[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:13.58,Default,,0000,0000,0000,,{\i1}33C3 preroll music{\i0}
Dialogue: 0,0:00:13.58,0:00:19.47,Default,,0000,0000,0000,,Herald: So… coming over to our next talk.
Dialogue: 0,0:00:19.47,0:00:26.32,Default,,0000,0000,0000,,Tonight, if you switch off\Nyour DECT phone, and
Dialogue: 0,0:00:26.32,0:00:29.87,Default,,0000,0000,0000,,if you’re full of different impressions
Dialogue: 0,0:00:29.87,0:00:35.83,Default,,0000,0000,0000,,– full of different impressions of this\Nday you maybe want to watch TV.
Dialogue: 0,0:00:35.83,0:00:41.13,Default,,0000,0000,0000,,But it would be cool to have pay-TV\N– unencrypted pay-TV.
Dialogue: 0,0:00:41.13,0:00:47.13,Default,,0000,0000,0000,,So Chris Gerlinsky asks himself the same.\NAnd how to achieve unencrypted pay-TV
Dialogue: 0,0:00:47.13,0:00:52.23,Default,,0000,0000,0000,,– but the Hacker way. So Chris\Nreverse-engineered nothing less
Dialogue: 0,0:00:52.23,0:00:57.66,Default,,0000,0000,0000,,than the signal and the encryption for\Na standard that remains unencrypted
Dialogue: 0,0:00:57.66,0:01:05.34,Default,,0000,0000,0000,,since the late 90s. Please welcome with an\NAnniversary Edition applause Chris Gerlinsky!
Dialogue: 0,0:01:05.34,0:01:23.65,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:01:23.65,0:01:26.55,Default,,0000,0000,0000,,Chris Gerlinsky: Hello everyone.\NMy name is Chris Gerlinsky.
Dialogue: 0,0:01:26.55,0:01:30.00,Default,,0000,0000,0000,,I am a hacker from Canada and I’m here\Ntoday to talk about how I cracked
Dialogue: 0,0:01:30.00,0:01:35.32,Default,,0000,0000,0000,,digital cable and satellite TV security.\NI studied an Access Control Platform (ACP)
Dialogue: 0,0:01:35.32,0:01:40.60,Default,,0000,0000,0000,,that’s widely used across Canada and the\NUSA. It’s one of the two common platforms
Dialogue: 0,0:01:40.60,0:01:44.31,Default,,0000,0000,0000,,that’s used in cable TV,\Nand it’s also used in satellite TV
Dialogue: 0,0:01:44.31,0:01:49.56,Default,,0000,0000,0000,,by one of the two Canadian satellite TV\Noperators. As far as I know the system
Dialogue: 0,0:01:49.56,0:01:54.24,Default,,0000,0000,0000,,has remained secure since it was\Nintroduced in the 1990s and I was curious
Dialogue: 0,0:01:54.24,0:01:57.99,Default,,0000,0000,0000,,if I could understand the system based on\Nthe older set-top-boxes. Some of them
Dialogue: 0,0:01:57.99,0:02:02.64,Default,,0000,0000,0000,,are 15 years old – and they are still in\Nuse. So these devices haven’t received
Dialogue: 0,0:02:02.64,0:02:10.75,Default,,0000,0000,0000,,upgraded security hardware in that time and\NI started looking at how the system works.
Dialogue: 0,0:02:10.75,0:02:13.73,Default,,0000,0000,0000,,Before I get into the reverse engineering\NI’ll start with a brief description of how
Dialogue: 0,0:02:13.73,0:02:19.11,Default,,0000,0000,0000,,digital television is sent over satellite\Nor cable. Satellite and cable digital TV
Dialogue: 0,0:02:19.11,0:02:23.86,Default,,0000,0000,0000,,are pretty similar for the most part. There\Nare a variety of signal modulations used.
Dialogue: 0,0:02:23.86,0:02:30.76,Default,,0000,0000,0000,,The relevant ones here are QPSK at about\N27 MBit/s and 8PSK Turbo FEC at about
Dialogue: 0,0:02:30.76,0:02:38.49,Default,,0000,0000,0000,,38 MBit/s for satellite and QAM256 at about\N38 MBit/s for cable. There is also an
Dialogue: 0,0:02:38.49,0:02:44.01,Default,,0000,0000,0000,,out-of-band channel used by cable\Nwhich is QPSK modulated at 2 MBit/s.
Dialogue: 0,0:02:44.01,0:02:47.18,Default,,0000,0000,0000,,This out-of-band channel carries the\Nsubscription-management, program guide
Dialogue: 0,0:02:47.18,0:02:51.56,Default,,0000,0000,0000,,information, firmware upgrades, etc. And\Nwhile you change channels and the cable
Dialogue: 0,0:02:51.56,0:02:55.54,Default,,0000,0000,0000,,box tunes to different frequencies this\Nout-of-band channel remains tuned
Dialogue: 0,0:02:55.54,0:02:59.15,Default,,0000,0000,0000,,so that the box continuously receives the\Nstate, and no matter what TV channel you’re
Dialogue: 0,0:02:59.15,0:03:03.81,Default,,0000,0000,0000,,tuned to. In the satellite TV this type of\Ndata is included within the main transport
Dialogue: 0,0:03:03.81,0:03:09.48,Default,,0000,0000,0000,,stream (TS) instead of in a secondary\Nout-of-band TS. The video is sent
Dialogue: 0,0:03:09.48,0:03:16.48,Default,,0000,0000,0000,,as MPEG2 or H.264 TS. This is a standard\Nformat for carrying video streams.
Dialogue: 0,0:03:16.48,0:03:22.34,Default,,0000,0000,0000,,So it can be played by any hardware video\Ndecoder or software decoder, e.g. VLC.
Dialogue: 0,0:03:22.34,0:03:26.67,Default,,0000,0000,0000,,And the encryption system used here is\Ncalled DigiCipher 2 (DC2), which does not
Dialogue: 0,0:03:26.67,0:03:33.98,Default,,0000,0000,0000,,follow the DVB standards that are used\Nin the rest of the world. The MPEG-TS
Dialogue: 0,0:03:33.98,0:03:39.43,Default,,0000,0000,0000,,is made out of packets of 188 bytes.\NEach packet has a PID. This is used
Dialogue: 0,0:03:39.43,0:03:45.98,Default,,0000,0000,0000,,to differentiate different types of data.\NPIDs range from 0 - 0x1FFF.
Dialogue: 0,0:03:45.98,0:03:49.38,Default,,0000,0000,0000,,Each PID carries an MPEG Packetized\NElementary Stream (PES).
Dialogue: 0,0:03:49.38,0:03:52.96,Default,,0000,0000,0000,,That’s a video or audio stream.\NOr the PID may carry one or more
Dialogue: 0,0:03:52.96,0:03:58.54,Default,,0000,0000,0000,,Service Information Tables. The Service\NInformation Tables have an 8-bit table ID
Dialogue: 0,0:03:58.54,0:04:03.88,Default,,0000,0000,0000,,and a length of up to 1024 bytes\Nincluding a CRC32 for error detection
Dialogue: 0,0:04:03.88,0:04:09.26,Default,,0000,0000,0000,,and this table ID identifies the type of\Ndata that you can expect within the table.
Dialogue: 0,0:04:09.26,0:04:13.99,Default,,0000,0000,0000,,Table 0 is the Program Association Table,\Ncontaining a list of programs carried
Dialogue: 0,0:04:13.99,0:04:19.30,Default,,0000,0000,0000,,in this TS and the PMT PID for each\Nprogram. The Program Association Table
Dialogue: 0,0:04:19.30,0:04:26.37,Default,,0000,0000,0000,,is always on PID 0. Table 2 is the Program\NMap Table which contains the list of PES
Dialogue: 0,0:04:26.37,0:04:30.87,Default,,0000,0000,0000,,and the PID for each as well as an ECM\NPID. There is Program Map Table
Dialogue: 0,0:04:30.87,0:04:36.08,Default,,0000,0000,0000,,for each MPEG program or TV channel\Nthat’s found in the stream.
Dialogue: 0,0:04:36.08,0:04:40.87,Default,,0000,0000,0000,,The ECM PID is where ‘Entitlement Control\NMessages’ are sent containing information
Dialogue: 0,0:04:40.87,0:04:44.91,Default,,0000,0000,0000,,that’s used to generate the key that\Ndecrypts the Packetized Elementary
Dialogue: 0,0:04:44.91,0:04:53.06,Default,,0000,0000,0000,,Streams. This system uses two types of\NECM. Table 40 I call ECM40, and Table 41
Dialogue: 0,0:04:53.06,0:04:59.30,Default,,0000,0000,0000,,I call ECM41. On PID1 there may be\None or more conditional access tables,
Dialogue: 0,0:04:59.30,0:05:05.40,Default,,0000,0000,0000,,table ID No.1. These tables identify a PID\Nthat carries EMMs, ‘Entitlement Management
Dialogue: 0,0:05:05.40,0:05:11.55,Default,,0000,0000,0000,,Messages’. These messages are used to set\Naccess rates for individual set-top-boxes.
Dialogue: 0,0:05:11.55,0:05:14.83,Default,,0000,0000,0000,,The subscription information, like, what\Nchannels are available is carried inside
Dialogue: 0,0:05:14.83,0:05:24.32,Default,,0000,0000,0000,,of EMMs. This is a hardware interface to\Nreceive satellite data, a Genpix SkyWalker-1.
Dialogue: 0,0:05:24.32,0:05:32.33,Default,,0000,0000,0000,,The DC2 QPSK modulation isn’t widely\Nsupported in USB or PCI DVB-S devices.
Dialogue: 0,0:05:32.33,0:05:37.91,Default,,0000,0000,0000,,And the 8PSK Turbo FEC modulation support\Nis even less common. And one of the devices
Dialogue: 0,0:05:37.91,0:05:41.81,Default,,0000,0000,0000,,that does support these signals is this\NGenpix device which is using a Broadcom
Dialogue: 0,0:05:41.81,0:05:50.75,Default,,0000,0000,0000,,BCM4500 demodulator. And it supports both\Nthe DC2-QPSK and the 8PSK modulations.
Dialogue: 0,0:05:50.75,0:05:54.100,Default,,0000,0000,0000,,It works well, the Linux drivers need to\Nbe re-compiled to include the support
Dialogue: 0,0:05:54.100,0:06:00.21,Default,,0000,0000,0000,,for these modes, and patches for this were\Npublished by updatelee. There’s a link
Dialogue: 0,0:06:00.21,0:06:08.20,Default,,0000,0000,0000,,on the slide. For cable there’s a variety\Nof adapters supporting QAM256 de-modulation.
Dialogue: 0,0:06:08.20,0:06:16.04,Default,,0000,0000,0000,,I used a USB HVR 950Q tuner. Unfortunately,\Nto tune the out-of-band channel is generally
Dialogue: 0,0:06:16.04,0:06:20.60,Default,,0000,0000,0000,,not supported by the off-the-shelf\Ninterfaces. Inside the cable box
Dialogue: 0,0:06:20.60,0:06:24.70,Default,,0000,0000,0000,,it’s handled within the integrated chip\Nset. And for the ClearQAM consumer
Dialogue: 0,0:06:24.70,0:06:31.55,Default,,0000,0000,0000,,devices such as USB interfaces access to\Nthe out-of-band data isn’t actually required
Dialogue: 0,0:06:31.55,0:06:34.53,Default,,0000,0000,0000,,so they don’t include it inside of the\Nhardware. This out-of-band data is used
Dialogue: 0,0:06:34.53,0:06:40.56,Default,,0000,0000,0000,,only for pay-TV services.
Dialogue: 0,0:06:40.56,0:06:44.44,Default,,0000,0000,0000,,With the satellite and cable interfaces\NDVBsnoop can be used to view a lot of
Dialogue: 0,0:06:44.44,0:06:47.47,Default,,0000,0000,0000,,information about the transport stream.\NIt’s enough information to be
Dialogue: 0,0:06:47.47,0:06:52.39,Default,,0000,0000,0000,,quite overwhelming. So the trick to using\Nit is being able to sift through the output
Dialogue: 0,0:06:52.39,0:06:57.37,Default,,0000,0000,0000,,for the relevant information. DVBsnoop\Nalso doesn’t recognize all of the
Dialogue: 0,0:06:57.37,0:07:01.75,Default,,0000,0000,0000,,DigiCipher 2 tables because it’s a non-\Nstandard system, and DVBsnoop is targeted
Dialogue: 0,0:07:01.75,0:07:06.16,Default,,0000,0000,0000,,towards the standard systems. So DVBsnoop\Nmay not be able to tell you everything
Dialogue: 0,0:07:06.16,0:07:09.62,Default,,0000,0000,0000,,about the transport stream but it was\Nstill a very useful tool for all the
Dialogue: 0,0:07:09.62,0:07:17.74,Default,,0000,0000,0000,,information that it can provide.
Dialogue: 0,0:07:17.74,0:07:21.94,Default,,0000,0000,0000,,DVBsnoop and most other tools and\Ndocumentation are designed for the DVB
Dialogue: 0,0:07:21.94,0:07:26.69,Default,,0000,0000,0000,,standard or other recognized standards\Nsuch as ATSC. DigiCipher cable
Dialogue: 0,0:07:26.69,0:07:29.61,Default,,0000,0000,0000,,and satellite systems use a lot of\Nnon-standard tables to carry
Dialogue: 0,0:07:29.61,0:07:34.09,Default,,0000,0000,0000,,the system information. For cable TV some\Nof these tables are standardized by
Dialogue: 0,0:07:34.09,0:07:39.91,Default,,0000,0000,0000,,the document SCTE 65.\NThere is no BAT or SDT
Dialogue: 0,0:07:39.91,0:07:44.00,Default,,0000,0000,0000,,as you’d expect in DVB. Instead there\Nis a virtual channel table that maps
Dialogue: 0,0:07:44.00,0:07:47.81,Default,,0000,0000,0000,,the transport streams and programs the\Nchannel numbers. The electronic program
Dialogue: 0,0:07:47.81,0:07:52.11,Default,,0000,0000,0000,,guide is also not DVB standard. So you\Ndon’t even get the current and next
Dialogue: 0,0:07:52.11,0:07:57.03,Default,,0000,0000,0000,,program information in any\Nkind of a standard format.
Dialogue: 0,0:07:57.03,0:08:01.68,Default,,0000,0000,0000,,Another cable TV adapter is the HDHomeRun\NPrime. This one is a network-connected
Dialogue: 0,0:08:01.68,0:08:06.73,Default,,0000,0000,0000,,three-tuner device with cable card\Nsupport. The set-top-boxes I studied
Dialogue: 0,0:08:06.73,0:08:10.52,Default,,0000,0000,0000,,pre-date the cable cards. Although the\Nnewer boxes do use the cable cards,
Dialogue: 0,0:08:10.52,0:08:14.82,Default,,0000,0000,0000,,and they support the DigiCipher 2.\NBut cable card support does also mean
Dialogue: 0,0:08:14.82,0:08:20.06,Default,,0000,0000,0000,,that this HDHomeRun Prime includes the\Ntuner and QPSK demodulator for the
Dialogue: 0,0:08:20.06,0:08:25.88,Default,,0000,0000,0000,,out-of-band channel. So it is able to pass\Nthis data to the cable card, as necessary.
Dialogue: 0,0:08:25.88,0:08:30.28,Default,,0000,0000,0000,,However, even the HDHomeRun doesn’t\Nmake this out-of-band data available
Dialogue: 0,0:08:30.28,0:08:35.34,Default,,0000,0000,0000,,other than the cable card interface. So\Nto access the demodulated out-of-band data
Dialogue: 0,0:08:35.34,0:08:39.63,Default,,0000,0000,0000,,I tapped in to the HDHomeRun Prime with\Na cable card inserted, and connected
Dialogue: 0,0:08:39.63,0:08:46.37,Default,,0000,0000,0000,,a logic analyzer to the Data and Clock\Nsignals. I wrote software using the
Dialogue: 0,0:08:46.37,0:08:52.20,Default,,0000,0000,0000,,Saleae SDK to capture the QPSK demodulated\Ndata. Then, in software, I performed
Dialogue: 0,0:08:52.20,0:08:56.05,Default,,0000,0000,0000,,de-interleaving, de-randomization,\Nand the forward error correction.
