ACP analysis and command creation tool

XC chip, auth and block SPI command.
Locked
tester5
Junior Member
Posts: 21
Joined: Wed Jul 27, 2005 9:16 pm
Location: NewYork&Chicago
Contact:

Post by tester5 »

on the left side of the board next to the battery is square and if u read on it saids XC then serial is last one.......if u have same as posted let me know.
GTF696
Junior Member
Posts: 156
Joined: Wed Oct 12, 2005 7:03 pm

Post by GTF696 »

HXUO228
HEF0102
HKR0045

and then I have three more some where in storage... will check and post later
krunkcraig
Junior Member
Posts: 164
Joined: Sun May 06, 2007 10:24 am
Location: Everythings bigger in Texas

off topic question

Post by krunkcraig »

Hey guys i have a question about different versions of firmware off topic... Okay so this version of the motorola cable box has been around for years and years. Lets say cc/tw/ect... have been using tools similar to ours for years and years and have already found all the important backdoors to finding what is really needed to "craxk the code". Maybe if we find very old firmware versions we can test for stuff they haven't found.....just a thought Cheers. Krunk
patsfan
Junior Member
Posts: 673
Joined: Thu Jul 21, 2005 4:02 pm

Post by patsfan »

CC's don't know anything about the firmware in these boxes. motorola writes the firmware and apps for these boxes.
krunkcraig
Junior Member
Posts: 164
Joined: Sun May 06, 2007 10:24 am
Location: Everythings bigger in Texas

Cheers

Post by krunkcraig »

okay, but what im saying is if we could find a box that was manufactured after the first release of these boxes years ago (an original) it might have backdoors that were not yet covered up by General Instruments or Motorola. As Anybody done any testing with a GI box before? Cheers
tester5
Junior Member
Posts: 21
Joined: Wed Jul 27, 2005 9:16 pm
Location: NewYork&Chicago
Contact:

Post by tester5 »

about the response form XC chip still getts diferent response even if XC chip is same.....
i dotn get it then how does this chip function then why is a diferent response from each box? like afther you E11 shouldnt be same? is diferent i am puzzled now.....
so i am gona give up..the xc chip is hard to crack into...somehow i still belive is more then the key inplanted in there i still thing that each serial of xc chip has a particular key + somehting else...
or once the uide is programed it completes the code? wel since uid can be changed but GI never changes then thats the connection.....GI number and XC serial...
cipher if you wana help maibe you can amek something out of it i can send you responses from 2 E11 boxes with same xc chip serial only the last 4 digits of GI number are diferent ....
cipher
Junior Member
Posts: 381
Joined: Fri Oct 28, 2005 8:43 am

Post by cipher »

I can look at it. Just a bit busy right now can't spend a lot of time currently.

Send it to dctlogs (at) yahoo.ca
patsfan
Junior Member
Posts: 673
Joined: Thu Jul 21, 2005 4:02 pm

Re: Cheers

Post by patsfan »

krunkcraig wrote:okay, but what im saying is if we could find a box that was manufactured after the first release of these boxes years ago (an original) it might have backdoors that were not yet covered up by General Instruments or Motorola. As Anybody done any testing with a GI box before? Cheers
yes all of mine are GI boxes. alot of them are as they didn't change to motorola until a couple of years ago. the boxes come from the factory with a default firmware already on them. the problem is i don't think there has been any updates to the digicipher II system since it came out. no need since it hasn't been cracked.
tester5
Junior Member
Posts: 21
Joined: Wed Jul 27, 2005 9:16 pm
Location: NewYork&Chicago
Contact:

Post by tester5 »

this command anyone know what are the last 2? ZZ ZZ?

80 0A 07 00 00 YY YY XX zz zz cc

YYYY channel ID found in nvram and curent channel status.
xx IS CURENT EPOCH NUMBER
zz zz I DONT KNOW WHAT IT IS ANYONE KNOW
CC CHECKSUM.
tester5
Junior Member
Posts: 21
Joined: Wed Jul 27, 2005 9:16 pm
Location: NewYork&Chicago
Contact:

Re: re

Post by tester5 »

jamesjames wrote:CIPHER YOU COULD SAVE THE DAY IF YOU CRACK THIS PEOPLES LIVES WILL IMPROVE CONSIDERABLLY

once we crack one thing there will be another challenge :)
krunkcraig
Junior Member
Posts: 164
Joined: Sun May 06, 2007 10:24 am
Location: Everythings bigger in Texas

Post by krunkcraig »

I Agree, But thats what makes us keep going is our success. If there was no forward or backwards then we couldn't go anywhere.
dellanave1
Junior Member
Posts: 40
Joined: Tue Feb 06, 2007 3:46 pm

Post by dellanave1 »

adrianbv6, I have been investigating a bit on 3des and for what I see whenever encrypt a data, a chain of beginning of 16 bits of length is use for complicating the desencryption.
See here:

http://www.atrevido.net/blog/PermaLink. ... bc5f1f5899

Is it due to it that every response of the XC changes?
Sorry if I am wrong, I am trying to contribute something.
tester5
Junior Member
Posts: 21
Joined: Wed Jul 27, 2005 9:16 pm
Location: NewYork&Chicago
Contact:

Post by tester5 »

it might be true takeing in consideration this

box A diferent GI number E11 box same XC serial(thinking each XC has hard coded one key per serial)
Box B diferent GI numer E11 box same XC serial.(thinking each XC has hard coded one key per serial)




box A and box B still get diferent response only thing diferent now that i think is diferent it might be that the key is contriuted from GI number and XC seial....since the 2 boxes have 2 diferent GI and same XC chip key is still diferent go figure that out this system is crazy and is only my idea dosent mean is true but seems most logical.....taking in consideration xc has ram and flash....if we can access the flash part we are done.... even if we acces the ram part we cant change keys to the box...maibe only the categoryes even those maibe not. i noticed in nvram there are commands like 80 00 00 00 xx xx yy yy something like that the last yy yy seem to be encrypted or....category..
krunkcraig
Junior Member
Posts: 164
Joined: Sun May 06, 2007 10:24 am
Location: Everythings bigger in Texas

IV

Post by krunkcraig »

So we could find the difference between the two response you get adrianbv6 from those two boxes and find out one the keys to that box? or the IV key...
tester5
Junior Member
Posts: 21
Joined: Wed Jul 27, 2005 9:16 pm
Location: NewYork&Chicago
Contact:

Post by tester5 »

the ide is not to find video keys .....is the encryption keys ...so far we dont even know if is standard des or what.
Locked

Who is online

Users browsing this forum: No registered users and 6 guests