conax card exchange

Material znaleziony na innym forum,moze do czegos sie przyda.
Quais os sistemas de Conax mais conhecidos?

Conax --Lançamento em 1992 porem em 1997 fica mais conhecida com lançamento para DVB.
Conax CAS3 --em funcionamento em 2001 "Hacked"
Conax CAS5 --Lançamento em 2002 não tenho conhecimento de que foi hacked.
Conax CAS7 --Lançamento em 2004 neste momento este sistema ainda não foi hacked e é o ultimo sistema da Conax.

Qual o CA-ID da TvTel ?
CA_system_ID: (0x0b00)

Alguns detalhes em Inglês sobre Conax:
################################################## #################
Reset
When you insert the card into the decoder, the decoder sets the RST line low for a period of time as per the ISO7816 standard, then sets it high and waits for the card to respond. The card sends an Answer-To-Reset sequence of bytes (ATR) which tells the Decoder information about the behaviour of the card itself, such as transmission parameters, manufacturing details etc.
For Conax, the ATR string is typically:
3B 24 00 xx xx xx 45
3B (Initial Character)
Relates to Direct Convention (least significant bit first).
24 (Format Character)
TB are present, 4 historical characters.
00 (TB)
Prorocol parameters.
xx xx xx 45 (Historical Characters)
The 3 masked bytes can vary, but not necessarily different for each smartcard. This mean the ATR does not identify the cardholder.

Instructions
The Conax system complies with the ISO7816 standard for packet structure and protocol, using 5 byte command headers of the form:
CLA, INS, P1, P2, P3.
CLA (Instruction Class)
The first byte of an ISO7816-compliant message. The only valid Instruction Class is DD unlike Eurocrypt which supports both 87 and CA.

INS (Instruction Code)
The second byte of an ISO7816-compliant message. This byte can be any value, although only some values are processed as valid instructions by the smartcard.

P1 (Parameter Byte)
The third byte of an ISO7816-compliant message.

P2 (Parameter Byte)
The fourth byte of an ISO7816-compliant message.

P3 (Length)
The fifth byte of an ISO7816-compliant message. This byte is used to tell the smartcard how many more bytes will be sent to it to complete the message (not counting the ACK and SW (see below)).

ACK (Acknowledgement)
When an ISO7816-compliant smartcard receives a valid 5-byte header from its host, it is required to send back an acknowledgment based on the value of the INS byte to inform the host that it is ready to receive the remainder of the message.

SW (Status Word)
After an ISO7816-compliant smartcard has finished processing a packet, it must send a two-byte status word to the host device, informing the host device of the outcome of the transaction. Many combinations are valid here (all of them will start with 6x or 9x).
In the Conax system the CAM first sends an instruction message to the card, then the card responds to the CAM how many bytes it will answer with via the SW 98 xx, where xx is number of bytes the card will send in the Command Answer (DD CA 00 00 xx). If the card has nothing to say it sends SW 90 xx.

Instruction 26
Immediately after the ATR is received, the CAM sends instruction 26. These bytes tell the card what following information the CAM requires.
DD 26 00 00 03 26 10 01 01 98 0B
The card then sends the information the CAM requested (as SW2=0B).
DD CA 00 00 0B CA 20 01 01
28 02 0B 00
2F 02 00 2D 90 00
The dialogue is similar to the class 87 processing in Eurocrypt, and indeed it is possible for the broadcaster to send a command which disables the startup string in the same way that the FAC block can be disabled in Eurocrypt thus preventing the card from starting up.

Instruction 82
DD 82 00 00 14 82 11 12 01 B0 0F FF FF DD 00 00 09 04 0B 00 E0 30 1B 64 3D FE 98 1A
DD CA 00 00 1A CA 22 18
09 04 0B 00 E0 30
23 07 00 00 00 43 F3 93 23
23 07 00 00 00 00 21 F9 9B 90 00
First is nano 09, which is some record it gets from the CAM, presumably some region ID or status.
Next comes nano 23, which is the Card S/N (43F39323 = 011 4003 6387-X)
followed by a nano 23 again - this could be a Group ID.
Instruction 84

Instruction A2

Instruction A4

Instruction B2

################################################## ################

###########Mais ao pormenor Conax#######################

Conax uses same basic principles to encrypt channels as do other encryption systems.

Basically speaking a encrypted "Control Word" or ECW for short is sent to every card in a message called an Entitlement Control Message or ECM.

A new ECW is sent to every card simultaneously every 5 or 10 seconds or so.

The Card uses the current Operational Key (Key 20, Key21) to decode this ECW into a decoded Control Word or DCW.

The algorithm used to do this decoding of the ECW into DCW is called RSA (a little more about how this works later)

The DCW is then returned by the Smart Card to the CAM, where it is used to decode the incoming video signal. This is done within the CAM using a system called CSA (Common Scrambling Algorithm) to decode the incoming video into a veiwable picture.

From the above we can understand that all cards have the same Operational Key values, because they all have to decode the same ECW to clear a channel. Got that? Good....

Now where do those Operational keys come from and how do they get into the card. Well in the old days they would be preloaded into all the cards when they were manufactured. The problem with this (for the providers, not for us!) is that when hackers opened any one card and got the keys, the only way the provider could stop pirate veiwing would be to replace all the cards. Expensive to do!

So with current systems (like Conax) we have a further step up the ladder.

The Operational keys are sent to all the subscriber cards over the air in a message called an EMM (Entitlement Management Message).

This EMM contains the new Operation Keys to be used next.

Obviously hackers are not allowed to log these new Operation Keys being sent, so again these operational keys in the EMM are encrypted using RSA.

However there is an important difference between EMM and ECM. Where ECM are sent simultaneously to all cards, EMM are sent separately to every card in turn.

An EMM contains an Address of a specific card (known as UA or SA), and an encrypted operational key. The operational key is encrypted in RSA using a Master Key.

This Master Key in conax is key10, and every single card has it's own unique Master Key 10, so a card can only decrypt the EMM addressed specifically to that card.

In other words every EMM contains different encrypted data that can only be decoded by the card it is meant for.

This means that Conax can choose which cards it want's to update with the new key 20 or 21, and which cards it no longer wants to update - like when the subscription expires for example, or a card is reported stolen or lost.

The idea behind all this is that if hackers extract the MK10 from a card, and then publish that key and UA, all Conax needs to do is find the compromised key and address, then stop updating that card and all peoples copies that use the same key.

This is the reason why Master Keys are kept secret amongst small groups of hackers.

What was not considered at the time these systems were invented, is tha tpeople would have such a thing as the internet, where the current Operational keys can be published to many people very quickly, even if the change every day or more often (anyone remember good ol' sexview - 3 updates per day! )

Now a little about RSA itself

This is how it works:

* Find 2 very large primes, p and q.

* Find n=pq (the public modulous).

* Choose e, such that e<n and relatively prime to (p-1)(q-1).

* Compute d=e^-1 mod[(p1-)(q-1)] OR ed=1[mod (p-1)(q-1)].

* e is the public exponent and d is the private one.

* The public-key is (n,e), and the private key is (n,d).

* p and q should never be revealed, preferably destroyed

Encryption is done by dividing the target message into blocks smaller than n and by doing modular exponentiation:

c=m^e mod n

Decryption is simply the inverse operation:

m=c^d mod n

RSA, the first full fledged public key cryptosystem was designed by Rivest, Shamir, and Adleman in 1977.

RSA gets its security from the apparent difficulty in factoring very large composites.

However, nothing has been proven with RSA. It is not proved that factoring the public modulous is the only (best) way to break RSA.

There may be an as yet undiscovered way to break it. It is also not proven that factoring has to be as hard as it is. There exists the possiblity that an advance in number theory may lead to the discovery of a polynomial time factoring algorithm.

But, none of these things has happened, and no current research points in that direction.

However, 3 things that are happening and will continue to happen that take away from the security of RSA are: the advances in factoring technique, computing power and the decrease in the cost of computing hardware.

These things, especially the first one, work against the security of RSA.

However, as computing power increases, so does the ability to generate larger keys.

It is much easier to multiply very large primes than it is to factor the resulting composite (given today's understanding of number theory).

I hope that gives an insight into how these things work. If any of the above doesn't make sense, ask and I will clarify what I can

If you want to study further search the net for links regarding.

RSA
Prime Numbers
Cryptology
Crytanalysis
RSA Attacks
Brute Force Attacks
Timing Attacks

OK let's see if I can explain this a bit more clear than my ramblings above as maybe some did not follow it

To answer direct the questions asked by Hide who started this thread

Quote Hide
--------------------------------------------
Are there cards inside ready own Mkeys and Opkeys?

And it´s returning data too crypted by RSA or what? (CAM---rsa-->CARD----->CAM)
--------------------------------------------

Right lets see. There are TWO distinct processes going on in Conax (and just about all other encryptions)

1. Process for Decoding the actual picture/sound
-----------------------------------------------

For this the Conax card contains Operational Keys Key20 and 21, but only one of these is used at a time(see below for more about this) - marked (*)

The Process is:

a. CAM sends Encrypted CW to CARD in a message called an ECM

b. CARD uses key 20 or 21 to decode Encrypted CW into Decrypted CW (which is done using the RSA algorithm)

c. Decrypted CW is returned from CARD to CAM

d. CAM uses decrypted CW to decode the video

This process repeats every few seconds when a new ECW is sent to be decoded by the card. Every new ECW (encrypted Control WOrd) arrives in an ECM (Entitlement Control Message) All cards receive the SAME ECM at the SAME time.

If you have a valid key 20 or 21 then you can watch Conax until the key20 or 21 changes - once every day, week, month, whatever they decide it will last for.

2. Process for updating the Operational Keys Key20/21
---------------------------------------------------------------------

a. CAM sends new Encrypted Key 20 or 21 to CARD in a message called an EMM.

b. CARD decrypts the key 20 or 21 using its own UNIQUE master key 10 (to ensure the card decodes the correct EMM they attach a unique address to each EMM so the card knows which EMM to decrypt)

c. The decrypted key 20 or 21 is NOT sent back to the cam. It STAYS IN THE CARD for use in the above process 1.

Every EMM is unique to the card it was meant for.

Every EMM has a different encoded key 20 or 21, EVERY CARD HAS A UNIQUE KEY 10

However when the EMM is decoded with the correct key 10, every card produces the SAME decoded key20 or 21

Like this:

Encrypted Key 20 123456789 + MK10 (card a) = key 20 12AB4356

Encrypted Key 20 342575357 + MK10 (card b) = Key 20 12AB4356

Encrypted Key 20 12AB4EC21 + MK10 (card c) = Key 20 12AB4356

If you have a valid Master Key (Key10) and UA (Unique Address) then you can make an auto update file which will update the new key 20 or 21 when it is sent.

Now does THAT make more sense?? If not I'm happy to go through this and clarify things as long as you folks have a wish to understand more about what this hobby is really about.

Oh couple other things to mention (otherwise others here will tell me the above is wrong)

First thing.
In reality as many providers have millions of subscribers, they don't have time to send new operqational keys to every single card, one by one, using the UA (Unique Address)

So what they do in reality is update whole groups of cards at the same time (say 4096 cards per group) using the SA (Shared Address). If you understood post above you will realise that all cards from the same SA must have the same MK10!

Second thing (*)
There is some rumours/talk that since Conax changed cards in some SA groups, they have modified thier system to use BOTH key 20/21 to process the ECW. I have seen no evidence that this is true, but rumours persist.

################################################## #############

##############LOG em GBOX com um card Conax CAS7##############

==== Conax ECM on CaID 0x0B01, pid 0x1772 =====
-ECM-------------------------------------------
81 70 69 XX XX XX XX XX XX XX XX 50 02 00
-Send to card----------------------------------
DD A2 00 XX XX XX XX XX XX XX XX 50 02 00
card 2 response in 302 ms
Card response (DD A2): 98 0F
-Send to card----------------------------------
DD CA 00 00 0F
Card response (DD CA):
25 0D 00 00 01 00 00 9C E5 EC 6D 41 32 5E D1 98
0F
-Send to card----------------------------------
DD CA 00 00 0F
Card response (DD CA):
25 0D 00 00 00 00 00 BB E8 24 C7 A2 C6 3C A4 90
00
CW0: BB E8 24 C7 A2 C6 3C A4
CW1: 9C E5 EC 6D 41 32 5E D1
===============================================

Reset ao Card

ATR:3B240030423030
Conax Card - version 01

Country: Polen
CaID : 0B01
Serial : 0004298xxxxxx
Provider: 1010 - ITI Neovision
01.05.2007 31.05.2007 chid 01000063
01.01.1990 01.01.1990 chid 01FFFFFF
Baudrate = 9600 Baud