Dialogue: 0,0:08:56.05,0:09:02.16,Default,,0000,0000,0000,,And the output is an MPEG transport\Nstream. So using an HDHomeRun Prime
Dialogue: 0,0:09:02.16,0:09:06.78,Default,,0000,0000,0000,,connected to the logic analyzer, connected\Nto the PC running the software
Dialogue: 0,0:09:06.78,0:09:11.34,Default,,0000,0000,0000,,the output finally is a 2Mbit/s transport\Nstream. And this transport stream
Dialogue: 0,0:09:11.34,0:09:15.07,Default,,0000,0000,0000,,looks like a standard transport stream,\Nand inside are the conditional access
Dialogue: 0,0:09:15.07,0:09:19.13,Default,,0000,0000,0000,,management messages, program guide\Ninformation etc. Everything that was
Dialogue: 0,0:09:19.13,0:09:26.41,Default,,0000,0000,0000,,missing from the main\NQAM transport stream.
Dialogue: 0,0:09:26.41,0:09:33.47,Default,,0000,0000,0000,,Two bits in each packet will indicate if\Nthe packet is scrambled with the even key,
Dialogue: 0,0:09:33.47,0:09:38.82,Default,,0000,0000,0000,,odd key, or not scrambled at all.\NThe key is changed at short intervals.
Dialogue: 0,0:09:38.82,0:09:45.15,Default,,0000,0000,0000,,DVB systems typically will change every\N5 .. 30 seconds. DC2 every 133 ms
Dialogue: 0,0:09:45.15,0:09:50.83,Default,,0000,0000,0000,,or 1 second. The key used for decryption\Nalternates between even and odd.
Dialogue: 0,0:09:50.83,0:09:54.11,Default,,0000,0000,0000,,The odd key is in use while the even key\Nis updated; and then the even key is
Dialogue: 0,0:09:54.11,0:09:58.72,Default,,0000,0000,0000,,in use while the odd key is updated.\NAn encrypted transport stream is sent
Dialogue: 0,0:09:58.72,0:10:03.55,Default,,0000,0000,0000,,via the cable or satellite, and it’s passed\Nthrough the descrambler in the ACP.
Dialogue: 0,0:10:03.55,0:10:08.36,Default,,0000,0000,0000,,And the result is a decrypted transport\Nstream that is played by the MPEG decoder.
Dialogue: 0,0:10:08.36,0:10:12.92,Default,,0000,0000,0000,,The descrambler uses a Working Key.\NThis is a 56-bit DES key that changes
Dialogue: 0,0:10:12.92,0:10:19.61,Default,,0000,0000,0000,,every 133ms, or in some cases they have it\Nslowed down to changing every 1 second.
Dialogue: 0,0:10:19.61,0:10:24.06,Default,,0000,0000,0000,,This Working Key is generated by\Nencrypting the frame count from ECM40
Dialogue: 0,0:10:24.06,0:10:29.75,Default,,0000,0000,0000,,packets with the Program Key. The Program\NKey, again DES, comes from the ECM41
Dialogue: 0,0:10:29.75,0:10:33.73,Default,,0000,0000,0000,,message, and is encrypted with the\NCategory Key. The Program Key
Dialogue: 0,0:10:33.73,0:10:38.63,Default,,0000,0000,0000,,is unique to each channel, and it changes\Ndaily or for every pay-per-view event.
Dialogue: 0,0:10:38.63,0:10:43.79,Default,,0000,0000,0000,,The Category Key, also DES, is shared\Nby all the set-top-boxes that authorize
Dialogue: 0,0:10:43.79,0:10:48.37,Default,,0000,0000,0000,,for any channel from this provider. The\NCategory Key is sent to each set-top-box,
Dialogue: 0,0:10:48.37,0:10:53.95,Default,,0000,0000,0000,,individually, inside the EMM95 message.\NAnd this Category Key typically changes
Dialogue: 0,0:10:53.95,0:10:58.43,Default,,0000,0000,0000,,monthly, but many cable operators change\Nkeys much less frequently. Some of them
Dialogue: 0,0:10:58.43,0:11:04.21,Default,,0000,0000,0000,,are using the same key for years at\Na time. To decrypt the EMM, in order
Dialogue: 0,0:11:04.21,0:11:09.27,Default,,0000,0000,0000,,to get the Category Key Seed Keys are\Nused. Each set-top-box has a set of
Dialogue: 0,0:11:09.27,0:11:13.54,Default,,0000,0000,0000,,56 bit DES Seed Keys inside of\Nbattery-backed RAM. These are
Dialogue: 0,0:11:13.54,0:11:17.78,Default,,0000,0000,0000,,initialized during manufacturing. For the\Nlifetime of the set-top-box these keys
Dialogue: 0,0:11:17.78,0:11:23.07,Default,,0000,0000,0000,,are used to secure EMMs. So this\Nforms a chain from the Seed Keys,
Dialogue: 0,0:11:23.07,0:11:26.85,Default,,0000,0000,0000,,initialized during manufacturing and never\Nchanging, to the decryption of the MPEG
Dialogue: 0,0:11:26.85,0:11:31.55,Default,,0000,0000,0000,,transport stream.
Dialogue: 0,0:11:31.55,0:11:34.71,Default,,0000,0000,0000,,Inside the satellite\Nset-top-box we can see the main
Dialogue: 0,0:11:34.71,0:11:38.06,Default,,0000,0000,0000,,components of the system. The signal\Nenters the tuner and is passed
Dialogue: 0,0:11:38.06,0:11:41.44,Default,,0000,0000,0000,,through the demodulator which\Noutputs a serial transport stream.
Dialogue: 0,0:11:41.44,0:11:46.00,Default,,0000,0000,0000,,This transport stream passes through\Nthe ACP – Access Control Processor –
Dialogue: 0,0:11:46.00,0:11:51.12,Default,,0000,0000,0000,,and is then sent to the MPEG decoder\Nto output a video signal to the TV.
Dialogue: 0,0:11:51.12,0:11:55.80,Default,,0000,0000,0000,,A 68k microcontroller acts as the set-top\Nbox main controller. It communicates
Dialogue: 0,0:11:55.80,0:12:00.34,Default,,0000,0000,0000,,with the MPEG decoder as well as\Nwith the ACP via an SPI bus.
Dialogue: 0,0:12:00.34,0:12:03.88,Default,,0000,0000,0000,,A battery provides backup power to the\NACP. So it will retain RAM contents
Dialogue: 0,0:12:03.88,0:12:08.81,Default,,0000,0000,0000,,even when the set-top-box is unplugged.\NThere’s a TVpass slot near the power
Dialogue: 0,0:12:08.81,0:12:12.11,Default,,0000,0000,0000,,supply. This is an upgrade slot with\Na card edge connector to allow
Dialogue: 0,0:12:12.11,0:12:14.83,Default,,0000,0000,0000,,for security upgrades. The system
Dialogue: 0,0:12:14.83,0:12:19.40,Default,,0000,0000,0000,,stayed secure, so the TVpass slot was\Nnever used. And the newer set-top-boxes
Dialogue: 0,0:12:19.40,0:12:23.93,Default,,0000,0000,0000,,don’t actually include a TVpass slot\Ninside. So at this point it seems
Dialogue: 0,0:12:23.93,0:12:30.71,Default,,0000,0000,0000,,quite unlikely that this TVpass card\Nwill ever actually be used.
Dialogue: 0,0:12:30.71,0:12:34.63,Default,,0000,0000,0000,,Inside the cable set-top-box… it’s\Nvery similar to a satellite set-top-box
Dialogue: 0,0:12:34.63,0:12:38.84,Default,,0000,0000,0000,,but the cable boxes tend to be more\Ntightly integrated. The signal enters
Dialogue: 0,0:12:38.84,0:12:42.74,Default,,0000,0000,0000,,the tuner and passes through a Broadcom\Nchip that handles demodulation.
Dialogue: 0,0:12:42.74,0:12:46.26,Default,,0000,0000,0000,,And the same chip will also handle MPEG\Ndecoding after the transport stream’s been
Dialogue: 0,0:12:46.26,0:12:52.40,Default,,0000,0000,0000,,decrypted by the ACP. A 68k microcontroller\Nacts as the set-top-box’s main controller.
Dialogue: 0,0:12:52.40,0:12:57.49,Default,,0000,0000,0000,,Again, talking to the ACP via SPI.\NAnd a battery provides backup power
Dialogue: 0,0:12:57.49,0:13:03.07,Default,,0000,0000,0000,,to the ACP, and also to the non-volatile\NRAM used by the main controller.
Dialogue: 0,0:13:03.07,0:13:08.50,Default,,0000,0000,0000,,A TVpass slot is underneath the main\Nboard, it’s not visible in this photo.
Dialogue: 0,0:13:08.50,0:13:11.37,Default,,0000,0000,0000,,The cable set-top-boxes include a second\Ntuner that’s used to receive
Dialogue: 0,0:13:11.37,0:13:15.81,Default,,0000,0000,0000,,the out-of-band data. This OOB tuner\Noperates independently of the main tuner
Dialogue: 0,0:13:15.81,0:13:20.08,Default,,0000,0000,0000,,and on a separate frequency range. And\Nit’s used to provide a transport stream
Dialogue: 0,0:13:20.08,0:13:23.45,Default,,0000,0000,0000,,containing the system information, with\Nthe program guide, firmware updates,
Dialogue: 0,0:13:23.45,0:13:28.63,Default,,0000,0000,0000,,EMMs etc.
Dialogue: 0,0:13:28.63,0:13:35.11,Default,,0000,0000,0000,,Here we see the ACP chip. It’s a 100-pin\NTQFP package. From the markings
Dialogue: 0,0:13:35.11,0:13:39.92,Default,,0000,0000,0000,,we can see it’s a custom System-On-Chip\Nmade for General Instrument Corp. (GIC).
Dialogue: 0,0:13:39.92,0:13:43.47,Default,,0000,0000,0000,,All the decryption is performed by the\NACP, and all decryption keys are kept
Dialogue: 0,0:13:43.47,0:13:49.60,Default,,0000,0000,0000,,only within this chip. The newer set-top-\Nboxes use newer versions of the ACP.
Dialogue: 0,0:13:49.60,0:13:53.85,Default,,0000,0000,0000,,I studied the original ACP chip\Nthat’s seen in this photo.
Dialogue: 0,0:13:53.85,0:13:57.25,Default,,0000,0000,0000,,As long as the set-top-boxes using this\Nchip are actively used it remains
Dialogue: 0,0:13:57.25,0:14:02.74,Default,,0000,0000,0000,,a relevant target. Whether the newer ACPs\Ninclude more advanced security features
Dialogue: 0,0:14:02.74,0:14:07.31,Default,,0000,0000,0000,,or if they exist only for cost-savings\Ndue to shrinking the die size
Dialogue: 0,0:14:07.31,0:14:12.72,Default,,0000,0000,0000,,I don’t really know.
Dialogue: 0,0:14:12.72,0:14:16.48,Default,,0000,0000,0000,,Some of the interesting pins on the ACP\Nare labeled here. Pin 1 is marked
Dialogue: 0,0:14:16.48,0:14:20.16,Default,,0000,0000,0000,,at the top left corner of the chip.\NThere’s an SPI slave controller
Dialogue: 0,0:14:20.16,0:14:24.17,Default,,0000,0000,0000,,on Pins 1 - 5, used for communication\Nwith the set-top-box main controller.
Dialogue: 0,0:14:24.17,0:14:28.14,Default,,0000,0000,0000,,There’s a battery backup pin that’s\Nconnected to a 3V battery to keep
Dialogue: 0,0:14:28.14,0:14:33.05,Default,,0000,0000,0000,,the RAM contents of the ACP intact\Nat all times. There’s a serial transport
Dialogue: 0,0:14:33.05,0:14:38.24,Default,,0000,0000,0000,,stream input on pins 88 - 92 which\Nreceives the data from the demodulator.
Dialogue: 0,0:14:38.24,0:14:42.49,Default,,0000,0000,0000,,And there’s a serial transport stream\Noutput on pins 28 - 33 which sends
Dialogue: 0,0:14:42.49,0:14:52.18,Default,,0000,0000,0000,,the decrypted transport stream to the\NMPEG decoder to be output to the TV.
Dialogue: 0,0:14:52.18,0:14:56.46,Default,,0000,0000,0000,,At one point I had written software for\Nan AVR32 device, not the one that’s
Dialogue: 0,0:14:56.46,0:15:00.24,Default,,0000,0000,0000,,shown here, that has a synchronous serial\Nperipheral, that supports sending and
Dialogue: 0,0:15:00.24,0:15:04.92,Default,,0000,0000,0000,,receiving data at the 27 MBit/s rate of the\Ntransport stream. My AVR32 implementation
Dialogue: 0,0:15:04.92,0:15:10.69,Default,,0000,0000,0000,,turned out a bit ugly. But rather than\Ncleaning up I was able to use it as it was.
Dialogue: 0,0:15:10.69,0:15:16.06,Default,,0000,0000,0000,,It had some limitations like only accepting\N64kB of data for replay logging.
Dialogue: 0,0:15:16.06,0:15:20.12,Default,,0000,0000,0000,,Which was just barely good enough for my\Nstudies. What the transport stream
Dialogue: 0,0:15:20.12,0:15:22.00,Default,,0000,0000,0000,,logging in-circuit digital mean was
Dialogue: 0,0:15:22.00,0:15:27.32,Default,,0000,0000,0000,,that the transport stream passes through\Nthe ACP with selected PIDs being decrypted.
Dialogue: 0,0:15:27.32,0:15:31.41,Default,,0000,0000,0000,,And then the output is the full transport\Nstream but a selected program has been
Dialogue: 0,0:15:31.41,0:15:37.42,Default,,0000,0000,0000,,decrypted. The AVR32 logging interface\Nhad rather limited use for me.
Dialogue: 0,0:15:37.42,0:15:42.71,Default,,0000,0000,0000,,Later on when I did more thorough research\NI did so using an ACP that I’d removed from
Dialogue: 0,0:15:42.71,0:15:46.68,Default,,0000,0000,0000,,the box and I put on a breakout board.\NAnd then I could control the clock, and
Dialogue: 0,0:15:46.68,0:15:50.86,Default,,0000,0000,0000,,at that point it was much easier to use an\NXMEGA AVR platform to send and receive
Dialogue: 0,0:15:50.86,0:15:55.49,Default,,0000,0000,0000,,the transport stream through the ACP\Nat a much slower bit rate. Shown here
Dialogue: 0,0:15:55.49,0:15:57.25,Default,,0000,0000,0000,,is the XMEGA platform I settled on using
Dialogue: 0,0:15:57.25,0:16:03.51,Default,,0000,0000,0000,,for SPI and also the transport stream\Ninterfacing. To honor the data
Dialogue: 0,0:16:03.51,0:16:08.10,Default,,0000,0000,0000,,passed between the set-top-box main\Ncontroller and the ACP on the SPI bus
Dialogue: 0,0:16:08.10,0:16:15.22,Default,,0000,0000,0000,,I used the XMEGA development board. Two\NSPI ports acted as slave with Master Out -
Dialogue: 0,0:16:15.22,0:16:18.95,Default,,0000,0000,0000,,Slave In (MOSI) signal connected to 1 and\NMaster In - Slave Out (MISO) signal
Dialogue: 0,0:16:18.95,0:16:23.78,Default,,0000,0000,0000,,connected to the Master Out - Slave In\Ninput of the second port. So from one port
Dialogue: 0,0:16:23.78,0:16:26.28,Default,,0000,0000,0000,,Bytes sent by the set-top-box\Ncontroller are received.
Dialogue: 0,0:16:26.28,0:16:28.00,Default,,0000,0000,0000,,From the other port it receives
Dialogue: 0,0:16:28.00,0:16:33.49,Default,,0000,0000,0000,,bytes from the ACP. In case I want to talk\Ndirectly to the ACP or the set-top-box
Dialogue: 0,0:16:33.49,0:16:37.73,Default,,0000,0000,0000,,main controller it’s only necessary to\Nconnect both the MOSI and MISO signals
Dialogue: 0,0:16:37.73,0:16:43.41,Default,,0000,0000,0000,,on one of the SPI interfaces. By holding\Nthe main controller in Reset my XMEGA
Dialogue: 0,0:16:43.41,0:16:48.54,Default,,0000,0000,0000,,was able to act as the SPI Master and then\Ntalk to the ACP. So this setup works for
Dialogue: 0,0:16:48.54,0:16:52.55,Default,,0000,0000,0000,,passively monitoring the SPI communications\Nin the set-top-box and can also act as
Dialogue: 0,0:16:52.55,0:16:59.53,Default,,0000,0000,0000,,the SPI Master for interrogating the chip\Ndirectly.
Dialogue: 0,0:16:59.53,0:17:01.36,Default,,0000,0000,0000,,By logging the SPI bus between
Dialogue: 0,0:17:01.36,0:17:05.24,Default,,0000,0000,0000,,the main controller and the ACP we see\Nthat information about the current access
Dialogue: 0,0:17:05.24,0:17:12.15,Default,,0000,0000,0000,,levels are sent from the ACP. The ACP\Nalso receives EMMs via the SPI bus.
Dialogue: 0,0:17:12.15,0:17:16.97,Default,,0000,0000,0000,,EMMs have been filtered by the Unit Address\Nnumber, or the set-top-box serial number.
Dialogue: 0,0:17:16.97,0:17:22.52,Default,,0000,0000,0000,,So the ACP only receives messages\Nthat are intended for that specific unit.
Dialogue: 0,0:17:22.52,0:17:26.33,Default,,0000,0000,0000,,Command 04 includes the current Category\NKey epochs and Keyselects in use.
Dialogue: 0,0:17:26.33,0:17:31.64,Default,,0000,0000,0000,,Command 05 includes the Unit Address\Nnumber. Command 13 returns the authorized
Dialogue: 0,0:17:31.64,0:17:37.34,Default,,0000,0000,0000,,Subscription tiers for this unit. Commands 7\Nand 87 provide information about the channel
Dialogue: 0,0:17:37.34,0:17:43.32,Default,,0000,0000,0000,,being currently decrypted. Additionally,\Nvia the SPI interface the set-top-box
Dialogue: 0,0:17:43.32,0:17:49.05,Default,,0000,0000,0000,,main controller tells the ACP which PIDs\Nto decrypt and which is the ECM PID.
Dialogue: 0,0:17:49.05,0:17:53.44,Default,,0000,0000,0000,,The ACP doesn’t send any keys on the bus,\Nand it only receives Category Keys that
Dialogue: 0,0:17:53.44,0:17:58.07,Default,,0000,0000,0000,,are encrypted within EMMs via the SPI.\NSo all of the really interesting data is
Dialogue: 0,0:17:58.07,0:18:06.34,Default,,0000,0000,0000,,contained within the ACP chip itself, and\Nit’s never sent out on any kind of a bus.
Dialogue: 0,0:18:06.34,0:18:10.30,Default,,0000,0000,0000,,So next I started an invasive study of the\Nchip – studying it under a microscope.
Dialogue: 0,0:18:10.30,0:18:13.94,Default,,0000,0000,0000,,And the cost of microscopes can range from\Nhundreds of Dollars to tens of thousands
Dialogue: 0,0:18:13.94,0:18:18.15,Default,,0000,0000,0000,,of Dollars, or even higher for things like\Nelectron microscopes or other specialized
Dialogue: 0,0:18:18.15,0:18:23.83,Default,,0000,0000,0000,,equipment. I have a couple of microscopes\Nthat I use. This one is a Mitutoyo FS70
Dialogue: 0,0:18:23.83,0:18:27.99,Default,,0000,0000,0000,,microscope. These Mitutoyo are often used\Nfor microprobing, but you can also use it
Dialogue: 0,0:18:27.99,0:18:33.05,Default,,0000,0000,0000,,for other uses. For this project I didn’t\Ndo any microprobing but I used this
Dialogue: 0,0:18:33.05,0:18:37.47,Default,,0000,0000,0000,,microscope because it was what I had. For\Nstudying this kind of technology you could
Dialogue: 0,0:18:37.47,0:18:40.70,Default,,0000,0000,0000,,use even more basic equipment but,\Nof course, if you have the higher-end
Dialogue: 0,0:18:40.70,0:18:44.72,Default,,0000,0000,0000,,equipment it’s a lot nicer to work with.
Dialogue: 0,0:18:44.72,0:18:48.55,Default,,0000,0000,0000,,Another microscope I use is the Zeiss\NAxiotron. This microscope is designed
Dialogue: 0,0:18:48.55,0:18:53.68,Default,,0000,0000,0000,,for inspecting wafers and has really good\Noptical quality. I said that more basic
Dialogue: 0,0:18:53.68,0:18:56.96,Default,,0000,0000,0000,,equipment could be used and it’s true.\NBut when you get into this kind of thing
Dialogue: 0,0:18:56.96,0:19:00.58,Default,,0000,0000,0000,,you might find yourself again and again\Ninvesting in more equipment.
Dialogue: 0,0:19:00.58,0:19:04.28,Default,,0000,0000,0000,,I've owed $10.000 in this setup including\Nthe microscope and the camera and the
Dialogue: 0,0:19:04.28,0:19:12.29,Default,,0000,0000,0000,,scanning stage and other parts. To look at\Nthe chip under the microscope requires
Dialogue: 0,0:19:12.29,0:19:16.65,Default,,0000,0000,0000,,that the chip is de-capsulated.\NFuming Nitric Acid is used for this.
Dialogue: 0,0:19:16.65,0:19:21.19,Default,,0000,0000,0000,,The chip is immersed in heated red Fuming\NNitric Acid which reacts with the plastic
Dialogue: 0,0:19:21.19,0:19:26.22,Default,,0000,0000,0000,,packaging and removes it. The chip is then\Nrinsed in acetone, and cleaned with
Dialogue: 0,0:19:26.22,0:19:31.54,Default,,0000,0000,0000,,isopropyl alcohol in an ultrasonic bath\Nwhich leaves the die bare and clean.
Dialogue: 0,0:19:31.54,0:19:35.47,Default,,0000,0000,0000,,The Nitric Acid is quite aggressive,\Nand it’s important to handle it carefully.
Dialogue: 0,0:19:35.47,0:19:39.19,Default,,0000,0000,0000,,But the process is really straight-forward.\NMost people probably wouldn’t want
Dialogue: 0,0:19:39.19,0:19:40.57,Default,,0000,0000,0000,,to do this in their home.
Dialogue: 0,0:19:40.57,0:19:47.49,Default,,0000,0000,0000,,So you should go out to the garage\Nand use your fume hood there.
Dialogue: 0,0:19:47.49,0:19:50.99,Default,,0000,0000,0000,,After the decapsulation the bare\Nchips are left with bonding wires attached
Dialogue: 0,0:19:50.99,0:19:53.66,Default,,0000,0000,0000,,to them. So these wires will be plucked\Noff using tweezers to get them
Dialogue: 0,0:19:53.66,0:19:58.60,Default,,0000,0000,0000,,out of the way. Already in this photo we\Ncan see some of the larger structures
Dialogue: 0,0:19:58.60,0:20:02.06,Default,,0000,0000,0000,,on the chip. Half of it is covered with\Na metal plane, and the other half
Dialogue: 0,0:20:02.06,0:20:09.51,Default,,0000,0000,0000,,shows some kind of visible circuitry.
Dialogue: 0,0:20:09.51,0:20:12.52,Default,,0000,0000,0000,,This is an image of the chip under the\Nmicroscope. It’s been stitched together
Dialogue: 0,0:20:12.52,0:20:16.79,Default,,0000,0000,0000,,from several smaller images,\Nto give an overview of the chip.
Dialogue: 0,0:20:16.79,0:20:21.26,Default,,0000,0000,0000,,Looking at the decapsulated chip we see\Nthe bond pads around the outside,
Dialogue: 0,0:20:21.26,0:20:25.45,Default,,0000,0000,0000,,a metal plane covering the top part of the\Nchip and wires on the bottom of the chip,
Dialogue: 0,0:20:25.45,0:20:29.68,Default,,0000,0000,0000,,the spaghetti logic running all ov er the\Nplace. With a couple of structures
Dialogue: 0,0:20:29.68,0:20:33.63,Default,,0000,0000,0000,,that look like they could be a type of\Nmemory. There’s a lot still hidden
Dialogue: 0,0:20:33.63,0:20:40.12,Default,,0000,0000,0000,,from us. To see more of the chip\Nit will be necessary to delayer it.
Dialogue: 0,0:20:40.12,0:20:45.06,Default,,0000,0000,0000,,To delayer the chip I used hydrofluoric acid\Nto perform a wet etch. I used the Whink
Dialogue: 0,0:20:45.06,0:20:49.60,Default,,0000,0000,0000,,Rust Stain Remover product. It’s available\Nin hardware stores all over the USA.
Dialogue: 0,0:20:49.60,0:20:55.10,Default,,0000,0000,0000,,It’s a dilute HF solution that works\Nreally well for delayering ICs.
Dialogue: 0,0:20:55.10,0:20:59.23,Default,,0000,0000,0000,,I put a small amount of the Whink liquid in\Na beaker and heated it on the hot plate.
Dialogue: 0,0:20:59.23,0:21:03.26,Default,,0000,0000,0000,,Then I dropped the decapsulated die in.\NUsing a pipette I agitated the liquid
Dialogue: 0,0:21:03.26,0:21:07.42,Default,,0000,0000,0000,,to disturb the bubbles that form on the\Nsurface of the chip. So the acid can
Dialogue: 0,0:21:07.42,0:21:12.11,Default,,0000,0000,0000,,actually chip more evenly. The etching\Nresult isn’t perfect. Some parts of the chip
Dialogue: 0,0:21:12.11,0:21:15.05,Default,,0000,0000,0000,,will be etched deeper than other parts.\NBut I’ve gotten quite useful results using
Dialogue: 0,0:21:15.05,0:21:19.41,Default,,0000,0000,0000,,this technique. You really don’t wanna\Nbreathe in these fumes, so do this
Dialogue: 0,0:21:19.41,0:21:25.89,Default,,0000,0000,0000,,in a fume hood in your garage, also.
Dialogue: 0,0:21:25.89,0:21:29.03,Default,,0000,0000,0000,,After a short time immersed in the heated\NWhink solution the chip was rinsed and
Dialogue: 0,0:21:29.03,0:21:32.73,Default,,0000,0000,0000,,put back under the microscope.\NNow the top metal plane has been removed
Dialogue: 0,0:21:32.73,0:21:37.49,Default,,0000,0000,0000,,so we can see what’s below. There are\Nsome visual effects that we start to see
Dialogue: 0,0:21:37.49,0:21:40.75,Default,,0000,0000,0000,,in the photo from the etching being\Na little bit uneven. But overall
Dialogue: 0,0:21:40.75,0:21:46.42,Default,,0000,0000,0000,,the delayered chip looks quite good and\Nable to start studying it. At the top left
Dialogue: 0,0:21:46.42,0:21:51.12,Default,,0000,0000,0000,,the tall rectangles are RAM. The four\Nblocks at the top right are ROM.
Dialogue: 0,0:21:51.12,0:21:56.63,Default,,0000,0000,0000,,And then there’s logic that tie\Nthese into the logic area below.
Dialogue: 0,0:21:56.63,0:22:01.04,Default,,0000,0000,0000,,I was interested in finding how the bits\Nwere encoded in ROM. So I continued
Dialogue: 0,0:22:01.04,0:22:04.29,Default,,0000,0000,0000,,delayering the chip. This was another dip\Nin the Whink – and another metal layer
Dialogue: 0,0:22:04.29,0:22:07.99,Default,,0000,0000,0000,,has been removed. Bits in the ROM\Nwere not visible yet so I continued
Dialogue: 0,0:22:07.99,0:22:11.83,Default,,0000,0000,0000,,the delayering process. At this point\Nwe’re starting to see more of the visual
Dialogue: 0,0:22:11.83,0:22:19.70,Default,,0000,0000,0000,,effects from the uneven etching but\Nit’s still not too bad. After a third dip
Dialogue: 0,0:22:19.70,0:22:23.30,Default,,0000,0000,0000,,in the Whink more metal has been removed.\NAt this point the delayering is becoming
Dialogue: 0,0:22:23.30,0:22:26.82,Default,,0000,0000,0000,,more and more uneven. We can see the\NROM blocks have been half-etched
Dialogue: 0,0:22:26.82,0:22:31.90,Default,,0000,0000,0000,,to a lower layer while half of the upper\Nlayer is still remaining. The wet etching
Dialogue: 0,0:22:31.90,0:22:36.94,Default,,0000,0000,0000,,process can be quite difficult to perform\Ncompletely consistently without adding
Dialogue: 0,0:22:36.94,0:22:40.90,Default,,0000,0000,0000,,additional steps such as polishing. And\Nat the time I did this project I didn’t have
Dialogue: 0,0:22:40.90,0:22:45.41,Default,,0000,0000,0000,,the polisher available so I was relying\Nonly on the wet etch. Some of the areas
Dialogue: 0,0:22:45.41,0:22:48.88,Default,,0000,0000,0000,,of the ROM are now showing visible bits.\NThe other areas haven’t been etched
Dialogue: 0,0:22:48.88,0:22:55.25,Default,,0000,0000,0000,,deeply enough. So I continued to etch\Nfurther to try and get a clean ROM.
Dialogue: 0,0:22:55.25,0:22:59.18,Default,,0000,0000,0000,,We can see the ROM bits quite clearly now.\NThey’re arranged in rows and columns, and
Dialogue: 0,0:22:59.18,0:23:04.68,Default,,0000,0000,0000,,in this image if a black dot is visible\Nthat indicates that the bit is a One.
Dialogue: 0,0:23:04.68,0:23:07.89,Default,,0000,0000,0000,,Image quality is important. The better the\Nphotographs the more consistently the bits
Dialogue: 0,0:23:07.89,0:23:12.04,Default,,0000,0000,0000,,will be visible. But it doesn’t have to be\Nreally perfect. You can do some image
Dialogue: 0,0:23:12.04,0:23:16.79,Default,,0000,0000,0000,,processing on it, you can even repeat the\Nprocess on multiple chips, delayer them
Dialogue: 0,0:23:16.79,0:23:20.71,Default,,0000,0000,0000,,and photograph them, and at some point\Nyou’ll be able to have the entire ROM
Dialogue: 0,0:23:20.71,0:23:26.28,Default,,0000,0000,0000,,clean and consistently visible. With the\Nvisible bits exposed and photographs taken
Dialogue: 0,0:23:26.28,0:23:30.86,Default,,0000,0000,0000,,the bits can be extracted using a software\Nimage analysis tool. Or the bits could be
Dialogue: 0,0:23:30.86,0:23:37.56,Default,,0000,0000,0000,,extracted manually. The ROM here is 32 kB\Nor over 260.000 bits. So manual extraction
Dialogue: 0,0:23:37.56,0:23:43.63,Default,,0000,0000,0000,,would be a bit labor-intensive but it\Nisn’t impossible. A software tool is
Dialogue: 0,0:23:43.63,0:23:48.91,Default,,0000,0000,0000,,more efficient. So I wrote some software\Nto analyze the images and identify
Dialogue: 0,0:23:48.91,0:23:53.64,Default,,0000,0000,0000,,the 1 and 0 bits. There are bits marked\Nwith a yellow box for 0 bits or a blue box
Dialogue: 0,0:23:53.64,0:23:57.64,Default,,0000,0000,0000,,for 1 bits. I use a software to analyze\Nthe image and then I can quickly review
Dialogue: 0,0:23:57.64,0:24:04.98,Default,,0000,0000,0000,,the results manually, and identify any\Nerrors that I can see. After extracting
Dialogue: 0,0:24:04.98,0:24:08.50,Default,,0000,0000,0000,,the bits from the photographs I have\Na binary version of the ROM data.
Dialogue: 0,0:24:08.50,0:24:12.29,Default,,0000,0000,0000,,This is a visual representation of the\Nbits extracted from this piece of ROM.
Dialogue: 0,0:24:12.29,0:24:18.68,Default,,0000,0000,0000,,Little black boxes signify 1 bits,\Nand the white boxes signify 0 bits.
Dialogue: 0,0:24:18.68,0:24:23.54,Default,,0000,0000,0000,,In this image I’ve overlayed the extracted\Nbottom 13 rows of bits over the photograph.
Dialogue: 0,0:24:23.54,0:24:27.34,Default,,0000,0000,0000,,You can see some visual patterns inside\Nthis, also. And these visual patterns
Dialogue: 0,0:24:27.34,0:24:33.80,Default,,0000,0000,0000,,are a good indicator that this ROM\Nis probably not scrambled.
Dialogue: 0,0:24:33.80,0:24:37.52,Default,,0000,0000,0000,,This image shows the end of the ROM where\Nyou can see a pattern covering most of
Dialogue: 0,0:24:37.52,0:24:41.77,Default,,0000,0000,0000,,the image due to a repeated pattern of\Nfiller bytes that occupy unused space
Dialogue: 0,0:24:41.77,0:24:47.05,Default,,0000,0000,0000,,at the end of the ROM. At the very end of\NROM the pattern is interrupted. This is
Dialogue: 0,0:24:47.05,0:24:50.37,Default,,0000,0000,0000,,where the vectors table exists at the top\Nend of memory indicating the reset address
Dialogue: 0,0:24:50.37,0:24:54.95,Default,,0000,0000,0000,,and the addresses of interrupt handlers.\NThe ROM has unused space, the filler bytes
Dialogue: 0,0:24:54.95,0:25:01.93,Default,,0000,0000,0000,,at the end. And the vectors table\Naddress is 0xFFF6 through 0xFFFF.
Dialogue: 0,0:25:01.93,0:25:06.29,Default,,0000,0000,0000,,After extracting the bits and decoding them\Ninto bytes the hex dump can be studied.
Dialogue: 0,0:25:06.29,0:25:11.90,Default,,0000,0000,0000,,There is a “Copyright 1997 CHCC” ASCII\Nstring in ROM which is helpful to identify
Dialogue: 0,0:25:11.90,0:25:15.14,Default,,0000,0000,0000,,when the ROM has been decoded correctly.\N{\i1}laughter{\i0}
Dialogue: 0,0:25:15.14,0:25:18.100,Default,,0000,0000,0000,,If you can read the ASCII text then\Nsurely the bits are in the correct order.
Dialogue: 0,0:25:18.100,0:25:22.76,Default,,0000,0000,0000,,The decoding in this case was just a matter\Nof organizing the bits into bytes, it’s quite
Dialogue: 0,0:25:22.76,0:25:29.10,Default,,0000,0000,0000,,straightforward, there was no scrambling\Nor anything else that was complex.
Dialogue: 0,0:25:29.10,0:25:32.55,Default,,0000,0000,0000,,With the ROM contents extracted the\Nsoftware can be disassembled and analyzed.
Dialogue: 0,0:25:32.55,0:25:37.20,Default,,0000,0000,0000,,The first step was to identify the CPU\Narchitecture. Studying the binary dump
Dialogue: 0,0:25:37.20,0:25:40.96,Default,,0000,0000,0000,,it appeared to be an 8-bit CPU\Nbut wasn’t 8051 or 6805
Dialogue: 0,0:25:40.96,0:25:46.02,Default,,0000,0000,0000,,or any of the processor types I tried\Nfirst. Eventually, I tried disassembling
Dialogue: 0,0:25:46.02,0:25:50.43,Default,,0000,0000,0000,,it 6502 and the code made sense. Later\NI had remembered that I had looked at
Dialogue: 0,0:25:50.43,0:25:53.99,Default,,0000,0000,0000,,a previous version of the Access\NController from the same manufacturer.
Dialogue: 0,0:25:53.99,0:25:58.83,Default,,0000,0000,0000,,Which was used in another system,\NVideoCipher 2+, an ancestor of DigiCipher.
Dialogue: 0,0:25:58.83,0:26:05.25,Default,,0000,0000,0000,,On the older chip was a Copyright notice\Nfrom WDC who licenses the 6502 core IP.
Dialogue: 0,0:26:05.25,0:26:09.27,Default,,0000,0000,0000,,It was visible directly on the chip die\Nunder the microscope.
Dialogue: 0,0:26:09.27,0:26:12.24,Default,,0000,0000,0000,,So this would have been a great clue\Nfor the CPU architecture if I had actually
Dialogue: 0,0:26:12.24,0:26:18.18,Default,,0000,0000,0000,,noticed it earlier. For disassembly I used\NIDA. It supports 6502 and is of course
Dialogue: 0,0:26:18.18,0:26:25.51,Default,,0000,0000,0000,,a very powerful disassembler. In addition\Nto disassembly I used 6502 simulation
Dialogue: 0,0:26:25.51,0:26:29.80,Default,,0000,0000,0000,,software to study the software in\Na virtual CPU. The simulation is really
Dialogue: 0,0:26:29.80,0:26:33.29,Default,,0000,0000,0000,,helpful when disassembling the software.\NIt provides a lot of insight into what’s
Dialogue: 0,0:26:33.29,0:26:38.27,Default,,0000,0000,0000,,going on. Since 6502 is a very well-known\Narchitecture it was not at all difficult
Dialogue: 0,0:26:38.27,0:26:43.41,Default,,0000,0000,0000,,to find an existing simulator. Even free,\Nwith source code. The 6502 is used
Dialogue: 0,0:26:43.41,0:26:47.85,Default,,0000,0000,0000,,in 8-bit computers, like the Apple II,\Nin Commodore 64. So there’s really
Dialogue: 0,0:26:47.85,0:26:51.70,Default,,0000,0000,0000,,a lot of enthusiasts and a great deal of\Ninformation about this architecture.
Dialogue: 0,0:26:51.70,0:26:55.37,Default,,0000,0000,0000,,As I gained understanding of the System\NOn Chip through disassembling the software
Dialogue: 0,0:26:55.37,0:26:59.33,Default,,0000,0000,0000,,I began adding some other features into\Nthe simulator to emulate some of the
Dialogue: 0,0:26:59.33,0:27:08.78,Default,,0000,0000,0000,,hardware peripherals that were found\Ninside the ACP, the device itself.
Dialogue: 0,0:27:08.78,0:27:11.28,Default,,0000,0000,0000,,One of the first things I saw in the\Ndisassembly was that there are two
Dialogue: 0,0:27:11.28,0:27:15.78,Default,,0000,0000,0000,,operating modes. During startup values\Nin RAM are checked. And if the ACP
Dialogue: 0,0:27:15.78,0:27:18.65,Default,,0000,0000,0000,,hasn’t been initialized it enters\Na personalization mode used during
Dialogue: 0,0:27:18.65,0:27:23.39,Default,,0000,0000,0000,,manufacturing to assign the Unit Address\Nand Seed keys. In normal conditions,
Dialogue: 0,0:27:23.39,0:27:26.51,Default,,0000,0000,0000,,after the set-top-box has left the\Nfactory this personalization software
Dialogue: 0,0:27:26.51,0:27:32.46,Default,,0000,0000,0000,,is bypassed and the ACP will always run\Nits main application. The next thing
Dialogue: 0,0:27:32.46,0:27:36.83,Default,,0000,0000,0000,,I found was the application wasn’t very\Nsimple. This 6502 actually runs
Dialogue: 0,0:27:36.83,0:27:41.17,Default,,0000,0000,0000,,a task switching operating system. Eight\Ntasks are run supporting decryption
Dialogue: 0,0:27:41.17,0:27:45.69,Default,,0000,0000,0000,,of up to two channels at the same time.\NThere are two tasks to handle processing
Dialogue: 0,0:27:45.69,0:27:50.33,Default,,0000,0000,0000,,of ECM40 messages and generation of the\NWorking Keys used to decrypt the transport
Dialogue: 0,0:27:50.33,0:27:55.20,Default,,0000,0000,0000,,stream. And two tasks to handle processing\Nof ECM41 messages to generate
Dialogue: 0,0:27:55.20,0:28:00.75,Default,,0000,0000,0000,,the Program Keys that are used to process\Nthe ECM40. One task for handling
Dialogue: 0,0:28:00.75,0:28:05.19,Default,,0000,0000,0000,,EMM processing. And there’s also a task to\Ncommunicate with the TVpass interface
Dialogue: 0,0:28:05.19,0:28:09.71,Default,,0000,0000,0000,,for security upgrades. With another task\Nto handle the messages that are coming in
Dialogue: 0,0:28:09.71,0:28:17.09,Default,,0000,0000,0000,,over the SPI interface. Since the ACP\Nis a custom System On Chip
Dialogue: 0,0:28:17.09,0:28:21.32,Default,,0000,0000,0000,,there is no documentation available\Ndescribing the hardware capabilities.
Dialogue: 0,0:28:21.32,0:28:24.63,Default,,0000,0000,0000,,So the disassembly was studied and the\Ninput/output registers had to be guessed
Dialogue: 0,0:28:24.63,0:28:29.65,Default,,0000,0000,0000,,based on the software usage. There’s an\NSPI slave peripheral for communication
Dialogue: 0,0:28:29.65,0:28:33.69,Default,,0000,0000,0000,,with the main controller. The SPI\Nperipheral sends and receives data
Dialogue: 0,0:28:33.69,0:28:37.33,Default,,0000,0000,0000,,directly to RAM. And then a signal is set\Nindicating that the transport has been
Dialogue: 0,0:28:37.33,0:28:41.35,Default,,0000,0000,0000,,completed. There’s a DES crypto peripheral;
Dialogue: 0,0:28:41.35,0:28:45.98,Default,,0000,0000,0000,,key, data and operating mode are set in\Nregisters. And when the decryption
Dialogue: 0,0:28:45.98,0:28:50.03,Default,,0000,0000,0000,,has been completed the result can be\Nread from additional registers. There’s
Dialogue: 0,0:28:50.03,0:28:54.27,Default,,0000,0000,0000,,a transport stream descrambler. The Working\NKey is set in hardware registers.
Dialogue: 0,0:28:54.27,0:28:57.59,Default,,0000,0000,0000,,And the descrambler will then output the\Ndecrypted transport stream on the serial
Dialogue: 0,0:28:57.59,0:29:03.39,Default,,0000,0000,0000,,transport stream interface. There are PID\Nfilters set by the set-top-box main
Dialogue: 0,0:29:03.39,0:29:07.85,Default,,0000,0000,0000,,controller over the SPI bus. These filters\Nselect which video and audio streams
Dialogue: 0,0:29:07.85,0:29:15.31,Default,,0000,0000,0000,,to descramble and which ECM packets should\Nbe received by the ACP. The received ECMs
Dialogue: 0,0:29:15.31,0:29:23.23,Default,,0000,0000,0000,,are placed in RAM, and the 6502 is notified\Nof a new ECM via a register bit.
Dialogue: 0,0:29:23.23,0:29:26.05,Default,,0000,0000,0000,,So at this point I’m starting to get an\Nidea of how the system works.
Dialogue: 0,0:29:26.05,0:29:29.86,Default,,0000,0000,0000,,I have studied the MPEG transport stream\Nand logged ECM and EMM data.
Dialogue: 0,0:29:29.86,0:29:33.94,Default,,0000,0000,0000,,I’ve logged the SPI bus, and understand\Nmessages between the set-top-box
Dialogue: 0,0:29:33.94,0:29:38.74,Default,,0000,0000,0000,,main controller and the ACP. I was able to\Nextract the entire ROM contents optically.
Dialogue: 0,0:29:38.74,0:29:43.56,Default,,0000,0000,0000,,And I’ve disassembled the software and run\Nit in simulation. There are some keys
Dialogue: 0,0:29:43.56,0:29:47.54,Default,,0000,0000,0000,,that are found in ROM. Fixed keys which\Nnever change and are used when a channel
Dialogue: 0,0:29:47.54,0:29:51.100,Default,,0000,0000,0000,,has a “free preview weekend” or something\Nof the sort. Any set-top-box that has ever
Dialogue: 0,0:29:51.100,0:29:55.81,Default,,0000,0000,0000,,had any kind of authorization in the past\Nis allowed to decrypt channels that are
Dialogue: 0,0:29:55.81,0:30:01.41,Default,,0000,0000,0000,,encrypted using the “fixed key” mode. So\Nnow the focus is on understanding the ECM
Dialogue: 0,0:30:01.41,0:30:05.87,Default,,0000,0000,0000,,and EMM algorithms within the ROM\Nsoftware. At this point I’m still missing
Dialogue: 0,0:30:05.87,0:30:10.67,Default,,0000,0000,0000,,some important information from the ACP.\NAll the Seed Keys, Category Keys and
Dialogue: 0,0:30:10.67,0:30:14.77,Default,,0000,0000,0000,,Program Keys exist only within RAM.\NSo to decrypt any of the channels
Dialogue: 0,0:30:14.77,0:30:21.96,Default,,0000,0000,0000,,not in free preview isn’t possible yet at\Nthis point. The ECM40 message
Dialogue: 0,0:30:21.96,0:30:26.05,Default,,0000,0000,0000,,is used to generate the Working Key, used\Nto descramble the MPEG streams.
Dialogue: 0,0:30:26.05,0:30:30.08,Default,,0000,0000,0000,,There’s a Service ID, used to identify\Neach channel, and a frame count
Dialogue: 0,0:30:30.08,0:30:33.77,Default,,0000,0000,0000,,that’s used with the Program Key\Nto calculate the Working Key.
Dialogue: 0,0:30:33.77,0:30:37.84,Default,,0000,0000,0000,,The crypt mode identifies if the channels\Nare operating unencrypted, with a fixed
Dialogue: 0,0:30:37.84,0:30:41.45,Default,,0000,0000,0000,,key, or with the normal secure keys\Nwhich are typically used.
Dialogue: 0,0:30:41.45,0:30:45.90,Default,,0000,0000,0000,,The frame count is simply a 24 bit counter\Nthat increments each time the Working Key
Dialogue: 0,0:30:45.90,0:30:51.09,Default,,0000,0000,0000,,changes. There’s a byte I’ve labeled\N‘Hardware’ that has one bit set in it.
Dialogue: 0,0:30:51.09,0:30:57.03,Default,,0000,0000,0000,,This selects a special decryption mode\Nthat I’ll come back to a little bit later.
Dialogue: 0,0:30:57.03,0:31:03.89,Default,,0000,0000,0000,,The ECM41 contains encrypted Program Key\Nthat’s needed to correctly decrypt the ECM40.
Dialogue: 0,0:31:03.89,0:31:08.69,Default,,0000,0000,0000,,There’s a Provider ID that indicates which\NTV operator subscribers this ECM should
Dialogue: 0,0:31:08.69,0:31:12.74,Default,,0000,0000,0000,,be processed by. And there’s the same\NService ID that will be found within
Dialogue: 0,0:31:12.74,0:31:19.19,Default,,0000,0000,0000,,the ECM40 messages. The Category epoch\Nidentifies which Category Key is in use.
Dialogue: 0,0:31:19.19,0:31:23.37,Default,,0000,0000,0000,,There’s also information about how long\Nthis Program Key will be valid for.
Dialogue: 0,0:31:23.37,0:31:27.74,Default,,0000,0000,0000,,ECM41 contains one or more subscription\Ntiers that must be found within
Dialogue: 0,0:31:27.74,0:31:32.36,Default,,0000,0000,0000,,the customer’s ACP to allow this message\Nto be processed. The subscription tiers
Dialogue: 0,0:31:32.36,0:31:37.34,Default,,0000,0000,0000,,are written to the ACP when the EMM\Ncontaining authorization details is received.
Dialogue: 0,0:31:37.34,0:31:44.34,Default,,0000,0000,0000,,There is, again, a hardware crypto select\Nbyte that I will get back to.
Dialogue: 0,0:31:44.34,0:31:48.73,Default,,0000,0000,0000,,This slide shows what a half of a second\Nof ECM40 and ECM41 activity might
Dialogue: 0,0:31:48.73,0:31:53.88,Default,,0000,0000,0000,,look like. To be able to descramble the\Nprogram the ACP must process a current
Dialogue: 0,0:31:53.88,0:31:59.41,Default,,0000,0000,0000,,ECM41 to get the Program Key and then\Nprocess an ECM40 to get the Working Key.
Dialogue: 0,0:31:59.41,0:32:04.10,Default,,0000,0000,0000,,The Working Key is then used by the\Ndescrambler to decrypt MPEG stream.
Dialogue: 0,0:32:04.10,0:32:08.90,Default,,0000,0000,0000,,Until the ACP receives the ECM41 with the\Ncurrent key as well as an ECM40 with
Dialogue: 0,0:32:08.90,0:32:14.12,Default,,0000,0000,0000,,the frame count it’s not yet possible\Nto decrypt the transport stream.
Dialogue: 0,0:32:14.12,0:32:20.42,Default,,0000,0000,0000,,The Working Keys have a short life time,\Nonly 133 ms. The series of ECMs shown here
Dialogue: 0,0:32:20.42,0:32:25.95,Default,,0000,0000,0000,,all would happen within a period of a half\Nof a second.
Dialogue: 0,0:32:25.95,0:32:27.46,Default,,0000,0000,0000,,The EMMs are split into
Dialogue: 0,0:32:27.46,0:32:31.91,Default,,0000,0000,0000,,four parts. Each part contains a portion\Nof the subscription information for this
Dialogue: 0,0:32:31.91,0:32:36.65,Default,,0000,0000,0000,,set-top-box. A Category Key is calculated\Nfrom each of the four parts and the key
Dialogue: 0,0:32:36.65,0:32:40.37,Default,,0000,0000,0000,,that is calculated for each part has to\Nmatch the others, or the EMM will be
Dialogue: 0,0:32:40.37,0:32:46.19,Default,,0000,0000,0000,,rejected, and all authorization in Category\NKey will be wiped from this ACP.
Dialogue: 0,0:32:46.19,0:32:51.31,Default,,0000,0000,0000,,When the first EMM, part Zero, is received\Nthe authorization data inside the ACP
Dialogue: 0,0:32:51.31,0:32:54.59,Default,,0000,0000,0000,,is reset and will be replaced with\Nauthorization data from the EMM.
Dialogue: 0,0:32:54.59,0:33:00.01,Default,,0000,0000,0000,,When the next part, part One, is received\Nthe existing authorization data within
Dialogue: 0,0:33:00.01,0:33:05.70,Default,,0000,0000,0000,,the ACP from part Zero is hashed along\Nwith the data in part One. If the result
Dialogue: 0,0:33:05.70,0:33:09.05,Default,,0000,0000,0000,,is correct then the authorization from\Npart One is copied into the ACP
Dialogue: 0,0:33:09.05,0:33:13.31,Default,,0000,0000,0000,,alongside the existing data from part\NZero. If the result is incorrect then
Dialogue: 0,0:33:13.31,0:33:19.63,Default,,0000,0000,0000,,the ACP’s authorization is erased. In this\Nway the four EMM messages are linked
Dialogue: 0,0:33:19.63,0:33:22.57,Default,,0000,0000,0000,,together, and if anything is modified\Nwithin any of the EMM messages
Dialogue: 0,0:33:22.57,0:33:26.45,Default,,0000,0000,0000,,the authorization will fail.
Dialogue: 0,0:33:26.45,0:33:31.22,Default,,0000,0000,0000,,This is an example of an EMM. Each of the\Nfour EMM parts contains some common
Dialogue: 0,0:33:31.22,0:33:35.00,Default,,0000,0000,0000,,information, like the Unit Address, and\Nwhich Category epoch this EMM contains
Dialogue: 0,0:33:35.00,0:33:41.09,Default,,0000,0000,0000,,information for. The EMM can contain two\NCategory Keys. One for the current epoch
Dialogue: 0,0:33:41.09,0:33:45.38,Default,,0000,0000,0000,,and also for the next so that when there’s\Nthe change of the Category Key the ACP
Dialogue: 0,0:33:45.38,0:33:51.46,Default,,0000,0000,0000,,already has the next key available.\NTo decrypt the Category Key from the EMM
Dialogue: 0,0:33:51.46,0:33:57.36,Default,,0000,0000,0000,,the Seed Keys contained in the ACP are\Nused. The Seed Keys are unique to each ACP
Dialogue: 0,0:33:57.36,0:34:01.48,Default,,0000,0000,0000,,and are assigned during manufacturing.\NEMMs are transmitted out-of-band
Dialogue: 0,0:34:01.48,0:34:04.90,Default,,0000,0000,0000,,for cable systems but they’re passed to\Nthe ACP in the same way as for satellite
Dialogue: 0,0:34:04.90,0:34:08.48,Default,,0000,0000,0000,,systems. So at the ACP level, there’s no\Ndifference between the satellite and
Dialogue: 0,0:34:08.48,0:34:12.79,Default,,0000,0000,0000,,the cable systems.
Dialogue: 0,0:34:12.79,0:34:15.18,Default,,0000,0000,0000,,At this point it should be possible to\Ndecrypt channels that are using
Dialogue: 0,0:34:15.18,0:34:19.06,Default,,0000,0000,0000,,a fixed-key mode. Analysis of the ROM\Nhas shown the algorithms used to process
Dialogue: 0,0:34:19.06,0:34:21.53,Default,,0000,0000,0000,,the ECMs and generate the Working Key.
Dialogue: 0,0:34:21.53,0:34:25.75,Default,,0000,0000,0000,,The fixed keys are known because they’re\Ncontained in ROM. There could have been
Dialogue: 0,0:34:25.75,0:34:29.80,Default,,0000,0000,0000,,some question about the possibility of\Nbit errors from the optical ROM extraction
Dialogue: 0,0:34:29.80,0:34:33.37,Default,,0000,0000,0000,,process. But the fixed keys can be\Nconfirmed as correct because the ROM
Dialogue: 0,0:34:33.37,0:34:38.10,Default,,0000,0000,0000,,software performs a checksum of this\N256 byte area that contains the keys.
Dialogue: 0,0:34:38.10,0:34:41.10,Default,,0000,0000,0000,,Successfully running the checksum on\Nthe extracted ROM data indicates that
Dialogue: 0,0:34:41.10,0:34:45.89,Default,,0000,0000,0000,,the extracted keys seem to be correct.\NBut when I attempted to decrypt
Dialogue: 0,0:34:45.89,0:34:50.04,Default,,0000,0000,0000,,a fixed-key channel there was\Na problem, it did not work.
Dialogue: 0,0:34:50.04,0:34:52.30,Default,,0000,0000,0000,,Whether it was a bug in my decryption\Nimplementation or something else
Dialogue: 0,0:34:52.30,0:34:57.67,Default,,0000,0000,0000,,was unclear. However, I had noticed the\Nbit in ECM40 was set that causes a bit
Dialogue: 0,0:34:57.67,0:35:02.76,Default,,0000,0000,0000,,within the ACP hardware peripherals to be\Nset. The purpose of the bit was unclear.
Dialogue: 0,0:35:02.76,0:35:06.99,Default,,0000,0000,0000,,But its address was suspiciously close to\Nthe transport stream descrambler key.
Dialogue: 0,0:35:06.99,0:35:09.66,Default,,0000,0000,0000,,So I started to suspect that there might\Nbe some encryption other than just
Dialogue: 0,0:35:09.66,0:35:12.17,Default,,0000,0000,0000,,standard DES.
Dialogue: 0,0:35:12.17,0:35:18.07,Default,,0000,0000,0000,,To be able to learn more about the ACP\NI started to look at glitchers.
Dialogue: 0,0:35:18.07,0:35:21.12,Default,,0000,0000,0000,,If I can succeed to glitch the chip I may\Nbe able to find a way to read and even
Dialogue: 0,0:35:21.12,0:35:25.74,Default,,0000,0000,0000,,write memory. And possibly a way to run\Nmy own software directly on the chip.
Dialogue: 0,0:35:25.74,0:35:28.29,Default,,0000,0000,0000,,This will allow me to control the hardware\Nperipherals and be able to observe
Dialogue: 0,0:35:28.29,0:35:33.87,Default,,0000,0000,0000,,the chip’s operation under different\Nconditions. Timing tests of the ACP
Dialogue: 0,0:35:33.87,0:35:38.05,Default,,0000,0000,0000,,suggest that the 6502 is running from an\Ninternal clock source. So this will allow
Dialogue: 0,0:35:38.05,0:35:42.68,Default,,0000,0000,0000,,a clock glitch attack. A VCC glitch makes\Nsense, and with the age of this chip
Dialogue: 0,0:35:42.68,0:35:46.37,Default,,0000,0000,0000,,it seemed reasonable to expect that it\Nwould be susceptible to VCC glitches.
Dialogue: 0,0:35:46.37,0:35:50.83,Default,,0000,0000,0000,,The stronger protections against this\Ntype of attack are relatively recent.
Dialogue: 0,0:35:50.83,0:35:55.47,Default,,0000,0000,0000,,My glitcher design is quite simple. It’s\Nbased on an XMEGA development board
Dialogue: 0,0:35:55.47,0:35:59.82,Default,,0000,0000,0000,,and breadboard. I use the XMEGA to\Ncommunicate with the ACP over SPI
Dialogue: 0,0:35:59.82,0:36:05.02,Default,,0000,0000,0000,,and to control the glitch. A 74xx series\N4053 analog switch is used to quickly
Dialogue: 0,0:36:05.02,0:36:11.12,Default,,0000,0000,0000,,switch the ACP VCC between two voltages,\Na normal operating voltage, and a lower
Dialogue: 0,0:36:11.12,0:36:17.06,Default,,0000,0000,0000,,glitch voltage. I use a bench top DC power\Nsupply and two outputs so I can easily
Dialogue: 0,0:36:17.06,0:36:22.74,Default,,0000,0000,0000,,adjust both the normal VCC and glitch VCC\Nlevels. Other parts on the breadboard
Dialogue: 0,0:36:22.74,0:36:26.75,Default,,0000,0000,0000,,are an oscillator to provide some clock\Ninputs necessary for the ACP to operate
Dialogue: 0,0:36:26.75,0:36:32.43,Default,,0000,0000,0000,,and an inverter and NAND gate to cut out\Nthe clock during the time of the glitch.
Dialogue: 0,0:36:32.43,0:36:36.02,Default,,0000,0000,0000,,To simplify the test setup as much as\Npossible the ACP was removed from
Dialogue: 0,0:36:36.02,0:36:39.64,Default,,0000,0000,0000,,the set-top-box and soldered to\Na break-out board. In this process
Dialogue: 0,0:36:39.64,0:36:42.70,Default,,0000,0000,0000,,the battery-backed RAM was disconnected\Nand all the keys were lost.
Dialogue: 0,0:36:42.70,0:36:47.58,Default,,0000,0000,0000,,But for the purpose of developing a\Nworking glitch this was okay. The simple,
Dialogue: 0,0:36:47.58,0:36:49.91,Default,,0000,0000,0000,,breadboard-based glitcher is quite\Nflexible. The breadboard can be modified
Dialogue: 0,0:36:49.91,0:36:54.57,Default,,0000,0000,0000,,to test different ideas, and reconfigured\Nquickly. More complex and advanced
Dialogue: 0,0:36:54.57,0:36:59.32,Default,,0000,0000,0000,,glitcher wasn’t necessary.
Dialogue: 0,0:36:59.32,0:37:02.02,Default,,0000,0000,0000,,To test the glitcher, to find out if it\Nwill work and what voltage levels
Dialogue: 0,0:37:02.02,0:37:06.62,Default,,0000,0000,0000,,are successful we can send a command\Nto the ACP, then glitch, and then see
Dialogue: 0,0:37:06.62,0:37:11.31,Default,,0000,0000,0000,,the response from the ACP. The general\Nstrategy is to lower the voltage just
Dialogue: 0,0:37:11.31,0:37:15.43,Default,,0000,0000,0000,,to the point where the chip sometimes\Nresets due to the glitch.
Dialogue: 0,0:37:15.43,0:37:18.74,Default,,0000,0000,0000,,By adjusting voltage levels and glitch\Nlength and timing when the glitch will end
Dialogue: 0,0:37:18.74,0:37:25.30,Default,,0000,0000,0000,,I succeeded to cause ACP responses to be\Naltered. The checksum on SPI packets
Dialogue: 0,0:37:25.30,0:37:30.00,Default,,0000,0000,0000,,is very convenient. When unusual data is\Nreceived from the ACP chip with a valid
Dialogue: 0,0:37:30.00,0:37:33.63,Default,,0000,0000,0000,,checksum it’s a pretty good sign that the\Nglitch caused a temporary fault within
Dialogue: 0,0:37:33.63,0:37:38.30,Default,,0000,0000,0000,,the CPU, but their normal operation was\Nresumed. Depending when the glitch
Dialogue: 0,0:37:38.30,0:37:42.17,Default,,0000,0000,0000,,is delivered different effects are seen.\NWe can see that generally, as the glitches
Dialogue: 0,0:37:42.17,0:37:46.38,Default,,0000,0000,0000,,moved later, it’s the later bytes of the\Nresponse packets that change.
Dialogue: 0,0:37:46.38,0:37:54.14,Default,,0000,0000,0000,,So at this point it looks like the glitcher\Nworks, and is able to cause a pretty fault.
Dialogue: 0,0:37:54.14,0:37:57.11,Default,,0000,0000,0000,,Since I had an effectve glitch I took\Nthe circuit from the breadboard
Dialogue: 0,0:37:57.11,0:38:01.13,Default,,0000,0000,0000,,and etched a simple PCB that I could plug\Ndirectly on the XMEGA development board.
Dialogue: 0,0:38:01.13,0:38:04.24,Default,,0000,0000,0000,,This performs exactly the same function\Nas the breadboard glitcher but
Dialogue: 0,0:38:04.24,0:38:07.64,Default,,0000,0000,0000,,I’m a bit less likely to accidently unplug\Na wire from the breadboard and
Dialogue: 0,0:38:07.64,0:38:10.80,Default,,0000,0000,0000,,have to repair things. The circuit was\Nsimple enough that I could create
Dialogue: 0,0:38:10.80,0:38:18.02,Default,,0000,0000,0000,,a one-sided PCB, so it was very easy\Nfor myself to etch at home.
Dialogue: 0,0:38:18.02,0:38:22.83,Default,,0000,0000,0000,,Now my goal is to have the ACP execute\Nthe code of my choice. Because the 6502
Dialogue: 0,0:38:22.83,0:38:27.92,Default,,0000,0000,0000,,is a von-Neumann architecture all code and\Ndata memories share the same address space.
Dialogue: 0,0:38:27.92,0:38:32.83,Default,,0000,0000,0000,,From software disassembly I saw that there\Ndidn't appear to be any paging or MMU
Dialogue: 0,0:38:32.83,0:38:37.78,Default,,0000,0000,0000,,features. The software in ROM is fully\Nself-contained. There is no EEPROM
Dialogue: 0,0:38:37.78,0:38:41.66,Default,,0000,0000,0000,,and RAM is never used to hold executable\Ncode. So there aren’t jumps into
Dialogue: 0,0:38:41.66,0:38:45.79,Default,,0000,0000,0000,,these areas to exploit and, in fact, it\Nwasn’t clear if there’s anything preventing
Dialogue: 0,0:38:45.79,0:38:51.98,Default,,0000,0000,0000,,code execution outside of ROM. I decided to\Ntake a chance and test if RAM is executable.
Dialogue: 0,0:38:51.98,0:38:56.71,Default,,0000,0000,0000,,So I sent a message via SPI, knowing that\Nthis message will be stored in RAM.
Dialogue: 0,0:38:56.71,0:39:01.42,Default,,0000,0000,0000,,The message contained 6502 executable code\Nthat will copy itself to an unused area
Dialogue: 0,0:39:01.42,0:39:06.13,Default,,0000,0000,0000,,of RAM, execute from this area and send\Nan ACK indicating it was successful.
Dialogue: 0,0:39:06.13,0:39:09.82,Default,,0000,0000,0000,,Because I studied the use of the SPI\Ninterface and the ROM code I’m able
Dialogue: 0,0:39:09.82,0:39:13.77,Default,,0000,0000,0000,,to create this executable payload that\Nwill continue to receive commands via SPI
Dialogue: 0,0:39:13.77,0:39:17.26,Default,,0000,0000,0000,,after it’s taken control over the ACP.
Dialogue: 0,0:39:17.26,0:39:20.61,Default,,0000,0000,0000,,To try to maximize chances of success\NI looked through the ROM code for
Dialogue: 0,0:39:20.61,0:39:24.56,Default,,0000,0000,0000,,multi-byte instructions, which, if broken\Nup, would have contained within them
Dialogue: 0,0:39:24.56,0:39:29.48,Default,,0000,0000,0000,,a jump op code with a destination that\Nshould lead to where my executable
Dialogue: 0,0:39:29.48,0:39:35.27,Default,,0000,0000,0000,,payload was placed at RAM. Since the ACP\Nhas a single address space this gives
Dialogue: 0,0:39:35.27,0:39:39.18,Default,,0000,0000,0000,,a lot of opportunities for glitching to\Ncause execution to reach the payload.
Dialogue: 0,0:39:39.18,0:39:43.70,Default,,0000,0000,0000,,There are multiple scenarios possible in\Naddition to my selected glitch target.
Dialogue: 0,0:39:43.70,0:39:47.37,Default,,0000,0000,0000,,Stack corruption is a possibility, and\Nreally any abnormal program flow has
Dialogue: 0,0:39:47.37,0:39:51.71,Default,,0000,0000,0000,,some possibility that it could eventually\Nland in my code. The von-Neumann
Dialogue: 0,0:39:51.71,0:39:54.76,Default,,0000,0000,0000,,architecture, without strong memory\Nmanagement, is a very fertile ground
Dialogue: 0,0:39:54.76,0:39:59.70,Default,,0000,0000,0000,,for glitching. Anything in RAM\Npotentially could be executed.
Dialogue: 0,0:39:59.70,0:40:02.66,Default,,0000,0000,0000,,So at this point there are several\Nuncertainties, but so far nothing
Dialogue: 0,0:40:02.66,0:40:06.51,Default,,0000,0000,0000,,totally rules out the possibility of\Nsuccess. The ACP operates from
Dialogue: 0,0:40:06.51,0:40:10.37,Default,,0000,0000,0000,,an internal clock source. And the\Ninterrupt-driven task switching
Dialogue: 0,0:40:10.37,0:40:15.14,Default,,0000,0000,0000,,does add some further timing uncertainty.\NSo I’ll send the code payload,
Dialogue: 0,0:40:15.14,0:40:19.11,Default,,0000,0000,0000,,delay, then glitch, and see the result.\NWhen it’s unsuccessful I change
Dialogue: 0,0:40:19.11,0:40:22.54,Default,,0000,0000,0000,,the delay and I try again.\NI tried to aim for the instruction
Dialogue: 0,0:40:22.54,0:40:26.21,Default,,0000,0000,0000,,that I’ve identified as possibly\Ncorruptible into a jump.
Dialogue: 0,0:40:26.21,0:40:29.98,Default,,0000,0000,0000,,But there are a lot of unknowns, so,\Nreally, the processor is like fishing:
Dialogue: 0,0:40:29.98,0:40:33.83,Default,,0000,0000,0000,,throw the line and hope. I have\Na target but no way to know if I can
Dialogue: 0,0:40:33.83,0:40:38.51,Default,,0000,0000,0000,,hit it, or if it will have\Nthe expected result.
Dialogue: 0,0:40:38.51,0:40:42.73,Default,,0000,0000,0000,,But sometimes fishing is good.\NRelatively quickly the ACP returns
Dialogue: 0,0:40:42.73,0:40:46.73,Default,,0000,0000,0000,,an ACK indicating a successful glitch. The\Nfirst successful glitch took some hours
Dialogue: 0,0:40:46.73,0:40:50.22,Default,,0000,0000,0000,,to find. And then, after this it was\Npossible to make it work repeatedly
Dialogue: 0,0:40:50.22,0:40:53.97,Default,,0000,0000,0000,,in a matter of minutes or even seconds.\NSo now I have my code executing
Dialogue: 0,0:40:53.97,0:40:58.56,Default,,0000,0000,0000,,in RAM, I’m able to send the ACP\Nadditional pieces of code to be executed.
Dialogue: 0,0:40:58.56,0:41:01.97,Default,,0000,0000,0000,,This allows me to read any memory address,\Nwrite any memory address, and perform
Dialogue: 0,0:41:01.97,0:41:07.49,Default,,0000,0000,0000,,any other operations\Npossible with the 6502.
Dialogue: 0,0:41:07.49,0:41:11.14,Default,,0000,0000,0000,,I wrote a simple application to perform\Nglitch surges, and then to interact
Dialogue: 0,0:41:11.14,0:41:15.05,Default,,0000,0000,0000,,with the code payload backdoor installed\Nin RAM. And this program allows me
Dialogue: 0,0:41:15.05,0:41:19.90,Default,,0000,0000,0000,,to enter an address and length and have\Ndata returned. Or write memory etc.
Dialogue: 0,0:41:19.90,0:41:23.29,Default,,0000,0000,0000,,There’s also support for setting the key\Nand data, and performing DES encrypt
Dialogue: 0,0:41:23.29,0:41:28.01,Default,,0000,0000,0000,,or decrypt using the DES hardware that’s\Ninside the ACP. A few things I noticed
Dialogue: 0,0:41:28.01,0:41:32.85,Default,,0000,0000,0000,,at this point: there’s a 2 kB area of ROM\Nthat, if I attempted to read it, caused
Dialogue: 0,0:41:32.85,0:41:37.03,Default,,0000,0000,0000,,the chip to reset. This area of ROM\Ncontains the personalization routines
Dialogue: 0,0:41:37.03,0:41:41.04,Default,,0000,0000,0000,,that are never normally used\Nafter the device leaves the factory.
Dialogue: 0,0:41:41.04,0:41:44.47,Default,,0000,0000,0000,,There’s also protection against modifying\Nthe Seed Keys in RAM. Trying to store
Dialogue: 0,0:41:44.47,0:41:48.88,Default,,0000,0000,0000,,a value in these memory locations\Nappeared to do nothing.
Dialogue: 0,0:41:48.88,0:41:53.52,Default,,0000,0000,0000,,There are specific addresses within RAM\Nthat can’t be read or the chip will lock up.
Dialogue: 0,0:41:53.52,0:41:57.60,Default,,0000,0000,0000,,These are clever traps put in place\Nas a security measure. The 7-byte
Dialogue: 0,0:41:57.60,0:42:02.79,Default,,0000,0000,0000,,56 bit keys stored in RAM stride all these\Ndead addresses. So a potential exploit
Dialogue: 0,0:42:02.79,0:42:06.23,Default,,0000,0000,0000,,that could cause a linear dump of memory\Nwill be stopped before a complete key
Dialogue: 0,0:42:06.23,0:42:11.37,Default,,0000,0000,0000,,is ever read. When the chip is reset it\Nmeans having to glitch it again, because
Dialogue: 0,0:42:11.37,0:42:14.72,Default,,0000,0000,0000,,my code payload exists only in RAM, and\Nthere is no way to hook in a permanent
Dialogue: 0,0:42:14.72,0:42:19.10,Default,,0000,0000,0000,,backdoor.
Dialogue: 0,0:42:19.10,0:42:22.48,Default,,0000,0000,0000,,Since we can execute code on the ACP the\Nreceiver responds, we can read the ROM
Dialogue: 0,0:42:22.48,0:42:25.41,Default,,0000,0000,0000,,to have its contents without any of the\Nerrors that were introduced during
Dialogue: 0,0:42:25.41,0:42:30.12,Default,,0000,0000,0000,,the optical extraction process. Comparing\Nthe results of the optical ROM extraction
Dialogue: 0,0:42:30.12,0:42:34.59,Default,,0000,0000,0000,,with the proper dump we can see how many\Nerrors were in the optical extraction.
Dialogue: 0,0:42:34.59,0:42:37.92,Default,,0000,0000,0000,,Overall the optical extraction was quite\Ngood. It was, after all, good enough
Dialogue: 0,0:42:37.92,0:42:41.83,Default,,0000,0000,0000,,to understand the software and get us to\Nthis point. There is only one byte with
Dialogue: 0,0:42:41.83,0:42:46.21,Default,,0000,0000,0000,,more than a single incorrectly flipped\Nbit. Many of the errors that existed
Dialogue: 0,0:42:46.21,0:42:50.29,Default,,0000,0000,0000,,were quite obvious from disassembling the\Nsoftware. If an instruction is out of place
Dialogue: 0,0:42:50.29,0:42:55.03,Default,,0000,0000,0000,,but flipping a single bit would make it\Nsensible then it was probably a bit error.
Dialogue: 0,0:42:55.03,0:42:58.51,Default,,0000,0000,0000,,I didn’t keep detailed records but I think\NI probably caught about half of the ROM
Dialogue: 0,0:42:58.51,0:43:05.61,Default,,0000,0000,0000,,errors during the disassembly process\Nbefore I started glitching.
Dialogue: 0,0:43:05.61,0:43:10.04,Default,,0000,0000,0000,,The interesting keys in the ACP are all\Nstored in RAM only. This includes
Dialogue: 0,0:43:10.04,0:43:14.06,Default,,0000,0000,0000,,Working/Program/Category and Seed Keys.\NThe RAM is battery-backed.
Dialogue: 0,0:43:14.06,0:43:18.57,Default,,0000,0000,0000,,If the Seed Keys are ever lost from RAM\Nthis ACP can no longer process EMMs
Dialogue: 0,0:43:18.57,0:43:23.36,Default,,0000,0000,0000,,and so is useless. It’s possible to glitch\Nthe ACP and read memory, but the glitcher
Dialogue: 0,0:43:23.36,0:43:28.77,Default,,0000,0000,0000,,works on an ACP removed from their\Nset-top-box. When the ACP is in-circuit
Dialogue: 0,0:43:28.77,0:43:33.59,Default,,0000,0000,0000,,the connections to other components and\N16 VCC-connected pins pose the problem.
Dialogue: 0,0:43:33.59,0:43:38.13,Default,,0000,0000,0000,,To glitch the ACP in-circuit we’ll require\Nsome modifications to the set-top-box
Dialogue: 0,0:43:38.13,0:43:42.34,Default,,0000,0000,0000,,disconnecting the ACP from other parts.\NOr, another alternative is to remove
Dialogue: 0,0:43:42.34,0:43:47.00,Default,,0000,0000,0000,,the ACP from the set-top-box and place it\Non a breakout board without loosing
Dialogue: 0,0:43:47.00,0:43:52.87,Default,,0000,0000,0000,,the battery power and wiping RAM. Rather\Nthan modify the set-top-box, where each
Dialogue: 0,0:43:52.87,0:43:56.65,Default,,0000,0000,0000,,of several different models would have\Nrequired unique modifications I decided
Dialogue: 0,0:43:56.65,0:44:01.44,Default,,0000,0000,0000,,to try to remove the ACP with the battery\Nstill attached. The plan is to carefully
Dialogue: 0,0:44:01.44,0:44:07.65,Default,,0000,0000,0000,,lift the Battery and Ground pins while the\Nset-top-box is powered on providing VCC.
Dialogue: 0,0:44:07.65,0:44:11.28,Default,,0000,0000,0000,,I use a small tool I made from a razorblade\Nusing a Dremel tool, then attached
Dialogue: 0,0:44:11.28,0:44:15.06,Default,,0000,0000,0000,,the handle of a screw driver. This tool\Ncan be wedged under a pin, then with
Dialogue: 0,0:44:15.06,0:44:18.42,Default,,0000,0000,0000,,some hot air the solder will melt and\Na single pin can be lifted straight up
Dialogue: 0,0:44:18.42,0:44:23.92,Default,,0000,0000,0000,,without damaging any of the other pins.
Dialogue: 0,0:44:23.92,0:44:27.47,Default,,0000,0000,0000,,With the pins lifted an external battery\Ncan be attached.
Dialogue: 0,0:44:27.47,0:44:29.24,Default,,0000,0000,0000,,After attaching an external battery…
Dialogue: 0,0:44:29.24,0:44:38.33,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:44:38.33,0:44:41.70,Default,,0000,0000,0000,,After attaching an external battery the\Nset-top-box is unplugged, and the ACP
Dialogue: 0,0:44:41.70,0:44:46.37,Default,,0000,0000,0000,,can be removed from the set-top.box using\Nhot air. The ACP can be removed from
Dialogue: 0,0:44:46.37,0:44:51.04,Default,,0000,0000,0000,,the set-top-box, glitched, and can even be\Nplaced back in the set-top-box, if desired.
Dialogue: 0,0:44:51.04,0:44:55.48,Default,,0000,0000,0000,,To do this I just use hot air and a lot of\Nflux. Additionally, once the interesting
Dialogue: 0,0:44:55.48,0:44:59.19,Default,,0000,0000,0000,,keys have been extracted it may not even\Nbe necessary to replace the ACP
Dialogue: 0,0:44:59.19,0:45:04.49,Default,,0000,0000,0000,,in the set-top-box. The ACP is now placed\Non a breakout board and connected
Dialogue: 0,0:45:04.49,0:45:08.58,Default,,0000,0000,0000,,with the glitcher. Not all the pins need\Nto be connected. Only a handful of pins
Dialogue: 0,0:45:08.58,0:45:12.18,Default,,0000,0000,0000,,are actually used by the glitcher. You can\Nalso see at this point the glitcher is
Dialogue: 0,0:45:12.18,0:45:17.05,Default,,0000,0000,0000,,in a project box. The aesthetics greatly\Nimproved since the breadboard-based
Dialogue: 0,0:45:17.05,0:45:22.37,Default,,0000,0000,0000,,glitcher. But the functionality is\Nidentical. The timing of ACP responses
Dialogue: 0,0:45:22.37,0:45:25.57,Default,,0000,0000,0000,,is different on a chip with valid RAM\Ncompared to the previous chips
Dialogue: 0,0:45:25.57,0:45:30.04,Default,,0000,0000,0000,,that I had glitched before. I didn’t\Nconfirm whether the cause of the timing
Dialogue: 0,0:45:30.04,0:45:32.77,Default,,0000,0000,0000,,difference was due to a different\Noscillator configuration or just
Dialogue: 0,0:45:32.77,0:45:35.95,Default,,0000,0000,0000,,a different software path. But by\Nadjusting the timing of the glitches
Dialogue: 0,0:45:35.95,0:45:41.15,Default,,0000,0000,0000,,the executable code payload runs as it did\Non the previous chips. So now we can read
Dialogue: 0,0:45:41.15,0:45:45.19,Default,,0000,0000,0000,,the RAM contents of a valid ACP, including\Nthe Category Keys, if the set-top-box had
Dialogue: 0,0:45:45.19,0:45:49.72,Default,,0000,0000,0000,,current authorization, as well as the Seed\NKeys that are used by this ACP to decrypt
Dialogue: 0,0:45:49.72,0:45:56.91,Default,,0000,0000,0000,,EMMs. With a valid Category Key ECMs can\Nbe decrypted, and a cracked Working Key
Dialogue: 0,0:45:56.91,0:46:03.33,Default,,0000,0000,0000,,can be calculated for any channel. Now,\Nwith the capability of running my own code
Dialogue: 0,0:46:03.33,0:46:07.01,Default,,0000,0000,0000,,of the ACP it’s time to look at the\Ntransport stream descrambling.
Dialogue: 0,0:46:07.01,0:46:10.72,Default,,0000,0000,0000,,There’s a hardware register bit that\Nis set or cleared, based on a byte
Dialogue: 0,0:46:10.72,0:46:15.05,Default,,0000,0000,0000,,in the ECM40. When this bit is cleared\Nstandard DES decryption is used.
Dialogue: 0,0:46:15.05,0:46:19.18,Default,,0000,0000,0000,,When the bit is set the transport stream\Ndescrambler acts differently. Additionally,
Dialogue: 0,0:46:19.18,0:46:23.65,Default,,0000,0000,0000,,there’s an 8-bit hardware register in the\NDES peripheral area. When it’s Zero
Dialogue: 0,0:46:23.65,0:46:26.61,Default,,0000,0000,0000,,the peripheral operates the standard DES.\NFor any other value the peripheral acts
Dialogue: 0,0:46:26.61,0:46:29.91,Default,,0000,0000,0000,,differently. At this point I started to\Nthink I might be looking at doing
Dialogue: 0,0:46:29.91,0:46:34.15,Default,,0000,0000,0000,,a Gate-level reverse engineering of the\Nchip to understand this functionality.
Dialogue: 0,0:46:34.15,0:46:38.50,Default,,0000,0000,0000,,The chip is using technology that’s older.\NSo reverse-engineering should be feasible.
Dialogue: 0,0:46:38.50,0:46:42.02,Default,,0000,0000,0000,,But, if possible, I’d like to avoid all\Nthis extra work. It would be quite
Dialogue: 0,0:46:42.02,0:46:44.67,Default,,0000,0000,0000,,time consuming, and might give imperfect\Nresults, similar to the optical ROM
Dialogue: 0,0:46:44.67,0:46:48.49,Default,,0000,0000,0000,,extraction. So I started with trying to\Ncharacterize descrambling modes.
Dialogue: 0,0:46:48.49,0:46:51.89,Default,,0000,0000,0000,,The transport stream packet is made up\Nof a 4-byte header and 23 blocks of
Dialogue: 0,0:46:51.89,0:46:56.61,Default,,0000,0000,0000,,8 bytes each. The DES operates\Non these 8 byte (64 bit) blocks.
Dialogue: 0,0:46:56.61,0:47:03.28,Default,,0000,0000,0000,,By flipping one bit in encrypted input ECB,\NCBC or OFB modes can be differentiated.
Dialogue: 0,0:47:03.28,0:47:07.31,Default,,0000,0000,0000,,Flipping one bit causes an 8-byte block\Nto be corrupted, and the corresponding bit
Dialogue: 0,0:47:07.31,0:47:11.87,Default,,0000,0000,0000,,in the following block to be flipped.\NThis indicates CBC mode is in use.
Dialogue: 0,0:47:11.87,0:47:14.74,Default,,0000,0000,0000,,Timing of the input compared to the\Ndecrypted output was measured with
Dialogue: 0,0:47:14.74,0:47:18.12,Default,,0000,0000,0000,,the descrambler and standard DES,\Nand in the custom hardware mode.
Dialogue: 0,0:47:18.12,0:47:21.67,Default,,0000,0000,0000,,No timing difference was seen. This\Nsuggests the internal properties of DES
Dialogue: 0,0:47:21.67,0:47:24.92,Default,,0000,0000,0000,,haven't changed. Which makes sense\Nbecause the decryption has to be done
Dialogue: 0,0:47:24.92,0:47:29.61,Default,,0000,0000,0000,,in realtime. So this suggests that crypto\Ncustomizations are not affecting
Dialogue: 0,0:47:29.61,0:47:34.59,Default,,0000,0000,0000,,some DES internals like the number of\Nrounds. Also by using ACP as a decryption
Dialogue: 0,0:47:34.59,0:47:38.59,Default,,0000,0000,0000,,oracle I determined that the customization\Naffects each of the 23 blocks of the
Dialogue: 0,0:47:38.59,0:47:44.15,Default,,0000,0000,0000,,transport stream differently. Next\NI tested the software using DES ‘weak keys’.
Dialogue: 0,0:47:44.15,0:47:48.07,Default,,0000,0000,0000,,These are certain keys not recommended\Nfor use with DES because their properties
Dialogue: 0,0:47:48.07,0:47:51.89,Default,,0000,0000,0000,,weaken the cryptographic strength.\NA key of all Zero or all One bits
Dialogue: 0,0:47:51.89,0:47:56.52,Default,,0000,0000,0000,,will cause DES decryption and encryption\Nto be identical. That is running the same
Dialogue: 0,0:47:56.52,0:48:01.85,Default,,0000,0000,0000,,data through Encrypt or Decrypt will give\Nthe same result. I can test this on an ACP
Dialogue: 0,0:48:01.85,0:48:06.41,Default,,0000,0000,0000,,configured for standard DES decryption\Nand see the expected ‘weak key’ behavior.
Dialogue: 0,0:48:06.41,0:48:10.27,Default,,0000,0000,0000,,When tested with the descrambler in custom\Nmode the ‘weak key’ behaviour changes.
Dialogue: 0,0:48:10.27,0:48:13.99,Default,,0000,0000,0000,,Using a key of all Zero or all One didn’t\Nproduce the same results in Encrypt
Dialogue: 0,0:48:13.99,0:48:18.58,Default,,0000,0000,0000,,and Decrypt modes. Looking at the other\Nhardware register, testing the DES
Dialogue: 0,0:48:18.58,0:48:22.71,Default,,0000,0000,0000,,peripheral with different values in the\N8-bit register, and using ‘weak keys’,
Dialogue: 0,0:48:22.71,0:48:26.96,Default,,0000,0000,0000,,shows that the standard DES ‘weak key’\Nbehaviour still exists. So my hunch
Dialogue: 0,0:48:26.96,0:48:29.87,Default,,0000,0000,0000,,at this point is that one customization\Naffects the key, and the other customization
Dialogue: 0,0:48:29.87,0:48:33.04,Default,,0000,0000,0000,,affects the data. At this point I can’t be\Ncertain, but I have a good feeling about
Dialogue: 0,0:48:33.04,0:48:37.31,Default,,0000,0000,0000,,the theory, so I continue to investigate.
Dialogue: 0,0:48:37.31,0:48:40.11,Default,,0000,0000,0000,,Based on the idea that the hardware\Ncustomization affects only the key
Dialogue: 0,0:48:40.11,0:48:44.16,Default,,0000,0000,0000,,and decryption is static I thought the\Nsimplest customization will be an XOR
Dialogue: 0,0:48:44.16,0:48:48.66,Default,,0000,0000,0000,,mask that’s applied to the key before it’s\Nused for DES decryption. XOR requires
Dialogue: 0,0:48:48.66,0:48:51.63,Default,,0000,0000,0000,,only a single gate in series of the DES\Nengine so it fits the requirements of
Dialogue: 0,0:48:51.63,0:48:55.83,Default,,0000,0000,0000,,fast and very simple implement in\Nhardware. A change of even a single bit
Dialogue: 0,0:48:55.83,0:48:59.48,Default,,0000,0000,0000,,in the key could cause the observed\Neffects. Flipping more than 28 bits
Dialogue: 0,0:48:59.48,0:49:04.31,Default,,0000,0000,0000,,will be pointless. That’s the same as\Ninverting a key and flipping fewer bits.
Dialogue: 0,0:49:04.31,0:49:07.18,Default,,0000,0000,0000,,More flipped bits means more gates\Nnecessary for the customization, so
Dialogue: 0,0:49:07.18,0:49:11.47,Default,,0000,0000,0000,,it makes sense to flip a minimal number\Nof bits. So I wrote this wonderful FOR loop,
Dialogue: 0,0:49:11.47,0:49:15.81,Default,,0000,0000,0000,,nested 16 levels deep, to test decryption\Nresults after flipping one bit of the key,
Dialogue: 0,0:49:15.81,0:49:20.03,Default,,0000,0000,0000,,then flipping two bits, then three bits\Netc. of the 16 bits. To test all the
Dialogue: 0,0:49:20.03,0:49:22.78,Default,,0000,0000,0000,,possible keys will take a long time. But\Nif only a few bits are flipped then it
Dialogue: 0,0:49:22.78,0:49:27.17,Default,,0000,0000,0000,,might be possible to run it in a shorter\Nperiod of time. And promising results
Dialogue: 0,0:49:27.17,0:49:31.01,Default,,0000,0000,0000,,did come quickly. It turns out the theory\Nheld up. And some of the blocks have
Dialogue: 0,0:49:31.01,0:49:35.61,Default,,0000,0000,0000,,as few as three bits flipped. This takes\Nonly seconds for the software to identify.
Dialogue: 0,0:49:35.61,0:49:39.51,Default,,0000,0000,0000,,After verifying that these work for XOR\Nmasks, for these logs the software then
Dialogue: 0,0:49:39.51,0:49:42.45,Default,,0000,0000,0000,,was left running to find all 23 masks.
Dialogue: 0,0:49:42.45,0:49:45.83,Default,,0000,0000,0000,,The simple brute-force method worked,\Nit ran for a couple of days to identify
Dialogue: 0,0:49:45.83,0:49:50.38,Default,,0000,0000,0000,,all the 23 masks. By more carefully\Nanalyzing which bits were being flipped
Dialogue: 0,0:49:50.38,0:49:54.23,Default,,0000,0000,0000,,in the early results a pattern can\Nactually be found. So the search could
Dialogue: 0,0:49:54.23,0:49:57.46,Default,,0000,0000,0000,,have been more limited. Using this\Ntechnique the software cracker could have
Dialogue: 0,0:49:57.46,0:50:02.21,Default,,0000,0000,0000,,completed it in under a second.
Dialogue: 0,0:50:02.21,0:50:04.72,Default,,0000,0000,0000,,After successfully solving the first\Nhardware customization the theory
Dialogue: 0,0:50:04.72,0:50:10.32,Default,,0000,0000,0000,,that the second customization is\Na Data XOR looks promising. It makes sense
Dialogue: 0,0:50:10.32,0:50:14.59,Default,,0000,0000,0000,,that one or more XOR gate is enabled by\Neach bit of the 8-bit hardware register.
Dialogue: 0,0:50:14.59,0:50:18.43,Default,,0000,0000,0000,,Using the ACP as a decryption oracle\Na known key in Data were decrypted
Dialogue: 0,0:50:18.43,0:50:22.50,Default,,0000,0000,0000,,with all values of the 8-bit register.\NSoftware attack of this function
Dialogue: 0,0:50:22.50,0:50:28.26,Default,,0000,0000,0000,,was successful, and 255 XOR masks were\Nidentified, behavior matching what was
Dialogue: 0,0:50:28.26,0:50:33.82,Default,,0000,0000,0000,,expected. I haven’t actually seen this\Ncustomization in actual use. Presumably,
Dialogue: 0,0:50:33.82,0:50:36.00,Default,,0000,0000,0000,,they’re saving it to be used as\Na countermeasure against pirate devices
Dialogue: 0,0:50:36.00,0:50:39.41,Default,,0000,0000,0000,,when necessary. But it hasn’t been\Nnecessary since the system never had
Dialogue: 0,0:50:39.41,0:50:43.86,Default,,0000,0000,0000,,a security breach.
Dialogue: 0,0:50:43.86,0:50:51.73,Default,,0000,0000,0000,,{\i1}laughs{\i0}\N{\i1}applause{\i0}
Dialogue: 0,0:50:51.73,0:50:55.16,Default,,0000,0000,0000,,In order to implement a Softcam, a software\Nimplementation of the descrambler,
Dialogue: 0,0:50:55.16,0:50:59.48,Default,,0000,0000,0000,,a few cryptographic details need to be\Nidentified. But at this point I have
Dialogue: 0,0:50:59.48,0:51:03.77,Default,,0000,0000,0000,,all the tools to do so. The initialization\Nvector used for CBC mode can be found
Dialogue: 0,0:51:03.77,0:51:07.26,Default,,0000,0000,0000,,through simple XOR. And the handling of\Nshort blocks – those less than the
Dialogue: 0,0:51:07.26,0:51:11.79,Default,,0000,0000,0000,,64 bit DES block size can be identified\Nlikewise. With all these details
Dialogue: 0,0:51:11.79,0:51:14.98,Default,,0000,0000,0000,,a software implementation of the\NEMM decryption of Category Key and
Dialogue: 0,0:51:14.98,0:51:19.16,Default,,0000,0000,0000,,ECM decryption of Program Key and Working\NKeys can be made and the transport stream
Dialogue: 0,0:51:19.16,0:51:23.54,Default,,0000,0000,0000,,descrambler can also be implemented in\Nsoftware. The rapid key changes and the
Dialogue: 0,0:51:23.54,0:51:27.29,Default,,0000,0000,0000,,use of DES with h/w customizations makes\Nit a bit different to implement, compared
Dialogue: 0,0:51:27.29,0:51:32.12,Default,,0000,0000,0000,,to a Softcam for typical DVB systems,\Nbut overall the concept is the same.
Dialogue: 0,0:51:32.12,0:51:37.07,Default,,0000,0000,0000,,And now it’s all working! I was able to\Ntest it, and it’s fully working on both
Dialogue: 0,0:51:37.07,0:51:40.90,Default,,0000,0000,0000,,the satellite and cable systems. This\Nis a screen that’s broadcast before
Dialogue: 0,0:51:40.90,0:51:44.74,Default,,0000,0000,0000,,a pay-per-view event goes live. The\Npay-per-view, like all other channels,
Dialogue: 0,0:51:44.74,0:51:48.01,Default,,0000,0000,0000,,can be decrypted with the Softcam using\Nthe algorithms learned in these keys that
Dialogue: 0,0:51:48.01,0:51:53.96,Default,,0000,0000,0000,,were extracted. With the ECM and EMM\Nalgorithms and Seed Keys for a set-top-box
Dialogue: 0,0:51:53.96,0:51:57.68,Default,,0000,0000,0000,,with any level of authorization the\NCategory Key can be decrypted
Dialogue: 0,0:51:57.68,0:52:01.55,Default,,0000,0000,0000,,and then used to decrypt any and all\Nof the channels that are broadcast
Dialogue: 0,0:52:01.55,0:52:05.15,Default,,0000,0000,0000,,by this provider.
Dialogue: 0,0:52:05.15,0:52:14.06,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:52:14.06,0:52:18.59,Default,,0000,0000,0000,,A few of the weaknesses that I identified\Nin this system were that the ACP I studied
Dialogue: 0,0:52:18.59,0:52:23.16,Default,,0000,0000,0000,,is relatively old technology, almost\N20 years old. So this makes it a lot
Dialogue: 0,0:52:23.16,0:52:26.50,Default,,0000,0000,0000,,easier for invasive analysis today\Nthan one that was brand new.
Dialogue: 0,0:52:26.50,0:52:32.49,Default,,0000,0000,0000,,The TQFP100 package is quite easy to deal\Nwith compared to modern alternatives.
Dialogue: 0,0:52:32.49,0:52:38.17,Default,,0000,0000,0000,,The chip is susceptible to voltage\Nglitching. It’s a van-Neumann architecture
Dialogue: 0,0:52:38.17,0:52:42.35,Default,,0000,0000,0000,,without strong MMU protection preventing\Ncode to be executed from RAM.
Dialogue: 0,0:52:42.35,0:52:47.04,Default,,0000,0000,0000,,They didn’t leave any possibility for code\Nupdate or dynamic code execution
Dialogue: 0,0:52:47.04,0:52:52.20,Default,,0000,0000,0000,,for countermeasure purposes. The software\Nfor the ACP is contained entirely in ROM
Dialogue: 0,0:52:52.20,0:52:57.07,Default,,0000,0000,0000,,with no mechanism for software updates in\Nthe field. The hardware customizations
Dialogue: 0,0:52:57.07,0:53:00.99,Default,,0000,0000,0000,,to the crypto were quite simple and\Nrequired no reverse-engineering
Dialogue: 0,0:53:00.99,0:53:08.88,Default,,0000,0000,0000,,of the chip logic. I was basically able to\Nguess the hardware customizations.
Dialogue: 0,0:53:08.88,0:53:11.65,Default,,0000,0000,0000,,I was impressed with the design of the\Nsystem. It was actually stronger than
Dialogue: 0,0:53:11.65,0:53:16.19,Default,,0000,0000,0000,,I anticipated when I started the project.\NAll the key handling and decryption
Dialogue: 0,0:53:16.19,0:53:20.01,Default,,0000,0000,0000,,is contained within a single chip which\Nmakes it impossible to do key sharing
Dialogue: 0,0:53:20.01,0:53:23.89,Default,,0000,0000,0000,,that’s being done with some of the\Nsmartcard systems. The fast Working Key
Dialogue: 0,0:53:23.89,0:53:29.05,Default,,0000,0000,0000,,change interval – only a 133 ms – also\Nmakes key sharing more difficult.
Dialogue: 0,0:53:29.05,0:53:34.24,Default,,0000,0000,0000,,And the short lifetime of the key makes\Ncracking it in realtime quite unrealistic.
Dialogue: 0,0:53:34.24,0:53:37.64,Default,,0000,0000,0000,,The lack of code in any rewritable memory\Nmeans there’s nowhere to write code for
Dialogue: 0,0:53:37.64,0:53:45.50,Default,,0000,0000,0000,,a permanent backdoor to disable the\Naccess controls. I listed this also as
Dialogue: 0,0:53:45.50,0:53:49.42,Default,,0000,0000,0000,,a weakness but in fact this is a strength\Nas it limits the attacker’s capability
Dialogue: 0,0:53:49.42,0:53:53.85,Default,,0000,0000,0000,,to install any kind of persistent\Nbackdoor. The chip operates
Dialogue: 0,0:53:53.85,0:53:56.94,Default,,0000,0000,0000,,on an internal clock eliminating clock\Nglitch attack and making timing
Dialogue: 0,0:53:56.94,0:54:01.55,Default,,0000,0000,0000,,a voltage glitch a lot more difficult.\NThese dead addresses in the middle
Dialogue: 0,0:54:01.55,0:54:05.73,Default,,0000,0000,0000,,of DES keys prevent linear readout of\Nkeys. If one were to cause a loop reading
Dialogue: 0,0:54:05.73,0:54:09.29,Default,,0000,0000,0000,,data to go out of bounds and reach the\Narea of RAM where keys are stored
Dialogue: 0,0:54:09.29,0:54:13.43,Default,,0000,0000,0000,,the chip will reset before an entire key\Nis read. After the first couple of bytes
Dialogue: 0,0:54:13.43,0:54:17.79,Default,,0000,0000,0000,,a dead address will be accessed that\Ncauses the chip to reset.
Dialogue: 0,0:54:17.79,0:54:22.39,Default,,0000,0000,0000,,The personalization ROM appears to be\Ninaccessible so it can’t easily be used
Dialogue: 0,0:54:22.39,0:54:28.03,Default,,0000,0000,0000,,to modify the keys and Unit Address\Nwithin the ACP. The Seed Keys
Dialogue: 0,0:54:28.03,0:54:32.12,Default,,0000,0000,0000,,aren’t easily changed so the\Nset-top-boxes can’t easily be cloned.
Dialogue: 0,0:54:32.12,0:54:37.17,Default,,0000,0000,0000,,The keys exist only in RAM so you have to\Nmaintain a battery backup at all times.
Dialogue: 0,0:54:37.17,0:54:42.84,Default,,0000,0000,0000,,This rules out a lot of invasive attacks\Nto retrieve the keys. And there are
Dialogue: 0,0:54:42.84,0:54:46.36,Default,,0000,0000,0000,,no group keys used for EMMs. All the\Nunit addressing is to individual units.
Dialogue: 0,0:54:46.36,0:54:51.35,Default,,0000,0000,0000,,So you have to pull keys from an actively\Nsubscribed box in order to get active keys.
Dialogue: 0,0:54:51.35,0:54:54.73,Default,,0000,0000,0000,,That said if you have keys from a box\Nthat is subscribed to any channel
Dialogue: 0,0:54:54.73,0:54:58.65,Default,,0000,0000,0000,,you’ll receive an EMM containing the\NCategory Key which is capable of
Dialogue: 0,0:54:58.65,0:55:02.14,Default,,0000,0000,0000,,decrypting all channels. So you don’t need\Nto have a subscription to all channels
Dialogue: 0,0:55:02.14,0:55:04.98,Default,,0000,0000,0000,,you want to decrypt as long as you’re\Nauthorized for at least one channel
Dialogue: 0,0:55:04.98,0:55:09.71,Default,,0000,0000,0000,,on the system.
Dialogue: 0,0:55:09.71,0:55:13.18,Default,,0000,0000,0000,,The software is generally well designed\Nand written. I didn’t notice any glaring
Dialogue: 0,0:55:13.18,0:55:18.66,Default,,0000,0000,0000,,bugs within it. Although DES is used the\NEMM decryption requires using three
Dialogue: 0,0:55:18.66,0:55:23.58,Default,,0000,0000,0000,,DES keys, and multiple rounds are\Nperformed when decrypting EMM and ECMs.
Dialogue: 0,0:55:23.58,0:55:28.48,Default,,0000,0000,0000,,So this part isn’t as simple as\Ncracking a single 56-bit key.
Dialogue: 0,0:55:28.48,0:55:32.01,Default,,0000,0000,0000,,Brute-forcing, starting from the encrypted\Ntransport stream requires cracking
Dialogue: 0,0:55:32.01,0:55:35.66,Default,,0000,0000,0000,,Working Key, then Program Key,\Nthen Category Key and, finally,
Dialogue: 0,0:55:35.66,0:55:43.37,Default,,0000,0000,0000,,the three Seed Keys.
Dialogue: 0,0:55:43.37,0:55:46.81,Default,,0000,0000,0000,,You might wonder how many set-top-boxes\Nit took for me to complete this project!
Dialogue: 0,0:55:46.81,0:55:56.52,Default,,0000,0000,0000,,{\i1}laughter and applause{\i0}
Dialogue: 0,0:55:56.52,0:55:59.78,Default,,0000,0000,0000,,The truth is I only needed the one…\N…truck load!
Dialogue: 0,0:55:59.78,0:56:02.10,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:56:02.10,0:56:05.99,Default,,0000,0000,0000,,Some of the boxes had different versions\Nof the ACP chip. Many of the boxes had
Dialogue: 0,0:56:05.99,0:56:08.71,Default,,0000,0000,0000,,different PCB layouts. So it was\Ninteresting to be able to look at
Dialogue: 0,0:56:08.71,0:56:14.32,Default,,0000,0000,0000,,a variety of boxes. The cost of used set\Ntop boxes was low, ca. $20. And for
Dialogue: 0,0:56:14.32,0:56:17.54,Default,,0000,0000,0000,,this research I was focusing on the signal\Nsecurity and didn’t need the PVR
Dialogue: 0,0:56:17.54,0:56:24.50,Default,,0000,0000,0000,,functionality or any of the advanced\Nfeatures from the expensive set-top-boxes.
Dialogue: 0,0:56:24.50,0:56:28.31,Default,,0000,0000,0000,,So at this point I have a brief anti-piracy\Nmessage: I don’t recommend you pirate
Dialogue: 0,0:56:28.31,0:56:32.42,Default,,0000,0000,0000,,cable or satellite TV. There is never\Nanything good on. It doesn’t matter
Dialogue: 0,0:56:32.42,0:56:34.62,Default,,0000,0000,0000,,how many channels you can decrypt.\NBelieve me – I looked!
Dialogue: 0,0:56:34.62,0:56:36.30,Default,,0000,0000,0000,,It’s not worth the effort!
Dialogue: 0,0:56:36.30,0:56:51.45,Default,,0000,0000,0000,,{\i1}laughter and applause{\i0}
Dialogue: 0,0:56:51.45,0:56:55.25,Default,,0000,0000,0000,,Herald: Do we have questions\Nfrom the room?
Dialogue: 0,0:56:55.25,0:56:59.82,Default,,0000,0000,0000,,Questions – please use the microphones.
Dialogue: 0,0:56:59.82,0:57:05.75,Default,,0000,0000,0000,,I know there is one question\Nfrom the interwebs.
Dialogue: 0,0:57:05.75,0:57:08.41,Default,,0000,0000,0000,,Signal Angel: Okay, hello.\NThis is working? Good.
Dialogue: 0,0:57:08.41,0:57:13.99,Default,,0000,0000,0000,,So the first question from the internet\Nis: how many chips did you destroy
Dialogue: 0,0:57:13.99,0:57:20.81,Default,,0000,0000,0000,,or make unusable, and how did you\Nget all those set-top-boxes?
Dialogue: 0,0:57:20.81,0:57:24.44,Default,,0000,0000,0000,,Chris: Because the cost of the used\Nset-top-boxes was quite low I wasn’t
Dialogue: 0,0:57:24.44,0:57:29.42,Default,,0000,0000,0000,,afraid to destroy several chips in the\Nprocess. It didn’t take as many
Dialogue: 0,0:57:29.42,0:57:36.33,Default,,0000,0000,0000,,as I would have expected in the beginning.\NTwo or three chips were used for the
Dialogue: 0,0:57:36.33,0:57:39.97,Default,,0000,0000,0000,,decapsulation and the delayering process.\NI ended up extracting the ROM
Dialogue: 0,0:57:39.97,0:57:44.66,Default,,0000,0000,0000,,from a single chip. And then, when\Nit came to glitching, there were
Dialogue: 0,0:57:44.66,0:57:49.60,Default,,0000,0000,0000,,three or four chips that I removed and\Nerased the RAM from to develop the glitch.
Dialogue: 0,0:57:49.60,0:57:53.31,Default,,0000,0000,0000,,When I finally got to the point where\NI was extracting keys from a valid chip
Dialogue: 0,0:57:53.31,0:57:59.26,Default,,0000,0000,0000,,the very first chip that I tried worked.\NSo there were few casualties involved!
Dialogue: 0,0:57:59.26,0:58:03.51,Default,,0000,0000,0000,,Herald: Thank you! Microphone 3\Nwas the first one, please!
Dialogue: 0,0:58:03.51,0:58:09.50,Default,,0000,0000,0000,,Mic3: How many years\Ndid this project take you?
Dialogue: 0,0:58:09.50,0:58:12.47,Default,,0000,0000,0000,,Chris: I would work for a few weeks at\Na time and then get burned out and
Dialogue: 0,0:58:12.47,0:58:16.42,Default,,0000,0000,0000,,take a break, and then come back to it.\NMost of the work for the project
Dialogue: 0,0:58:16.42,0:58:22.02,Default,,0000,0000,0000,,was completed over about a 2-year period.
Dialogue: 0,0:58:22.02,0:58:25.53,Default,,0000,0000,0000,,Herald: Thank you. And…\NMicrophone 2, please!
Dialogue: 0,0:58:25.53,0:58:29.17,Default,,0000,0000,0000,,Mic2: Hi, thank you for a great\Nlecture. How comes that
Dialogue: 0,0:58:29.17,0:58:35.96,Default,,0000,0000,0000,,the content decryption was DES and\Nnot a DVB-CSA because we're used
Dialogue: 0,0:58:35.96,0:58:39.09,Default,,0000,0000,0000,,that content is encrypted\Nwith DVB-CSA in these DVB systems.
Dialogue: 0,0:58:39.09,0:58:41.86,Default,,0000,0000,0000,,Chris: In North America we\Ndon’t believe in standards!
Dialogue: 0,0:58:41.86,0:58:45.24,Default,,0000,0000,0000,,{\i1}laughter{\i0}
Dialogue: 0,0:58:45.24,0:58:48.68,Default,,0000,0000,0000,,Mic2: Thanks!
Dialogue: 0,0:58:48.68,0:58:51.65,Default,,0000,0000,0000,,Chris: The timing was also a part of it.\NThe system was being developed
Dialogue: 0,0:58:51.65,0:58:55.76,Default,,0000,0000,0000,,at the same time as DVB was being\Nstandardized. So General Instrument
Dialogue: 0,0:58:55.76,0:58:59.06,Default,,0000,0000,0000,,rather than going along with the Standards\NGroup and waiting for the standardization
Dialogue: 0,0:58:59.06,0:59:03.09,Default,,0000,0000,0000,,they went with DES, directly.
Dialogue: 0,0:59:03.09,0:59:07.46,Default,,0000,0000,0000,,Herald: Thank you. And another one\Nfrom Cyber-Cyber… space!
Dialogue: 0,0:59:07.46,0:59:11.23,Default,,0000,0000,0000,,Signal Angel: Okay. Another question from\Nthe internet is: you have all this fancy
Dialogue: 0,0:59:11.23,0:59:16.13,Default,,0000,0000,0000,,like lab equipment stuff. How were you\Nable to afford that?
Dialogue: 0,0:59:16.13,0:59:19.26,Default,,0000,0000,0000,,Chris: I’ve been quite interested in this\Nfor a long time. So I’ve collected
Dialogue: 0,0:59:19.26,0:59:23.92,Default,,0000,0000,0000,,this equipment over a period of years.\NAnd I do some work, professionally,
Dialogue: 0,0:59:23.92,0:59:27.54,Default,,0000,0000,0000,,in reverse-engineering. So whenever\Npossible I use our client’s money
Dialogue: 0,0:59:27.54,0:59:34.04,Default,,0000,0000,0000,,to buy another piece of\Nequipment for the lab.
Dialogue: 0,0:59:34.04,0:59:37.30,Default,,0000,0000,0000,,To do this actual work, though, you could\Neven use more basic equipment
Dialogue: 0,0:59:37.30,0:59:41.56,Default,,0000,0000,0000,,because of the age of the chip. You could\Nuse a microscope that you could find
Dialogue: 0,0:59:41.56,0:59:45.74,Default,,0000,0000,0000,,easily for $1.000 .. $2.000 or even less\Nand have quite good results.
Dialogue: 0,0:59:45.74,0:59:51.48,Default,,0000,0000,0000,,So it’s not trivial but it’s not a huge\Namount of money for a lab equipment!
Dialogue: 0,0:59:51.48,0:59:54.99,Default,,0000,0000,0000,,Herald: Not that huge!\NMicrophone 2, please!
Dialogue: 0,0:59:54.99,0:59:58.91,Default,,0000,0000,0000,,Mic2: What do you do for a living\Nbesides reverse-engineering?
Dialogue: 0,0:59:58.91,1:00:03.54,Default,,0000,0000,0000,,Chris: Reverse-engineering!\N{\i1}laughs{\i0}
Dialogue: 0,1:00:03.54,1:00:07.42,Default,,0000,0000,0000,,Herald: Thank you. And the internet!\NAgain.
Dialogue: 0,1:00:07.42,1:00:13.16,Default,,0000,0000,0000,,Signal Angel: Okay. Next question is…\Nsomebody wants to know how…
Dialogue: 0,1:00:13.16,1:00:17.36,Default,,0000,0000,0000,,…which software did you use for the\Nautomated image analyzing, and
Dialogue: 0,1:00:17.36,1:00:20.06,Default,,0000,0000,0000,,is it available somewhere?
Dialogue: 0,1:00:20.06,1:00:24.02,Default,,0000,0000,0000,,Chris: Like everybody else that I’ve known\Nthat’s done optical ROM extraction
Dialogue: 0,1:00:24.02,1:00:28.17,Default,,0000,0000,0000,,I developed it myself. Everybody seems\Nto develop their own tools from scratch
Dialogue: 0,1:00:28.17,1:00:33.46,Default,,0000,0000,0000,,for that. The image processing I used was\Nreally quite simple. So it didn’t take
Dialogue: 0,1:00:33.46,1:00:38.54,Default,,0000,0000,0000,,a lot of advanced algorithms or anything\Nlike that. So I’m using some software
Dialogue: 0,1:00:38.54,1:00:43.86,Default,,0000,0000,0000,,I developed personally, and\Nit hasn’t been released.
Dialogue: 0,1:00:43.86,1:00:45.90,Default,,0000,0000,0000,,Herald: Microphone 2, please!
Dialogue: 0,1:00:45.90,1:00:50.45,Default,,0000,0000,0000,,Mic2: And how did you keep the boxes\Nsubscribed? So did you call them
Dialogue: 0,1:00:50.45,1:00:54.26,Default,,0000,0000,0000,,every week “Oh, my box broke down,\NI got another one”, or how is this done?
Dialogue: 0,1:00:54.26,1:00:58.52,Default,,0000,0000,0000,,Chris: For most of the research that\NI did I didn’t need an active box. I did
Dialogue: 0,1:00:58.52,1:01:02.10,Default,,0000,0000,0000,,all the research just on previously\Nactivated boxes that had lost their
Dialogue: 0,1:01:02.10,1:01:05.84,Default,,0000,0000,0000,,authorization. And by the time I had the\Nprocess figured out, that I knew how
Dialogue: 0,1:01:05.84,1:01:10.23,Default,,0000,0000,0000,,to extract keys from a valid box\NI only needed the one box.
Dialogue: 0,1:01:10.23,1:01:13.52,Default,,0000,0000,0000,,Mic2: And had you heard back\Nfrom the cable provider about this?
Dialogue: 0,1:01:13.52,1:01:15.33,Default,,0000,0000,0000,,Chris: No.
Dialogue: 0,1:01:15.33,1:01:18.67,Default,,0000,0000,0000,,Herald: Okay, thank you.\NMicrophone 3, please!
Dialogue: 0,1:01:18.67,1:01:22.36,Default,,0000,0000,0000,,Mic3: Hello, thanks very much for the\Nlecture and ‘well done’ on all the work!
Dialogue: 0,1:01:22.36,1:01:29.40,Default,,0000,0000,0000,,My question is: how does the glitching\Nwork, the glitching attack?
Dialogue: 0,1:01:29.40,1:01:34.77,Default,,0000,0000,0000,,Chris: The glitcher was quite simple.\NI drop the voltage for a very brief period
Dialogue: 0,1:01:34.77,1:01:40.27,Default,,0000,0000,0000,,of time. And it’s enough time that it\Ncauses at least one instruction to
Dialogue: 0,1:01:40.27,1:01:44.80,Default,,0000,0000,0000,,not execute properly. But it’s too short\Nof a time to cause the chip to reset.
Dialogue: 0,1:01:44.80,1:01:48.64,Default,,0000,0000,0000,,So essentially I’m corrupting one\Ninstruction. It is for the specific target
Dialogue: 0,1:01:48.64,1:01:54.17,Default,,0000,0000,0000,,that I hit that led to my code in RAM.\NI’m not actually sure. I found that
Dialogue: 0,1:01:54.17,1:01:57.95,Default,,0000,0000,0000,,if I glitch it this time then the code\Nends up executing my code –
Dialogue: 0,1:01:57.95,1:02:01.61,Default,,0000,0000,0000,,good enough for me!
Dialogue: 0,1:02:01.61,1:02:04.55,Default,,0000,0000,0000,,Herald: Okay. Thank you, Chris!\NPlease, dear audience,
Dialogue: 0,1:02:04.55,1:02:08.10,Default,,0000,0000,0000,,give an Anniversary Edition\Napplause to Chris Gerlinsky!
Dialogue: 0,1:02:08.10,1:02:17.37,Default,,0000,0000,0000,,{\i1}Anniversary Edition applause{\i0}
Dialogue: 0,1:02:17.37,1:02:37.15,Default,,0000,0000,0000,,{\i1}postroll music{\i0}
Dialogue: 0,1:02:37.15,1:02:40.55,Default,,0000,0000,0000,,{\i1}subtitles created by c3subtitles.de\Nin the year 2018{\i0}