Archive through May 19, 2004
|
New member Username: NalaPost Number: 1 Registered: May-04 | Hello SOLRAC, i was wondering if you can send the p4 file you got thanks. my e-mail address is flower_power_60@yahoo.com |
|
John4949 Unregistered guest | Your old receiver will work with the p4 card. People who subscribe were sent p4 cards and told to replace their hu cards. I called direc tv and told them i had a rca receiver and dish and they told me that if i signed up that they would send me the p4 card. |
|
john4949 Unregistered guest | I doubt any of the p4 stuff you see some people claiming to have is legit. Your probably just gonna screw up your card. Best to wait for the hack to be more widespread and user friendly. |
|
john4949 Unregistered guest | Does anyone here know how to hack cable? My roomate set me up with basic cable before he moved out. I have heard that i can buy a filter and that movie channels will be unscrambled...I have also heard that you can buy a descrambler box or something. Does anyone here have legit info on this stuff??? |
|
joe718 Unregistered guest | a couple of years ago i use to have the old cable box with that red read out display with basic cable and we used a lil small box called a "rf dam", now everything is digital |
|
Informant Unregistered guest | The HuStream is allowing channel 101 (Jones TarverII) to be ordered? Not sure if it will last. |
|
Simple Minded Unregistered guest | The following is from the arizona republic newspaper. investigators arrested 21 people thursday in connection with a scam to steal sataelite tv services. the six wee op is believed to be the first in the country targeting people buying illegal sat equiptment. working with people from national satellite company DIRECTV maraicopa county sgerriffs investigators lured the suspects to a store in phoenix and sold them $50 acess cards designed to steal programing....[yada yada yada...it's sooo bad... and bad for the economy....yada yada yada}the suspects are accused of stealing $5000.00 worth of programing a month [yada yada yada.....defrauding the company...yada yada yada...must be stopped]Investigators are also looking for two additional suspects[the'll never find us.] who were not located in thursday's raid. |
|
Simple Minded Unregistered guest | Dear Dave So sad to slow ...what ya think I'm tarded...like were going to go to the store and buy it for ourselves when theres tons of "tweekers" in arizona willing to buy anything for you if ya get them a bag of crystal meth when they come back...rough trade though dave...$5000.00 in programing ..they only bought a bougus card.. they didnt even work and your going to charge them $5000.00 a month they had it? they only had the cards three days. You should just give in dave... leak the code and come home to daddy before I get mad and leave you forever. You know it's gonna happen sooner or later. Yours in christ Simple Minded P.S please dont treat the drug addict you cought in my place to badly.. he was only trying to score his fix. |
|
Solrac Unregistered guest | Does anybody knows of someone that can hook me up with the U.S. legal Direct TV here in mexico? |
|
THE BOSS Unregistered guest | you guys are so slow you think you will win but i have i little suprise for all you hackers you will never get a fix for the p4 it will allways go down. have fun going crazy. yours truly dave from dtv |
|
New member Username: NotvformePost Number: 7 Registered: May-04 | hey dav lick my nuts ya dumb cacksucker dont need your crap ! free to are is the way to go dvb |
|
THE BOSS Unregistered guest | yada yada yada then go get it LOSER |
|
New member Username: HackmanSpartaburg, S.C. United States Post Number: 1 Registered: May-04 | Fellows, Fellows never fear Hackman is here. Here is the latest. My 3 buddy's from canada have dumped and cracked a p4 but it keeps looping. Here is the way around that. Their is some big wheel in Canada waiting til the time is right to let out the unlooper to fix these cards and it is done through a method called buffing. I know for a fact that it has been done but I guess the moneys not right yet. And finally you can program the damn card with a quad Iso programmer with dual crystals 3.57 and 3.68 mhz. But until we get the buffer to unloop don't screw your card up trying to get tv. |
|
THE BOSS Unregistered guest | not true dave dtv |
|
New member Username: HackmanSpartaburg, S.C. United States Post Number: 2 Registered: May-04 | Finally the difference between the p4 and p5 is that you have to have a p5 card in one of your receivers to get daves high definition tv channels. When you get hd tv you get a p5 not a p4. Thank you. p4 is for regular channels. Also p4 will work in the old receivers I have 4 of them. |
|
New member Username: HackmanSpartaburg, S.C. United States Post Number: 3 Registered: May-04 | Dave don't say its not true because you know it is. I progammed your freaking p4 already and lasted for 5 and a half weeks but finally went down. But like I said you will loop your card. It was done with a homemade hu loader using a system called wizard. So their. |
|
THE BOSS Unregistered guest | watch what happens to your card after you load it 4 or 5 times lmao yours truly dave dtv |
|
Simple Minded Unregistered guest | Dear ,Dave You seems so combative..so angry..I wonder why...could it be that your p4 card has been cracked.. I think it may.. give in dave give in to the pressure and leak your code. Oh and dave...you'll never get us all...we cant be stopped... were to cheap to pay for it and to smart to let it pass...were comming fo YOU dave...lol yours in christ Simple Minded P.S Your mama sells coochie on a streetcorner |
|
karl020 Unregistered guest | Why would Dave be posting after business hours? Doesn't he have TV to watch? |
|
DSS DORK Unregistered guest | WALTER BROWN...so are p/5 going to be programmable too or just the p/4...and DAVE go ride a bicycle without a seat up and down the stairway!!!! |
|
Misty Unregistered guest | Can anyone give me some guidance in purchasing a satellite system to replace DSS I hear of Blackbird, silver bullet and dishnet but don't know if they are still running or where to seriously look for one. Anybody |
|
Gmoney Unregistered guest | In Puerto Rico everyone is using Dish Network, you pay someone $150-$200 and they take your receiver put some kind of chip in it and program your card, they guarantee it for six months and if and when it goes down all they have to work on is the card. |
|
jammer Unregistered guest | Yes J.S , Bell Express will cost a little more. I am just going to buy the basic subscription and use the emulator system to test the rest of the channels. I Have heard that this system has been running for some time with only a few occassions of downtime. I have cable too but that cost 50.oo a month and it's hard to get used too after DTV. |
|
2010 Unregistered guest | Everyone says DishNet since they never change cards or something like that? |
|
THE BOSS Unregistered guest | so every one thinks that they will be back up soon not likely.you see the p4 has a flaw BUT we have the zap for the flaw and it will cook your card and the p5 is the fix for it oh i forgot to tell you that there is a 6 and 7 already to go if the 5 has problems ha ha ha good luck morons yours truly dave dtv |
|
The Boss's Daddy Unregistered guest | Never mind my son, he doesn't know better, i droped him when he was a baby! |
|
keep it comming Unregistered guest | I came here looking for answers to question on all the card out mainly the hu. But I have never laugh soooooo much in my life. I rather wait until I see a answer that might fit my need,because I enjoyed the comments u all make toward each other's (knowlege ?)that i cant stop laughing. thank you all . |
|
john4949 Unregistered guest | Only an idiot would pretend to be an employee of direc tv on an internet message board. |
|
THE BOSS Unregistered guest | whos petending? |
|
Simple Minded Unregistered guest | Yeah right 6 and 7. this guy dont know his bunghole from his elbow ..I wonder if he knows theres millions of recevers out there and swapping the cards out would take months and millions of bucks just in postage. nah he's just a reject that wants to start trouble ignore him. |
|
New member Username: HackmanSpartaburg, S.C. United States Post Number: 4 Registered: May-04 | Dss Dork yes the P/5 can be done too but it is for hdtv. Basicly the cards are the same but different. You just get a better picture with the 5 but when the unlooper comes out it will do for both. Or should I say a buffer for unlooping. Dave don't worry I am a legal subscriber too so do your dirty work. I also hope your cards aren't cloneable to get the legal info from it to put it on a hacked one cause if it is I have 4 legal cards so come and get me. |
|
New member Username: HackmanSpartaburg, S.C. United States Post Number: 5 Registered: May-04 | Now for dishnetwork. I think it is simple to do. The new quad jtag is awesome. No more soldering. just stick it in hook up to your laptop, copy the key and store them. Get a quad iso programmer and copy the info. to your card. Pretty damn simple. But wait, remember when dish merged with dtv guess what daves making a killing again. Kill dtv and sell dish. Next dish gets hit and dtv is back up. Making money hand over fist. You lucky S.O.B. |
|
Anonymous | i don't know how long any of you boys have been with dave but a few years back when they swaped out cards they were forced back to using the card they tried to swap out because of receiver /card problems so don't say it couldn't happen again and if you boys do all your homework their are problems with cards and receiver not being compatiable and yes some folk over state side are still running on hu stream what makes you think they can't do both? |
|
Simple Minded Unregistered guest | Ok someone give the total lowdown on dishnetwork and where to find info on cracks and hardware and stuff so we can all look for ourselves |
|
New member Username: HackmanSpartaburg, S.C. United States Post Number: 6 Registered: May-04 | Dishnetwork go to Dssheler. Or go to Dssplayground.com. |
|
New member Username: HackmanSpartaburg, S.C. United States Post Number: 7 Registered: May-04 | Dsshelper |
|
New member Username: Smokey0357Post Number: 2 Registered: May-04 | HEY CAN YOU SEND THAT FILE TO ME I WILL USE IT |
|
Simple Minded Unregistered guest | thanks walter..hey shoot me an e-mail desert_golden_tiger@hotmail.com if ya get a chance |
|
DishMaster Unregistered guest | for all the fixes & files you need for Dishnet go to |
|
New member Username: HackmanSpartaburg, S.C. United States Post Number: 8 Registered: May-04 | Talked too a reliable contact. The buffer is finished but the main guy is going to distribute it too all the major dealers in Canada before it comes to the U.S. Could be a couple more weeks or worse a couple of months. Cross your fingers and hope for the best. |
|
New member Username: HackmanSpartaburg, S.C. United States Post Number: 9 Registered: May-04 | Simple Minded tried to email you and it wouldn't let me. So check your address and see if you typed it correct. |
|
New member Username: HackmanSpartaburg, S.C. United States Post Number: 10 Registered: May-04 | |
|
Bronze Member Username: HackmanSpartaburg, S.C. United States Post Number: 11 Registered: May-04 | |
|
New member Username: WantedmanPost Number: 4 Registered: May-04 | Dave I am your father |
|
justwondering Unregistered guest | I have a questione, If the Hu is gone why is it that there are companys Like dss , still trying to sell the card? Now have I seen good comments posted on this site about dss. so what is really going on??? |
|
keep it comming Unregistered guest | is anyone watching tv these days if so can we share |
|
Simple Minded Unregistered guest | Desert_Golden_tiger@hotmail.com <!!!there are underscores between the words but it was correct the first time |
|
Anonymous | thankfully i finally found this forum with some real info. after reading the comments last night, i turned on my receiver(i have cable so i have just been waiting)and all the music stations are back. does anyone have any info concerning that. is dave restatring the stream? |
|
Farmdude Unregistered guest | ok i need to know if a Mikobu III M6.2 will program a regular P4, because i just got my P4 and i believe it is already married to another system so i need to mess with it, can anyone help me? |
|
dss dork Unregistered guest | can anyone answr me please....since it was said the programmer to program p/4 p/5 was going to be a iso programmer they are going for 59.99 at dsstuff.com would it be better to order one now or just to wait i also have a mikobu 3 is there going to be a flash to have that compatable with the p/4 p/5 or its going to be a totally different loader |
|
numbnuts Unregistered guest | also dave has been cracking down on alot of sites can some list the sites that are owned by dave for the safety for all |
|
cali777 Unregistered guest | numdnuts you can go here to see the list |
|
New member Username: HickeymoePost Number: 3 Registered: May-04 | dave need to sit his old as- down,you don't own the air waves,and do you pay rent for using the air waves?God made the air waves for man kind, and it belonges to him(God) and not to dtv or no one ealse for that matter,I hope they bust the p4 card wide open and every card you produce,you Jew basterd. |
|
New member Username: HickeymoePost Number: 4 Registered: May-04 | dtv have disc-network to worrie about,not the hackers,stupid fu*k as* dave(dtv)fu*k dtv |
|
rummy Unregistered guest | I got a letter from Direct TV end user group that says they can fine me up to $10,000 because I purchased signal theft equipment and it gives a number to call to discuss matter does any one know about this I have never used a card or stolen signals I might have bought some kind of stuff but it never worked I threw it out |
|
Anonymous | I got a letter from Direct TV end user group that says they can fine me up to $10,000 because I purchased signal theft equipment and it gives a number to call to discuss matter does any one know about this I have never used a card or stolen signals I might have bought some kind of stuff but it never worked I threw it out |
|
Simple Minded Unregistered guest | Rummy if you call that number you might as well bendover and exhale cause there gonna bootie tap ya. it's a set-up.. just let it pass.. it's like a bait contact to get you to call and get on tape admitting you have hardware to program cards. |
|
Unregistered guest | I am in Canada, and waiting for fix on P4 card. Will old HU Sureshot loader work with some sort of alteration or what will be needed to program cards once fix is out? How much longer? Bball playoffs are almost over, and I am suffering big time. |
|
Direct TV Cards Unregistered guest | |
|
dizzy dome Unregistered guest | dave, get your stream out of my house, u owe me back rent i have a headache now that could be tumors from your waves you owe me f-ucker pay up before i call a doctor |
|
S07 Unregistered guest | Beware of satansplayhouse.cx They are or were taking money for "programming" p4 cards with no results. Thirdpartysupport.com is also down and they were selling what appears to be bogus p4 cards. |
|
John Anderson Unregistered guest | Now that the Hu stream is gone, I cannot watch anymore good TV, so I'm going to switch over to dish network until the p4 hack comes out. But does anyone know if I can use my current DirecTV Dish with a Dish Network Receiver?? And how hard is it to hack dish network? |
|
Agent Smith Unregistered guest | Check under files archive |
|
p4hackers.inc Unregistered guest | hahahahah.its seems to be heating up in here now that the p4 hack is out .....oh dam did i say that ..YES I DID ....THE P4 HACK IS OUT ....hehehe.DAVE, I WARN YOU THIS DAY WILL COME ..HEHEHHEHE..FOOD FOR THOUGHT..you can stop some of us but you cant stop us all..unity is strenght.....what my name p4hackers...the inc=====UNITY... DAVE I CANT WAIT FOR YOU TO SAY PROVE IT!!!!!!!!!!!!! |
|
infoman Unregistered guest | its not illegal to receive a signal its illegal to decrypt the signal |
|
keep it comming Unregistered guest | Again is any one watching tv these days .If so let the newbes know. what do we need to do to get the answers to questions around here. Either way you are all still very funny thanks again. Keep it comming |
|
jack rabbit Unregistered guest | walter i live near you would like to talk more about the loader you have been talkin about shoot me a line at patrick2198@yahoo.com |
|
Simple Minded Unregistered guest | You know where he lives?!?!? STALKER! Run Walter he wants you!!! |
|
Simple Minded Unregistered guest | You know where he lives?!?!? STALKER! Run Walter he wants you!!! |
|
Smoothy Unregistered guest | Everyone, Want to switch to Charlie, but all websites I find that sell with the TSOP digilock do not mention what Dish i need. I have heard I can get a dish with 3 LNB's, two for Charlie(need 2?), one for Dave when the hack comes out. Info on Dish with LNB'S? Would swithch to BEV, but the legal issues in Canada are increased.... |
|
kong Unregistered guest | im hearing that tere is a fix for the p4 in canada is this true? is the data stream down completely ? if there is a fix in canada were do i get it |
|
Looking for a cure... Unregistered guest | Has anyone dealt with www.satelliteinteractive.com ? |
|
f0rbes Unregistered guest | why no response to the hit2rate claims here? are they scamming? or is there really a private 3m script running on p4. |
|
hit2rate are Scammers Unregistered guest | it's is BS there is NO P4 Script!!! Private or anything else! |
|
Anonymous | Can someone that own a Blackbird receiver or a Pansat comment how it works, how long have you been up with current programming? Also do you need different dishes for every lnb?? |
|
AZTECA Unregistered guest | I accidentally got my receiver to work with my P4 for 3 hours... with all the ppv channels open. Suddenly i got a no signal sign. Can anyone help me?? |
|
john4949 Unregistered guest | There is a p4 hack? |
|
$hit-for-brains Unregistered guest | Yea, AZTECA, I can help. Putcher left thumb in your a$$ and count to 51 while hopping up and down on your left leg. Then switch thumbs and whistle Dixie for another 51 seconds. Then plug your receiver into the phone line - that should bring in the Directv signal loud and clear and reset the PPV limit to $300... |
|
New member Username: YupaidPost Number: 1 Registered: May-04 | Cali Miss your posts, Must be workin Hard. Dave I sense a little sweat dripping.... Not sleeping much these days... Nightmares maybe |
|
tonto Unregistered guest | can anyone tell me is there a hack for the p4 im from canada and my freind called me today and told me that he got his card programed this afternoon is this true? should i trust his programer? |
|
paraniod!!!!!! Unregistered guest | walter brown "hackman" that site you posted dssstuff.com.....it says in dssevoulion that it is owned by dave.....does anyone have a site that is trustworty and on the up and up if so if you can post it....thanx |
|
kong Unregistered guest | will p5 work in the old recevers |
|
Pay Attention Unregistered guest | |
|
more2it Unregistered guest | Scripts that don't do dick |
|
dishguy Unregistered guest | paranoid--go to dssevolutions sponsor very trustworthy & safe to deal with..(click on the banner at the top of evolutions home page).. |
|
Tired of Asking Unregistered guest | when we have a p4 or p5 that we are able to program we will let everybody now, so for now STOP ASKING!!! keep reading the post. |
|
New member Username: SignalzapperPost Number: 1 Registered: May-04 | Hey has anybody else bought sh@T from gxtechnologies? and if so did you ever received anything |
|
Anonymous | The P4/D1 Hack (Past, Present and Future) -= PacketStorm =- Version 1.0b - 12.23.03 I'm writing this document in order to clarify a few things that I keep seeing posted on the message boards regarding the P4/D1 card hack. First off, my obligatory semi-legal disclaimer: I, in no way, endorse or condone the unauthorized reception/viewing of any encrypted satellite signal. I also do not personally partake in the "loading" or "glitching" of D*r*ct TV's satellite receiver cards. I'm only interested in this information because my job involves the usage of similar, so called "smart cards" and I'm obligated to study their security weaknesses as much as possible. The information contained here is freely and publicly available over the Internet. There are NO instructions contained within this document that detail in any way how to "hack" or otherwise receive satellite signals that you are not authorized to intercept. This information is provided in order to help explain how and when a hack for the P4/D1 card may come about. It is my hope that this document may one day become reference material for the n00b Free TV'ers who continuously post the same ridiculous questions that have been addressed millions of times before. ~PacketStorm OK, with that out of the way lets look at why we even need to use the DTV issued card in the first place? Why can't we just hack the receiver to always give us the video signal? It's because of the ASIC that's on every one of DTV's access cards. An ASIC is an (A)pplication (S)pecific (I)ntegrated (C)ircuit. It does just what it's name implies: it's dedicated circuitry (supplemental to the main processor chip) that is designed to do one thing, and one thing only. In our case it's set up to generate the key values that are used by the receiver to decrypt the satellite signal. Without going into great boring detail, the satellite signal is extremely secure (using public key encryption) and is actually decrypted inside the receiver, not inside the access card. The access card only starts the decryption process by using certain specific, but sometimes randomly chosen, EEPROM values found on all valid subscriber cards to create a "seed" value to send to the card's ASIC. The ASIC mathematically crunches this seed value into another value, the key, which is transmitted back to the receiver and then sent to its decrypt circuitry, which obviously decodes the satellite signal for clear video. This happens roughly every 8 seconds while the satellite signal is encrypted using a different value for each 8-second period. Without going into any more detail, the ASIC is designed in such a way that it is EXTREMELY hard to duplicate and that is why it is not possible to do away with the access card. By the way, the ASIC is the reason why people running emulation must use a card to decrypt the signal when using a computer. The card is "auxed" which means it's EEPROM is loaded up to run code which simply acts as communication middleware that only sends the proper seed value to the ASIC from the computer, then retrieves the generated key value and transfers it back to the computer for further processing. The computer can only be set up to emulate the EEPROM code that handles the stream packets, tier wipes, cmd 82's and other basic card functions, but never the ASIC functions. The card is needed for it's ASIC circuitry. Now that we understand why the card is required, let's go over a brief explanation of the HU card "hack." First, the HU (or P3, Period Three, football) card was NEVER hacked in the strictest sense of the term. The "glitching" process by which you are all now so familiar merely BYPASSES the security code that was placed on the card to keep intruders out and the secrets it contains, safe. This bypassing is done by *glitching* either the voltage or the clock signal going to the card when it's placed into one of the available loaders flashed with the proper atmel code. Without getting into great detail, these glitches drop the voltage to some unusually low level momentarily (1/2 a clock cycle) or send multiple clock cycles (up to 4X) during the time that ONE should have been sent. These glitches must be done at *exactly* the right time during the card boot process in order to create malfunctions in the security code execution. These "malfunctions" cause very specific errors, which alter the original program flow in a desirable way and eventually enable the atmel flash code to jam in some code that YOU want the card to execute. This code is called the "bootloader." At this point, the bootloader has hijacked the card and you can now do essentially anything that you want through the bootloader code that is executing on the card (read or write to the EEPROM addresses). A smartcard is designed such that once it is reset, powered up and is getting a good clock signal, it begins executing code at a specific, hard coded, EEPROM memory address. This is very similar to the way your personal computer boots up: once the BIOS tests are complete, your computer is instructed by the motherboard BIOS ROM code to go to a specific permanent location and begin executing whatever it finds there (track 0, sector 0 of your hard drive). In most cases this would be initialization code belonging to Windows, Linux or whatever OS, and is responsible for getting the rest of the operating system up and running. However, it could also be nothing (new hard drive) or maybe even a boot sector virus. Anyway, on the HU card, the code located at the startup address is mostly security code designed to keep you out. So, by resetting the card and then counting how many clock signals have been sent to it after the reset (the HU uses an external clock), it is possible to determine exactly which instruction the card is performing and then send it a clock or voltage glitch at the perfect moment to alter the flow of the original code in a way that allows you to load your own code (bootloader from the atmel flash). A very important point to note is the fact that you *must* know EXACTLY what the card is doing BEFORE it's possible to glitch into it. It requires studying an EEPROM dump beforehand. THAT is the catch! It's actually a little more complicated than that, but that's enough information for us to continue. Basically, glitching is only possible because of oversights that were made during the development of the HU card. Also, the HU card does not have provisions to monitor what you are doing to it from the outside. It can't detect your attempts at voltage or clock glitching. The new P4 card (period 4) can, however. I might also mention at this point that the P4 and D1 cards are essentially the same card. They both definitely use the same data packet format and while there are rumors that the D1 is a version of the P4 that has some "security holes" fixed, this has not been verified publicly. One thing is for sure though, the D1 (D*V's first in-house card) came about because of D*V's "divorce" with NDS who has up until this point been the manufacturer of all D*V's smart cards. Suffice it to say that the P4 is functionally equivalent to the D1 and from this point forward I will refer to both of them as the P4 card. Something to keep remembering is the fact that the glitching process was developed AFTER analyzing the code the HU card was executing after a reset. The glitches must occur at specific known decision or branching points within the code. Without this prior knowledge, glitching is USELESS! I am unsure of the history of how the HU EEPROM was initially dumped in order to gain this EEPROM information. It could have been through an insider at NDS (the HU card manufacturer) leaking the code or by some other physical intrusion method (most likely). This is important to remember as we get further into what is required to hack the P4 card because getting the EEPROM dump is always step one. So, what is required to break into the newer P4 card? First off, to all you people who say you are "experimenting" and "trying stuff" by placing their P4 cards into their HU loaders flashed with UL4S, some other HU compatible code or even some of the so called "P4 scripts"...FORGET IT! It is NOT going to happen, I promise you. The most likely result is that you will ruin your P4 card. I'm sure your efforts are much appreciated by those drooling for the P4 hack, but rest assured, an armchair "tester" WILL NOT break it by simply sticking their P4 into the same setup used for the HU and randomly glitching. I don't mean to sound nasty or negative, your intentions are to be applauded, but if you don't understand why it's not possible, then you won't understand what you are looking at even if you were to crack the card (which again, is NOT going to happen). Even if by some infinitesimally remote chance that you were to "break" in (and it would require a miracle of biblical proportions), there is nothing about the HU EEPROM that is compatible with the P4. OK, so you got in, *now* what do you load onto it? An HU bin file? Isn't going to work. Oh, so you dumped the P4 EEPROM code? You've still got to disassemble it to figure out how it works! Where and how do you 3M it? Once somebody finally sees the P4 EEPROM dump, it will take WEEKS to analyze it and even begin to understand how it functions (it's all in machine language mind you). Then, and only then, will it be possible to come up with ways to load activation or 3M code onto a P4. Furthermore, the P4 incorporates glitch detection (it is a Siemens Infineon SLE66P based on the ECO2000 processor). That means if you try to use the same methods of getting into the P4 as were used with the HU, you run the risk of it shutting down completely (permanently?). Remember, glitching ONLY works when you know and understand the original code that is executing. You MUST have prior knowledge of at least a portion of what is on the card before you can even begin. Also, smartcards can be designed in such a way that if they detect ANY form of tampering, they completely self-destruct (erase the contents of EEPROM). That way even if you do get in, there is little, if any, information to be gained. Without the original, unaltered, DTV specific EEPROM of a P4, just getting into a blank card is next to useless. I do not know whether or not the P4 utilizes such powerful countermeasures, but future access cards most definitely will. I see posts where somebody gets an ATR (answer to reset) from a P4 and they think they've done something miraculous. Sorry again, but getting an ATR doesn't mean sh*t other than the card is executing valid instructions internally (meaning it still works, not looped). The ATR is a requirement of the smart card specification and all smart cards are designed to give an ATR. The ATR is simply a string of characters returned from the smart card in response to a reset signal sent by the reader. Its primary purpose is to indicate the status of the smart card power-up sequence and also convey information which the reader requires in order to optimise the speed of communication between the reader and the card. Simple as that. Now, the ATR is useful during unlooping because of the way the ATR string is "built up" by the program code on the card. Unlooping scripts can look at the ATR (or a partial ATR) and get a rough idea of what is happening with the card. That's how you know if you are using good DAC values with your loader during unlooping - by watching the ATR. This is getting into advanced territory so suffice it to say that ANY properly operating smart card is going to give you an ATR. Seeing one or analyzing one doesn't mean a thing other than what was just mentioned. The reason a lot of people get excited when they see one is because HU related scripts and programs are programmed to look for the HU specific ATR string (ATR's are different for each type of card). HU programs will always say that the P4 ATR is invalid. However, some of the so called "P4 scripts" floating around will recognize the P4 ATR and when someone doesn't understand what the ATR is, they get excited and think they have accomplished something. I REPEAT, GETTING AN ATR FROM A P4 CARD DOESN'T MEAN SH*T! This seems to get posted a lot: "anything that one man can create, another man can hack" implying that the P4 card has been or will be hacked eventually. And yes, this is very true. However, what is not considered, is *HOW* the P4 is compromised. Just because someone spent 9 months and 3 million dollars at a microprocessor lab at Intel and dumped the EEPROM of a P4 card does not automatically make it possible to create a Mikobu P4 loader with an accompanying atmel flash that will allow you to program it in your living room with a notebook computer. I don't intend to sound like a naysayer, and there probably will be a compact software hack for these new cards someday, I just don't think most people can even begin to understand the massive undertaking that is involved with defeating modern smartcard security! And just because it is compromised once does not mean it's possible for the masses to do it with plain software and a serial port loader. There are only a HANDFUL of people on this planet with the desire, will, time, financial backing and equipment required to break into the P4 cards. Tom Friendly next door is NOT going to do it with his HU loader in one hand and a beer in the other... Yes, all the cards leading up to the P4 card have been compromised extensively and they were all done with a portable hack. However, just because it's been that way in the past, does not automatically make that true for the future. D*r*ct TV is losing money because of piracy. They will curb this current trend. Make no mistake, given enough time they will come up with a tamper proof card. No, it won't be so secure that it's unhackable, it will just require so much effort and so much money that nobody will want to touch it. Game over... So how does one begin hacking a modern smart card? All attacks on smartcards can be classified as social, logical or invasive (or even combinations of each): 1.) Social attacks involve getting information from an insider at D*V or NDS. These are not exactly hacks since the only thing gained is information about what is on the card. Now it is most definitely useful info to have, but it is only the beginning of the battle. You still must develop a way to defeat the hardware security features of the card and be able to read and write to the EEPROM. Furthermore, no insider in his right mind would leak information about the P4 cards! Considering what happened to that retard Igor Serebryany in March 2003. He leaked some documents about the P4 that were at his uncle's law firm that was handling the litigation between D*V and NDS. He got busted and they FRIED his a** and charged him with violating the 1996 Economic Espionage Act which, not surprisingly, is a felony. By the way, there are very few people that have ever been charged with this violation. It's considered one of the "big guns" and they only break it out for very special people and circumstances. We won't be hearing from Igor for quite some time... 2.) Logical attacks involve analysis of signals emitted from the card while it is in operation or measuring the micro current it draws from a power supply while it is operating, or a multitude of other parameters. How this information is analyzed to gain useful information is FAR beyond what I wish to get into here. Suffice it to say that it requires very sensitive, expensive lab equipment, and an incredible amount of detailed knowledge about integrated circuits and cryptography to pull off. And again, it only yields information about the code that is executing, it still doesn't put into your hands the ability to arbitrarily read and write to the EEPROM. 3.) Invasive or physical attacks involve destructive analysis of the actual microprocessor chip that is embedded into the plastic card. The chip is extracted and examined under very powerful microscopes (scanning electron) and to the trained eye, can reveal how the chip works and make it possible to reverse engineer it. It also can provide the ability to probe different sections of the chip while it is operating to gain knowledge of how it functions and possibly even dump the contents of the EEPROM. Of course, there are plenty of countermeasures that smartcard manufacturers take to shield the chip from these techniques, such as light sensors or wire mesh shields, but given enough time even those protection methods can usually be defeated. This type of attack tends to be the most successful. However it is extremely difficult to get access to the required equipment that is typically only found at chip manufacturers (Intel, AMD, etc.) or maybe at a university. Not too many people are going to have one in their garage as the cost for such equipment easily runs into the millions. You would also have to have a hefty set of balls to stroll into your local microprocessor company's laboratory with a P4 card to "do some work." Even if one of the methods above yields valuable information about the card, a huge task still remains. How do you make it possible to arbitrarily read and write to it on a regular basis? Now, if the card only contained the access codes for a bank vault that had millions of dollars within it, there is no longer a problem. The chip is probed to the point where it pukes out the desired access codes, the money is stolen and the hack is done. The problem with the D*V cards is that whoever hacks it, wants to be able to easily REPRODUCE the hack, preferably with software so that it can be distributed and others can do the same thing whenever and wherever they want, for a fee of course! THAT IS THE PART THAT WILL NEVER BE GUARANTEED FOR FUTURE CARDS AND THEIR ASSOCIATED HACKS. "One man can make it, another man can break it" says nothing about being able to "break it" using a personal computer and a loader the size of a deck of cards! Remember this as we move towards the future... OK, now let's assume that the P4 has been compromised and it's possible to repeatedly read and write to it using a loader and an atmel flash. "Will my current loader work with the P4?" The P4 is not glitchable by the current loaders (and most likely not any glitching type loader) due to all the anti-glitching security it contains. Even if it were glitchable, the standard clock crystal in an HU loader is not even close to being able to deliver the required number of clock glitches to a P4 chip (not enough resolution). Remember when we discussed glitching into the HU at the beginning? Well, the speed of the crystal in your loader MUST be able to deliver up to 4 times the clock pulses as what the card's processor chip is normally running at in order to clock glitch or even voltage glitch because both are time dependent. The Infineon spec sheet indicates that the P4 is running at 12 Mhz which is about three times as fast as the HU. If the P4 hack requires *glitching* of any kind then the currently available loaders will not work...period, their clocks are too slow to glitch. Now that's not to say that the hack won't involve some other means of gaining access. If the entry method involves some other design flaw besides glitching then yes, I'm almost certain that current loaders or any ISO-7816 card reader for that matter will work. The P4 atmel flash will just basically turn your loader back into a semi-standard ISO-7816 reader. Now, I know I've seen posts where people say "well, if my receiver can read both an HU card and a P4 card it stands to reason that my HU loader will work with the P4." That is FALSE. It must be remembered that the way the pirate loaders and a legitimate card slot in a receiver access a card ARE ENTIRELY DIFFERENT. The HU loaders GLITCH into the card by sending erroneous signals to it, but the receiver passes legitimate signed data packets from D*V to the card using a standard ISO compliant reader (inside your receiver). At this point, we cannot send signed packets to the card. In order to understand why, you need to read up on how public key encryption works. Breaking public key encryption involves math algorithms well beyond what the average person can understand and more processing power to break than is available in a supercomputer or even distributed computing using the Internet. Some people have suggested that the communication between the receiver and card be "recorded" and played back later to reprogram the card. This is not possible because part of the digital signature that's used on the data packets involves a timestamp and is only valid for a very short period of time. Good idea, but that won't work either. I personally don't know if the P4 has been compromised yet or not. It's really anyone's guess. I know that reliable sources say that it has been hacked, but I'll have to witness it myself to believe it. One thing is for sure, the public will not know about it until after the HU stream is completely turned off. That's when we'll see some action if it exists! If you're still reading, thanks for bearing with me this long. Hopefully this information is enough to answer some of your questions and eliminate some of the speculation that's going on. If anybody has any information to add, please PM me and I'll make this document a work in progress. Also, if you find this information to be useful, please point people asking stupid questions to it so they can read it and maybe start to understand what is going on. Peace. PacketStorm |
|
Perjury Detector Unregistered guest | That is such an ancient post! you can tell when Packet Storm says "the public will not know about it until after the HU stream is completey turned off"...that happened almost a month ago, genius! Im sure DAVE posted the same discouraging crap when H cards went down also. The hack is worth too much right now to see in public forums. The people who are smart enough to hack P4 are also smart enough not to leak it, but sell it. Bidding has been taking place. Just wait and see, this PacketStorm post will seem hilarious... |
|
Anonymous | Heavy Reading..Thanks for the info PacketStorm. I am learning everyday about this technology and it fascinates me. Thanks again |
|
Bronze Member Username: NotvformePost Number: 12 Registered: May-04 | ya well everyone will fill up on the 18th and they will make 9.2 so it kinda no win i hope they lower the prices my horse is tired! |
|
Anonymous | -- dump from a FORMER sub,married----- Using ISO programmer, P3 settings Trying to reset card... Reset Successful RX ATR : 3F 78 13 25 03 40 B0 20 FF FF 4A 50 00 TX Data : 48 02 00 00 08 RX Data : 02 RX Data : 48 55 56 56 04 00 4A 31 RX Data : 90 00 TX Data : 48 06 00 00 01 RX Data : 06 RX Data : 44 RX Data : 90 00 TX Data : 48 12 00 00 08 RX Data : 12 RX Data : 73 FF 22 29 95 12 28 15 RX Data : 90 00 TX Data : 48 2A 00 00 01 Sending Ins. 2A RX Data : 2A Echoes the 2a INS byte RX Data : 25 RX Data : 90 00 TX Data : 48 28 00 00 02 RX Data : 28 RX Data : 00 01 RX Data : 90 00 TX Data : 48 36 00 00 FE Sending Ins36 (Phone Home data?) RX Data : 36 RX Data : 90 00 RX Data : 04 04 RX Data : E0 D1 85 A0 RX Data : 4C B2 26 04 16 A5 45 E8 RX Data : 9F 5D 34 C4 RX Data : D1 RX Data : F4 77 RX Data : 8C 30 2C 8F ED DB 60 26 08 67 AF AB 85 1F CE CF 4C 23 37 RX Data : 0F 85 F7 B2 RX Data : CB 8E 1E 65 3A 42 87 CA 34 2A B0 C1 C4 CA 5E 0E D0 1D EA 40 21 2A 56 4A 11 B0 1A 60 78 A7 BB AF A5 8F D4 F4 27 2D 11 8D A1 5C F7 24 F6 A0 CA 27 6F 42 DF 84 67 50 DD 06 CF B2 A4 7A 68 66 53 45 D2 A4 56 8D 18 32 52 C9 CF EE 7F 9A 6B F2 55 17 8E 87 E4 BA 1F FC 3E CA F4 F4 6B 3D EF 35 50 DB A3 3D 4A EC E1 86 74 6D 76 70 C9 CD C5 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 RX Data : 90 00 TX Data : 48 5A 00 01 08 RX Data : 5A RX Data : 00 00 00 00 00 00 00 00 RX Data : 90 00 TX Data : 48 58 00 00 17 -Sending INS 58 RX Data : 58 RX Data : 25 RX Data : XX XX XX XX -Card ID In Hex (convert to Decimal and verify) RX Data : 08 72 D0 D9 AB RX Data : A6 -Time Zone RX Data : 00 RX Data : 08 -Guide Byte RX Data : 00 00 00 01 02 RX Data : 0B 8A 50 00 00 RX Data : 90 00 TX Data : 48 5E 00 0B 17 RX Data : 5E RX Data : 00 RX Data : 00 00 00 00 00 00 00 00 RX Data : 00 00 00 00 00 00 00 00 RX Data : 00 00 TX Data : 48 5E 00 0E 4B RX Data : 5E RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 00 00 20 RX Data : 90 00 TX Data : 48 52 00 00 04 RX Data : 52 RX Data : 00 00 04 57 Password is : 1111 RX Data : 90 00 TX Data : 48 2C 00 00 02 RX Data : 2C RX Data : 00 00 Spending Limit is : 0 RX Data : 90 00 TX Data : 48 2E 00 00 02 <Set Spending Limit RX Data : 2E TX Data : 75 94 RX Data : 90 01 TX Data : 48 2C 00 00 02 RX Data : 2C RX Data : 75 94 Spending Limit is : 301.00 RX Data : 90 00 Script C:\Documents and Settings\Lye\Desktop\hydr0_p4_toolz_v.88_decrypted\majic Transmission Completed chow on this for awhile dave brother......... |
|
Anonymous | if you like this ask and i'll give u more |
|
Anonymous | Walter Brown...you just made my day. I also heard from a very realiable source the same thing about the fix being ready in Canada and the guy is just waiting to release it. |
|
Unregistered guest | Someone do me a favor and e-mail me a pic of the back of a p4/p5 card...cover the number with some tape or something photo it and e-mail it to me I may have found something that will help us ALL out. Try to get a close up of the metal pad I need to see the groves in it. |
|
p4hackers.inc Unregistered guest | i said it b4 ..www.dsscommunity.com www.dsscentral.net.....this where we live ....its out and we post some files . now for those of you that made fan of (ao700)..here it is come get it .... and with live help....suck on this DAVE..here one for your (it cant be hacked theory). |
|
john4949 Unregistered guest | Will i be able to use my t-911 programmer to program the new p4 or p5 card? If the card is given to me by a friend and didnt come with my receiver,will that matter? |
|
Anonymous | People There is no hack yet. The P4 and P5 cards are the same card, made by differant companys. The enforcer works, you cannot get dave with it and for all that ask, Dave is Directv and Charle is dishnet. Don't let people take your money. There is no P4 hack anywhere |
|
Anonymous | I am just curious how do Dave know we steal his signal? |
|
the ONE Unregistered guest | whoever says there is no hack for the P4 access card obviously needs to get out more because its being hacked on a large scale for a while now in other countries. Have you ever been to the Bahamas there are programming cards like a Motherf-cker. I dont know if its a company owned by DTV or what but its legal over there and there are two different guys who are making a killing and their results are unquestionable. I dont know if were just stupid over here but what ever it is I dont like it beause they have been programming P4s for a good while now. |
Main Forums
Today's Posts- Home Audio Forum
- Home Video Forum
- Home Theater Forum
- Car Audio Forum
- Accessories Forum
- All Forum Topics