WWW.IMRAN-FORUM.NET

IMRAN KHAN BANNU CITY STREET BAZZMUHAMMAD KHAN KAHIBER PUKHTUNKHWA PAKISTAN NO1 FORUM IN ASIA
 
HomeHome  CalendarCalendar  FAQFAQ  SearchSearch  RegisterRegister  MemberlistMemberlist  UsergroupsUsergroups  Log in  

Share | 
 

 TPS CRYPT3 report-explanations.rar

View previous topic View next topic Go down 
AuthorMessage
IMRAN KHAN
ADMIN
ADMIN
avatar

Number of posts : 66
Age : 36
Localisation : bannu city khaiber pukhtun khuwa pakistan
Registration date : 2007-04-12

PostSubject: TPS CRYPT3 report-explanations.rar   16/4/2007, 15:10

Although various new information is circulating among different hackers that create firmwares , it is actually very hard to make modifications.
In order to inform those which are not yet informed yet here are some explanations we are hoping that that can help advance more quickly in the devellopement.


Current TPS functionning with AES Keys List:
tps currently uses 4 types of encryption
- the preone (or preSE) (Preencryption)
- the encryption tpscrypte (or tps)
- the viaccess 2.3
- the post-surencryption (or postSE)

The newest innovation consists in the introduction of new algo implied in the process, namely the RC6.
The preSE and the postSE can thus now use 2 different algos: the RC6 or the AES the encryption tpscrytp being always in algo AES.
The daily extracted list (tps.bin) contains cycles of key of approximately 6 minutes with 3 keys:
here is what resembles a tps.bin File after decoding (decrypting)

28/12/2006 04:20: 00
C8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxA8
C8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxA8
7BxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxFC
0201021C

28/12/2006 04:26: 00
67xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxF3
FCxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx16
9BxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE5
0201021C

- 1st key for the preSE
- 2nd key for tpscrypte
- 3rd key for the postSE

alike(also) 3 flags:
- 1st for the preSE in algo RC6 (flag=2) or in algo AES (flag=1)
- 2nd for tpscrytpe always in algo AES (flag=1)
- 3rd for the postSE in algo RC6 (flag=2) or in algo AES (flag=1)

if a flag is set(at) to 0 there is no encryption of this type
and 1 flag of authorization of d?sencryption for the 3 types:
- bit 2 = 1 authorizes d?sencryption tpscrypte
- bit 3 = 1 authorizes pre-d?sencryption
- bit 4 = 1 authorizes post-d?sencryption

generally this flag has 0x1C (the 3 authorized)
thus when the decoder receives an original ecm this ecm needs transit from the preSE,TPScrypte,via2.3 (managed by the usual cards),the postSE
however this is were tps became smart indeed it is the ecm itself which contains the different types of d?sencryption to be made

an original ecm resembles this:
80 7m nn 00 D2 01 01 40 03 00 08 DF ww gh ij kl .....
with: 7m= 71 if odd screen and =70 if even screen
nn= length of the ecm
D2 01 01 identifier of the tpscrypte (to be deleted)
40 03 trick tps (to be transformed into 90 03)
00 08 identifying the provider and the key in progress

DF the nano DF:
- ww length of the DF
- gh used for “knowing” if a d?sencryption tpscrypte should be made (but if there were D20101 then in any event tpscrypte)
- ij used for “knowing” if a d?sencryption preSE should be made
- kl used for “knowing” if a d?sencryption postSE should be made (the operation for “knowing” is small a algorythme)

Thus sometimes one can have the 3 types, or only the 2 types, or only 1 type
and evidently the keys are used et the same time to treat a ecm
the Algos RC6 and AES generate from the key a table of hash by which the ecm is xor?e(?)

For the moment everyone uses the tps.bin files but the final solution for not having to flash/write everyday
is the extraction of the keyset which is currently sent by tps in stream on a well defined pid.
Unfortunately there too tps tightened the system and sending not only the keyset but also separately a rule
to use for the extraction of the keys This one is regularly modified this is what is actually posing problem
to the FTE Decoders which before could extract the keyset automatically and manage all this on its own, but now as soon as the rules of extractions are to modified the fte needs an update because the extracted keyset is not good.

Thats it I hope that this will help us advance.
PS: Here is a log of the process live so that that you have more visual about how it goes:

Appearance of the hidden text

> - LogPos= 680 -- 22:12: 37 ----- time file: 25.867 -- delta: 25.867
> CA 88 00 08 59
> DF



: 67 3E 01 09 50


C2 A0 7A 88 1A B1 06 2B


09 68 B7 F3



53 DA FC 14 9A EE DC CD E0 5A B9


F8 24 71


1A 1E B5 36 28 DF
> E2 03 : 35 9B 00
> E2 03 : 35 9B 05
> E2 03 : 35 9B 07
> EA 10 : AC 1B E9 92 95



2B DC 4B 6D DD 85 F2 C2 AA 9A
> F0 08 : 89 F7 1A CA DD FE 1B E1
<



28 => Bad sign Card asking for DCW : Provider 1 TPScrypt 007C0# Key 8
ECM:
DF2C673E01095046ACC2A07A881AB1062B1F0968B7F32C9C53 DAFC149AEEDCCDE05AB97CF824718C1A1EB53628DFE203359B 00E203359B05E203359B07EA10AC1BE992955F2BDC4B6DDD85 F2C2AA9AF00889F71ACADDFE1BE1

ispreSE mode: rc6 key 05A3484212B5B0B8ABFF7F910181052F
istps mode: aes key 05A3484212B5B0B8ABFF7F910181052F
ispostSE mode: aes key 9AAE43B754B70080E0D8C562F82D1304

Identity channel : TF1

< 90 40
< --------------------------- execution time: 2.578
> -LogPos= 1629 -- 22:12:39 ----- time file: 28.555 -- delta: 0.109
> CA 88 00 08 59
> DF



: 67 3E 01 09 50


C2 A0 7A 88 1A B1 06 2B


09 68 B7 F3



53 DA FC 14 9A EE DC CD E0 5A B9


F8 24 71


1A 1E B5 36 28 DF
> E2 03 : 35 9B 00
> E2 03 : 35 9B 05
> E2 03 : 35 9B 07
> EA 10 : AC 1B E9 92 95



2B DC 4B 6D DD 85 F2 C2 AA 9A
> F0 08 : 89 F7 1A CA DD FE 1B E1
<



28 => Bad sign Card asking for DCW : Provider 1 TPScrypt 007C0# Key 8
ECM:
DF2C673E01095046ACC2A07A881AB1062B1F0968B7F32C9C53 DAFC149AEEDCCDE05AB97CF824718C1A1EB53628DFE203359B 00E203359B05E203359B07EA10AC1BE992955F2BDC4B6DDD85 F2C2AA9AF00889F71ACADDFE1BE1

ispreSE mode: rc6 key 05A3484212B5B0B8ABFF7F910181052F
istps mode: aes key 05A3484212B5B0B8ABFF7F910181052F
ispostSE mode: aes key 9AAE43B754B70080E0D8C562F82D1304

Identity channel : TF1

< 90 40
< --------------------------- execution time: 2.594
> -LogPos= 2578 -- 22:12:44 ----- time file: 32.680 -- delta: 1.531
> CA F0 00 01 22
> 9E 20 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00
< 90 00
< --------------------------- execution time: 0.328
> -LogPos= 2842 -- 22:12:44 ----- time file: 33.008 -- delta: 0.000
> CA 18 01 01 17
> A9 0B : 35 81 36 23 20 00 00 00 00 00 00
> F0 08 : 73 AD



A9 FA 0A AB 8B
< 90 00
< --------------------------- execution time: 0.172
> -LogPos= 3080 -- 22:12:46 ----- time file: 34.609 -- delta: 1.430
> CA 88 00 08 59
> DF



: 80 FF 20 8B C7 D8 AB A1 26 2B 41 F6 41 16 5E 1D E1 64 8E




4D 70 E3 54 DD C9 B3 D8 A8 63 79 F7 94 13 F4 BB 56 24 A3 E1 49 01
> E2 03 : 35 9B 00
> E2 03 : 35 9B 05
> E2 03 : 35 9B 07
> EA 10 : 2D 8E 7D DE F8 6B 3D 72 51 78 36 A2 90



C2 18
> F0 08 : F5 B7 19 C8 87



6B BF
<



28 => Bad sign Card asking for DCW : Provider 1 TPScrypt 007C0# Key 8
ECM:
DF2C80FF208BC7D8ABA1262B41F641165E1DE1648E3C7C2C4D 70E354DDC9B3D8A86379F79413F4BB5624A3E14901E203359B 00E203359B05E203359B07EA102D8E7DDEF86B3D72517836A2 909CC218F008F5B719C8871F6BBF

istps mode: aes key 05A3484212B5B0B8ABFF7F910181052F
ispostSE mode: aes key 9AAE43B754B70080E0D8C562F82D1304

Identity channel : TF1

< 90 40
< --------------------------- execution time: 2.578
> -LogPos= 3971 -- 22:12:56 ----- time file: 44.656 -- delta: 7.469
> CA 88 00 08 59
> DF



: 15 0B 52 70 B1 48 AD 98 F9 40 93 39 6A AB 97 CC B4 4A 50 EF A0 D9 54 A2 9A EF 07 BE 45 F9 F8 21 27 61 1D DF 32


B3 43 2A 95


D4
> E2 03 : 35 9B 00
> E2 03 : 35 9B 05
> E2 03 : 35 9B 07
> EA 10 : 3B A0 DC 93 62 EB



5D EC CB 10 E3 DC 1A B0 E9
> F0 08 : FD 98 34 F1 42 02 65 6B
<



28 => Bad sign Card asking for DCW : Provider 1 TPScrypt 007C0# Key 8
ECM:
DF2C150B5270B148AD98F94093396AAB97CCB44A50EFA0D954 A29AEF07BE45F9F82127611DDF326CB3432A951CD4E203359B 00E203359B05E203359B07EA103BA0DC9362EB8C5DECCB10E3 DC1AB0E9F008FD9834F14202656B

ispreSE mode: rc6 key 05A3484212B5B0B8ABFF7F910181052F
istps mode: aes key 05A3484212B5B0B8ABFF7F910181052F
ispostSE mode: aes key 9AAE43B754B70080E0D8C562F82D1304

Identity channel : TF1

< 90 40
< --------------------------- execution time: 2.633
> -LogPos= 4920 -- 22:13:06 ----- time file: 54.758 -- delta: 7.469
> CA 88 00 08 59
> DF



: 16 B4 3E FD CD 08 5D EF 37 17 E0


4E 52 F1 C0 95 57 28 69 55 E2 28 1D 76 A0 2D 24 9D E0 20 E6 0D A2


63 42 EB 02 D3 54 5A 05 7E
> E2 03 : 35 9B 00
> E2 03 : 35 9B 05
> E2 03 : 35 9B 07
> EA 10 : 89 BD 17 3D 62



DD FD 4B ED B3 F7 D4 6D 1A 49
> F0 08 : 4B CE 10 6A C0 E3 D0 94
<



28 => Bad sign Card asking for DCW : Provider 1 TPScrypt 007C0# Key 8
ECM:
DF2C16B43EFDCD085DEF3717E09C4E52F1C09557286955E228 1D76A02D249DE020E60DA28C6342EB02D3545A057EE203359B 00E203359B05E203359B07EA1089BD173D621FDDFD4BEDB3F7 D46D1A49F0084BCE106AC0E3D094

istps mode: aes key 05A3484212B5B0B8ABFF7F910181052F
ispostSE mode: aes key 9AAE43B754B70080E0D8C562F82D1304

Identity channel : TF1

< 90 40
< --------------------------- execution time: 2.594
> -LogPos= 5811 -- 22:13:16 ----- time file: 64.867 -- delta: 7.516
> CA 88 00 08 59
> DF



: B9 80 3D


FF 55 B6 19 23 1E AA BE CD 77 42 C7 F7 41 90 10 0E B1


E9 E8 46 C0


BD F7 BE 94 16


D6 8B 08 9D 18 B8 DF A7 6E B3
> E2 03 : 35 9B 00
> E2 03 : 35 9B 05
> E2 03 : 35 9B 07
> EA 10 : E4 03 4B 5A 62 80 B3 CA CE 24 C0 94 50



22


> F0 08 : 7E


20 BD 1B D1 F2 8A
<



28 => Bad sign Card asking for DCW : Provider 1 TPScrypt 007C0# Key 8
ECM:
DF2CB9803D8FFF55B619231EAABECD7742C7F74190100EB14F E9E846C00FBDF7BE94169CD68B089D18B8DFA76EB3E203359B 00E203359B05E203359B07EA10E4034B5A6280B3CACE24C094 508F223FF0087E2C20BD1BD1F28A

ispreSE mode: rc6 key 05A3484212B5B0B8ABFF7F910181052F
istps mode: aes key 05A3484212B5B0B8ABFF7F910181052F
ispostSE mode: aes key 9AAE43B754B70080E0D8C562F82D1304

Identity channel : TF1

< 90 40
< --------------------------- execution time: 2.578
> -LogPos= 6760 -- 22:13:18 ----- time file: 67.445 -- delta: 0.000
> CA F0 00 01 22
> 9E 20 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00
< 90 00
< --------------------------- execution time: 0.391
> -LogPos= 7024 -- 22:13:19 ----- time file: 67.836 -- delta: 0.000
> CA 18 01 01 16
> A9 0A : 35 81 36 23 80 00 00 00 00 00
> F0 08 : 37 60 FA 87 56 72 95 E7
< 90 00
< --------------------------- execution time: 0.164
Back to top Go down
View user profile http://imran.manforum.net
 
TPS CRYPT3 report-explanations.rar
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» Report of the The Bloody Sunday Inquiry Volume 3
» The FSS: Lowe Report
» HaLeigh Cummings / Report of Crimes to State's Attorney Joseph Boatwright / RICO
» Bloody Sunday verdict of the Saville Report
» New Report Finds Madeleine McCann Could Be Alive—And Living as Someone Else’s Daughter Jul 6, 2012 4:45 AM EDT ( more spinning )

Permissions in this forum:You cannot reply to topics in this forum
WWW.IMRAN-FORUM.NET :: ENGLISH FORUM-
Jump to: