IRDETO2 TUTORIAL INFO

IRDETO Smartcard.

The basic working of the IRDETO card is explained in this document, as it is a widely used encryption system.
This is only for the sake of interest!!!!!!!!!

On start up the IRD will request some information from the card to commence operation.

1) The IRD will reset the card and the card will respond with the ATR message. This message also contains the cards software version i.e. IRDETO ACS V1.2
3B 9F 21 0E 49 52 44 45 54 4F 20 41 43 53 20 56 31 2E 32 A0
3B 9F 21 0E 49 52 44 45 54 4F 20 41 43 53 20 56 32 2E 32 98 (IRDETO2)

2) The country code is requested.
01 02 02 03 00 00 3D
The card will respond with
01 02 00 00 02 03 10
02 01 99 06 01 06 02 06 03 06 04 07 41 Co Co Co Cs

3) The cards ASCII serial number is requested used only for information in the cam info display window.
01 02 00 03 00 00 3F
The card will respond with
01 02 00 00 00 03 14
3x 3x 3x 3x 3x 3x 3x 3x 3x 3x 43 38 31 33 31 36 41 20 20 20 Cs

4) The cards hex serial number is requested (used when the card is initialized).
01 02 01 03 00 00 3E
The card will respond with
01 02 00 00 01 03 00 10
FF FF FF 00 00 00 00 00 00 00 02 00 Hs Hs Hs 18 Cs

4a) The cards hex serial number is requested (used when the card is initialized). For IRDETO2 the hex serial number will let the IRD know how many providers are on the card.
01 02 01 03 00 00 3E
The card will respond with
01 02 00 00 01 03 00 10
FF FF FF 00 00 00 00 00 00 00 04 07 Hs Hs Hs 18 Cs

5a) The provider id for provider 00 is requested
01 02 03 03 00 00 3C
The card will respond with
01 02 00 00 03 03 00 18
Pg Pi Pi Pi 00 00 00 00 00 00 Dt Dt 3B 00 00 00 00 00 00 00 00 00 00 00 Cs


5b) The provider id for provider 10 is requested
01 02 03 03 01 00 3C
The card will respond with
01 02 00 00 03 03 01 18
Pg Pi Pi Pi 00 00 00 00 00 00 Dt Dt 3B 00 00 00 00 00 00 00 00 00 00 00 Cs

5c) The provider id for provider 20 is requested (IRDETO2)
01 02 03 03 02 00 3C
The card will respond with
01 02 00 00 03 03 00 18
Pg Pi Pi Pi 00 00 00 00 00 00 Dt Dt 3B 00 00 00 00 00 00 00 00 00 00 00 Cs

5d) The provider id for provider 30 is requested (IRDETO2)
01 02 03 03 03 00 3C
The card will respond with
01 02 00 00 03 03 01 18
Pg Pi Pi Pi 00 00 00 00 00 00 Dt Dt 3B 00 00 00 00 00 00 00 00 00 00 00 Cs

6) The card’s configuration is requested
01 02 08 03 00 00 37
The card will respond with
01 02 00 00 08 03 00 20
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Cs

6a) The card’s configuration is requested (IT**TO2 the card replys with 64 bytes)
01 02 08 03 00 00 37
The card will respond with
01 02 00 00 08 03 00 40
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Cs

7) The card’s card file 1 is requested
01 02 0E 02 00 00 30
The card will respond with
01 02 00 00 0E 02 00 40
( 64 Bytes of data) Cs

The card’s card file 2 is requested
01 02 0E 03 00 00 31
The card will respond with
01 02 00 00 0E 03 00 40
(64 Bytes of data) Cs

9) Enter home shopping pin (only on DSD720 & 720I IRD’s) Later versions utilizing interactive shopping.
01 02 0A 00 02 02 00 00 36
The card will respond with
01 02 50 00 0A 00 02 00 Cs

10) The IRD will now send public keys to be encrypted
01 02 11 00 00 40
( 64 bytes of data ) Cs
The card will respond with (Suspected that a RSA encryption is used) Used by banks for their networks and ATM machines data encryption.
01 02 58 00 11 00 00 40
(64 bytes of encrypted data) Cs

11) Send home shopping pin
01 02 0A 02 02 02 00 00 34
The card will respond with
01 02 5E 00 0A 02 02 00 Cs

12) The IRD will now send the cam key to be used
01 02 09 Kn 00 40
( 8 packets of 8 bytes to be used) Cs
The card will respond with
01 02 55 00 09 Kn 00 00 Cs
Kn: - Key number to extract out of message (packet of 8 bytes) 00 – 07

13) Now the IRD will start sending ECM’s and EMM’s to the card from the provider.

Cs: - Checksum All bytes xored and last xor with 0x3F
Co: - Country code
3x: - ASCII serial number
Hs: - Hex serial number
Pg: - Provider type
Pi: - Provider ID
Dt: - Date code
Kn: - CAM key number to be used

Structure and use of EMM’s

EMM commands: - Update of Masters keys
String composition.
01 01 00 00 00 LB
C3 Hs Hs Hs 00 Lb 62 03 Co Co Co 68 0D Pg 00 Mk Mk Mk Mk Mk Mk Mk Mk Pi Pi Pi S1 S2 S3 S4 S5 Cs

LB: - Length byte excluding checksum.
Lb: - Second length byte excluding checksum.
Hs: - Hex serial number.
62 03 Country code NANO
Co: - Country code
68 0D: - Master key update NANO
Pg: - Provider group. This sets the card for the provider ID to associate with this master key. This number is also sent to the IRD when the IRD requests the provider ID (after the length byte) (01 = Provider 00) (12 = Provider 10).
Normally the system uses 00 for provider 00 and 10 for provider 10.
Mk: - Master key (encrypted) Decrypt using the key decrypt algorithm.
Pi: - Provider ID
S1 – S5: - Signature calculated using the 10-byte hex master key.
Cs: - Checksum calculated starting with 0x3F and xoring the bytes with each other.

EMM commands: - Update of Plain keys
String composition.
01 01 00 00 00 LB
Pg Pi Pi Pi 00 Lb 40 02 Dt Dt 50 52 Pn Pk Pk Pk Pk Pk Pk Pk Pk Pn Pk Pk Pk Pk Pk Pk Pk Pk S1 S2 S3 S4 S5 Cs

LB: - Length byte excluding checksum.
Lb: - Second length byte excluding checksum.
Pg: - Provider Group that is addressed.
02(hex) This is normally used for provider 00
0A(hex) Provider Group 00 only first two bytes of address are used. (Used now)
Can be - 0000 0010 (bin) 02 (hex) Common address. (Normally used)
0000 1010(bin) 0A(hex) Provider 00 address if configuration is set to address
Provider 00 as if it is provider 10. (Used by SA system)

03(hex) This is normally used for provider 00
0B(hex) Provider ID 00 all three bytes of address are used. (Used now)
Can be - 0000 0011 (bin) 03 (hex) Common address.
0000 1011(bin) 0B(hex) Provider 00 address if configuration is set to address
Provider 00 as if it is provider 10. (Used by SA system)

0A(hex) This is normally used for provider 10
12(hex) Provider Group 10 only first two bytes of address are used. (Used now)
Can be - 0000 1010 (bin) 0A (hex) Common address.
0001 0010(bin) 12(hex) Provider 10 address if configuration is set to address
Provider 00 as if it is provider 10. (Used by SA system)

0B(hex) This is normally used for provider 10
13(hex) Provider ID 10 all three bytes of address are used. (Used now)
Can be - 0000 1011 (bin) 0B (hex) Common address.
0001 0011(bin) 13(hex) Provider 10 address if configuration is set to address
Provider 00 as if it is provider 10. (Used by SA system)

If Pg. = C3 (hex) 1100 0011(bin) The card is addressed by its hex serial number.

Pi: - Provider ID.
Dt: - Date code.
10 09: - Update 1 key NANO
50 52: - Update 2 key NANO
50 E4: - Update 4 key NANO
Pn: - Plain key number
Pk: - Plain key (encrypted) Decrypt using the key decrypt algorithm.
S1 – S5: - Signature.
Cs: - Checksum.

Structure and use of ECM’s

01 05 00 00 Kr LB
Cd Cd Pg Kn 00 Lb 00 02 Dt Dt 78 12 Kn Pn Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk Sk S1 S2 S3 S4 S5 Cs

LB: - Length byte excluding checksum.
Lb: - Second length byte excluding checksum.
Kr: - Key to return from ECM 02 = Two keys 00 = One key.
Cd: - Channel ID.
Pg: - Provider Group keys to use 10(hex) = Provider 00 20(hex) = Provider 10.
Kn: - Plain key number to use.
Dt: - Date code.
78 12: - ECM key NANO
Pn: - After decryption key i.e. (Key 1 or Key 2) to send back.
Sk: - Keys to decrypt 2 x 8 bytes.
S1 – S5: - Signature.
Cs: - Checksum.

Basic information

The IRDETO card contains the hexmaster key, ASCII serial number and hex serial number that is programmed in by the manufacturer.

When a person phones in to subscribe he reads the ASCII serial number to the operator. The operator then enters the number into a computer with a lookup table that will match the hex serial number to the ASCII serial number. The computer will now encrypt the master key with the hexmasterkey in the lookup table and setup the provider id and send it to the transmission station, the card will now receive this EMM and setup the provider id and save the decrypted master key.

The cards will still not work until an EMM message containing the plainkey is sent to the provider ID programmed into the card. The plainkey is decrypted using the decrypted masterkey.

The service provider must also send the channel ids to the card for the user to watch a certain channel.

The card will now decrypt the session keys in the ECM message using the decrypted plainkey. Then encrypt the sessionkey using the CAMKEY and send it to the CAM. The CAM will decrypt these keys and use them to descramble the raw data to rebuild the picture and sound and send the analog signal to a TV set.

The ECM is sent to the IRDETO card +/- every 15 seconds.
If ECM’s are sent slower this will enable the system to have more airtime to send EMM’s. This normally happens if masterkeys are being changed.

The EMM to update the plainkeys is sent +/- every 10 to 15 minutes.
The EMM to update the masterkey is sent +/- every 10 hours while the masterkey for that provider group is being changed. It normally happens every 3 weeks for 3 days

The provider can change the masterkeys, plainkeys and provider ID’s.
The system normally uses a common number as the masterkey. This number is then encrypted with the provider group and used as the masterkey for that group. Plainkeys are the same for all provider ID’s after being decrypted.


The signature must be calculated after decrypting the encrypted keys. The key used to decrypt with must be used to calculate the signature. The IRD uses the return codes from the card to display error messages on the screen.
If the plainkey is not valid you will get E30 Service is currently scrambled. If the masterkey is still valid this message will only be displayed until the plainkey is updated.
If the channel ID is not present or the timer has expired you will get E16 Service is currently scrambled.
If the provider ID for a bouquet is not programmed or enabled you will get E38 Service is currently scrambled.
The IRDETO card will not act on commands or save keys if the signature or checksum does not match.

IRDETO ALGO’S

IRDETO 2

The new version is somewhat different in that the messages sent to the cards are encrypted after the second length byte.

01 01 update commands
String composition.
01 01 00 00 00 LB
C3 Hs Hs Hs 00 Lb
B11 B12 B13 B14 B15 B16 B17 B18
B21 B22 B23 B24 B25 B26 B27 B28
B31 B32 B33 B34 B35 B36 B37 B38
S1 S2 S3 S4 S5 S6 S7 S8
Cs

The process is as follows ???

1) The signature is calculated.
2) The MK and PK’s are encrypted and put into the string.
3) The string is encrypted using the HMK for serial number addressed updates and the PMK for provider ID addressed updates.
4) I think the same algo’s are used for this encryption as what is used to encrypt the keys and the high part of the HEX SN and the PROV ID is used as the date code.

01 05 update command

01 05 00 00 02 LB
CH CH Pg Kn 00 Lb
B11 B12 B13 B14 B15 B16 B17 B18
B21 B22 B23 B24 B25 B26 B27 B28
B31 B32 B33 B34 B35 B36 B37 B38
B41 B42 B43 B44 B45 B46 B47 B48
S1 S2 S3 S4 S5 S6 S7 S8
Cs

The process is as follows ???

1) The signature is calculated.
2) The Session keys are encrypted and put into the string.
3) The string is encrypted using the PK.
4) I think the same algo’s are used for this encryption as what is used to encrypt the keys and the channel id is used as the date code.

Known facts

Table 1 is still the same.
The card crypt routine using the CAM key is still the same.
The Session keys are still 64 bit keys.

The composition of the EMK string is the most interesting for me... C3 Hs Hs Hs 00 Lb 62 03 Co Co Co 68 0D Pg 00 Mk Mk Mk Mk Mk Mk Mk Mk Pi Pi Pi S1 S2 S3 S4 S5 Cs Would someone care to decipher the following Select EMK then ? C36C6CCC00000030EADA0E10FF379BE4A60E19B24378FB9B76 2A4C4E7DE057AC796767393A9FB517F8DC6F4ED7F3FA016BB6 EB3D8B0C5626 No, it's not my HSN, it was picked randomly from a log yesterday...
All bestt has managed to do is trick the gamma card into entering update mode then sending it a partial update which it actually does not execute because he does not complete the update. He has grabbed different OS updates, mixed and matched them together. Because he never sends the final update finish command the gamma does not update it self. But what it does do is reset the card details area.

The card details string contained in his home brew .gam files is one from a working .gam created in Oct-2008. These details have never been killed off by nova. I wish they would thou. It would at least show how much of a fake he really is.

Have you noticed that he has not been able to reproduce a file for any of the other providers

To create 0201 cmd ...
To create the 0201 command you need to make in this format. "020100" is special instruction to gamma to receive an update string next two bytes tells gamma which 3DES key to use from possible 16 keys. For example 02010003 tells gamma to use the forth key. Its forth because starts from 0. example: 020100020048F4347C4D8FC5E3A29A67C67DD205.... here the gamma is told to use the third key because 020100002 (is 2 here starting from zero is 3rd key). Next is the length of the message. In this example is 48 (hex bytes). Next is the 8 byte DES cipher-block chained checksum (des-mac). This like digital signature. Next is 40 hex bytes of update message. Finally is the single byte CRC.


Re: To create 0201 cmd ...
Many people PM about how to create gamma update commands. Here is explain I put together for PMs

020100DKLNMMMMMMMMUSUL PAYLOAD CC
02 = Gamma update PDU
01 = CLA
00 = P1
DK = Index to 16byte Gamma update 3DES Key.
LN = Length of Message
MM = 8 Byte DES MAC
US = Update Selector (what to update)

For GSMK US = 01
For PMSK US = 02
For IV_PAD US = 03
For GMASK US = 04
For PMASK US = 05
For KEK US = 06
For COCO US = 08
For HSN US = 09
For ExiKey US = 0B
For AxiKey US = 0C
For ProviderID US = 10
For GroupKey US = 12
For ProductKey US = 13
For OS Erase US = 20
FOR OS Update US = 21

UL = Length of Update (for example for HSN UL = 03, for GMSK UL = 10, etc...)

PAYLOAD is the Update
CC = Message CRC or Checksum. Simply XOR message with 0x3F

OK to have multiple updates in one command.
Example:
020100DKLNMMMMMMMM0903HNHNHN0803COCOCO1003PIPIPICC

This command will update HSN (HN), Coco (CO) and Provider ID (PI) in one go.

The DES MAC is calculated by prepending an 8 octet confounder to the plaintext, performing a DES CBC-mode encryption on the result using the key and an initialization vector of zero, taking the last block of the ciphertext, prepending the same confounder and encrypting the pair using DES in cipher-block-chaining (CBC) mode using a a variant of the key, where the variant is computed by eXclusive-ORing the key

The message after LN is encrypted using the Triple DES mode CBC until the CC using 16 byte key in index DK

אולי קצת הסברים ל"עמך" בעברית פשוטה ?

ITS IRDETO1 NOT IRDETO2
זה פורום באנגלית ומועד לדוברי אנגלית בלבד
מי שרוצה לכתוב בעברית יש פורום בעברית
מה אתה רוצה שהוא יסביר לך בעברית
תכנס ל GOOGLE יש שם כלי שמתרגם מאנגלית לעברית
חוץ מזה למה אתה צריך לדעת את זה גם לצרכי שרתים זה כבר לא רלוונטי

בפורום הנוכחי לא כולם שולטים היטב באנגלית . מה לעשות. אם כבר מצטטים מגילות כאלה , לדעתי, ראוי גם תקציר קצר על מה מדובר שכן לא כולם בקיאים ..
אינני סבור שזו בקשה מוגזמת.