Interesting Devices Ltd
Home Forums Register FAQ Calendar Arcade Mark Forums Read
Main Menu

Categories

Products
Random Products


Arcade Control Bundle Pack


GBA FM Radio


Action Replay (PAL Only)


Gamebit Driver 4.5mm


ISO 7816 Dual Speed Smart Card Reader/Writer Interface


Smart Card Reader/Writer Enclosure
Sponsors


  
Go Back   Interesting Devices Ltd > American Satellite > DSS Satellite > DSS Emulators & Logging
Reload this Page Hybrid Emulator....Please tell me why my logic is off
DSS Emulators & Logging For the discussion of hardware and software related to emulating and logging.

Reply
 
Thread Tools Display Modes
Hybrid Emulator....Please tell me why my logic is off
Old
  (#1)
zero
Guest
 
Posts: n/a
   
Default Hybrid Emulator....Please tell me why my logic is off - 27th April 2004, 04:51 AM

I've been playing with this idea for awhile, mostly because of nerg343's great job on pitou. Anyway, what I'm wondering is why couldn't we use a newer generation ASIC with an older emulator? My F, H, and HU all still work perfectly emulating, just no video of course. From what I understand, the stream is encrypted, but IRD does the decryption, so why couldn't the software be modified to take the seed byte, send it to a p4 asic and recieve video on a p2/p3 emulator system?

This thread gave me some input, but It still didn't convice me this wasn't completely impossible.
http://id-discussions.com/forum/showthread.php?t=64634


2 reasons why I think this might work:

1. I had a document with pictures where an h-card was made an aux only card. The pad was removed from the card, some wire(s) cut and others moved. The result was an h-card that only worked as an aux card. It of course didn't get booted up the same way the classic pgm aux card did. If I can find this document, I will upload it to the files section. Being that the p4 isn't h@cked and thinking the asic is a seperate die, then this would probably be the best solution at the moment to try and create an aux.

2. The cmd94 is something never implimented on the p2 series card, yet it was written into pitou to be used with the p2. I don't know the stream like some of you, the only reason I'm guessing this worked and my idea wouldn't is because this packet header didn't direct it to a certain series of cards.

Sorry if I missed something obvious that makes this totally impossible, but we're all here to learn right?

zero
  
Reply With Quote
Old
  (#2)
velda2
Registered
velda2 is on a distinguished road
 
velda2's Avatar
 
Status: Offline
Posts: 115
Join Date: Feb 2003
Location: NW Arkansas
Rep Power: 327
   
Default 27th April 2004, 12:54 PM

Quote:
Originally Posted by zero
From what I understand, the stream is encrypted, but IRD does the decryption
The IRD merely separates the data intended for the card from the rest of the stream and sends it to the card.


Quote:
Originally Posted by zero
so why couldn't the software be modified to take the seed byte, send it to a p4 asic and recieve video on a p2/p3 emulator system?
The P4/P5 would need to be AUX’ed for us to do that. As I am sure you know we have no way of AUXing a P4/P5.


Quote:
Originally Posted by zero
I had a document with pictures where an h-card was made an aux only card. The pad was removed from the card, some wire(s) cut and others moved. The result was an h-card that only worked as an aux card. It of course didn't get booted up the same way the classic pgm aux card did. If I can find this document, I will upload it to the files section. Being that the p4 isn't h@cked and thinking the asic is a seperate die, then this would probably be the best solution at the moment to try and create an aux.
That document had to of been a hoax. The P2 and P3 both had the ASIC on die. AND to the best of my knowledge so does the P4/P5. Even if the ASIC was off die you wouldn’t be able to just cut some wires and enslave the ASIC, at least not with the human hand, an exact-o knife, and a soldering iron. You would need highly specialized lab equipment.

I hope this helps and you don’t find it too discouraging.
  
Reply With Quote
Old
  (#3)
zero
Guest
 
Posts: n/a
   
Default 29th April 2004, 01:10 AM

Thanks for the reply velda2. This is what I needed to know.

I've posted the h-card asic only diagram I was talking about, pending review by the admins:

http://id-discussions.com/forum/showthread.php?t=64894

Curious....I'm sure the HU stream was encrypted the same way the p4 is then, how was it able to be decoded? Did they use the same encryption they did on the eeprom or is the only un-encrypted stream we are seeing is what would be going thru the card (or emu) which the card is actually decrypting? If so, I guess my theory would never work unless the stream could be decrypted first.
  
Reply With Quote
Old
  (#4)
lain
Guest
 
Posts: n/a
   
Default 29th April 2004, 10:18 PM

It is true that some of the oldest H cards did have the asic on a separate die. I have cut away the top on one of these and "tinkered" with it a bit. I was never able to grab ahold of the wires with my homebrew equiptment, but I suspect that it wouldn't have worked as an aux card with the emulator anywase. I think it would have been somewhat useful in attempting to glitch the asic to see what it would spit out. (though I never got that far)

Now back on topic... If dtv decided to give you a head start and handed you a p4 that was setup as an aux card it still would not work with a p3 or p2 emulator. You are overestimating the role the asic plays in the actual process. The asic does not generate the video keys/packet signatures/ect. It likely plays a role in generating them but it doesn't do it on its own. The processor in the card does the majority of the work using the asic to provide outside input into its calculations.

