Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: help gamma team

  1. #1

    help gamma team

    why gamma tem be late for the new updaits orbit down and sex view also please help us or learn us how we make our updait for our cards

  2. #2

    Re: help gamma team

    efxaristw



    >> ONLY english language outside the international forums!

  3. #3

    Re: help gamma team

    Quote Originally Posted by adoo_100200 View Post
    why gamma tem be late for the new updaits orbit down and sex view also please help us or learn us how we make our updait for our cards
    You will not get a lot of help from the Gamma Team. They are very busy making Titanium 3.

    If you really want to know how to make commands to change your HSN you first need to understand how it all works. The best way to do this is to look at the gamma source. But here is some basics.

    The gamma source describes a icard using the following structures:

    typedef struct tagIRDETOCARD {
    BYTE GSMK[16];
    BYTE PSMK[16];
    BYTE IV_PAD[16];
    BYTE GMASK[16];
    BYTE PMASK[16];
    BYTE KEK[16];

    BYTE INS2_23[13];
    BYTE Coco[3];
    BYTE abHex[3];
    BYTE AnzahlSectoren[1];
    BYTE ExiKey[16];
    BYTE AxiKey[16];
    IRDETO_SECTOR sIrdetoSector[2];

    }IRDETO_CARD;



    From this you can see there are many keys required however as a minimum to have working card you need:
    1. IV_PAD (this is required by the CBC algorithm used for decrypting DES)
    2. GMASK (this is required to decrypt the product keys sent in the 02/03 EMMs)
    3. abHEX (this is the HSN)
    4. AxiKey (this is to decrypt the first layer of the C3/CB EMK)
    5. ExiKey (this is to decrypt the second layer or the Nano Messages of the C3/CB EMK)

    The gamma team to get the IV_PAD, GMASK, plus the other keys in the icard send a real card to a lab to micro-probe and dump its contents.
    The ExiKey and AxiKey's are generated by them using a special technique that is known to them. There are lists which the Gamma Team have published and unfortunately given to the providers so that they can kill all the HSNs that have been used in the gammacard. For example, the Nova list contains well over 8,000 details.

    The various lists are floating around the forums. I suggest you get your hands on them and have a look. See if you can see what others have worked out.

    Regardless this is were your biggest challenge will be. Unless you also send your real card to a lab to dump its contents you will not be able to obtain the Exi/Axi keys that match the HSN you are trying to clone.


    So lets have a look at how this structure is populated using the individual Update Commands (UC) described in great detail in the Gamma Source Code.

    Gamma Update Command
    Encrypted:
    020100000060FF5E8BEE52F49016E1B1A10A12748843640FE3 49E61AE9A6EA10E6891AB0B06ADBDC
    C0507B3347F74DF5D59544DBA4D0D6348A6BF2C9941F472402 49FF86FD8896672CAC65921AEBE8A0
    E9F85F972B3BB8DE62428F5FCE6503DCB9689792009B


    Decrypted using the Update Key 0:
    890601100D22CC930A01000310AFB049FC408D4D2C91B8588E 3B691C470410D577AE402C9C31DBBE
    4302769980EA2205108E285D3EDB3E2BCB98164E21BA25BC10 070D05051206030604060106020000
    0A01020803475243 MAC = 117434F9A2B18072

    When you look through the decrypted message from left to write you see this message contains the following update commands:

    Padding Byte (UC->89) = 06 (This instructs the gamma to ignore the next 6 bytes)
    AnzahlSectoren (UC-0A) = 00
    IV_PAD (UC->03) = AFB049FC408D4D2C91B8588E3B691C47
    GMASK (UC->04) = D577AE402C9C31DBBE4302769980EA22
    PMASK (UC->05) = 8E285D3EDB3E2BCB98164E21BA25BC10
    INS2_23 (UC->07) = 05051206030604060106020000
    AnzahlSectoren (UC->0A) = 02
    Coco (UC->08) = 475243


    Gamma Update Command
    Encrypted:
    020100020048B0F77E2B1BB864623F39350991F5EE87152E79 C18CE50C6EA756CE4BD4DF6866B393F
    18909FC227C54B96FA4E13DB3DFE381E41EEBCEBFFD5F6E93E 78A059942568F401C95770767


    Decrypted using the Update Key 0:
    8912E1B08086646F15079C51D35FEC9A73A651700B10E11277 A94DFBAA9B86732C6AB8C590B70C10
    E62E1ADE4E9AB245606733E5DBB1188A0903079AB10D0118 MAC = 03F6DD58915095B9


    When you look through the decrypted message from left to write you see this message contains the following update commands:

    Padding Byte (UC->89) = 12 (This instructs the gamma to ignore the next 12 bytes)
    ExiKey (UC->0B) = E11277A94DFBAA9B86732C6AB8C590B7
    AxiKey (UC->0C) = E62E1ADE4E9AB245606733E5DBB1188A
    abHex (UC->09) = 079AB1


    Gamma Update Command
    Encrypted:
    020100020048CAB79AE419027D30A304238462D915E3ACA24B 6685ECC4941321AE8AE3E5FA303D0A6B6A
    795A3EF5581097793A25D37A261B13FB75AC883ABD01D0A072 6496D937108BA475662ABB


    Decrypted usig the Update Key 0:
    890D6D6DAD060E08A2ED0673574171400113100400052B2912 120000D2C37C72BC09C66D18AFB930
    ECCA0C0D121200019AA30E9C914B6FE93559DFEDF1F98D9D MAC = F63F1C137D67DF4E

    When you look through the decrypted message from left to write you see this message contains the following update commands:

    Padding Byte (UC->89) = 0D
    iCard.sIrdetoSector[0].abPid (UC->10-00) = 052B29
    iCard.sIrdetoSector[0].abGroupKey[0] (UC-> 12-00-00) = D2C37C72BC09C66D18AFB930ECCA0C0D
    iCard.sIrdetoSector[0].abGroupKey[1] (UC-> 12-00-01) = 9AA30E9C914B6FE93559DFEDF1F98D9D

    GammaOracle

  4. #4
    Banned
    Join Date
    14-05-2008
    Location
    southern greek coasts
    Posts
    2,259
    Uploads
    4

    Re: help gamma team

    very helpfull post , thnx.

    @ admins
    there may be a prob with the new forum soft . it wont accept directly the post reply button , so many of us keen on double posting by double or triple pressing the button .

  5. #5

    Re: help gamma team

    Quote Originally Posted by gammaoracle View Post
    You will not get a lot of help from the Gamma Team. They are very busy making Titanium 3.

    If you really want to know how to make commands to change your HSN you first need to understand how it all works. The best way to do this is to look at the gamma source. But here is some basics.

    The gamma source describes a icard using the following structures:

    typedef struct tagIRDETOCARD {
    BYTE GSMK[16];
    BYTE PSMK[16];
    BYTE IV_PAD[16];
    BYTE GMASK[16];
    BYTE PMASK[16];
    BYTE KEK[16];

    BYTE INS2_23[13];
    BYTE Coco[3];
    BYTE abHex[3];
    BYTE AnzahlSectoren[1];
    BYTE ExiKey[16];
    BYTE AxiKey[16];
    IRDETO_SECTOR sIrdetoSector[2];

    }IRDETO_CARD;



    From this you can see there are many keys required however as a minimum to have working card you need:
    1. IV_PAD (this is required by the CBC algorithm used for decrypting DES)
    2. GMASK (this is required to decrypt the product keys sent in the 02/03 EMMs)
    3. abHEX (this is the HSN)
    4. AxiKey (this is to decrypt the first layer of the C3/CB EMK)
    5. ExiKey (this is to decrypt the second layer or the Nano Messages of the C3/CB EMK)

    The gamma team to get the IV_PAD, GMASK, plus the other keys in the icard send a real card to a lab to micro-probe and dump its contents.
    The ExiKey and AxiKey's are generated by them using a special technique that is known to them. There are lists which the Gamma Team have published and unfortunately given to the providers so that they can kill all the HSNs that have been used in the gammacard. For example, the Nova list contains well over 8,000 details.

