1996-03-30 - Re: [NOISE] Cable-TV-Piracy-Punks

Header Data

From: mpd@netcom.com (Mike Duvos)
To: kooltek@iol.ie (Hack Watch News)
Message Hash: 1b83e92407132275b2e65228157d754321f15c52cc7b803257073e4fb5e407ab
Message ID: <199603300210.SAA09465@netcom3.netcom.com>
Reply To: <199603292053.UAA18333@GPO.iol.ie>
UTC Datetime: 1996-03-30 08:06:58 UTC
Raw Date: Sat, 30 Mar 1996 16:06:58 +0800

Raw message

From: mpd@netcom.com (Mike Duvos)
Date: Sat, 30 Mar 1996 16:06:58 +0800
To: kooltek@iol.ie (Hack Watch News)
Subject: Re: [NOISE] Cable-TV-Piracy-Punks
In-Reply-To: <199603292053.UAA18333@GPO.iol.ie>
Message-ID: <199603300210.SAA09465@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

kooltek@iol.ie (Hack Watch News) writes:

 > The DSS smart card has been reverse-engineered for at least
 > six months now and pirate devices are in the market. The
 > encryption used on those systems is good but it does not
 > stand up to a well financed attack.

This is indeed good news.  I haven't followed the satellite wars
for a while, and although I was aware that the earlier European
system had been broken, I didn't know that the one used by the
DSS folks had by now also met a similar fate.

This is interesting, since the technology to do unbreakable
encryption and authorization certainly exists.  Perhaps the DSS
folks should have brought in a few Cypherpunks as quality control
consultants. :)

 > Using DES to encrypt the audio on the fly is an old
 > technique and was used in the VideoCipher II system. Most of
 > the more recent systems use a PRNBSG EXORed with the digital
 > audio data stream.

Again, it's been a while since I looked at the industry, but I
was under the impression that the VideoCipher II was still used
by Satellite dish owners to receive CNN, HBO, SHO, TMC, and the
rest of the ordinary analog pay cable channels.

Has everyone now been forced to upgrade to something "new and

 > The problem of piracy will still exist on digital systems.
 > The DSS system is a completely digital system and it too is
 > hacked.

Digital systems eliminate the main drawback of analog ones for
using cryptography, namely that there is no way to strongly
encrypt the video and ship it out using the same modulation
technique which originally encoded it.

Once you have both audio and video streams in digital form,
having ones encryption "hacked" is more a function of
cluelessness on the part of those engineering the encryption and
authentication mechanism than some latent vulnerability on the
part of the technology.

I'm really surprised that DSS got hacked, given that the hacking
of the European digital system was well known while DSS was being
constructed.  Sounds like a very slow learning curve somewhere in
the engineering process.

 > Admittedly some of the elements of security in the DSS are
 > good, most can be rendered void by hackers. The problem for
 > DSS is that the smart card they used is not secure enough.
 > It was a Motorola 6805 type. What appears to be the pattern
 > with the hacks on more recent smart card systems is an
 > inversion of the original pattern on the simple analogue
 > systems. The original pattern was that some hobbyists would
 > figure out how to hack the system and then the hack would be
 > commercialised. With the smart card hacks - the pattern is
 > inverted so that it becomes a trickle down pattern. The
 > professional hackers reverse and emulate the smart card and
 > then the code is sometimes hacked from the emulator card and
 > then distributed among hobbyists.

In a well engineered smart card system for authorizing individual
viewers of a digital audio/video stream, each card contains a
unique serial number and a random cryptographic key stored during
the manufacturing process in a manner which cannot be obtained
even by destructive reverse engineering of a particular card.

The originating system then uses this information to embed
messages in the transmitted data stream permitting individual
cards to decrypt and recover the random and frequently changing
session key with which the channel bitstream has been strongly

If such a system has been properly implemented, all the
specifications for it should be able to be published without
compromising it.  Emulators for the software used in the cards
shouldn't be a problem as long as serial#/key pairs for specific
cards are not disclosed.

 > The most dangerous thing in all this is that the smart
 > cards that have been hacked in Pay TV systems throughout
 > the world are also used in other applications. The expertise
 > and the knowledge of reversing smart cards is now more
 > common in the Pay TV piracy business. There is always the
 > possibility that these skills could be applied elsewhere.

Perhaps in the private sector, where snake oil abounds.  I
suspect military types do things a bit more cleverly than the
prior scenario implies.

BTW - what is the legal status of hacking DSS?  It's not like
cable, where you are tapping into a municipal service illegally.
You own the dish, the decoder, and the photons with which the
satellite is irradiating your back yard.  Can the government
really regulate how you choose to process photons found on your
own private property with equipment you own?

Have there been any test cases?

     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd@netcom.com     $    via Finger.                      $