VideoCrypt

 When  the  VideoCrypt  system was  launched,  the  press  releases 

claimed that it was the most pirateproof system yet devised.  Some 

of the people involved in the design of the system claimed that it 

would  take  billions  of years to break the  codes  used  by  the 

system.  The usual media journalists swallowed this hook line  and 

sinker. The hackers knew otherwise. 


The  VideoCrypt  system  is the mainstay of  the  BSkyB  satellite 

television empire. It is the means by which BSkyB makes its  money 

from  the  subscribers.  The  basic theory  is  that  they  pay  a 

subscription  for  the premium channels and they receive  a  smart 

card.  This smart card, when inserted into the VideoCrypt  decoder 

will allow the decoder to descramble the channels paid for. It  is 

also possible for BSkyB to turn off the cards of those subscribers 

who have not paid.


Hacking  scrambling systems such as VideoCrypt is a  multi-million 

pound industry. Due to the present legal situation it is perfectly 

legal  to hack a channel that originates outside the  UK.  However 

for someone in the UK to hack a UK originated channel is  illegal. 

Such mere facts as illegality have never bothered pirates.


In the last few weeks the impossible has happened. The  VideoCrypt 

system  has  been  conclusively  hacked. It  is  now  possible  to 

purchase  a pirate smart card or chip which will allow the  viewer 

to  descramble Sky Movies Plus, The Movie Channel, Sky  Gold,  Sky 

Sports and TV Asia. The cost of this pirate card is œ99. The price 

in itself is lower than the subscription for the channels.


Other channels using the VideoCrypt system. Are worried. According 

to  the  latest  reports, The Adult Channel  and  JSTV  have  been 

compromised as well. This means that all of the channels currently 

using  the VideoCrypt system as a fee gathering system  have  just 

lost control of the market. It is now, well for the moment anyway. 

a pirate's market.


This  hack is, like all hacks, colourfully named. It is  known  as 

the "Ho Lee Fook" hack. The joke being that this is generally  the 

exclamation uttered by people when told of the hack. There are two 

forms of the hack; a card and a chip. 


The  card version of the hack is about sixteen millimetres  longer 

than  the  official BSkyB card. Essentially it is  a  single  chip 

mounted  on a printed circuit board that plugs directly  into  the 

VideoCrypt  decoder's card socket. This is the more  user-friendly 

version as it does not require any modification to the decoder.


The  chip version does require some modification to  the  decoder. 

The  official VideoCrypt name for the chip in the decoder is  "The 

Verifier".  This  chip  has to be removed and  replaced  with  the 

pirate  chip. The decoder will then decode the scrambled  channels 

without the need for the BSkyB smart card.


The  pirate cards and the chips are on sale. It is  believed  that 

a number of them are already in the UK. Indeed I received one,  in 

a brown paper envelope, on June the eighth. It is still working.


The problem for BSkyB and other users of the VideoCrypt system  is 

not  one of containment. Things have progressed too far for  that. 

The problem is more serious. Unless they can come up with a  quick 

fix for the system that will render the Ho Lee Fook hack inactive, 

they have to replace the smart cards.


BSkyB  initially set out to replace their smart cards every  three 

months.  This continual update was, so the theory went,  meant  to 

deter hackers from trying to hack the system. Fiscal reality has a 

crushing  effect of such business school theories. 


VideoCrypt   suffered  its  first  real  disaster   when   someone 

discovered  that by limiting the programming voltage to the  card, 

it was possible to stop the card being switched off. This hack was 

known  as the "Infinite Lives" hack. It was an old  computer  term 

for  a  modification  to  a games program  that  gave  the  player 

unlimited  lives.  Since  BSkyB could not turn off  the  cards  it 

seemed an apt name. This hack was followed by a new issue or batch 

of cards. The "Infinite Lives" hack did not work on the new  cards 

but a new hack did.


The KENtucky Fried Chip upped the ante. It was the first time that 

the  actual  internal  operation of  the  VideoCrypt  decoder  was 

interfered  with.  It  was a rewritten "Verifier"  chip  that  was 

programmed to stop the cards being turned off. It did not work  at 

full efficiency so it was not marketed by the pirates. After  this 

hack,  BSkyB issued a new batch of cards which was more  resilient 

to this hack.


The  current  card  issue is issue 07. The Ho  Lee  Fook  hack  is 

working  on  this batch. If BSkyB introduce issue 08  cards,  then 

there  is  the possibility of the hack ceasing to  work.  At  this 

stage  there is the terrible spectre of the hack being updated  to 

work  with  the  08  cards.  It is  the  thing  of  which  BSkyB's 

nightmares are made of.


The issue of new card batches occurs mainly in Spring or Autumn. A 

Summer launch of the new 08 cards would be unusual. As  VideoCrypt 

will  be  going to a tiered channel structure in  the  Autumn,  it 

would  seem  that they have planned an Autumn update. The  Ho  Lee 

Fook  hack  may force them to bring their plans  forward  by  some 

three months or so.


The  confidence  in  a system is not based on how  well  a  system 

repels hacks but rather on how well a system recovers from  hacks. 

This  will be a true test of the VideoCrypt system and  its  smart 

card  based philosophy. The philosophy is that of  the  detachable 

secure controller. Basically what this means is that if the system 

is  hacked then all that needs to be done to stop the hack  is  to 

issue a new card.


The effects on the confidence of present and prospective users  of 

VideoCrypt is more difficult to gauge. The smart card is the  core 

of  the  VideoCrypt system. Seeing it replaced by a  pirate  smart 

card contradicts every claim made in favour of VideoCrypt. It  was 

not  supposed to be possible. One thing is certain, channels  will 

now have to look at a scrambling system as only being a  temporary 

form  of protection that has to be frequently updated. Failure  to 

do so will be fatal.


John McCormac

Author of "European Scrambling Systems 3" ISBN 1-873556-02-0

Editor of Hack Watch News.

Comments

Post a Comment

Popular posts from this blog

BOTTOM LIVE script

                                  BOTTOM                                   ======                     by Adrian Edmondson and Rik Mayall                                 Bottom Live                                 ===========                               Richie  Rik Mayall                                Eddie  Adrian Edmondson Introduction ------------ [Opening shot of theatre, with huge pictures of Richie and Eddie. Caption: "Live fro...
Read more

Evidence supporting quantum information processing in animals

              Evidence supporting quantum            information processing in animals                    James A. Donald                    1068 Fulton Av                    Sunnyvale, CA 94089-1505                    USA I show that quantum systems can rapidly solve some problems for which finite state machines require a non- polynomially large time. This class of problems is closely related to the class of problems that animals can solve rapidly and effortlessly, but are intractable for computers by all known algorithms. 1. Introduction      Animals, including very simple animals, can rapidly and effortlessly perceive objects, whereas computers take nonpolynomial time to do this by all...
Read more

ARMIES OF CHAOS

                          ARMIES OF CHAOS -      Before anyone proposes more gun control, he or she should know  about a simple, deadly weapon 4 times as powerful as Dirty Harry's  legendary .44 Magnum -- and at least twice as concealable -- that  _can't_ controlled.        This simple, deadly weapon can be made by anyone -- even a  child -- with unpowered hand tools in an hour's time using $5 worth  of materials, most of which are available around the house anyway.   In traditional form it's reusable an unlimited number of times, and  modern plastics have rendered its disposable version electronically  undetectable.  You can clear a room with such a weapon (more of a  hand-held directional grenade than a gun -- sort of a recycleable  Claymore mine) and it's just one of hundreds of similar time-proven  designs. ...
Read more