💾 Archived View for gemini.spam.works › mirrors › textfiles › hacking › shw0893.asc captured on 2021-12-04 at 18:04:22.
-=-=-=-=-=-=-
Syndicated Hack Watch 08:93 The Start Of The War Sky had suffered its most devastating hack to date. Its security was demolished and the MultiChannels package was about to be introduced. They had to do something fast or it would all slip away. The Blackbox industry was beginning to move the pirate cards for Sky in volume. There were talks of quantities of ten thousand being sold. Cards were beginning to filter into the UK. At this stage Sky had no option but to move. The pirates were attacking on the home front. This was economic war and Sky was losing. The Grey Market piracy of a card for a card was an essential factor in Sky's growth. As long as it wasn't too overt then it did not seem to matter. Sky were benefiting from the arrangement as was the other channels such as FilmNet. With the advent of the Ho Lee Fook hack the Grey Piracy market took a bit of knock. The Ho Lee Fook card and chip allowed access to all VideoCrypt scrambled channels. The prices varied but the lowest quoted figure was ?99.00. Considerably less than what Sky were charging for the whole package. As if by some miracle, Sky and News Datacom came up with a fix for the hack. Yes it was not really Sky's responsibility to fix the hack. News Datacom, the designers of the security architecture had to try and stop the Ho Lee Fook hack. It seemed that the had found a solution. As with all events in the Blackbox industry, it has been assigned a catchy name. The name of solution is the "Zombie Fix". No, this is not the name for the continual brainwashing adverts on Sky One. The reason for the name is that old cards have recently started to work again on this 3.5 Second on - 3.5 Second off cycle. Cards that have been authorised for Sky's movie channels are working on TV Asia. Other cards such as those for the Adult Channel are working on the same basis on the Sky channels. The Blue card that I had received started to act funny. At first it happened on only Sky Movies and The Movie Channel. Sky Gold and TV Asia were unaffected. It could have been a problem on the Sky channels but experience and instinct proved otherwise. It was a countermeasure. After a few days, the same sort of effect occurred on TV Asia and Sky Gold. The upgrade to VideoCrypt was complete. The program in the Ho Lee Fook card and chip apparently contained enough to decode the scrambled channel but not enough to respond to the over the air switch off codes. This limited implementation meant that the hack was a very powerful one. It was not possible for Sky and News Datacom to actually send out a command for the card to switch off. What this implies is that the card had enough information and data to decode the channels. The hack had separated the access control from the decryption aspect. Of course the fact that the Ho Lee Fook hack was not a full implementation may well have provided a weak spot for Sky and News Datacom. This is the point at which the hack was attacked. The datastream on the VideoCrypt system appears to have been altered. The alteration did not affect the official Sky cards but the pirate cards and chips started to malfunction. Essentially the Zombie Fix caused the pirate card to return a fixed key every second time. This is the standard response when a bad card is inserted. The card cannot match the challenge and it jumps to a sub-routine that returns a fixed key. The standard response to the wrong card being inserted is hidden from the viewer. Ordinarily when the wrong card is inserted the on-screen graphics will make the fact clear. Sky and News Datacom were a little clever here. The data for "Wrong Card Inserted" may well be passed to the on screen graphic display chip. A signal is being sent out over the air to this chip to switch it off during this operation. One of the effects of the countermeasure is that the channel identifier message does not come up on the screen either. ECM Meets Electronic Counter Counter Measure At this stage the war between the pirates and Sky is growing complex. The Zombie Fix has been met with a new card and chip issue. The new card and chip work on the Sky channels and the other VideoCrypt scrambled channels. According to sources the hackers only took ten minutes to come up with the solution to the Zombie Fix. It was, apparently, a rather simple one but it did require the replacement and upgrading of all the pirate cards and chips on the market. It appeared that Sky had hit the pirates. The problem for Sky and News Datacom is that they are not dealing with a FilmNet type situation. When FilmNet's analogue SatPac system was being pirated, the market was at its most expanded. Every Tom Dick and Harry was involved and there was very little organisation. The current pirate market is better organised and the buy in price is high financially and technologically. The main problem of getting the updated hack into the market now seems to have been solved. Some dealers in Holland were promising a one week turn around on the chips and cards. From information received this time schedule has been followed. The Blackbox Industry has recovered from the Zombie Fix at a rate that has alarmed Sky and News Datacom. The recovery appears to be just in time for the introduction of the Sky MultiChannel package. The Next Move With the imminent introduction of Sky MultiChannels, a compromised VideoCrypt is a very big problem. It remains to be seen what will happen. Sky and News Datacom will have to make a move on the situation soon. Assuming they have another fix up their sleeves they can wait until the market is saturated with pirate cards and then introduce the electronic counter measure (ECM). It would naturally have the most effect as it would deter a larger number. However pressure from other users of the VideoCrypt system may force the situation. There are two options here: the immediate introduction of the ECM or the introduction of a new card series. Both options hinge on availability. If there is no ECM now or likely within the next few months, Sky and News Datacom will be forced into bringing the 08 series of cards. Again if there is not a sufficient number of the 08 cards available they will have to maintain the 07 issue and with it the pirate market. Normally the smart cards are changed in the Spring or Autumn. Introducing the 08 issue card over the next few months would conform to the pattern but the logic is flawed. The Sky Multichannels is coming into operation over the same time period. The subscriptions and card administration will place a strain on Sky's operation and the hassle from new cards would only complicate things. If Sky do introduce a new card issue then it may occur anytime from October onwards. Some sources favour April 1994 for the new issue. The question of Pay Per View still remains unanswered. The 07 card issue was to have handled this facility. The P000 T000 was the indication. With the Ho Lee Fook hack it would seem that the idea was stalled for the moment. Hypothetically the Sky Gold transponder might be the ideal path for a PPV service. Of course if the hack is as dangerous as everyone thinks then it is possible that the PPV routines will have been compromised as well. A hack on the PPV routines would in some senses be more severe than the hack on the VideoCrypt system. The PPV channel would be carrying premium programming and would be far more costly than the movie or sports channels. Therefore a pirate card that would give infinite tokens or credits would be extremely valuable. Hi-Tech's Card Trick The Hi-Tech Card Tricks card is a reality and it works. The card is black and uses a PIC processor. When tested it worked on FilmNet. It seems that once again FilmNet are in trouble. The EuroCrypt-M system is now compromised. The reason that the card handles only FilmNet is the legality of the situation. If the card actually decoded the TV3/Tv1000 channels then it would be just as illegal in the UK as a pirate Sky card. The problem has to do with the uplink or origination of TV3/TV1000. Since it is being uplinked from the UK it is technically a UK originated channel and is therefore protected by the UK Copyrights Patents And Designs Act - just like Sky. The tricky question of the porn is neatly sidestepped. They uplink that from outside the UK. The cost of the card is ?150 and it is available from Hi-Tech. It is the only card that descrambles D2-MAC EuroCrypt-M signals at the moment. Active Logic - Cannot Recommend A Purchase - Yet A company called Active Logic has been advertising heavily in What Satellite and claiming to supply pirate smart cards for D2-MAC channels such as FilmNet. The advert is cause for concern as it promises a lot but is too cleverly worded to make coherent sense. It assures the reader that the cards are Unique Clone Designs. This is a bit of a contradiction in terms. Other factors such as the wording of the advertisement have given brought back memories of PR Technology's brash style. Now they may be totally unconnected. The hints at the cards for other D2-MAC channels being available are decidedly dodgy. If they have pirate cards for TV3/TV1000, then they are in violation of the Copyright Patents And Designs Act. The advert also mentions that there is a German address. If they are clever then they may try to use the German address to ship these cards from. Even so it would still put the UK operation in trouble as they would be supplying information and a product in breach of the act. Red Hot Television To Make A Comeback It appears that despite the rumours floating about, Red Hot Television is not dead yet. What appears to have happened was that the operation in Denmark was closed down but not the channel itself. The channel was busy arranging alternative finance. According to some reports they have arranged the new financing and will be back on Eutelsat 2-F1 within the next few weeks. The test bar transmissions on the same Eutelsat transponder (11.181 GHz Horizontal) are scheduled to start on August 24th with a full service resuming on August 29th. The scrambling system that they will use for the next few weeks will be the SAVE system. This means that the present array of SAVE descramblers will not have to be upgraded just yet. The tests of the Enigma-1 system just before the channel went off- air were successful and it is believed that the smart card for the channel was into the prototype stage. The hack on the VideoCrypt system threw up an unexpected problem in that the JSTV smart card actually descrambled the Enigma-1 scrambled signal. There were no doubt a lot of happy JSTV viewers except that there was a "Wrong Card Inserted" graphic over a rather strategic part of the screen. Both the new and old JSTV cards appeared to work on the system. Of course the channel will eventually, according to the information received, switch to Enigma-1. There are other porn channels who claim to be starting up soon. TV69 apparently has the backing of some ex-Red Hot Television people and VTO. It will, so the claim, use VideoCrypt with cards supplied via the Adult Channel. This is only one of a few channels that may or may not start transmitting over the next few months. After 12 Europe is also one of those mooted. It remains to be seen which will actually start transmitting.