back

How Do I Crack Satellite and Cable Pay TV?

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
01:02:40
Language
English
Abstract
Follow the steps taken to crack a conditional access and scrambling system used in millions of TV set-top-boxes across North America. From circuit board to chemical decapsulation, optical ROM extraction, glitching, and reverse engineering custom hardware cryptographic features. This talk describes the techniques used to breach the security of satellite and cable TV systems that have remained secure after 15+ years in use.

Analysis of, and low-cost attack techniques against, a conditional access and scrambling system used in tens of millions of TV set-top-boxes in North America. A case study of the low-cost techniques used by an individual hacker to successfully crack a major pay TV system.<br/>
<br/>
Topics include:
<ul>
<li> chemical decapsulation and delayering of ICs in acids,
<li> microphotography and optical bit extraction of ROM,
<li> binary analysis using IDA and homebrew CPU simulators,
<li> datalogging and injection of SPI and serial TS data,
<li> designing and using a voltage glitcher,
<li> extracting secret keys from RAM of a battery-backed IC,
<li> analyzing hardware-based crypto customizations,
<li> studying undocumented hardware peripherals,
<li> MPEG transport streams and non-DVB-standards,
<li> QPSK demodulation, interleaving, randomization, FEC of OOB (out-of-band) cable data.
</ul>
The result is knowledge of the transport stream scrambling modes and knowledge of the conditional access system used to deliver keys. Strong and weak points are identified, advanced security features implemented nearly 20 years ago are compared to modern security designs. A softcam is designed and tested using free software, working for cable and satellite TV.

Talk ID
8127
Event:
33c3
Day
1
Room
Saal 2
Start
12:45 p.m.
Duration
01:00:00
Track
Security
Type of
lecture
Speaker
Chris Gerlinsky
Talk Slug & media link
33c3-8127-how_do_i_crack_satellite_and_cable_pay_tv

Talk & Speaker speed statistics

Very rough underestimation:
166.3 wpm
941.6 spm
171.8 wpm
973.5 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
166.3 wpm
941.6 spm
acpkeykeyschipromstreamtransportsoftwaredatarambitsset-top-boxbitcabledesglitchcodeprogramspihardwarepointcategorydecryptionsystememmtimeworkingchanneldecryptmainsatellitechrisprocesstvtablecontrollerstandardseedaddressboxinsidesimplegoodsetsignalemmsmessagesecm40workset-top-boxes
Chris Gerlinsky:
171.8 wpm
973.5 spm
acpkeykeyschipstreamtransportromdatasoftwarebitsset-top-boxbitramcabledesprogramglitchspicodehardwarecategorydecryptionpointemmsystemchannelmainworkingdecryptsatellitetablecontrollertvseedaddressstandardsetinsideprocesstimeout-of-bandchannelsmpegmessagesecm40emmsdecrypted6502bytespid