|
New member Username: DjsmithPost Number: 3 Registered: Jul-06 | From other site: "I hope this is going to quash some rumors and speculation. Blocker stops DN from changing data on the card, FTAs can't be changed this way, have to plug them into a computer, so no blocker needed, a blocker does not get you any channels. This latest change has nothing to do with speed or memory size This is the simplest way I can explain why there is no fix yet: In a DN card there are 2 MAPs(math processors), that I know of there probably are more, these MAPs change numbers, or modify number strings. They use unreversable math, so even though you know the number going in and the number coming out you can not detemine what math was used to make that change, so you can't duplicate it just by knowing the answer. The MAPs are readable, but it takes awhile to get each step. The MAPs themselves can be modified by outside settings, this makes these MAPs multi-level if you will. So its not just a matter of getting one read of a MAP and your done. Now to have an FTA fix you need both MAPs and all possible combinations of those, this will take awhile. For cards you need none of this, the MAPs are built-in, so you don't need to know squat about whats going on inside the card, this is why card sharing works. DN has never tried to stop FTAs from getting their channels until now, it does not surprise me that a fix will take some time. Until now all they did was fake packets and changed the auto-roll signature, so basicly they did nothing. The rev108 update shut down the FTAs for a few days using a few MAPs calls, the rev109 update still has them shutdown using many MAP calls, for how long who knows but they will be back up, at least until rev10A. I am sure the coders appreciate all the suggestions offered by non-coders but they know where the problem lies, its just a matter of getting the info". "Don't let the FTA makers pull the wool over your eyes. Don't believe them when they say the fix is taking so long because "we have to read through 155 pages of prime number theory, AES ciphering" or "the new bin required is so massive the coder is exhausted" or my personal favourite "Mr. Viewsat will be putting 1 Canadian and 1 Korean in the same room with a electron laserscope". Complete and utter kaka. The reason FTA, Atmega, Armulator, ROM101, ROM10/11 and everything else (except ROM102) is down is because of these two lines of code: 936E: lda #$57 9370: jsrp #$00, $A822 Thats it! Those buggers are causing all this chaos. That code is assembly. Assembly works by calling and executing various instructions. The instruction at line 936E: lda #$57 means "load register a with the value 57". The instruction at 9370: jsrp #$00, $A822 means "okay, jump-to-routine MAP function that was loaded in register a, namely 57". So basically, those two lines of code execute something called MAP 57. The problem is, WE DON'T KNOW WHAT MAP 57 is. That is why Mr. Viewsat and the other FTA makers are sweating right about now. You see, without knowledge of MAP 57 their gravy train will run away soon. For those that say "well, the FTA people will figure it out, don't worry". Start worrying. Think of MAP 57 as a kind of black box. There is an input to the black box and an output. The idea is to try and figure out what this black box does. For example, if we input 2 and the output is 4, if when we input 3 the ouput is 6, if when we input 4 the output is 8, then we may reasonably deduce that this black box just multiplies the input by 2. That was easy. The real MAP 57 takes 128 bytes of input, another 16 bytes of input and magically produces a 128 byte output." |
|
Silver Member Username: LuciaPost Number: 191 Registered: May-06 | too long to read. can you put it in 5 words at least. |
|
New member Username: Chris7777Post Number: 9 Registered: May-06 | now explain the quantum theory of physics ...hehe |
|
New member Username: Toxiclipstick310, CA US Post Number: 3 Registered: May-06 | yea put it in Lamens terms for me please.. |
|
New member Username: BudgiePost Number: 7 Registered: Jun-06 | i thought they will pay big buck buying the map 57 as they did before and implement in the fta software, and i believe this is the only way solving the problem. |
|
Silver Member Username: CreekSmithtown, New York Post Number: 129 Registered: May-06 | Imput 128 + 16 = 144 -> square root 12 -> 12 plus 16 = 28 -> 28 + 100 = output 128 |
|
Bronze Member Username: Van1Post Number: 11 Registered: Jul-06 | What I understand the black box is nothing than decryption engine, probably DN changed the encryption method to unknown .... |
|
Silver Member Username: JdqPost Number: 140 Registered: Apr-05 | Lamens- if there is a fix it will be a while. |
|
Bronze Member Username: George12Post Number: 17 Registered: Mar-06 | hey guys i was wondering , i been into this hobby about a year now. whats the longest time DN FTA has been down like it is now???? |
|
Bronze Member Username: WaydownPost Number: 30 Registered: Jun-06 | creek ,you are right ,I been doing this for 20 yrs,and you just told the real problem. |
|
Bronze Member Username: WaydownPost Number: 31 Registered: Jun-06 | Doreen ,thank you. |
|
Silver Member Username: HybridfayMississauga, Ontario Canada Post Number: 120 Registered: May-06 | too long to read these cut& paste threads |
|
New member Username: NomeloplagiesPost Number: 7 Registered: Apr-06 | Llave creciente = 128 pesos 2 Coronas x 8 pesos = 16 pesos Subirse al techo y mover las antenas al Nimiq2 en 82.0°W otra al Nimiq1 en 91.0°W y una mas al Amazonas en 61.0°W ... no tiene precio ! Monkey wrench = 128 pesos 2 Coronas 8 pesos each = 16 pesos Going to the roof en moving dishes to Nimiq 2 at 82.0°W, Nimiq 1 at 91.0°W and Amazonas at 61.0°W ... priceless |
|
New member Username: Sudanie_1000Post Number: 6 Registered: Jul-06 | I'm sure mose of us are not interested in all of that, we just need to know whether it's gonna be on again or not.. |
|
Silver Member Username: AanaaPost Number: 133 Registered: Mar-05 | simple q fix available ? if so how long it will take |
|
New member Username: DjsmithPost Number: 5 Registered: Jul-06 | I myself do not understand what I posted LOL I just thought some that do understand might want to know. I think it means its a waiting game now . and to answer george gonzalez question.... If I am right the last wait was only a few days or a week. I can't remember. That was when Niagra 2 came into effect. |
|
New member Username: TeePost Number: 3 Registered: Nov-05 | I agree with u 100% sudan, just wanna know if were EVER gonna be on again!!!! I mean im very patient and all, just wanna hear sumthin every now and then from the busy worker bees!!!! Also wanna add I appreciate all that help us!!!! |
|
Silver Member Username: LuciaPost Number: 193 Registered: May-06 | HAHAHAHAHAA @ ZORRO CRITICO |
|
Bronze Member Username: NickbNew York, New York USA Post Number: 71 Registered: May-06 | So when the script executes these lines... 936E: lda #$57 9370: jsrp #$00, $A822 It loads register val 57...and then executes 9370 to parse some key data (the 128b and 16b fragments) and retrieve an output... And that MAP57 algorithm is like the black box function they are talking about?? So is that MAP57 routine just for startup authentication or is that part of the data stream that constantly requires validation to have the decryption process working?? |
|
Bronze Member Username: Rufa33Post Number: 30 Registered: Jun-06 | No so bad info here. If it's matter of programming and what comes in and out, they will figured that out soon or later! But I think it's more than this simple idea of registry 57 on the heap. As much I come to know, is they are rotating the output numbers with kind of Logarithm that switch the keys to different one each time to scramble the channel. Maybe there is more. Let's wait and see. |
|
Bronze Member Username: RadamesPonce, Puerto Rico Post Number: 36 Registered: Jun-06 | Danny, I have a pasat 3500 sd and I try the found of language programin of my box. I have a bin editor key but is Hexadecimal and no is language of programing. How found a software of this system? |
|
Bronze Member Username: XmongraPost Number: 13 Registered: Feb-06 | If that post is real, it is an algo that BL has to identify, then we will have our bin file, its take a while to identify that, be patient, it can be done, what they have to do is go back to the books. 128 bits its a strong algo. I am very positive they will get it.Time? hard to say how long it will be. |
|
Bronze Member Username: Bingo2006Post Number: 20 Registered: Jun-06 | thanks, doreen, that is the information we would like to know. |
|
Silver Member Username: HardrockstrikerPost Number: 229 Registered: Apr-06 | Nick, the MAP57 is the blackbox. It has to do with decrypting each packet; if packet is succesfully decrypted then it is "allowed" to be displayed on tv screen. It is the actual decrypt function that works on each packet in the stream, for which we don't know the recipe. The best way I can explain it is like this: if you get in a street fight with a really huge sucka and you're just a small guy, you would get creamed if you attacked him head on. The only way to defeat said big guy would be to kick him in the groin (weak area), and then he falls. Encryption works the same way: you have to find a flaw or a weakness to attack, or figure out the recipe. Some encryption, e.g. RSA, the recipe is made public but one of the keys are kept secret; in this case, we need to find the key instead of recipe. In DSS case, the method is hidden in this mapped area, which we cannot see because it is firewalled. Guessing what's inside the mapped area can take a really long time, or, it may never be guessed. Maybe the coders can find a weakness in the firewall to get a dump on it. I know in the computer field, there are many firewalls which have had flaw that could be exploited to gain access. |
|
New member Username: Dewey1384Post Number: 2 Registered: Jul-06 | There is some truth to the first post in this forum about putting two people in a room. Although the nationality is not needed, they could disect the semiconductors with fuming nitric acid and physically figure out what is in the "firewalled" area. The issue is time and it is very expensive. We're talking serious lab time. They don't need a "laser" microscope (whatever that is). The density of (how tightly packed) microprocessors are today would/could take a very long time (I would guess weeks working 40+ hours/week). But if they DO read the processor(s) all future code will be very, very easy. Just my 2 cents. |
|
New member Username: AxmasterPost Number: 1 Registered: Jul-06 | Wiring 128 wires on the logic analyzer is a pain in the butt, especially if you have to solder each one on a tiny pin. But who says it cannot be done? |
|
New member Username: Cusito44Post Number: 1 Registered: Jul-06 | Message to Viewsat from the underground -------------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings from the underground, First we would like to express our disgust in the the way the current FTA STB importers have handled the current situation. Shamelessly spewing lie after lie all in the name of saving face and selling your particular brand of STB, all the while knowing very well that if they never get the MAPROM, they will never be able to provide a solution to the current decrypt control word encryption. Of course these lies also go toward saying that they have the MAPROM and a solution will be here in a matter of hours. We call bullshit simply because as anyone that understands what needs to be done can easily see that with the MAPROM, the new algorithm could be implemented in a few minutes and firmware released. Facts are facts and anyone that understands the problem knows what we say here is correct. The lies and deliberate misinformation from these people must stop and what better way to stop it than to provide all the information needed to defeat this problem. This information however does have a price tag. The price tag is not written in dollars and cents but rather in 1's and 0's. What better way to stop the lies than have everything in the open for all to see. Since most of the lies come from one particular importer and his sales reps, this offer is directed at Viewsat and Viewsat only. Release the source code for the Viewsat STB into the opensource arena and 1 hour later we will also release the entire MAPROM to the opensource world and let the chips fall where they may. This offer is not open to negotiation and is nothing more than is stated. We will not accept money so don't waste your time asking. We can not be bought and neither can the MAPROM. Just think of the possibilities of having a lower cost STB into the market. A move such as this could only benefit all parties involved as sales will start again for the Viewsat STB and the community will have a reasonably priced open source STB to work with. A ground breaking move that would be beneficial to all involved. Should Viewsat refuse our offer we will not consider other offers at this point. For information on where the public posting would take place representative from viewsat can reach us @: silicon_int@hushmailcom This paragraph is Representative of a group of long time community members that have been providing information to the community on many platforms, for many years both privately and publicly. Reguards, UnKn0wN HaCkErS Please post this on your site and encourage everyone to post it on thier respective sites. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at hushtoolscom/verify Version: Hush 2.5 wpwEAQECAAYFAkSoEf4ACgkQDiTHKZNt/djXPgQAi58eGGwK/B/oUhZYH52FSPGqoo31 3g9ql8fKEg9oliUsEUZ+kitATgVFHkqVtdL9HG2LxE1ibGYzvL aZLlWSR+KwRsP7z3a+ xIkecZ1OjxpN7sc45AoQd1gE0Gm56K0OBltdFNRbEHKTeXym6E WEYlEhMjwOMVsMEMZ9 W6BXhYM= =qSzB |
|
Bronze Member Username: TinfishPost Number: 42 Registered: Apr-06 | Doreen, that is precisely the way GSM authentication works in GSM Wireless technology. The A3 algorithm is a one-way and takes a random number as input and outputs a result which has to match the provided SRES. It has never been hacked. |