A hypothetical to help you visualize the process. Say I want to send you an encrypted file and I need to make up a password. Now say you and me both have a mutual friend. I'll play the part of dtv and ask our friend (the asic) for two numbers. Lets say I ask him for his date of birth and the date he first kissed a girl. (two answers that theres a good chance only he will know) Now I add them together and divide it by 12. Then I send you two emails, one is the file encrypted with the password I made. In order for you to decrypt the file you need the second email with instructions on how to rebuild the password and you need access to our friend the asic.

What you are missing is that even if you already knew the answers to any question I could ever ask our friend, you still couldn't get the password unless you could understand the emails from me telling you how to generate it. We cannot decrypt a p4 packet and see what it says to do with the data from the asic.

The command structure hasn't changed much over the years. (the same basic ins-es do the same things) but the actual structure of the card is not the same. A p3 wouldn't even understand the packet for a p4. I'm a little rusty on the code, but I think its the fourth byte of the cmd90 that the card uses to determine if it should even bother trying to understand a given packet. Take a look through a hu dissasembly and you'll see it.
  
Reply With Quote
Old
  (#5)
zero
Guest
 
Posts: n/a
   
Default 30th April 2004, 07:46 AM

Thanks for the information, you really got at the point of what I needed to know.

I liked your e-mail analogy and I think it'll help others understand what is going on too.

I also wasn't hoping for the p2/p3 to understand the newer cards command structure, but instead continue to work as it does now and somehow generate use a software hack to get the seed byte(s) needed and send them to a newer asic to generate the keys to give video.

I completely underestimated the importance of the card itself to get the seed bytes needed to generate the keys. The attitude around the net has always seemed to stress the importance of the ASIC, but after a series of card gets hacked I guess they forget how integrated the 2 are.

So for this (my out there idea) to be possible, you'd have to be able to decode the p4 stream on the fly, know enough about the p4 to process the stream to get your seed byte(s), somehow aux the p4 or make it an asic only card, and then it would generate the correct video authorization keys?

Even if I'm still missing something, it sounds like basically the p4 will have to be hacked to accomplish what I listed above.....and if thats the case, why not just write a p4 emulator?! Well it was an idea, I thru it out there, thanks for the feedback.
  
Reply With Quote
Old
  (#6)
zero
Guest
 
Posts: n/a
   
Default 30th April 2004, 10:00 PM

delete....
  
Reply With Quote
Old
  (#7)
lain
Guest
 
Posts: n/a
   
Default 30th April 2004, 10:49 PM

Quote:
why not just write a p4 emulator?!
Chances are that is exactly what will happen when the p4 is hacked.

The part that seems to get passed over whenever anyone discusses the asic is just exactly what it is. The asic is an Application Specific Integrated Circuit. From my viewpoint I suspect its another processor with its own eeprom/rom/ram and a program to generate seemingly (but not really) random seed values that the main access card processor can then use.

Here's the kicker... I have a strong suspicion that the asic for the Hu and the H before it were comprimised. The reason you never see any real asic related information posted is because the big dealers have an interest in keeping it from us. With a dump of the asic a cardless emulator was a real possibility for both series of cards. A dump of the asic means you can emulate it (probably) and if you can emulate the asic you don't need the plastic anymore. No plastic means no loaders to sell...
  
Reply With Quote
Old
  (#8)
hero of the day
Guest
 
Posts: n/a
   
Default 30th April 2004, 11:00 PM

Quote:
Originally Posted by lain
The part that seems to get passed over whenever anyone discusses the asic is just exactly what it is. The asic is an Application Specific Integrated Circuit. From my viewpoint I suspect its another processor with its own eeprom/rom/ram and a program to generate seemingly (but not really) random seed values that the main access card processor can then use.
Nope, it is just a bunch of specialized logic set up to perform a few specific cryptographic operations. This makes it much more difficult to trick into improperly divulging information. If the big dealers could emulate the asic they would have been selling p3 battery cards.
  
Reply With Quote
Old
  (#9)
sdeens
Banned
sdeens is on a distinguished road
 
sdeens's Avatar
 
Status: Offline
Posts: 503
Join Date: Nov 2000
Location: philadelphia
Rep Power: 0
   
Default 3rd May 2004, 09:09 AM

HOTD is right..if the ASIC was compromised they would have found a way to profit from it by selling instead AVR;s and/or Atmega board solutions; these tetsing devices as you know have been used by Charlie and Dish testers for years..in fact its a much larger industry then selling 3m support..this year the new rage is BLACKBIRD/SILVER BULLETs and at $300-450 a pop thats big business.

if the ASIC was hacked by the dealers then they most certainly would have found a way top profit from it, but your comment that mentions your "strong suspcision" that is was hacked suggest that one so the bigger emulation guns from the past figured it out and since they have no financial interests in its release probably decided to keep it secret.

good ideas
  
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.7.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
vBulletin Skin developed by: vBStyles.com
Copyright ©1995 - 2009, Interesting Devices Ltd

Page generated in 0.22372 seconds with 9 queries