textfiles/hacking/shw1093.asc

******************************************************************
*---------------- Syndicated Hack Watch - 10:1993 ---------------*
******************************************************************
*-------------- Special Projects BBS +353-51-50143 --------------*
*--------------        SysOp: John McCormac        --------------*
******************************************************************
*------------- (c) 1993 MC2 (Publications Division) -------------*
*--------------- 22 Viewmount, Waterford Ireland ----------------*
******************************************************************
******************************************************************

Syndicated  Hack Watch is copyrighted material.  All  unauthorised 
reproduction whether in whole or in part, in any language will  be 
suitably dealt with.

******************************************************************
Contact Numbers:

Voice: +353-51-73640 
Fax: +353-51-73640
BBS: +353-51-50143  HST  -  Special Projects BBS
E-mail: mc2@cix.compulink.com.uk
FidoNet: 2:263/402
******************************************************************

Piracy Covered By Mainstream Press

It would appear that the mainstream press has finally copped on to 
the  fact  that  piracy is happening.  The  Financial  Times,  the 
English  eqivalent  of the Wall Street Journal,  has  covered  the 
matter though the topic had a curiously Anglo-Australian flavour.

Apparently  there  is a dealer in Offaly, Ireland  selling  pirate 
smart  cards  into  the UK. The  initial  Finacial  Times  article 
featured  a  photograph of Mr David Lyons  of  Satellite  Decoding 
Systems  (Offaly  and Warrington) with a a legitimate card  and  a 
pirate card. The day after, the Financial Times had a small  piece 
on  how  they received a pirate smart card with  a  Cheshire,  UK, 
postmark.

Basically  what Satellite Decoding Systems is doing  is  marketing 
the pirate card into the UK from Ireland. The card is not  illegal 
in  Ireland but it is illegal in the UK. But the problem was  that 
the  cards  were being shipped into the UK from Ireland  and  then 
distributed  in the UK. The UK side of the operation was  slightly 
illegal. Sky's lawyers have served a writ on the UK operation  but 
Mr Lyons is fighting it.

Sky  are faced with a tricker problem in Ireland. The  hacking  of 
non-Irish  satellite  channels  is not  illegal  under  the  Irish 
Broadcast  Act  1990. The only option sky would have  is  to  take 
Satellite Decoding Systems to court for copyright infringement.


EC Legislation On Piracy?

The  Motion  Picture  Experts Group  has  drafted  an  anti-piracy 
proposal  with  which to lobby the EC. They want  to  make  piracy 
illegal  in all the states of the European Community. They may  be 
movie  experts but their knowledge of piracy is appears to  be  in 
the realm of the fictional.

The  draft  proposal  would make piracy  of  satellite  and  cable 
signals illegal throughout the EC. The most likely  implementation 
would be as a Directive which would be law throughout the EC.

The  approach  is  American  and the thinking  on  appears  to  be 
federalist. Except in this case the federalist approach is not the 
correct  one.  Each  country  in the EC  has  its  own  particular 
framework  and problems. To try to implement a standard  catch-all 
piece of legislation will cause more problems than it solves.

There is legislation extant in various EC countries to protect the 
signals.  Though  the downside is that the legislation  is  inward 
looking. The laws of each country protect that country's channels. 

In most states in the EC, the legislation protecting satellite and 
cable  channels  is a compromise. Protecting  cable  signals  with 
legislation   is  a  fairly  straightforward  matter.   Protecting 
satellite   signals  is  a  trickier  proposition.  Normally   the 
legislation  covers the channels uplinked  from that  country  but 
does  not extend to satellite channels that originate outside  the 
country.  The legislation in some countries have  provisions  that 
extend protection on a reciprocal basis.

Of  course  the  problem with piracy is that  it  rarely  respects 
legality. It can operate underground when necessary. Where it  has 
been forced underground it has prospered. 

General Instruments Sues Magazine

General  Instruments,  the maker of that  greatly  hacked  system, 
VideoCipher II, are to sue a magazine over adverts. The adverts in 
question were for third party cable decoders.

The  action  is being taken because GI believe  that  the  adverts 
contravene the 1984 US Cable Act which makes it a criminal offence 
to assist piracy. The magazine, "Nuts And Volts" has a circulation 
of 80,000. 

The US constitution protects the right to free speech.  Commercial 
and editorial speech is also protected to a lesser degree. The  US 
Supreme  Court upheld a decision that the US magazine "Soldier  Of 
Fortune"   could  be  liable  for  criminal  acts   committed   by 
mercenaries who advertise in its pages.

Some  in the industry see the lawsuit as a form of  harassment  by 
GI.  However the situation will be watched closely here in  Europe 
by Sky.

A Faster Update For Pirate Cards

According to some sources, Sky are about to face a more  versatile 
and  lethal  threat. Some of the newer designs  for  pirate  smart 
cards  will be updated by telephone. In this respect are  becoming 
more  like  Sky.  Except in this case the  pirate  cards  will  be 
updated to cope with Sky's countermeasures.

The technology involved is similar to that used in the USA for the 
VideoCipher  key  updates. The basic dealer equipment  will  be  a 
modem, a computer and a chip programmer. The update codes will  be 
delivered  via modem to dealers throughout Europe. They will  then 
have  to program the pirate cards using the delivered codes.  This 
essentially involves plugging the pirate card into a socket on the 
programmer and downloading the updated set of codes.

Of  course  the  full chip program  will not be  sent.  The  newer 
versions of the cards will have two chips. One chip will hold  the 
main  card program. This chip will be protected. The  second  chip 
will   be   unprotected.  This  chip  will  hold   the   alterable 
information.

Such a change in operation will give the Blackbox industry an edge 
on Sky as they will be able to bring the update time down to a few 
hours. Whereas before it was a question of returning the card  and 
waiting perhaps a few days, pirate users will now be able to  walk 
in to a dealers and have the card updated on the spot.

FilmNet and VideoCrypt 2

The  system  used  by  FilmNet on the  low  Astra  transponder  is 
VideoCrypt.  It  is  not  the same  type  of  VideoCrypt  as  that 
currently in operation on the Sky Multichannels.

The  new  type  of VideoCrypt has been given a  working  title  of 
VideoCrypt  2.  Others  have called  it  VideoCrypt  Europe.  Some 
hackers  have pointed out the ominous similarity of its acronym  - 
VC2. 

The  need for VideoCrypt- 2 has become evident over the  last  few 
months.   Some   of  the  more  European  channels  in   the   Sky 
Multichannels package have sizable European potential. The Ireland 
- UK constriction of the Sky Multichannels package tends to  limit 
their financial outlook somewhat. The European market is far  more 
lucrative in terms of cablenet deals.

According  to  a  source, FilmNet  have  already  ordered  100,000 
VideoCrypt-2  IRDs from Thomson. The use of the system by  FilmNet 
is  not  particularly unusual. However it is an  indication  of  a 
clever   strategy   on   FilmNet's  part.  It   is   a   case   of 
compartmentalised  operations. A separate system for each area  of 
operation. The strategy would tend to limit the effects of a  hack 
on any of the systems. As things stand, FilmNet on Astra is hacked 
and  VideoCrypt is hacked. Unless there is some major  upgrade  in 
VideoCrypt-2 then the system will also be hacked.

The use of a separate transponder by some of the channels that use 
VideoCrypt-2 to access the European market is out of the question. 
Therefore  VideoCrypt-2 must be able to coexist with  VideoCrypt-1 
on the same channel. 

There may be some evidence for the VideoCrypt-2 being in operation 
on channels other than FilmNet. Some official card users have been 
reporting  slow lock-up times on various channels. Other  problems 
such as intermittent drop-out have been observed.

These   are  exactly  the  kind of  symptoms  to  be  expected  if 
VideoCrypt-1 and VideoCrypt-2 are sharing a channel's  datastream. 
The  VideoCrypt  datastream is robust in that it has a  very  slow 
data  rate.  The  1  kilobit  per second  rate  gives  it  a  good 
resistance  to sparklies. The disadvantage is that the  slow  data 
rate makes updates and addressing tedious. 

Normally  the VideoCrypt system requires a new seed key every  3.5 
seconds   or  so.  To  multiplex  VideoCrypt-1  and   VideoCrypt-2 
datastreams  would  be possible. The problem would  be  that  some 
areas  of the datastream would double in size and take as long  to 
transmit.

Other  areas of the datastream would have to be expanded as  well. 
As  some of the Sky Multichannels package are not yet cleared  for 
European  rights they would have to transmit a  secondary  channel 
identifier. This would ensure that a European Discovery smart card 
would  decode  only  Discovery  and  not  the  rest  of  the   Sky 
Multichannels package. This would mean that the channel identifier 
bytes  would  be  transmitted on an alternating  basis  hence  the 
delayed lock-up.

At  this stage it is only possible to speculate on  the  circuitry 
used  on the VideoCrypt-2 decoder. Most of the VideoCrypt  designs 
on  the  market at the moment are based on the  1989  design.  The 
8052,  6805, custom logic chip have made this  particular  decoder 
design vulnerable. The 8052 was not even protected. Over the  last 
few  years  there  has been a tendency to  go  for  surface  mount 
componentry but the main chipset appears the same.

The  most  logical areas for updating would be the  8052  and  the 
6805.  In  the VideoCrypt-2 decoder the functions of  these  chips 
would  probably  be taken care of by one chip. This would  give  a 
higher  security to the decoder as the compromised programs  could 
be rewritten and perhaps given a few new twists and turns. 

The  question  at this point relates to FilmNet's risk.  Are  they 
walking  into  another  ambush? VideoCrypt-1  is  already  totally 
hacked. VideoCrypt-2 may not last very long unless there has  been 
some  intense re-engineering of the software and the  card-decoder 
protocols.