DVB encryption with OTP is weak


Building barricades to protect content in the DVB are is not a new thing. It start´s with the used CAS and DRM Restrictions up to hardware pairing to a special vendors box. The first hardware pairing was used with the CAS Betacrypt with the BlueCam. (The BlueCam was an internal CA system that has the option to get paired to the Dbox 1) So to get a system married to a special box isn´t the big finger. The Boxkey system was also used too. It was broken very fast cause the Key itself was stored in a EEPROM inside the STB.

Today it looks like the same security, the only news is that the Key is now stored inside the DVB Core in a special protected OTP area. ST and Broadcom uses this on the newer generation of DVB chipset´s.




What we need to know is:

  • Pairing uses a Diffie Hellmann handshake – special for CI+ with 3 RSA cert´s
  • The overcrypt traffic is protected by 3DES or AES (depends on the Vendor)
  • The smart card encrypt the Control Word (AES/3DES)

We have a weakness inside the STB file system. (Plain RSA cert´s). The next stept is we can decrypt the traffic between CI+ HOST and CLIENT. So that makes CI+ nut´s cause it is possible to emulate.

Same on the normal non CI+ version. We can do the man in the middle Attack.

PANIC! But the CW is still encrypted by a heavy encryption system. Is that true?

Maybe it is true?! xD .  AES is not broken yet, AES has too much possible Keys that we need to brut force. A Rainbow Table is not useful. 1.1 x 10^77 possible keys on 256 bit that we need to precalculate and have the storage for it. Sounds like petabyte not gigabyte.

But what happens if we can cut the possible keys to 1/2 ? or 1/4?

How? We know the CW is like 2^64 thats arround 18,4 trillion possible control words.

Back to AES… AES is a block cipher.. that means every block has the same size. Thats the differents to a stream cipher. A stream cipher is used in WEP encryption or in RC4. the stream cipher is weak, cause we can find the 3 keys that we need to decrypt the magic. For example the old PDF encryption had a stream cipher with 56 bit. The Key collision to find the magic was pretty fast cracked. Same on 128 bit version by magic Rainbow Tables.

So where the hell is the weakness? CI+ again!

A hint for all those haxxors… i stick 00000000 in and become 128 bit out..?! 128Bit / Known Plaintext= Key .. do it a couple times… and the possible key´s will be reduced!

If „CW“ known compare to reduce more keys!

—————-END OF PREVIEW———-

FULL-PDF use contact! – Only for Companys in Crypto Biz!



Cause LOGIC is a kind that nobody can BUY! It doesn’t matter your study in Cambridge… Logic is something your mother and dad gave you on the DNA! CYA MotherTruckers!




to be updated

Dieser Beitrag wurde unter Weak Hardware abgelegt und mit , , , , , , , , , verschlagwortet. Setze ein Lesezeichen auf den Permalink.