    The various lists are floating around the forums. I suggest you get your hands on them and have a look. See if you can see what others have worked out.

    Regardless this is were your biggest challenge will be. Unless you also send your real card to a lab to dump its contents you will not be able to obtain the Exi/Axi keys that match the HSN you are trying to clone.


    So lets have a look at how this structure is populated using the individual Update Commands (UC) described in great detail in the Gamma Source Code.

    Gamma Update Command
    Encrypted:
    020100000060FF5E8BEE52F49016E1B1A10A12748843640FE3 49E61AE9A6EA10E6891AB0B06ADBDC
    C0507B3347F74DF5D59544DBA4D0D6348A6BF2C9941F472402 49FF86FD8896672CAC65921AEBE8A0
    E9F85F972B3BB8DE62428F5FCE6503DCB9689792009B


    Decrypted using the Update Key 0:
    890601100D22CC930A01000310AFB049FC408D4D2C91B8588E 3B691C470410D577AE402C9C31DBBE
    4302769980EA2205108E285D3EDB3E2BCB98164E21BA25BC10 070D05051206030604060106020000
    0A01020803475243 MAC = 117434F9A2B18072

    When you look through the decrypted message from left to write you see this message contains the following update commands:

    Padding Byte (UC->89) = 06 (This instructs the gamma to ignore the next 6 bytes)
    AnzahlSectoren (UC-0A) = 00
    IV_PAD (UC->03) = AFB049FC408D4D2C91B8588E3B691C47
    GMASK (UC->04) = D577AE402C9C31DBBE4302769980EA22
    PMASK (UC->05) = 8E285D3EDB3E2BCB98164E21BA25BC10
    INS2_23 (UC->07) = 05051206030604060106020000
    AnzahlSectoren (UC->0A) = 02
    Coco (UC->08) = 475243


    Gamma Update Command
    Encrypted:
    020100020048B0F77E2B1BB864623F39350991F5EE87152E79 C18CE50C6EA756CE4BD4DF6866B393F
    18909FC227C54B96FA4E13DB3DFE381E41EEBCEBFFD5F6E93E 78A059942568F401C95770767


    Decrypted using the Update Key 0:
    8912E1B08086646F15079C51D35FEC9A73A651700B10E11277 A94DFBAA9B86732C6AB8C590B70C10
    E62E1ADE4E9AB245606733E5DBB1188A0903079AB10D0118 MAC = 03F6DD58915095B9


    When you look through the decrypted message from left to write you see this message contains the following update commands:

    Padding Byte (UC->89) = 12 (This instructs the gamma to ignore the next 12 bytes)
    ExiKey (UC->0B) = E11277A94DFBAA9B86732C6AB8C590B7
    AxiKey (UC->0C) = E62E1ADE4E9AB245606733E5DBB1188A
    abHex (UC->09) = 079AB1


    Gamma Update Command
    Encrypted:
    020100020048CAB79AE419027D30A304238462D915E3ACA24B 6685ECC4941321AE8AE3E5FA303D0A6B6A
    795A3EF5581097793A25D37A261B13FB75AC883ABD01D0A072 6496D937108BA475662ABB


    Decrypted usig the Update Key 0:
    890D6D6DAD060E08A2ED0673574171400113100400052B2912 120000D2C37C72BC09C66D18AFB930
    ECCA0C0D121200019AA30E9C914B6FE93559DFEDF1F98D9D MAC = F63F1C137D67DF4E

    When you look through the decrypted message from left to write you see this message contains the following update commands:

    Padding Byte (UC->89) = 0D
    iCard.sIrdetoSector[0].abPid (UC->10-00) = 052B29
    iCard.sIrdetoSector[0].abGroupKey[0] (UC-> 12-00-00) = D2C37C72BC09C66D18AFB930ECCA0C0D
    iCard.sIrdetoSector[0].abGroupKey[1] (UC-> 12-00-01) = 9AA30E9C914B6FE93559DFEDF1F98D9D

    GammaOracle


    hi all

    yes this is all true info i know it

    regards

  6. #6

    Re: help gamma team

    ok Thanks

    But How Decrypt Line ????????

    And Encrypt line

  7. #7

    Re: help gamma team

    Quote Originally Posted by gammaoracle View Post
    You will not get a lot of help from the Gamma Team. They are very busy making Titanium 3.
    The assumption someone makes from this is that its time for Gamma's end!!!
    Quote Originally Posted by gammaoracle View Post
    If you really want to know how to make commands to change your HSN you first need to understand how it all works. The best way to do this is to look at the gamma source. But here is some basics.
    Even if we look at the source, what good is it without the Exi/AxiKey matching to HSN?
    Quote Originally Posted by gammaoracle View Post
    The ExiKey and AxiKey's are generated by them using a special technique that is known to them. There are lists which the Gamma Team have published and unfortunately given to the providers so that they can kill all the HSNs that have been used in the gammacard. For example, the Nova list contains well over 8,000 details.
    And how do we get from this:
    Quote Originally Posted by gammaoracle View Post
    Gamma Update Command
    Encrypted:
    020100000060FF5E8BEE52F49016E1B1A10A12748843640FE3 49E61AE9A6EA10E6891AB0B06ADBDC
    C0507B3347F74DF5D59544DBA4D0D6348A6BF2C9941F472402 49FF86FD8896672CAC65921AEBE8A0
    E9F85F972B3BB8DE62428F5FCE6503DCB9689792009B
    to this:
    Quote Originally Posted by gammaoracle View Post
    Decrypted using the Update Key 0:
    890601100D22CC930A01000310AFB049FC408D4D2C91B8588E 3B691C470410D577AE402C9C31DBBE
    4302769980EA2205108E285D3EDB3E2BCB98164E21BA25BC10 070D05051206030604060106020000
    0A01020803475243 MAC = 117434F9A2B18072
    To conclude, since the lists are published and known (how the heck did this happen anyway?) and the Exi/Axi keys generation is only known to the gamma team and therefor impossible to create our own HSN... but is the deccryption/ecryption key 0 at least known? Even if it is, what good is it for since the matching list of Axi/Exi/HSN is already known?

  8. #8
    Senior Member
    Join Date
    09-07-2009
    Posts
    341
    Uploads
    0

    Re: help gamma team

    What can somebody do?- and how exactelly?- if even have lists of Axi/Exi/HSN ?
    Theoretically all these.

  9. #9
    Senior Member doulapa's Avatar
    Join Date
    06-10-2008
    Posts
    420
    Uploads
    13

    Re: help gamma team

    All this is good but the question is : How do we decrypt the command lines of Gamma in order to find the axi/exi/hsn ;;;

  10. #10
    Junior Member
    Join Date
    15-06-2008
    Posts
    15
    Uploads
    0

    Re: help gamma team

    Can some kind soul say which encryption key is used to calculate the DES MAC ? Is it Axi key, Exi key or some other key ?

Page 1 of 2 12 LastLast

Similar Threads

  1. Gamma card team update 04-04-09
    By assy23 in forum Gamma Card
    Replies: 26
    Last Post: 18-04-2009, 13:00:13
  2. Frankly,we can say thanks gamma team for all
    By MAHMOUD EL NA in forum Gamma Card
    Replies: 0
    Last Post: 07-04-2009, 16:04:51
  3. why gamma team let every thing down
    By MAHMOUD EL NA in forum Gamma Card
    Replies: 15
    Last Post: 27-03-2009, 03:21:32
  4. Are Gamma Team still alive
    By golf1979 in forum Gamma Card
    Replies: 11
    Last Post: 28-01-2009, 08:47:10
  5. where are you Gamma Team
    By ozo111 in forum Gamma Card
    Replies: 2
    Last Post: 19-11-2008, 01:06:09

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •