Beta Offline decryption utility

Well, it certainly isn't fast, but I'm adding decryption options to the web interface on the HD Fox T2. This is an hour-long recording from Dave ja vu.

View attachment 3522
Is the queued decryption method now working for the HD-Fox? I have the opkg-beta package installed on my HD-Fox, and I have updated stripts to 1.4.0 and webif to 1.4.3, but when I queue a recording for decryption it does not happen; the queue table says "defer, DLNA server not running".
 
Is the queued decryption method now working for the HD-Fox? I have the opkg-beta package installed on my HD-Fox, and I have updated stripts to 1.4.0 and webif to 1.4.3, but when I queue a recording for decryption it does not happen; the queue table says "defer, DLNA server not running".
No, I haven't uploaded a new package version yet as I haven't finished testing.
 
Running brute force now...
I didn't get anywhere with a limited brute force (trying just digits in the last 10 places and leaving the MAC address at the start).. a full run would take too long.
 
I can't be sure I was doing the right thing when I tried to decrypt one packet, but I did try the adjusting the S/N leaving the MAC and no joy. (Think I tried putting the MAC last and part of the S/N first). Given that I may well be making a bodge of it, I'm not sure whether I can't get it to work because I don't understand it, or because the keys are just wrong. Pity there isn't a Fox recording + MAC + S/N available to see if I'm going about it the right way... If I knew I was doing the right thing I'd attempt a brute force approach myself.
 
Last edited:
Pity there isn't a Fox recording + MAC + S/N available to see if I'm going about it the right way... If I knew I was doing the right thing I'd attempt a brute force approach myself.
https://hpkg.tv/misc/pointless.zip
Includes encrypted and decrypted version, and the key.
For your test recording data, from the PAT I have the following crib: 4c4d65d47880c8ef should decrypt to ffffffffffffffff
Based on the repeating pattern, the 2000T is also using 3DES but it could be using a full 168-bit key for all we know (rather than 112-bits as the T2 does).
 
In as much as decryption seems to be fast enough to keep up (need to test a HiDef), this now seems feasible. I could dedicate a HD-FOX to being a network TV server. There will be some work to do to keep track of the 0.ts write pointer.
I have run a decryption on a HD-FOX HiDef recording - 2.22GB (1 hour of Tom Kerridge) took 47m33s. I'm surprised it was that quick. Didn't need to bother unprotecting it!
 
Last edited:
Just an update. I may be going about this the wrong way but... using af123's pointless example and my bodge program, I have managed to decrypt the first packet in the encrypted file using the given key and it matches the decrypted version. Small steps!
Later: Now getting most packets decrypted [for af123's file]. Just got to deal with the adaption set/start of payload packets...
Latest: Managed to fully decrypt a pointless programme. Only problem is file is 128 bytes too big :confused:.
Still no joy with 2000T's key(s) yet.
 
Last edited:
I have run a decryption on a HD-FOX HiDef recording - 2.22GB (1 hour of Tom Kerridge) took 47m33s. I'm surprised it was that quick. Didn't need to bother unprotecting it!
For comparison: a 1 hour StDef recording (1.07GB) decrypted in 22m56s.

1153638400 (1.07GiB) / 1375.65 (22m56s) = 0.800 MiB/s

2.22GiB / 47m33s = 0.797 MiB/s (I no longer have the exact numbers)

Nicely consistent.
 
A few other benchmarks on different machines might be useful to get a handle on how consistent. For example: the HD-FOX is performing HDD accesses via USB.
 
Indeed, the difference (presumably) being that my benchmarks were using a HDD via USB on HD-FOX instead of UPD via USB on HD-FOX. Has anyone got figures for HDR-FOX/HDD/SATA?
 
webif 1.4.3-1 is now in the beta repository.. This one adds the decryption options for the Humax HD model (directly via OPT+ with progress bar etc. or via queue system). It also allows setting recursive auto-decrypt options on folders on that model.

On the HDR, the OPT+ decryption option can now work on recordings which have not yet been indexed - it will still use DLNA in that case - or if the DLNA server is not enabled, in which case it will print a warning and allow the use of the new direct method.
 
I didn't get anywhere with a limited brute force (trying just digits in the last 10 places and leaving the MAC address at the start).. a full run would take too long.
Damn! I wish I'd read this properly. I've just wasted time repeating exactly what you've done. :D
I'm not sure what to try next with the 2000T key(s). They might not even use the MAC and serial number at all.
As you say a full brute force attempt would take too long (especially with my slow machine). If it is the full 168-bit key, I doubt whether it is possible to use brute force. An educated guess would still have the MAC and serial number involved - but how? My head hurts!
 
It may be possible to extract the key if you can force it to encrypt/decrypt specifically constructed files and examine the results. Google "3DES key extraction".
 
It may be possible to extract the key if you can force it to encrypt/decrypt specifically constructed files and examine the results. Google "3DES key extraction".
Had you a particular article in mind? I'm just getting the IBM 4758 references at the top of the search results.
 
Back
Top