Syndicated Hack Watch 08:93

 Syndicated Hack Watch 08:93


The Start Of The War


Sky  had suffered its most devastating hack to date. Its  security 

was  demolished  and  the MultiChannels package was  about  to  be 

introduced.  They  had to do something fast or it would  all  slip 

away.


The  Blackbox industry was beginning to move the pirate cards  for 

Sky  in  volume. There were talks of quantities  of  ten  thousand 

being  sold. Cards were beginning to filter into the UK.  At  this 

stage Sky had no option but to move. The pirates were attacking on 

the home front. This was economic war and Sky was losing.


The  Grey  Market  piracy of a card for a card  was  an  essential 

factor in Sky's growth. As long as it wasn't too overt then it did 

not  seem to matter. Sky were benefiting from the  arrangement  as 

was the other channels such as FilmNet.


With  the  advent of the Ho Lee Fook hack the Grey  Piracy  market 

took a bit of knock. The Ho Lee Fook card and chip allowed  access 

to  all VideoCrypt scrambled channels. The prices varied  but  the 

lowest  quoted figure was œ99.00. Considerably less than what  Sky 

were charging for the whole package. 


As if by some miracle, Sky and News Datacom came up with a fix for 

the  hack. Yes it was not really Sky's responsibility to  fix  the 

hack. News Datacom, the designers of the security architecture had 

to try and stop the Ho Lee Fook hack. It seemed that the had found 

a solution.


As with all events in the Blackbox industry, it has been  assigned 

a catchy name. The name of solution is the "Zombie Fix". No,  this 

is  not  the name for the  continual brainwashing adverts  on  Sky 

One.   The  reason for the name is that old  cards  have  recently 

started  to  work  again on this 3.5 Second on -  3.5  Second  off 

cycle.  Cards that have been authorised for Sky's  movie  channels 

are  working on TV Asia. Other cards such as those for  the  Adult 

Channel are working on the same basis on the Sky channels.


The  Blue card that I had received started to act funny. At  first 

it happened on only Sky Movies and The Movie Channel. Sky Gold and 

TV  Asia were unaffected. It could have been a problem on the  Sky 

channels  but experience and instinct proved otherwise. It  was  a 

countermeasure. After a few days, the same sort of effect occurred 

on TV Asia and Sky Gold. The upgrade to VideoCrypt was complete. 


The program in the Ho Lee Fook card and chip apparently  contained 

enough  to decode the scrambled channel but not enough to  respond 

to the over the air switch off codes. This limited  implementation 

meant  that the hack was a very powerful one. It was not  possible 

for  Sky and News Datacom to actually send out a command  for  the 

card to switch off. What this implies is that the card had  enough 

information  and  data  to  decode  the  channels.  The  hack  had 

separated the access control from the decryption aspect.


Of  course  the  fact that the Ho Lee Fook hack  was  not  a  full 

implementation  may  well have provided a weak spot  for  Sky  and 

News Datacom. 


This  is the point at which the hack was attacked. The  datastream 

on  the  VideoCrypt  system  appears to  have  been  altered.  The 

alteration  did not affect the official Sky cards but  the  pirate 

cards and chips started to malfunction.


Essentially  the  Zombie Fix caused the pirate card  to  return  a 

fixed key every second time. This is the standard response when  a 

bad  card is inserted. The card cannot match the challenge and  it 

jumps to a sub-routine that returns a fixed key.


The  standard response to the wrong card being inserted is  hidden 

from  the viewer. Ordinarily when the wrong card is  inserted  the 

on-screen graphics will make the fact clear. Sky and News  Datacom 

were a little clever here.


The  data for "Wrong Card Inserted" may well be passed to  the  on 

screen  graphic display chip. A signal is being sent out over  the 

air  to this chip to switch it off during this operation.  One  of 

the  effects of the countermeasure is that the channel  identifier 

message does not come up on the screen either.



ECM Meets Electronic Counter Counter Measure


At  this  stage  the war between the pirates and  Sky  is  growing 

complex.  The  Zombie Fix has been met with a new  card  and  chip 

issue.  The  new card and chip work on the Sky  channels  and  the 

other VideoCrypt scrambled channels.


According to sources the hackers only took ten minutes to come  up 

with the solution to the Zombie Fix. It was, apparently, a  rather 

simple one but it did require the replacement and upgrading of all 

the pirate cards and chips on the market. It appeared that Sky had  

hit the pirates. 


The problem for Sky and News Datacom is that they are not  dealing 

with  a  FilmNet type situation.  When FilmNet's  analogue  SatPac 

system  was  being pirated, the market was at its  most  expanded. 

Every  Tom Dick and Harry was involved and there was  very  little 

organisation.  The current pirate market is better  organised  and 

the buy in price is high financially and technologically.


The  main problem of getting the updated hack into the market  now 

seems to have been solved. Some dealers in Holland were  promising 

a  one week turn around on the chips and cards.  From  information 

received this time schedule has been followed.


The Blackbox Industry has recovered from the Zombie Fix at a  rate 

that has alarmed Sky and News Datacom. The recovery appears to  be 

just in time for the introduction of the Sky MultiChannel package.



The Next Move


With the imminent introduction of Sky MultiChannels, a compromised 

VideoCrypt is a very big problem. It remains to be seen what  will 

happen.  Sky  and  News Datacom will have to make a  move  on  the 

situation soon.


Assuming  they  have another fix up their sleeves  they  can  wait 

until  the  market  is  saturated  with  pirate  cards  and   then 

introduce the electronic counter measure (ECM). It would naturally 

have the most effect as it would deter a larger number.


However  pressure  from other users of the VideoCrypt  system  may 

force  the  situation. There are two options here:  the  immediate 

introduction of the ECM or the introduction of a new card  series. 

Both  options  hinge on availability. If there is no  ECM  now  or 

likely  within the next few months, Sky and News Datacom  will  be 

forced into bringing the 08 series of cards. Again if there is not 

a  sufficient number of the 08 cards available they will  have  to 

maintain the 07 issue and with it the pirate market.


Normally  the  smart cards are changed in the  Spring  or  Autumn. 

Introducing  the  08  issue card over the next  few  months  would 

conform  to  the  pattern  but  the  logic  is  flawed.  The   Sky 

Multichannels is coming into operation over the same time  period. 

The  subscriptions and card administration will place a strain  on 

Sky's  operation  and  the  hassle  from  new  cards  would   only 

complicate things.


If  Sky  do introduce a new card issue then it may  occur  anytime 

from  October onwards. Some sources favour April 1994 for the  new 

issue.


The question of Pay Per View still remains unanswered. The 07 card 

issue  was  to have handled this facility. The P000 T000  was  the 

indication. With the Ho Lee Fook hack it would seem that the  idea 

was   stalled  for  the  moment.  Hypothetically  the   Sky   Gold 

transponder  might be the ideal path for a PPV service. Of  course 

if the hack is as dangerous as everyone thinks then it is possible 

that the PPV routines will have been compromised as well. 


A  hack  on the PPV routines would in some senses be  more  severe 

than  the hack on the VideoCrypt system. The PPV channel would  be 

carrying premium programming and would be far more costly than the 

movie or sports channels. Therefore a pirate card that would  give 

infinite tokens or credits would be extremely valuable.




Hi-Tech's Card Trick


The  Hi-Tech Card Tricks card is a reality and it works. The  card 

is  black  and  uses a PIC processor. When  tested  it  worked  on 

FilmNet.  It  seems that once again FilmNet are  in  trouble.  The 

EuroCrypt-M system is now compromised. 


The  reason that the card handles only FilmNet is the legality  of 

the  situation.  If  the  card  actually  decoded  the  TV3/Tv1000 

channels  then it would be just as illegal in the UK as  a  pirate 

Sky card. 


The  problem  has  to  do  with  the  uplink  or  origination   of 

TV3/TV1000.  Since  it  is  being  uplinked  from  the  UK  it  is 

technically a UK originated channel and is therefore protected  by 

the  UK  Copyrights Patents And Designs Act - just like  Sky.  The 

tricky  question  of the porn is neatly sidestepped.  They  uplink 

that from outside the UK.


The cost of the card is œ150 and it is available from Hi-Tech.  It 

is  the only card that descrambles D2-MAC EuroCrypt-M  signals  at 

the moment.




Active Logic - Cannot Recommend A Purchase - Yet


A company called Active Logic has been advertising heavily in What 

Satellite  and  claiming to supply pirate smart cards  for  D2-MAC 

channels  such as FilmNet. The advert is cause for concern  as  it 

promises a lot but is too cleverly worded to make coherent  sense. 

It  assures  the reader that the cards are Unique  Clone  Designs. 

This  is a bit of a contradiction in terms. Other factors such  as 

the wording of the advertisement have given brought back  memories 

of   PR  Technology's  brash  style.  Now  they  may  be   totally 

unconnected.


The  hints at the cards for other D2-MAC channels being  available 

are  decidedly  dodgy. If they have pirate cards  for  TV3/TV1000,  

then  they are in violation of the Copyright Patents  And  Designs 

Act.  The advert also mentions that there is a German address.  If 

they  are  clever then they may try to use the German  address  to 

ship these cards from. Even so it would still put the UK operation 

in trouble as they would be supplying information and a product in 

breach of the act.



Red Hot Television To Make A Comeback


It  appears  that  despite the rumours  floating  about,  Red  Hot 

Television is not dead yet. What appears to have happened was that 

the  operation  in  Denmark was closed down but  not  the  channel 

itself. The channel was busy arranging alternative finance.


According to some reports they have arranged the new financing and 

will be back on Eutelsat 2-F1 within the next few weeks. The  test 

bar  transmissions  on the same Eutelsat transponder  (11.181  GHz 

Horizontal)  are  scheduled to start on August 24th  with  a  full 

service resuming on August 29th.


The  scrambling system that they will use for the next  few  weeks 

will be the SAVE system. This means that the present array of SAVE 

descramblers will not have to be upgraded just yet.


The tests of the Enigma-1 system just before the channel went off-

air were successful and it is believed that the smart card for the 

channel was into the prototype stage.


The  hack on the VideoCrypt system threw up an unexpected  problem 

in  that  the JSTV smart card actually  descrambled  the  Enigma-1 

scrambled signal. There were no doubt a lot of happy JSTV  viewers 

except  that  there  was a "Wrong Card Inserted"  graphic  over  a 

rather  strategic  part of the screen. Both the new and  old  JSTV 

cards  appeared to work on the system. Of course the channel  will 

eventually,  according  to  the information  received,  switch  to 

Enigma-1.


There  are other porn channels who claim to be starting  up  soon. 

TV69  apparently  has the backing of some  ex-Red  Hot  Television 

people  and VTO. It will, so the claim, use VideoCrypt with  cards 

supplied via the Adult Channel. This is only one of a few channels 

that  may or may not start transmitting over the next few  months. 

After 12 Europe is also one of those mooted. It remains to be seen 

which will actually start transmitting. 


******************************************************************

Syndicated Hack Watch  -  Copyright (c) 1993 All Rights Reserved


                    MC2 Publications Division 

                     22 Viewmount, Waterford,

                             Ireland



                                                          

Comments

Post a Comment

Popular posts from this blog

BOTTOM LIVE script

                                  BOTTOM                                   ======                     by Adrian Edmondson and Rik Mayall                                 Bottom Live                                 ===========                               Richie  Rik Mayall                                Eddie  Adrian Edmondson Introduction ------------ [Opening shot of theatre, with huge pictures of Richie and Eddie. Caption: "Live from the Mayflower Theatre, Southampton".] Vox Pop 1:  So I'm hoping that this is a lot ruder than the TV, because             they can get away with it. [Cut to Ade's dressing-room door. It opens to reveal a clothes rail, its only contents a brown jacket.] Vox Pop 2:  I just think they're ace, you know, absolutely excellent. [Cut to dressing-gown, pan across a pair of glasses and a revolver.] Vox Pop 3:  It couldn't be too rude, I mean that's what young people want. [Rik's dressing-room door.]
Read more

Fawlty Towers script for "A Touch of Class"

Fawlty Towers A Touch of Class Written by John Cleese and Connie Booth First of first series, first broadcast on September 19, 1975 on BBC2 Transcribed by Jason R. Heimbaugh (jrh@uiuc.edu) on October 10, 1993 Basil Fawlty  John Cleese Sybil Fawlty  Prunella Scales Manuel        Andrew Sachs Polly         Connie Booth Major Gowen   Ballard Berkeley Miss Tibbs    Gilly Flower Miss Gatsby   Renee Roberts Lord Melbury  Michael Gwynn Danny Brown   Robin Ellis Sir Richard   Morris Martin Wyldeck Mr Watson     Lionel Wheeler Mr Wareing    Terence Conoley Mr Mackenzie  David Simeon               [The Fawlty Towers reception lobby. The main entrance is at the               back, with the stairs to the right. The entrance to the dining               room is in the right wall; on the left, the reception desk               running along the left wall, with the entrance to the office               behind it. The entrance to the bar is beyond the desk.] Basil         [on th
Read more