Found at: 0x1bi.net:70/textfiles/file?hacking/satelit3.txt

                                            VIDEO: Satpac - AUDIO: Digital
                By XL                   This is a very simple system to hack
                                        video wise.  All that Filmnet do is to
                                        remove the synch that locks the TV
The object of this article is firstly   picture in place, and they have fought
to dispel the amazing amount of         a very pitched battle with black box
rubbish you read about "my mate knows   makers recently to such an extent that
someone who has hacked Videocrypt       there is an all out offensive on this
and hes now watching it without a       channel.  So much so that its making
smart card, this cost him 200 quid      this channel rethink its strategy
to do". Or "My mates card lasted so     against the pirates.  Last year they
long and he's never paid".  Well it's   invented a system called "digital
crap.  I hate to say it and here's why  audio" which, if you listen to
I'm going to go through every single    filmnets broadcast its completely
scramble system used on Astra who       silent when the D.A. is in operation.
cracked it who sells the black boxes    
and get rid of the rumours.             In the Benelux countries Filmnet gave
                                        it new subscribers Digital Audio
                                        decoders costing them 18 million
                                        pounds to upgrade there scrambling
system.  They kept such a close reign   identity and all  the  pirate decoders
on these decoders that they knew        turn off.
exactly who had them.  Now the only     
way that the DA system could be hacked  Now DA has been cracked by one company
would be for the pirate makers to copy  alone it's called Hi-Tech the cost of
the DA boxes.                           it's crack would amaze you, they have
                                        invested an outlay of some total
Filmnet used a special  ASIC chip that  
was custom made for them.  The problem  1,500,000 they have succeed where
they faced was if the box got out it    others have failed there box is non-
could be copied so they built a mode    addressable by Filmnet.  They sent the
in that if the box left there country   ASIC of to China where it was layer
they could address the box over the     stripped by laser copied and ID
air turn it off and make it useless to  removed.
the pirate.  Now here's where it get    
clever in order for the pirate to copy  Now because Hi-Tech unit differs from
this box he must copy the ASIC if he    the official unit, Filmnet reckon they
copies the ASIC then he also copies     can knock this unit out and are now
the identity of the decoder.  If he     involved in a war of electronic
makes a batch of say 10,000 decoders    counter measures that would blow our
they all have the same identity all     minds they have a possible key
Filmnet has to do is turn off that      combination (scramble code) of 100000
everything possible to zap that box     of scramble mode.  This has kept out
out.  I will keep you posted.           the best hackers in the world.
                                        Premiere say that if the system is
               PREMIERE                 cracked it can upgrade itself to a
    VIDEO Nagravision - AUDIO None      completely new form of scrambling
                                        system to all its customers within
This is one of the best systems on      half an hour of knowing they have been
the market from a security viewpoint.   hacked.  Making the hack useless to
Premiere has total control over all     the pirate.  So to date not one hack
their decoders not one has managed to   has appeared for this system.
get out of there country.  They pick    
one of the lines on the TV, say 20 and  
place it at line 3 line 3 to 600 etc.                   RTL V
                                             VIDEO Luxcrypt - AUDIO None
This has the effect of bouncing the     
picture all over the place.  When a     This system is so close to Filmnets
high shuffle is on the picture is       video system that most decoders
totally destroyed.  Premiere is so      contain a Filmnet and RTL V board in
confident about its scrambling system   one.  I won't go into depth on this
that it only uses it's most very basic  but to say it hasnt been upgraded in 3
                                        years and RTL V don't care about being
hacked.  They are due to replace the    display a better picture.  Not what
decoders for new subscribers soon but   Teleclub wanted.
sources say that its just a prettier    
                                              SKY MOVIES, MOVIE CHANNEL
                                            VIDEO Videocrypt - AUDIO None
     VIDEO Payview 3 - AUDIO None       This is the system that should it
                                        become cracked the company will
A simple system in that they broadcast  become multi millionaires overnight.
a signal so strong that it forces the   
TV to attenuate the picture making the  Right forget what you have heard,
screen go black.  They then Invert      nothing has broken this system.
each line on the TV in a different      Here's what it is, the picture is
order, they also shift the position of  converted into a digital format each
the lines on the screen by moving the   TV line is then cut at one of 256
picture left and right 2 to 3 cm at a   points this cut line is then turned
time.  The pirate boxes are so far      around 180 degrees and stuck together
ahead of this scrambling system that    the resulting line is then XORED and
an upgrade was done recently that had   sent over the air to us.
the effect of making the pirate boxes   
In front of the line is a code which    implemented by hackers to read the
then intercepted by the decoder this    program in the chip but nothing has
tells the decoder to go have a look at  forced it to divulge its information.
location say 1297 in the smartcard.     Thompson the designers of Videocrypt
This location contains;                 again will not give any information
1. the lines cut point                  out on this even to Sky.  If this chip
2. the XORED value that was used to     could be read then the card could be
code up the line. Now here's where the  forced to give its information out.
system comes into its own.  I'm         The decoder communicates with the
ignoring the card for a moment, the     card by a two way single data path.
decoder contains two chips one is a     
"housekeeping" chip that displays the   Now onto the card. I've heard so much
on screen messages and card zap         information from people on card hacks,
routines.                               Stuff like put it in the fridge stick
                                        bits of sticky tape on it etc. and so
The second is the interface that        much crap that its forced me to laugh.
communicates with the smart card. This  
interface has a special mode that       Here's what your card has inside it.
causes all of it's output to be         8k of Eprom, 2k of ram, 1k of rom.
scrambled by itself that only itself    The card has several pins which it
can read, a self modifying algorithm    talks to the outside world with.
infact.  Various techniques have been   Clock, 0 volts, the 5v and 18v line,
reset and data path.  The rom has your  wipe your card by burning out the
own personal number the same as the     Eprom with a 18 volt supply to it.
one printed on your card in it.  The    This goes down the same line as the 5
Eeprom data contains the lines cut      volt supply that the chips need to
points plus XORED data bytes.  The ram  run.  So what you gonna do then?  Well
is a temporary work area for the        the rumour about putting sticky tape
decoder, stack etc.                     on the card won't stop Sky it will
                                        stop you using your decoder, because
                                        the card needs 5v in order to run.
        RUMOUR SMASHING TIME.           Voltage won't travel through sticky
                                        tape so you can't see any films.
"I can alter old cards to be upgraded   
to the new system".  Moooo!  Bullshit!  Trying to examine what is under the
How can  you read a card that contains  gold contacts kills your card
scrambled data via a single data path   instantly, the Eprom is so sensitive
giving the card the information it      that it's destroyed under light that's
needs to decode the bytes.  When it's   why no company has examined it under a
done via a secure microprocessor that   electron microscope to view the chips
can't be read.                          paths because it's destroyed
                                        instantly.  So sending off for all
"I'm altering my card to stop it being  these wonder card hack's is just
overwritten by SKY".  Mooooo!.  Sky     making the joker a lot richer.
                                        upgrade and send out new cards you
I will now tell you of confirmed        won't get one.
hacks, Yes real hacks in a true shown   
to format, documented and added to a    3. A device was made that intercepted
world hacker database.                  the data path between the card and the
                                        decoder data line this was then fed to
1. Morley Research in Gwent made a      16 other videocrypts in a block of
device that your card plugged into      flats.  What happened is upon a visit
this gadget then plugged into the       by an engineer to repair a fault he
decoder.  The gadget intercepted Sky's  noticed this cable going into one.  An
Kill card sequence and fed the decoder  hour later the flats no longer had
nops when trying to kill the card.      access to Sky as they came and took it
Sky simply used 1 of 17 backup card     out.  This hack is still being used by
kill sequences and then sued the balls  some people.
of Morley Research who disappeared      
without a trace.                        4. Morley Research has surfaced once
                                        more as Ultra Tech they now reckon
2. A diode is placed on the 18v line    that they have stopped all of Sky's
and when the 18v is activated for       card kill codes.  The units cost
card kill it dumps it to earth via a    
small use the power up circuit.  This   2300.00 for 10.  They are only sold
isn't really a hack because when SKY    in units of 10 no one has checked them
while you pay for your subscription so                  UPDATE
whats the point in buying them?         
                                        After writing this article I have just
In Europe the top video hackers are     got my latest copy of Hackwatch and it
working on Sky hacks.  To date they     makes very interesting  reading.  PR
are at least half way through a very    Technology, the makers of a DA unit
very complex system and they are        for Filmnet have gone  bust owing
ploughing millions into it.  They hope  
to have a simple box that sits on top   160,000 to various people.  They said
of the TV and needs no card to view     that they had a DA unit ready for
it.  The time to get halfway through    Filmnet, but never had.
has taken 2 years.  So next time        
somebody tells you "my mate has got     Just before going bust they had two
this hack and he hasn't got a card and  break-in's the first all of their DA
hes viewing SKY for now't now" turn to  equipment was stolen.  The second the
him and say "Prove it now!  Mooooo!"    computer that had all of the customers
                                        names and addresses that had sent them
                                        money disappeared.  So it was now not
                                        possible for them to know what they
                                        owed people.  They still continued to
                                        cash cheques for upto 
                                        500 of punters
Sky's Movie cards have had an update,   hardware inside for this to be taken
06 has been mailed to all subscribers.  into effect.
The new card has a bigger Eprom         
inserted on board.  The rumour is that  I forgot to say how your SKY card
Sky is about to have some new           get's wiped.  When you recieve your
Videocrypt channels added to its line   card, it has a number inside it which
up.                                     is registered against your account at
                                        Sky HQ.  When the card is put into the
Sky is also now very concerned about    decoder the decoder takes on this
the use of the infinite life hack.      number it's usually a 12 digit number.
The one where if you remove the card    Sky simply transmit this number over
from the decoder whilst Sky is trying   the air.  The information is sent just
to zap your card if you haven't paid    before the teletext signal.  When the
is causing a big problem for them.      number sent matches the decoders
The fact that decoders cannot talk      number the decoder listens to what it
back to Sky to tell them that the       has to do.  This is sent as a code
card is dead has become a big problem   straight after the number.  If it's
for them now.                           told to wipe your card then it just
                                        burns the Eprom out by sending 18v
Not only that pay per view is now       into it.
rumoured to be put into operation and   
card 06 now  has the necessary          
And how do I know so much you ask?      
Well I subscribe to Hack watch and      
Secondly I helped design a decoder for  



                By XL

The object of this article is firstly
to dispel the amazing amount of
rubbish you read about "my mate knows
someone who has hacked Videocrypt
and hes now watching it without a
smart card, this cost him 200 quid
to do". Or "My mates card lasted so
long and he's never paid".  Well it's
crap.  I hate to say it and here's why
I'm going to go through every single
scramble system used on Astra who
cracked it who sells the black boxes
and get rid of the rumours.



 Another file downloaded from:                               NIRVANAnet(tm)

 & the Temple of the Screaming Electron   Jeff Hunter          510-935-5845
 Salted Slug Systems                      Strange              408-454-9368
 Burn This Flag                           Zardoz               408-363-9766
 realitycheck                             Poindexter Fortran   415-567-7043
 Lies Unlimited                           Mick Freen           415-583-4102
 Tomorrow's 0rder of Magnitude            Finger_Man           415-961-9315
 My Dog Bit Jesus                         Suzanne D'Fault      510-658-8078

   Specializing in conversations, obscure information, high explosives,
       arcane knowledge, political extremism, diversive sexuality,
       insane speculation, and wild rumours. ALL-TEXT BBS SYSTEMS.

  Full access for first-time callers.  We don't want to know who you are,
   where you live, or what your phone number is. We are not Big Brother.

                          "Raw Data for Raw Nerves"