bytes 15672978 0xEF2692 LZMA compressed data, properties: 0x40, dictionary size: 1048576 bytes, uncompressed size: 3328 bytes 15672994 0xEF26A2 LZMA compressed data, properties: 0x40, dictionary size: 524288 bytes, uncompressed size: 3584 bytes 15673010 0xEF26B2 LZMA compressed data, properties: 0x40, dictionary size: 262144 bytes, uncompressed size: 3840 bytes 15673026 0xEF26C2 LZMA compressed data, properties: 0x40, dictionary size: 131072 bytes, uncompressed size: 4096 bytes 16184100 0xF6F324 YAFFS filesystem204:
root@ik-virtual-machine:/home/ik/m/diff# binwalk 204/m.bin DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------------------- 192079 0x2EE4F mcrypt 2.2 encrypted data, algorithm: DES, mode: CBC, keymode: 8bit 13130010 0xC8591A LZMA compressed data, properties: 0x40, dictionary size: 4194304 bytes, uncompressed size: 4096 bytes 13169278 0xC8F27E LZMA compressed data, properties: 0x40, dictionary size: 16777216 bytes, uncompressed size: 16843780 bytes 13176495 0xC90EAF Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13176588 0xC90F0C Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13176709 0xC90F85 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13177258 0xC911AA Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13177427 0xC91253 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13177740 0xC9138C Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178453 0xC91655 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178557 0xC916BD Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178658 0xC91722 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13178875 0xC917FB Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13185203 0xC930B3 Copyright string: " (c) 2005, 2006, 2007, 2008 STMicroelectronics Limitedicroelectronics Limited" 13188612 0xC93E04 Copyright string: " 1998-2008 NexGen Software., " 15672898 0xEF2642 LZMA compressed data, properties: 0x40, dictionary size: 33554432 bytes, uncompressed size: 2048 bytes 15672914 0xEF2652 LZMA compressed data, properties: 0x40, dictionary size: 16777216 bytes, uncompressed size: 2304 bytes 15672930 0xEF2662 LZMA compressed data, properties: 0x40, dictionary size: 8388608 bytes, uncompressed size: 2560 bytes 15672946 0xEF2672 LZMA compressed data, properties: 0x40, dictionary size: 4194304 bytes, uncompressed size: 2816 bytes 15672962 0xEF2682 LZMA compressed data, properties: 0x40, dictionary size: 2097152 bytes, uncompressed size: 3072 bytes 15672978 0xEF2692 LZMA compressed data, properties: 0x40, dictionary size: 1048576 bytes, uncompressed size: 3328 bytes 15672994 0xEF26A2 LZMA compressed data, properties: 0x40, dictionary size: 524288 bytes, uncompressed size: 3584 bytes 15673010 0xEF26B2 LZMA compressed data, properties: 0x40, dictionary size: 262144 bytes, uncompressed size: 3840 bytes 15673026 0xEF26C2 LZMA compressed data, properties: 0x40, dictionary size: 131072 bytes, uncompressed size: 4096 bytes 16184100 0xF6F324 YAFFS filesystem
root@ik-virtual-machine:/home/ik/m/diff# binwalk -A 204/m.bin DECIMAL HEX DESCRIPTION ------------------------------------------------------------------------------------------------------------------- 54316 0xD42C ARMEB instructions, function prologue 11389995 0xADCC2B ARM instructions, function epilogue 13583601 0xCF44F1 ARM instructions, function epilogue 15597444 0xEDFF84 ARMEB instructions, function prologue
root@ik-virtual-machine:/home/ik/m# lzmainfo C8591A.bin C8591A.bin Uncompressed size: 0 MB (4096 bytes) Dictionary size: 4 MB (2^22 bytes) Literal context bits (lc): 1 Literal pos bits (lp): 2 Number of pos bits (pb): 1Lzma wil hem niet uitpakken.
Edited by DoeEensGek, 17 October 2013 - 20:12.
Posted 17 October 2013 - 20:16
Daar valt niets meer uit te pakken, is plain text en code. Het is o.a. de cam en die moet gedisassembleerd worden.
Ik kom er niet verder mee. Ida Pro kan ST20 maar (nog) niet de ST40.
In de ST20 stand kun je er al wat wijs uit worden maar ideaal is het natuurlijk niet.
Als iemand een ST40 disassembler weet te vinden zijn we natuurlijk alweer een stapje verder.
@Camping: ZGemma H.2S, Technisat Multytenne 4-in-1 @Home: Edision Mini 4K, Wave Frontier T55, EMP Centauri EMP DiSEqC 8/1 switch, 4x Inverto Ultra Black single LNB
Posted 17 October 2013 - 20:21
Als iemand een ST40 disassembler weet te vinden zijn we natuurlijk alweer een stapje
In de ST40 microtools zitten de GNU-tools:
ftp://ftp.stlinux.com/pub/tools/products/st40tools/ST40_GNU_R5.3.0/index.htm
...en dan zoals gebruikelijk "sh-superh-elf-objdump --disassemble". Maar... objdump verwacht een bestand in ELF-formaat en dat is deze image niet. Hoe je een bin-bestand disassembleert met objdump? De methode is in ieder geval gelijk voor ST40 en x86.
0 members, 6 guests, 0 anonymous users