Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: How Nagra 3 Cams were Hacked and Cracked

  1. #1

    Arrow How Nagra 3 Cams were Hacked and Cracked

    Hello hack satellite pirates.

    You will find this an interesting read.

    Credit goes to Packin18 & Edmonton Guy for original concepts and n3 roms and eeproms
    dumps from dish and bell providers currently making way around irc and private
    underground forums around the net. Thank Packin18 for your N3 fix and no other.

    A virgin non sub card was inserted into a modified blue T911 mod loader with 4053 muxs.
    The virgin non sub card was reset and the atr was sent as usual.
    A packet containing nops with a bclr instruction at the end was sent to the n3 cam.
    When the last bit of the checksum was sent to the cam 16 additional clocks followed.
    The cam was soft reset by sending the RST cam pin low from high.
    As the cam rst pin swung low a bunch of glitching followed.
    This glitching carried on until the RST cam pin came high again.
    This glitching carried on for the first clock.
    200+ additional clocks were sent to the card.
    The cam i/o line was monitored for a full cycle low i/o pin result of the bclr instruction.
    The cam was quickly reset, glitched, & clocked a few hundred times again. repeatidly.
    When the full cycle low i/o pin signal was seen N3 cams were hacked.
    The bclr instructions were removed and replaced with more bsets and bclr instructions
    that ROR'd rom and eeprom a bit at a time out of the cam i/o pin without need for the
    rom routines that usually handle I/O output.

    What Happened?

    The packet was stored in the I/O buffer and the card reset before packet processing.
    The reset caused the program counter and the stack pointer to reset but not ram values.
    The packet full of nops that pulled the i/o line low stayed resident in ram on soft reset.
    The card was reset and the addressbus latching of the reset vector was glitched until
    the new reset vector became the i/o buffer where NOPS and BCLR code opened N3.

    N3 roms/eeproms (142/206/240) for all providers has successfully been dumped.
    (interestingly enough this attack works on all N1/N2 cams/icams as well)
    (i dont have any dave cams do you?)

    If you want a private fix email me here or at card doctor at gee males d0t com.
    if you want portions of n3 rom/eeprom dumps for verification do the same.

    See You Boys In The Ring.

  2. #2
    Junior Member
    Join Date
    17-07-2006
    Posts
    13
    Uploads
    0

    Re: How Nagra3 Cams Were Hacked & Cracked.

    thanx much for the information

  3. #3
    New Member
    Join Date
    29-04-2006
    Posts
    2
    Uploads
    0

    Thumbs up Re: How Nagra3 Cams Were Hacked & Cracked.

    Quote Originally Posted by CardDoctor View Post
    Hello hack satellite pirates.

    You will find this an interesting read.

    Credit goes to Packin18 & Edmonton Guy for original concepts and n3 roms and eeproms
    dumps from dish and bell providers currently making way around irc and private
    underground forums around the net. Thank Packin18 for your N3 fix and no other.

    A virgin non sub card was inserted into a modified blue T911 mod loader with 4053 muxs.
    The virgin non sub card was reset and the atr was sent as usual.
    A packet containing nops with a bclr instruction at the end was sent to the n3 cam.
    When the last bit of the checksum was sent to the cam 16 additional clocks followed.
    The cam was soft reset by sending the RST cam pin low from high.
    As the cam rst pin swung low a bunch of glitching followed.
    This glitching carried on until the RST cam pin came high again.
    This glitching carried on for the first clock.
    200+ additional clocks were sent to the card.
    The cam i/o line was monitored for a full cycle low i/o pin result of the bclr instruction.
    The cam was quickly reset, glitched, & clocked a few hundred times again. repeatidly.
    When the full cycle low i/o pin signal was seen N3 cams were hacked.
    The bclr instructions were removed and replaced with more bsets and bclr instructions
    that ROR'd rom and eeprom a bit at a time out of the cam i/o pin without need for the
    rom routines that usually handle I/O output.

    What Happened?

