Windows version of offline decryption (HFODU)

OP
OP
EEPhil

EEPhil

Number 28
#21
I don't recall this having been explained previously, it was just assumed the reader would spot how they correspond. I would like to know too.
af123's reply to this is correct. But to put it into words -
The MAC address is already in hexadecimal representation. A digit from the serial number is not - you need to find the ASCII code for the number ("3" in af123's example) and then, for our purposes, show it in hex form - "33". ("Our purposes" being show the contents of the whole key in hexadecimal form.)
 
#22
Brilliant, thanks very much EEPhil for the "special case" option.
Yes, I now see that the issue is that each character of the serial number would have to be entered as whatever character is ASCII 0 in order to create a 00h encryption key. Not easy!
You're right that there is no actual need for an offline decryption tool if CF is running on the 'Fox, since it can decrypt everything itself. But there is some merit in reducing the load on the 'Fox (processor + disc) by leaving everything encrypted on the box and just decrypting offline when necessary.
 

Black Hole

May contain traces of nut
#23

sceptic

Forum Supporter
#24
... As in - you have CF why would you be decrypting off the box in Windows?
I can think of at least a couple of cases. One might be where someone had copied off encrypted recordings by mistake, it would be a lot easier to decrypt in place than copy back to the Humax and then back again! Another one might be that users who regularly archive recordings might now actually prefer to leave recordings encrypted and only decrypt them once they have been moved off the Humax, reducing the load on the STB. A high end Windows box should be able to decrypt files significantly faster than the STB too...
 

Luke

Well-Knwοn Мember
#26
I can think of at least a couple of cases. One might be where someone had copied off encrypted recordings by mistake, it would be a lot easier to decrypt in place than copy back to the Humax and then back again! Another one might be that users who regularly archive recordings might now actually prefer to leave recordings encrypted and only decrypt them once they have been moved off the Humax, reducing the load on the STB. A high end Windows box should be able to decrypt files significantly faster than the STB too...
...and should the box die and the disk is okay then the recordings can be decrypted and viewed
EEPhil was describing his initial thoughts not his current thoughts. You're preaching to the converted.
 
OP
OP
EEPhil

EEPhil

Number 28
#30
EEPhil was describing his initial thoughts not his current thoughts. You're preaching to the converted.
Correct. (And I'd forgotten that af123 had allowed everyone to change the key to whatever you like. Plus I tried to idiot-proof the entry of MAC and serial number - forgetting that the biggest idiot was trying to predict what the user wanted!)
 
#31
.
...and should the box die and the disk is okay then the recordings can be decrypted and viewed

I've got a hummy that died years ago, but the internal 500GB drive is good - it's just that when i removed it from the dead box and connected to my replacement hummy, via usb, the recordings couldn't be seen - hence the need now to somehow retrospectively decrypt them. (nb. i have a mixture of SD and HD content).

So if there's now a solution to be able to view their content after all these years then i'm ecstatic!

All i need is someone to gently guide me slowly to achieve it. I don't have any coding skills at all but i can follow easy instructions by someone who is very patient, and used to "working with 5-year old's!"

I'd like to be able to do this offline, ie. without the internet/webif doing it as i don't have home broadband. If this is a deal-breaker then i'll just have to sit in McDonald's for 5 hours with my portable mains generator & hummy and do it there lol

....so if i understand this thread correctly, is this what has been achieved now, or have i completely misunderstood what this "offline decryption" tool is? Otherwise does anyone have a solution to my problem?

My worst fear is that this thread/solution (changing the encryption key / serial number & mac address to all 3333333's) is a preventative measure for future hummy's dying, and not for original hummy's (encryption key).

many thanks
.
 
Last edited:
OP
OP
EEPhil

EEPhil

Number 28
#32
it's just that when i removed it from the dead box and connected to my replacement hummy, via usb, the recordings couldn't be seen
This is the main problem. If you can't see the files, you can't do anything with them. You will need someone else to give advice on why you can't see the files when connecting the disk to another Humax. Once you can see the files you ought to be able to decrypt them.

My worst fear is that this thread/solution (changing the encryption key / serial number & mac address to all 3333333's) is a preventative measure for future hummy's dying, and not for original hummy's (encryption key).
As far as you are concerned you can ignore the references to changing keys and all the 3s. The program described here will work if you have a FOX-T2 and you know the MAC address and Serial Number of the box that recorded the files. If you don't have these details, you are out of luck.

Getting this program to work may require an effort. You need to have Java installed. See the first three posts. It may be worth reading af123's original thread click here.
 
#33
...it's just that when i removed it from the dead box and connected it to my replacement hummy, via usb, the recordings couldn't be seen
This is the main problem. If you can't see the files, you can't do anything with them..... .....Once you can see the files you ought to be able to decrypt them.

Sorry about the confusion, i misspoke, what i meant to say was i CAN see the files but when i press Play there is just a blank screen (which is what you would expect if they're encrypted).

So all the files are there, and i've checked the webif 'browse' to confirm that, AND i still have the original dead hummy too.

I'm hoping now you might be able to help, or guide me in decrypting them so i can watch on my replacement hummy.

NB.
I don't have any coding skills so either a very straightforward process is needed, or some very simple step-by-step instructions if i need to write code for example.

Yes, i did read af123's original thread (Beta Offline decryption utility) but to be honest, it just went over my head (sorry).

For clarity i have the HDR-Fox T2 boxes (dead and replacement) both with the white sticker on the bottom with the serial no. etc.

Kind regards
.
 
Last edited:

Black Hole

May contain traces of nut
#34
With the dead unit's MAC and serial number, if you don't want to fire up Linux on your PC (easy enough by booting with a "live Linux" DVD), your easiest option is to use your working HDR-FOX to decrypt.

1. Copy the relevant material (including sidecar files) to the working HDR-FOX (or connect the old drive by USB);

2. Use the WebIF utility to configure the encryption key to match the old unit;

3. Decrypt (by whatever method you prefer).

Notes:

1. If all existing recordings have been decrypted, there is no need to restore the unit's original decryption key. Any recordings made while configured with a custom key will need to be decrypted with the custom key.

2. Decryption key can be configured via WebIF >> Settings >> Advanced Settings.

3. A unit's original decryption key is derived from its MAC (6 bytes), and the first 10 digits of its serial number, ASCII encoded (10 bytes):

Code:
humax# nugget dump 0x0dadd58 0x10
00dadd58: 00 03 78 bd 11 f3 36 33 37 31 30 34 34 39 36 30  ..x...6371044960
In this example, the encryption key is 000378bd11f336333731303434393630 - the eagle eyed amongst you will spot that it's the box MAC address + the first 10 digits of the serial number, although not all bits are actually used.
 
Last edited:
#35
With the dead unit's MAC and serial number..... .....your easiest option is to use your working HDR-FOX to decrypt.

1. .....connect the old drive by USB);
2. Use the WebIF utility to configure the encryption key to match the old unit;
3. Decrypt.

WOW that's fantastic news! - thank you Black Hole. :)

I was half expecting to hear that you can only decrypt via the original hummy with no exceptions!

So there finally is a special way round it! How long has this been available... i'm assuming fairly recently, as i remember a very old post asking the same but the simple answer was no.

Man i can't wait for one of you clever people to find a permanent solution for all of us to circumnavigate the whole encryption process all together. I wish we could go back to the much simpler days of recording via VHS - no encryption problems then! lol. Why did the bbc and co. force the manufactures to include this idiot protection? It never used to be a problem until we went to digital broadcasts!

Yes the easiest way for me will be to connect the old drive via USB to my replacement hummy, where it'll 'see' the recordings but not play them, at present.

So forgive the stupid question but what is the 'WebIF utility' you referred to? Is it a 'package' in the repository (like auto-undelete for example) that i simply add to my custom firmware, or something different?

Presumably, "configuring the encryption key to match the old unit" is idiot proof, or will i need some specific knowledge? :unsure: - i have zero knowledge of coding but i can follow simple step-by-step instructions if someone is patient enough to "hold my hand" ?

As mentioned, i did try to read af123's 'Offline decryption utility' but after 11 pages, it just fried my brain!

Thanks in advance
.
 
Last edited:
#38
So would i be right in saying this 'Utility' is some sort of special program written, to scan each recording one by one, and then change the encryption flag? (or thingy) that was embedded in the recording with the original box, to a universal one, which can then somehow be interpreted by the replacement hummy, and decrypted via a conventional method - in my case by copying the file to an external usb-hdd.

Or is it more complicated than that?

With the knowledge of how this program works, can we not use it to our advantage and manipulate it so as to avoid the need to decrypt at all - ie. recordings won't be encrypted in the first place?

I know not everyone is a fan or convinced about removing the decryption completely but i think there is enough of us to make it worth the while, especially as it may have other unexpected benefits also....
 
Last edited:

Black Hole

May contain traces of nut
#39
Which "utility" do you mean? Are you talking about decryption in general? Did you read my updated post 34 above or something else? This thread is about off-line decryption (the ability to decrypt recordings not using a HDR-FOX), and this is all a bit of a detour.

If you want to understand decryption in general:

* For HiDef recordings, you need to clear the "do not decrypt" protection flag. That is the job of the "auto-unprotect" package (if you don't know what packages are, you need to get familiar with the custom firmware - see Quick Guide to Custom Firmware [click]).

* There are numerous ways of triggering decryption, the most commonly used one being to configure the WebIF to trigger it automatically shortly after the recording is complete. It is also available via the WebIF media browser on the OPT+ menu for each recording listed. See Decryption Guide (click).

The ability to change the HDR-FOX's decryption key to your own custom value (for example to make multiple HD/HDR-FOXes all have the same key, convenient for content sharing without needing to decrypt) has been built into the WebIF for several months. This is not a separate package, but unless you are running the latest versions of packages in your custom firmware (the WebIF is just another package), you may not have it available. In your case: you will be configuring the decryption key to match that of your old HDR-FOX, and then the new HDR-FOX will be able to decrypt the old recordings without any further alterations. It won't then be able to decrypt its own existing recordings until you restore the original key.

Note that the stripts command line utility (now including software decryption capability) is able to try several keys to find one that works (including the custom key and the original key) - but that does not apply to hardware decryption (which can only use the current configured key) or off-box decryption (where you have to specify the key). Note also that these facilities might only be available if you enable beta packages.

With regard to defeating encryption entirely: this will require reprogramming the actual Humax hardware so that the native operations which send the data to the HDD via the encryption unit bypass it instead. As we have no documentation on the internal structure of the SoC (System on Chip - in other words practically and entire computer and peripherals all built into one configurable and programmable chip), and only access to the binary code (no source code or even commented assembly code): (1) somebody needs to find the section(s) of code that route data through the encryption unit, without prior knowledge of where the encryption unit is; (2) having found the relevant code, somebody needs to figure how it works and how it can be modified to bypass encryption.

I don't know about you, but to me that sounds like a pretty tall order. The hope is that there already exists a flag which Humax may have incorporated to select behaviour (encrypt or don't encrypt), and if that proves to be the case it would be much easier just to turn it off. But it is still necessary to locate that flag, and looking for it may be a wild goose chase (ie a complete waste of valuable time if such a flag does not exist).

The point is that however much we may like recordings not to be encrypted in the first place, we don't need them not to be encrypted because we have work-arounds, and the effort involved is too great to be worth it. With off-line decryption available, it is now even less of an issue (because now recordings can still be recovered, even if the HDR-FOX dies - with the HDD still intact of course).
 
Last edited:
OP
OP
EEPhil

EEPhil

Number 28
#40
Sorry, I've been offline for a couple of days.

If @Eric can see the encrypted files on the USB drive connected to his new Humax then this is a good start. What I'm not sure about is whether Eric's new Humax is also a FOX-T2 or something else. If it is capable of installing the customised firmware (CF) then that might be a better way to proceed than following this thread. This thread is about a Windows based (maybe it might work on other platforms) utility which requires the user to pick files one at a time for decryption. It does not have a batch mode (sorry!). It does not depend on installation of the CF.
With off-line decryption now available, it is now even less of an issue (because now recordings can still be recovered, even if the HDR-FOX dies - with the HDD still in tact of course)
You still must have the MAC address and serial number (S/N) of the original Humax. So the question for Eric is - do you still have the original (dead) Humax? If so, find the label with the MAC address and S/N on it. Make a note of them and keep in a safe place. You say you don't have home broadband. But do you have a network connection between your Humax and a PC? Somehow you will have to get files from the Humax to the PC to use the utility described in this thread. I'm assuming that you've arrived at this thread because you are using a Windows PC. Is this correct?

You will need to check whether you can run Java programs on your PC. Open a command window (assuming you have Windows 10, Google - or other search engine - "command window windows 10" if you don't know how), and type (without the quotes) "java -version". If you get a sensible reply, you have Java installed. If you get something along the lines of "Java" is not recognized as an internal or external command... then you will need to install Java to use this utility. If you have Java, download the zip file in post #20 and follow the earlier instructions for installation.

If you need to install Java either try the suggestions in posts #2 and #3 or go directly to https://java.com/en/download/ and follow the instructions.
 
Top