• The forum software that supports hummy.tv has been upgraded to XenForo 2.3!

    Please bear with us as we continue to tweak things, and feel free to post any questions, issues or suggestions in the upgrade thread.

Beta Offline decryption utility

af123 said:
Well, it certainly isn't fast, but I'm adding decryption options to the web interface on the HD Fox T2. This is an hour-long recording from Dave ja vu.

View attachment 3522
Click to expand...
Is the queued decryption method now working for the HD-Fox? I have the opkg-beta package installed on my HD-Fox, and I have updated stripts to 1.4.0 and webif to 1.4.3, but when I queue a recording for decryption it does not happen; the queue table says "defer, DLNA server not running".
 
MontysEvilTwin said:
Is the queued decryption method now working for the HD-Fox? I have the opkg-beta package installed on my HD-Fox, and I have updated stripts to 1.4.0 and webif to 1.4.3, but when I queue a recording for decryption it does not happen; the queue table says "defer, DLNA server not running".
Click to expand...
No, I haven't uploaded a new package version yet as I haven't finished testing.
 
af123 said:
Running brute force now...
Click to expand...
I didn't get anywhere with a limited brute force (trying just digits in the last 10 places and leaving the MAC address at the start).. a full run would take too long.
 
I can't be sure I was doing the right thing when I tried to decrypt one packet, but I did try the adjusting the S/N leaving the MAC and no joy. (Think I tried putting the MAC last and part of the S/N first). Given that I may well be making a bodge of it, I'm not sure whether I can't get it to work because I don't understand it, or because the keys are just wrong. Pity there isn't a Fox recording + MAC + S/N available to see if I'm going about it the right way... If I knew I was doing the right thing I'd attempt a brute force approach myself.
 
Last edited:
EEPhil said:
Pity there isn't a Fox recording + MAC + S/N available to see if I'm going about it the right way... If I knew I was doing the right thing I'd attempt a brute force approach myself.
Click to expand...
https://hpkg.tv/misc/pointless.zip
Includes encrypted and decrypted version, and the key.
For your test recording data, from the PAT I have the following crib: 4c4d65d47880c8ef should decrypt to ffffffffffffffff
Based on the repeating pattern, the 2000T is also using 3DES but it could be using a full 168-bit key for all we know (rather than 112-bits as the T2 does).
 
Black Hole said:
In as much as decryption seems to be fast enough to keep up (need to test a HiDef), this now seems feasible. I could dedicate a HD-FOX to being a network TV server. There will be some work to do to keep track of the 0.ts write pointer.
Click to expand...
I have run a decryption on a HD-FOX HiDef recording - 2.22GB (1 hour of Tom Kerridge) took 47m33s. I'm surprised it was that quick. Didn't need to bother unprotecting it!
 
Last edited:
Just an update. I may be going about this the wrong way but... using af123's pointless example and my bodge program, I have managed to decrypt the first packet in the encrypted file using the given key and it matches the decrypted version. Small steps!
Later: Now getting most packets decrypted [for af123's file]. Just got to deal with the adaption set/start of payload packets...
Latest: Managed to fully decrypt a pointless programme. Only problem is file is 128 bytes too big :confused:.
Still no joy with 2000T's key(s) yet.
 
Last edited:
Black Hole said:
I have run a decryption on a HD-FOX HiDef recording - 2.22GB (1 hour of Tom Kerridge) took 47m33s. I'm surprised it was that quick. Didn't need to bother unprotecting it!
Click to expand...
For comparison: a 1 hour StDef recording (1.07GB) decrypted in 22m56s.

1153638400 (1.07GiB) / 1375.65 (22m56s) = 0.800 MiB/s

2.22GiB / 47m33s = 0.797 MiB/s (I no longer have the exact numbers)

Nicely consistent.
 
A few other benchmarks on different machines might be useful to get a handle on how consistent. For example: the HD-FOX is performing HDD accesses via USB.
 
Indeed, the difference (presumably) being that my benchmarks were using a HDD via USB on HD-FOX instead of UPD via USB on HD-FOX. Has anyone got figures for HDR-FOX/HDD/SATA?
 
webif 1.4.3-1 is now in the beta repository.. This one adds the decryption options for the Humax HD model (directly via OPT+ with progress bar etc. or via queue system). It also allows setting recursive auto-decrypt options on folders on that model.

On the HDR, the OPT+ decryption option can now work on recordings which have not yet been indexed - it will still use DLNA in that case - or if the DLNA server is not enabled, in which case it will print a warning and allow the use of the new direct method.
 
af123 said:
I didn't get anywhere with a limited brute force (trying just digits in the last 10 places and leaving the MAC address at the start).. a full run would take too long.
Click to expand...
Damn! I wish I'd read this properly. I've just wasted time repeating exactly what you've done. :D
I'm not sure what to try next with the 2000T key(s). They might not even use the MAC and serial number at all.
As you say a full brute force attempt would take too long (especially with my slow machine). If it is the full 168-bit key, I doubt whether it is possible to use brute force. An educated guess would still have the MAC and serial number involved - but how? My head hurts!
 
It may be possible to extract the key if you can force it to encrypt/decrypt specifically constructed files and examine the results. Google "3DES key extraction".
 
Black Hole said:
It may be possible to extract the key if you can force it to encrypt/decrypt specifically constructed files and examine the results. Google "3DES key extraction".
Click to expand...
Had you a particular article in mind? I'm just getting the IBM 4758 references at the top of the search results.
 
You must log in or register to reply here.
Back
Top