    The packet was stored in the I/O buffer and the card reset before packet processing.
    The reset caused the program counter and the stack pointer to reset but not ram values.
    The packet full of nops that pulled the i/o line low stayed resident in ram on soft reset.
    The card was reset and the addressbus latching of the reset vector was glitched until
    the new reset vector became the i/o buffer where NOPS and BCLR code opened N3.

    N3 roms/eeproms (142/206/240) for all providers has successfully been dumped.
    (interestingly enough this attack works on all N1/N2 cams/icams as well)
    (i dont have any dave cams do you?)

    If you want a private fix email me here or at card doctor at gee males d0t com.
    if you want portions of n3 rom/eeprom dumps for verification do the same.

    See You Boys In The Ring.
    Work of these gifted people who stand against all these challenges is very much appreciated by us "greens" we thank them and wish them all the best in their excellent wrok.All the best

  4. #4

    Re: How Nagra3 Cams Were Hacked & Cracked.

    Thanx boys

  5. #5
    Senior Member
    Join Date
    05-08-2006
    Location
    Somewhere in the Galaxy
    Posts
    108
    Uploads
    0

    Re: How Nagra3 Cams Were Hacked & Cracked.

    Very interesting, but that means THEY PAID A BIG TEAM OF DEV. and lot of money to change and swith they cards and one month later it's hacked ??
    It looks a joke.
    I hope it's true, but that songs not realistic

  6. #6

    Re: How Nagra3 Cams Were Hacked & Cracked.

    i would like it very much if you could PM me a peace of the ram and rom

    hell a peace of EEPROM would be nice to

  7. #7
    Junior Member
    Join Date
    10-04-2007
    Posts
    11
    Uploads
    0

    Re: How Nagra3 Cams Were Hacked & Cracked.

    thank for this news,very interesting,,and thank boys,,

  8. #8
    Junior Member
    Join Date
    13-10-2008
    Posts
    19
    Uploads
    0

    Re: How Nagra3 Cams Were Hacked & Cracked.

    Quote Originally Posted by CardDoctor View Post
    Hello hack satellite pirates.

    You will find this an interesting read.

    Credit goes to Packin18 & Edmonton Guy for original concepts and n3 roms and eeproms
    dumps from dish and bell providers currently making way around irc and private
    underground forums around the net. Thank Packin18 for your N3 fix and no other.

    A virgin non sub card was inserted into a modified blue T911 mod loader with 4053 muxs.
    The virgin non sub card was reset and the atr was sent as usual.
    A packet containing nops with a bclr instruction at the end was sent to the n3 cam.
    When the last bit of the checksum was sent to the cam 16 additional clocks followed.
    The cam was soft reset by sending the RST cam pin low from high.
    As the cam rst pin swung low a bunch of glitching followed.
    This glitching carried on until the RST cam pin came high again.
    This glitching carried on for the first clock.
    200+ additional clocks were sent to the card.
    The cam i/o line was monitored for a full cycle low i/o pin result of the bclr instruction.
    The cam was quickly reset, glitched, & clocked a few hundred times again. repeatidly.
    When the full cycle low i/o pin signal was seen N3 cams were hacked.
    The bclr instructions were removed and replaced with more bsets and bclr instructions
    that ROR'd rom and eeprom a bit at a time out of the cam i/o pin without need for the
    rom routines that usually handle I/O output.

    What Happened?

    The packet was stored in the I/O buffer and the card reset before packet processing.
    The reset caused the program counter and the stack pointer to reset but not ram values.
    The packet full of nops that pulled the i/o line low stayed resident in ram on soft reset.
    The card was reset and the addressbus latching of the reset vector was glitched until
    the new reset vector became the i/o buffer where NOPS and BCLR code opened N3.

    N3 roms/eeproms (142/206/240) for all providers has successfully been dumped.
    (interestingly enough this attack works on all N1/N2 cams/icams as well)
    (i dont have any dave cams do you?)

    If you want a private fix email me here or at card doctor at gee males d0t com.
    if you want portions of n3 rom/eeprom dumps for verification do the same.

    See You Boys In The Ring.
    Quote Originally Posted by buddy456 View Post
    i would like it very much if you could PM me a peace of the ram and rom

    hell a peace of EEPROM would be nice to
    Do you can send pm for me??

    Thanks

  9. #9
    Junior Member
    Join Date
    20-03-2007
    Posts
    13
    Uploads
    0

    Re: How Nagra3 Cams Were Hacked & Cracked.

    Nagra 3 is still strong and without opening in Europe
    The German chain "Premiere" also is transferred to Nagravisión 3.

    For that they still doubt the "darkness" of the pirate tv in Europe there are more news of Nagra 3 and the success that apparently it has had.

    It seems that Nagra 3 is spending all the tests of the hacker and coders that do not find solutions for the time being, and Nagra 3 starts being adopted as other chains and providers of television route satellite in Europe.The chain deprived by satellite Premiere also happens to Nagra 3 (earlier it was using Betacrypt and then Nagra 2), and after this one the Pole Cyfrowy Polsat will continue the same way. Nagra 3 is demonstrating to be quite solid, since it takes almost two years working in the Portuguese Tv Cabo without being hacked, in spite of the rumours that they indicate the opposite, and from December 4 Bonus works in the Digital system with the same result, there is no solution for the time being.
    And is it necessary to doubt, if it takes almost two years and the Nagra 3 does not open to itself in TV End, For which to believe the rumours now of that they are on the verge of doing it?. Anyway, two years it is a lot of time, so that the piracy could survive with teams that do not sell waiting in stores and also waiting for a miracle of a coder to which it would be necessary to pay to him, perhaps hundreds of thousands of dollars for the hack, if it achieves it.
    Digitalis, which from beginnings of this December only uses the new system of encryption of the Swiss company of Kuldelsky, has left to "dark" the channels that could be seen of fraudulent form with Nagra 2.
    After the process realized in two platforms route satellite "Iberian", now it touches him the shift to the German Premiere, in fact, who is already realizing for some weeks tests under the new format of Nagravisión 3. The Pole Cyfrowy Polsat will follow Premiere also.
    For the time being they are only rumours those that they say that Nagra3 it is already opened. This way it is like he promises to be in diversity of Forums of Europe, specializing in the topic. After the tests realized with the new review of Nagra, the tests have already realized with the Channel Sport TV 1 and 2. The Cardsharing is being implemented and supported by those Recipients of Satellite with connection Ethernet, nevertheless also it is possible to realize it by means of Captured in the PC.
    These tests that are contributed from Europe, demonstrate fully that Nagravision 3 has not been broken, that it is seen for cardsharing and not for no type of emulation that does not exist for the time being.
    The struggle against the piracy in the United States and Canada, it might win at once and for all (if Nagra 3 continues without breaking) with a change of cards of massive form, which was initiated by TV End in Europe and now by Digital Bonus and the German platform Premiere.
    The tests realized by Polsat and now Premiere, give to Kudelski a supremacy with Nagra 3, facing the imminent future that rethinks now. If everything is fine, André Kudelski might "clean" his disastrous image because of the mistake of Nagra 2, y to have a new strong position, opposite to proposed business piece of news of other satellite providers.
    The question is not if the system will be implemented in USA, because it will be like that with safety. The question is when it will be implemented.

  10. #10
    New Member
    Join Date
    01-07-2006
    Posts
    2
    Uploads
    0

    Re: How Nagra3 Cams Were Hacked & Cracked.

    It will be implemented in teh next couple of months in the US. They have already started sending out replacement cards and should be done in 2-3 months.

Page 1 of 2 12 LastLast

Similar Threads

  1. Hacked Encrytions / Hacked Packages
    By timark6 in forum English (UK)
    Replies: 14
    Last Post: 05-06-2008, 12:46:30
  2. Nagra 3 Hacked
    By flash500 in forum Nagravision
    Replies: 25
    Last Post: 24-01-2008, 16:27:24
  3. TVCabo Nagra 3 cards hacked. Confirmed.
    By satellite dish in forum Daily Satellite TV News
    Replies: 0
    Last Post: 24-09-2007, 23:56:22
  4. Austar Cracked
    By bruce69 in forum English (UK)
    Replies: 14
    Last Post: 15-08-2007, 09:00:45

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •