informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/hacking/shw0893.asc

256 lines
12 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Syndicated Hack Watch 08:93
The Start Of The War
Sky had suffered its most devastating hack to date. Its security
was demolished and the MultiChannels package was about to be
introduced. They had to do something fast or it would all slip
away.
The Blackbox industry was beginning to move the pirate cards for
Sky in volume. There were talks of quantities of ten thousand
being sold. Cards were beginning to filter into the UK. At this
stage Sky had no option but to move. The pirates were attacking on
the home front. This was economic war and Sky was losing.
The Grey Market piracy of a card for a card was an essential
factor in Sky's growth. As long as it wasn't too overt then it did
not seem to matter. Sky were benefiting from the arrangement as
was the other channels such as FilmNet.
With the advent of the Ho Lee Fook hack the Grey Piracy market
took a bit of knock. The Ho Lee Fook card and chip allowed access
to all VideoCrypt scrambled channels. The prices varied but the
lowest quoted figure was œ99.00. Considerably less than what Sky
were charging for the whole package.
As if by some miracle, Sky and News Datacom came up with a fix for
the hack. Yes it was not really Sky's responsibility to fix the
hack. News Datacom, the designers of the security architecture had
to try and stop the Ho Lee Fook hack. It seemed that the had found
a solution.
As with all events in the Blackbox industry, it has been assigned
a catchy name. The name of solution is the "Zombie Fix". No, this
is not the name for the continual brainwashing adverts on Sky
One. The reason for the name is that old cards have recently
started to work again on this 3.5 Second on - 3.5 Second off
cycle. Cards that have been authorised for Sky's movie channels
are working on TV Asia. Other cards such as those for the Adult
Channel are working on the same basis on the Sky channels.
The Blue card that I had received started to act funny. At first
it happened on only Sky Movies and The Movie Channel. Sky Gold and
TV Asia were unaffected. It could have been a problem on the Sky
channels but experience and instinct proved otherwise. It was a
countermeasure. After a few days, the same sort of effect occurred
on TV Asia and Sky Gold. The upgrade to VideoCrypt was complete.
The program in the Ho Lee Fook card and chip apparently contained
enough to decode the scrambled channel but not enough to respond
to the over the air switch off codes. This limited implementation
meant that the hack was a very powerful one. It was not possible
for Sky and News Datacom to actually send out a command for the
card to switch off. What this implies is that the card had enough
information and data to decode the channels. The hack had
separated the access control from the decryption aspect.
Of course the fact that the Ho Lee Fook hack was not a full
implementation may well have provided a weak spot for Sky and
News Datacom.
This is the point at which the hack was attacked. The datastream
on the VideoCrypt system appears to have been altered. The
alteration did not affect the official Sky cards but the pirate
cards and chips started to malfunction.
Essentially the Zombie Fix caused the pirate card to return a
fixed key every second time. This is the standard response when a
bad card is inserted. The card cannot match the challenge and it
jumps to a sub-routine that returns a fixed key.
The standard response to the wrong card being inserted is hidden
from the viewer. Ordinarily when the wrong card is inserted the
on-screen graphics will make the fact clear. Sky and News Datacom
were a little clever here.
The data for "Wrong Card Inserted" may well be passed to the on
screen graphic display chip. A signal is being sent out over the
air to this chip to switch it off during this operation. One of
the effects of the countermeasure is that the channel identifier
message does not come up on the screen either.
ECM Meets Electronic Counter Counter Measure
At this stage the war between the pirates and Sky is growing
complex. The Zombie Fix has been met with a new card and chip
issue. The new card and chip work on the Sky channels and the
other VideoCrypt scrambled channels.
According to sources the hackers only took ten minutes to come up
with the solution to the Zombie Fix. It was, apparently, a rather
simple one but it did require the replacement and upgrading of all
the pirate cards and chips on the market. It appeared that Sky had
hit the pirates.
The problem for Sky and News Datacom is that they are not dealing
with a FilmNet type situation. When FilmNet's analogue SatPac
system was being pirated, the market was at its most expanded.
Every Tom Dick and Harry was involved and there was very little
organisation. The current pirate market is better organised and
the buy in price is high financially and technologically.
The main problem of getting the updated hack into the market now
seems to have been solved. Some dealers in Holland were promising
a one week turn around on the chips and cards. From information
received this time schedule has been followed.
The Blackbox Industry has recovered from the Zombie Fix at a rate
that has alarmed Sky and News Datacom. The recovery appears to be
just in time for the introduction of the Sky MultiChannel package.
The Next Move
With the imminent introduction of Sky MultiChannels, a compromised
VideoCrypt is a very big problem. It remains to be seen what will
happen. Sky and News Datacom will have to make a move on the
situation soon.
Assuming they have another fix up their sleeves they can wait
until the market is saturated with pirate cards and then
introduce the electronic counter measure (ECM). It would naturally
have the most effect as it would deter a larger number.
However pressure from other users of the VideoCrypt system may
force the situation. There are two options here: the immediate
introduction of the ECM or the introduction of a new card series.
Both options hinge on availability. If there is no ECM now or
likely within the next few months, Sky and News Datacom will be
forced into bringing the 08 series of cards. Again if there is not
a sufficient number of the 08 cards available they will have to
maintain the 07 issue and with it the pirate market.
Normally the smart cards are changed in the Spring or Autumn.
Introducing the 08 issue card over the next few months would
conform to the pattern but the logic is flawed. The Sky
Multichannels is coming into operation over the same time period.
The subscriptions and card administration will place a strain on
Sky's operation and the hassle from new cards would only
complicate things.
If Sky do introduce a new card issue then it may occur anytime
from October onwards. Some sources favour April 1994 for the new
issue.
The question of Pay Per View still remains unanswered. The 07 card
issue was to have handled this facility. The P000 T000 was the
indication. With the Ho Lee Fook hack it would seem that the idea
was stalled for the moment. Hypothetically the Sky Gold
transponder might be the ideal path for a PPV service. Of course
if the hack is as dangerous as everyone thinks then it is possible
that the PPV routines will have been compromised as well.
A hack on the PPV routines would in some senses be more severe
than the hack on the VideoCrypt system. The PPV channel would be
carrying premium programming and would be far more costly than the
movie or sports channels. Therefore a pirate card that would give
infinite tokens or credits would be extremely valuable.
Hi-Tech's Card Trick
The Hi-Tech Card Tricks card is a reality and it works. The card
is black and uses a PIC processor. When tested it worked on
FilmNet. It seems that once again FilmNet are in trouble. The
EuroCrypt-M system is now compromised.
The reason that the card handles only FilmNet is the legality of
the situation. If the card actually decoded the TV3/Tv1000
channels then it would be just as illegal in the UK as a pirate
Sky card.
The problem has to do with the uplink or origination of
TV3/TV1000. Since it is being uplinked from the UK it is
technically a UK originated channel and is therefore protected by
the UK Copyrights Patents And Designs Act - just like Sky. The
tricky question of the porn is neatly sidestepped. They uplink
that from outside the UK.
The cost of the card is œ150 and it is available from Hi-Tech. It
is the only card that descrambles D2-MAC EuroCrypt-M signals at
the moment.
Active Logic - Cannot Recommend A Purchase - Yet
A company called Active Logic has been advertising heavily in What
Satellite and claiming to supply pirate smart cards for D2-MAC
channels such as FilmNet. The advert is cause for concern as it
promises a lot but is too cleverly worded to make coherent sense.
It assures the reader that the cards are Unique Clone Designs.
This is a bit of a contradiction in terms. Other factors such as
the wording of the advertisement have given brought back memories
of PR Technology's brash style. Now they may be totally
unconnected.
The hints at the cards for other D2-MAC channels being available
are decidedly dodgy. If they have pirate cards for TV3/TV1000,
then they are in violation of the Copyright Patents And Designs
Act. The advert also mentions that there is a German address. If
they are clever then they may try to use the German address to
ship these cards from. Even so it would still put the UK operation
in trouble as they would be supplying information and a product in
breach of the act.
Red Hot Television To Make A Comeback
It appears that despite the rumours floating about, Red Hot
Television is not dead yet. What appears to have happened was that
the operation in Denmark was closed down but not the channel
itself. The channel was busy arranging alternative finance.
According to some reports they have arranged the new financing and
will be back on Eutelsat 2-F1 within the next few weeks. The test
bar transmissions on the same Eutelsat transponder (11.181 GHz
Horizontal) are scheduled to start on August 24th with a full
service resuming on August 29th.
The scrambling system that they will use for the next few weeks
will be the SAVE system. This means that the present array of SAVE
descramblers will not have to be upgraded just yet.
The tests of the Enigma-1 system just before the channel went off-
air were successful and it is believed that the smart card for the
channel was into the prototype stage.
The hack on the VideoCrypt system threw up an unexpected problem
in that the JSTV smart card actually descrambled the Enigma-1
scrambled signal. There were no doubt a lot of happy JSTV viewers
except that there was a "Wrong Card Inserted" graphic over a
rather strategic part of the screen. Both the new and old JSTV
cards appeared to work on the system. Of course the channel will
eventually, according to the information received, switch to
Enigma-1.
There are other porn channels who claim to be starting up soon.
TV69 apparently has the backing of some ex-Red Hot Television
people and VTO. It will, so the claim, use VideoCrypt with cards
supplied via the Adult Channel. This is only one of a few channels
that may or may not start transmitting over the next few months.
After 12 Europe is also one of those mooted. It remains to be seen
which will actually start transmitting.
******************************************************************
Syndicated Hack Watch - Copyright (c) 1993 All Rights Reserved
MC2 Publications Division
22 Viewmount, Waterford,
Ireland
Reference in New Issue View Git Blame Copy Permalink