1996-03-31 - Re: [NOISE] Cable-TV-Piracy-Punks
Header Data
From: “Dave Emery” <die@pig.die.com>
To: perry@piermont.com
Message Hash: 0a386d0f0a1a7ddc4ea677b277ab1cecd74d817760b5f9b73fc82e527c30df19
Message ID: <9603310537.AA20289@pig.die.com>
Reply To: <199603310021.TAA17420@jekyll.piermont.com>
UTC Datetime: 1996-03-31 11:42:45 UTC
Raw Date: Sun, 31 Mar 1996 19:42:45 +0800
Raw message
From: "Dave Emery" <die@pig.die.com>
Date: Sun, 31 Mar 1996 19:42:45 +0800
To: perry@piermont.com
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <199603310021.TAA17420@jekyll.piermont.com>
Message-ID: <9603310537.AA20289@pig.die.com>
MIME-Version: 1.0
Content-Type: text/plain
>
>
> .pm writes:
> Why not? If the card knows its own key, then someone else can probably
> get the key out by some nasty mechanism.
>
>
One of the earliest breaks of the Videocipher II analog satellite
descrambler back in 1986 was based on twidling with the timing and
electrical characteristics of the chip clock on the supposedly
tamperproof TMS 7000 crypto microprocessor until it stared to misexecute
instructions. By chance, some PROM code that allowed reading the secret
seed keys used by each individual box to decode master keying messages
addressed to it happened to be a few instructions after some other code
normally accessible by issuing commands to the chip. One kept issuing
those commands while corrupting the clock until the chip misexecuted the
branch at the end of the public code and fell into the otherwise
inaccessible code that allowed access to the seed keys.
So yes, this has already been done in one real case of
cryptosystem defeat. For a while, it was the standard method of
obtaining seed keys from VC-II boards.
Later versions of the ROM code removed that vulnerability.
Dave
Thread
Return to March 1996
- Return to ““Dave Emery” <die@pig.die.com>”
- Return to “kooltek@iol.ie (Hack Watch News)”
- Return to “Mike Ingle <inglem@adnetsol.com>”
- Return to “mpd@netcom.com (Mike Duvos)”
Return to ““Perry E. Metzger” <perry@piermont.com>”
- 1996-03-30 (Sat, 30 Mar 1996 17:13:23 +0800) - Re: [NOISE] Cable-TV-Piracy-Punks - kooltek@iol.ie (Hack Watch News)
- 1996-03-30 (Sat, 30 Mar 1996 16:06:58 +0800) - Re: [NOISE] Cable-TV-Piracy-Punks - mpd@netcom.com (Mike Duvos)
- 1996-03-31 (Sun, 31 Mar 1996 09:59:25 +0800) - Re: [NOISE] Cable-TV-Piracy-Punks - “Perry E. Metzger” <perry@piermont.com>
- 1996-03-31 (Sun, 31 Mar 1996 13:56:00 +0800) - Re: [NOISE] Cable-TV-Piracy-Punks - mpd@netcom.com (Mike Duvos)
- 1996-03-31 (Sun, 31 Mar 1996 14:40:49 +0800) - Re: [NOISE] Cable-TV-Piracy-Punks - “Perry E. Metzger” <perry@piermont.com>
- 1996-03-31 (Sun, 31 Mar 1996 19:42:45 +0800) - Re: [NOISE] Cable-TV-Piracy-Punks - “Dave Emery” <die@pig.die.com>
- 1996-03-31 (Sun, 31 Mar 1996 14:40:49 +0800) - Re: [NOISE] Cable-TV-Piracy-Punks - “Perry E. Metzger” <perry@piermont.com>
- 1996-03-31 (Sun, 31 Mar 1996 20:01:43 +0800) - Re: [CRYPTO] Cable-TV-Piracy-Punks - Mike Ingle <inglem@adnetsol.com>
- 1996-03-31 (Sun, 31 Mar 1996 20:19:04 +0800) - Re: [CRYPTO] Cable-TV-Piracy-Punks - “Perry E. Metzger” <perry@piermont.com>
- 1996-03-31 (Sun, 31 Mar 1996 13:56:00 +0800) - Re: [NOISE] Cable-TV-Piracy-Punks - mpd@netcom.com (Mike Duvos)
- 1996-03-31 (Sun, 31 Mar 1996 09:59:25 +0800) - Re: [NOISE] Cable-TV-Piracy-Punks - “Perry E. Metzger” <perry@piermont.com>
- 1996-03-30 (Sat, 30 Mar 1996 16:06:58 +0800) - Re: [NOISE] Cable-TV-Piracy-Punks - mpd@netcom.com (Mike Duvos)