jeff@gatech.EDU (Jeff Lee) (12/04/86)
Does anyone know where the key information is placed in the VC-II encryption
scheme? It seems to me that if the information were stored in the horizontal
or vertical retrace that you could build a box that you could switch out, have
your favorite channel turned on, and then switch it back in and have it strip
out anything extra once it detects a retrace. Something similar might could
be done if they were using a portion of the picture that would normally be
taken up by the overscan on most TV's. Or are they doing something more
sophisticated by maybe putting another signal similar, but different, to the
audio portion?
It just seems that if they are not using some sort of public key encryption
to bootstrap into the DES then there is big hole out there. Your receiver is
receiving a key somehow. Even then, if you know where it is located and can
filter it out of the signal once it is turned on, that is as good as any
other black box. You just buy all the stations you want 1 time.
If I were a hardware jock, this would just seem to be a real interesting
"challenge". Something akin to the Scientific American article on RSA that
printed the encrypted message that used 60+ digit encryption keys and
offered some kind of award to anyone who could break it.
Cheers,
--
Jeff Lee
CSNet: Jeff @ GATech ARPA: Jeff%GATech.CSNet @ CSNet-Relay.ARPA
uucp: ...!{akgua,allegra,hplabs,ihnp4,linus,seismo,ulysses}!gatech!jeffkarn@faline.UUCP (Phil R. Karn) (12/05/86)
> It just seems that if they are not using some sort of public key encryption > to bootstrap into the DES then there is big hole out there. Your receiver is > receiving a key somehow. The primary/secondary key management scheme is designed to thwart exactly this kind of attack. Yes, the keys your box needs to decrypt the audio ARE sent over the satellite BUT they are themselves encrypted by a different, "primary" DES key -- which is never sent over the air. The primary keys (there are 4, of which one is active at any time) are loaded into each Videocipher box as it is manufactured, and they sit in registers on the DES chip. They cannot be read out through the device pins, and dropping battery backup power to the chip destroys the key. As I said in my last message, the security of Videocipher lies entirely in the physical security of these primary keys; if you can figure out how to get them out of the chip, you've broken the system. Rumor also has it that the Videocipher scheme has a "remote destruct" command which allows M/A-Com to tell a box to forget the primary keys; the box then becomes useless until it is returned to the factory for key reloading. Now consider a future Captain Midnight figuring out how to trigger this function. What a concept. Phil
guest@scubed.UUCP (Guest Account) (12/05/86)
In article <7277@gatech.EDU> jeff@gatech.UUCP (Jeff Lee) writes: >Does anyone know where the key information is placed in the VC-II encryption >scheme? It seems to me that if the information were stored in the horizontal >or vertical retrace that you could build a box that you could switch out, have >your favorite channel turned on, and then switch it back in and have it strip >out anything extra once it detects a retrace. Something similar might could >be done if they were using a portion of the picture that would normally be >taken up by the overscan on most TV's. Or are they doing something more >sophisticated by maybe putting another signal similar, but different, to the >audio portion? > Basicly the VC-II system relies on having a "secure" audio portion and a basicly "protected" (breakable) video section. The VC-II scrambling system digitizes two audio channels (at approx the same rate used in compact disc's) and then adds each digital sample to a random binary sequence generated by the DES algorithm and combines them with error coding bits. The encrypted audio bits appear to be completely random. These two audio channels, along with the addressing and control information are digitally transmitted in place of the horizontal sync pulse in each video line as 88bits of PAM data. (The video scrambling is accomplished by the absence of normal sync information, and video inverting.) The exact pattern of how the bits are transmitted in the video frame is unknown to me (as it is one key in decodeing the signal) The VC-II descramblers use a multilevel key hierarchy. Each VC-II has a unique public address and a DES key contained in a TI7000 microprocessor. This key is 2 fold. It is used by the VC-II to decode other keys and 2) to descramble the satellite signal if that channel is in "Fixed key mode". (In this mode - any VC-II will decode the channel - no authorization is required) In the normal mode of operation though, each descrambler first receives a satellite message containing a monthly key along with service attributes. If this key is not preceeded with the address of the unit. It fails to store the key. Then every satellite service is encrypted by the scrambler with a different program key. The program key is combined with program attributes and is encrypted with the monthly key and broadcast over the control channel to all descramblers. Only those descramblers that correctly received the monthly key will be able to decrypt the program key and decode the program. The VCII scrambling system repetitively transmits individual monthly messages to all authorized descramblers in advance of changing the program keys. Then by changing keys at the program level, it can authorize and deauthorize a set of descramblers with one transmission. From what I can tell, the various videocypher busting techniques are based upon causing a VC-II decoder to change its ID to either a "MASTER" decoder which pays for all the encrypted signals (and each clone then receives them automaticly), or by changing the ID to random unit ID's and searching for authorization messages. General Instruments (the people that bought the MA/COM division) have supposely changed how often the monthly key information is transmitted in an attempt to frustrate the latter attempt. In any case, the DES encryption system in the VC-II has not been the target nor has it been broken in any of the VC-II decoding techniques. I can fail to see how the type of "hacking" people have been doing on the VC-II could be considered treason. I dont even think that the breaking of the encoding is illegal, although the use of such a device is.