Markus Kuhn's pay-TV hacking mini FAQ
-------------------------------------

1995-11-11


I receive a LOT of e-mail with questions about VideoCrypt and similar
topics. As it is very boring to answer these questions hundreds of
times per month, I have written this little text with the most
frequent answers.


Q: Where can I get the latest Season?

On 1995-10-31, BSkyB has changed to a new secret encryption method
which is built into the new series 10 card. This algorithm is not yet
known and I do not know and can make no reasonable forecast when or
even whether it will become publically known again. Therefore, it will
not be possible to upgrade PC emulator software like Season7 and its
derivates in the near future.

Q: Will I need a new adapter hardware for emulating the BSkyB 10 card?

No. Nothing in the decoder has changed, so you won't need a new ISO
7816 interface design. What looks like additional contacts on the new
10 card and what has confused many people which do not understand how
VideoCrypt works is just the new chip module cover design of a
different card manufacturer. There are no new contacts on the BSkyB 10
card.

Q: When will a hack of the series 10 BSkyB card be available again?

Probably not very soon. The exchange of the card means that
practically all known secrets of the 09 card are useless now. PC
emulators can not be simply constructed by listening long enough the
the data traffic of a genuine card. If you do not understand why, then
please consult the Frequently Asked Questions List of the USENET group
sci.crypt and learn about secure hash functions.

Most likely, commercial hackers obtain the secrets of each new
smartcard generation using very expensive chip test equipment
(microprobing, electron beam testing, electron microscopes, etc.) and
tricky analysis techniques. Of course the manufacturers of the
security microprocessors which are used in the VideoCrypt cards work
hard on making this attack as difficult and expensive as possible and
with each card generation they are getting better and hacking the
cards becomes more difficult and expensive.

Q: Where will I find more information about Season and VideoCrypt news?

Read regularly the USENET news group alt.satellite.tv.crypt. Please do
not flood this group with questions before you have not read the
various Frequently Asked Questions Lists (FAQs) posted there
periodically and before you have not followed the discussions there
for at least two weeks. Also, please check the following Internet
servers for the latest information, before you ask basic questions:

  ftp://ftp.uni-erlangen.de/pub/Multimedia/VideoCrypt/
  http://www.paranoia.com/~defiant/
  http://ireland.iol.ie/~kooltek/
  http://www.gpl.net/paulmax/
  http://utelscin.el.utwente.nl/vcrypt/
  ftp://helvetica-gw.chnet.ch/vcrypt/

These servers have files with links to additional sources of
information.

Remember: If you ask a question on the network, you are MUCH more
likely to get a valuable answer, if you demonstrate that you have done
your homework and have checked already all available sources of
information yourself.

Remember: Be careful with starting unknown software downloaded from
the Internet!!! Some people enjoy publishing files with interesting
names like season10.zip which do nothing but destroying data on your
harddisk when started. Such software is called a "Trojan Horse" and
there have been many reported cases. If a virus scanner does not
signal any danger, this does not mean that this software is no danger.
Never start dubious software without a full prior harddisk backup,
especially if you use an operating system like DOS, OS/2 or Windows
which has no protection mechanisms.

Q: Is there any way I can still watch Star Trek, the X-Files and the
   Simpsons on Sky1 even if the 10 card is not yet hacked?

Yes, there is! The technique is known as delayed data transfer and
this is one of the security problems of VideoCrypt from which the
system can not recover easily by a card exchange. It works as follows:

Someone with a genuine card records the data exchanged between the
card and the decoder during the time when a very popular show is
broadcasted. A few years ago, I have developed a special data file
format called VCL (VideoCrypt Log) for this purpose. People without a
genuine card record the encrypted show on a good VCR at the same time.
Later, the person with the genuine card posts his VCL file on a
mailing list and all people without real cards load this VCL file with
Season7 and now Season7 can reproduce the answers of the genuine card
required for decoding this show even without knowing the secret
cryptographic algorithm.

This works fine and has even been done when the 07 card was in use. It
just needs a little bit cooperation on the network. The technical
details are explained in the manual of Season7 1.3 which is available
on ftp://ftp.uni-erlangen.de/pub/Multimedia/VideoCrypt/season13.zip

[end]

-- 
Markus Kuhn, Computer Science student -- University of Erlangen,
Internet Mail: <mskuhn@cip.informatik.uni-erlangen.de> - Germany
WWW Home: <http://wwwcip.informatik.uni-erlangen.de/user/mskuhn>