******************************************************************
*---------------- Syndicated Hack Watch - 10:1993 ---------------*
******************************************************************
*-------------- Special Projects BBS +353-51-50143 --------------*
*-------------- SysOp: John McCormac --------------*
******************************************************************
*------------- (c) 1993 MC2 (Publications Division) -------------*
*--------------- 22 Viewmount, Waterford Ireland ----------------*
******************************************************************
******************************************************************
Syndicated Hack Watch is copyrighted material. All unauthorised
reproduction whether in whole or in part, in any language will be
suitably dealt with.
******************************************************************
Contact Numbers:
Voice: +353-51-73640
Fax: +353-51-73640
BBS: +353-51-50143 HST - Special Projects BBS
E-mail: [email protected]
FidoNet: 2:263/402
******************************************************************
Piracy Covered By Mainstream Press
It would appear that the mainstream press has finally copped on to
the fact that piracy is happening. The Financial Times, the
English eqivalent of the Wall Street Journal, has covered the
matter though the topic had a curiously Anglo-Australian flavour.
Apparently there is a dealer in Offaly, Ireland selling pirate
smart cards into the UK. The initial Finacial Times article
featured a photograph of Mr David Lyons of Satellite Decoding
Systems (Offaly and Warrington) with a a legitimate card and a
pirate card. The day after, the Financial Times had a small piece
on how they received a pirate smart card with a Cheshire, UK,
postmark.
Basically what Satellite Decoding Systems is doing is marketing
the pirate card into the UK from Ireland. The card is not illegal
in Ireland but it is illegal in the UK. But the problem was that
the cards were being shipped into the UK from Ireland and then
distributed in the UK. The UK side of the operation was slightly
illegal. Sky's lawyers have served a writ on the UK operation but
Mr Lyons is fighting it.
Sky are faced with a tricker problem in Ireland. The hacking of
non-Irish satellite channels is not illegal under the Irish
Broadcast Act 1990. The only option sky would have is to take
Satellite Decoding Systems to court for copyright infringement.
EC Legislation On Piracy?
The Motion Picture Experts Group has drafted an anti-piracy
proposal with which to lobby the EC. They want to make piracy
illegal in all the states of the European Community. They may be
movie experts but their knowledge of piracy is appears to be in
the realm of the fictional.
The draft proposal would make piracy of satellite and cable
signals illegal throughout the EC. The most likely implementation
would be as a Directive which would be law throughout the EC.
The approach is American and the thinking on appears to be
federalist. Except in this case the federalist approach is not the
correct one. Each country in the EC has its own particular
framework and problems. To try to implement a standard catch-all
piece of legislation will cause more problems than it solves.
There is legislation extant in various EC countries to protect the
signals. Though the downside is that the legislation is inward
looking. The laws of each country protect that country's channels.
In most states in the EC, the legislation protecting satellite and
cable channels is a compromise. Protecting cable signals with
legislation is a fairly straightforward matter. Protecting
satellite signals is a trickier proposition. Normally the
legislation covers the channels uplinked from that country but
does not extend to satellite channels that originate outside the
country. The legislation in some countries have provisions that
extend protection on a reciprocal basis.
Of course the problem with piracy is that it rarely respects
legality. It can operate underground when necessary. Where it has
been forced underground it has prospered.
General Instruments Sues Magazine
General Instruments, the maker of that greatly hacked system,
VideoCipher II, are to sue a magazine over adverts. The adverts in
question were for third party cable decoders.
The action is being taken because GI believe that the adverts
contravene the 1984 US Cable Act which makes it a criminal offence
to assist piracy. The magazine, "Nuts And Volts" has a circulation
of 80,000.
The US constitution protects the right to free speech. Commercial
and editorial speech is also protected to a lesser degree. The US
Supreme Court upheld a decision that the US magazine "Soldier Of
Fortune" could be liable for criminal acts committed by
mercenaries who advertise in its pages.
Some in the industry see the lawsuit as a form of harassment by
GI. However the situation will be watched closely here in Europe
by Sky.
A Faster Update For Pirate Cards
According to some sources, Sky are about to face a more versatile
and lethal threat. Some of the newer designs for pirate smart
cards will be updated by telephone. In this respect are becoming
more like Sky. Except in this case the pirate cards will be
updated to cope with Sky's countermeasures.
The technology involved is similar to that used in the USA for the
VideoCipher key updates. The basic dealer equipment will be a
modem, a computer and a chip programmer. The update codes will be
delivered via modem to dealers throughout Europe. They will then
have to program the pirate cards using the delivered codes. This
essentially involves plugging the pirate card into a socket on the
programmer and downloading the updated set of codes.
Of course the full chip program will not be sent. The newer
versions of the cards will have two chips. One chip will hold the
main card program. This chip will be protected. The second chip
will be unprotected. This chip will hold the alterable
information.
Such a change in operation will give the Blackbox industry an edge
on Sky as they will be able to bring the update time down to a few
hours. Whereas before it was a question of returning the card and
waiting perhaps a few days, pirate users will now be able to walk
in to a dealers and have the card updated on the spot.
FilmNet and VideoCrypt 2
The system used by FilmNet on the low Astra transponder is
VideoCrypt. It is not the same type of VideoCrypt as that
currently in operation on the Sky Multichannels.
The new type of VideoCrypt has been given a working title of
VideoCrypt 2. Others have called it VideoCrypt Europe. Some
hackers have pointed out the ominous similarity of its acronym -
VC2.
The need for VideoCrypt- 2 has become evident over the last few
months. Some of the more European channels in the Sky
Multichannels package have sizable European potential. The Ireland
- UK constriction of the Sky Multichannels package tends to limit
their financial outlook somewhat. The European market is far more
lucrative in terms of cablenet deals.
According to a source, FilmNet have already ordered 100,000
VideoCrypt-2 IRDs from Thomson. The use of the system by FilmNet
is not particularly unusual. However it is an indication of a
clever strategy on FilmNet's part. It is a case of
compartmentalised operations. A separate system for each area of
operation. The strategy would tend to limit the effects of a hack
on any of the systems. As things stand, FilmNet on Astra is hacked
and VideoCrypt is hacked. Unless there is some major upgrade in
VideoCrypt-2 then the system will also be hacked.
The use of a separate transponder by some of the channels that use
VideoCrypt-2 to access the European market is out of the question.
Therefore VideoCrypt-2 must be able to coexist with VideoCrypt-1
on the same channel.
There may be some evidence for the VideoCrypt-2 being in operation
on channels other than FilmNet. Some official card users have been
reporting slow lock-up times on various channels. Other problems
such as intermittent drop-out have been observed.
These are exactly the kind of symptoms to be expected if
VideoCrypt-1 and VideoCrypt-2 are sharing a channel's datastream.
The VideoCrypt datastream is robust in that it has a very slow
data rate. The 1 kilobit per second rate gives it a good
resistance to sparklies. The disadvantage is that the slow data
rate makes updates and addressing tedious.
Normally the VideoCrypt system requires a new seed key every 3.5
seconds or so. To multiplex VideoCrypt-1 and VideoCrypt-2
datastreams would be possible. The problem would be that some
areas of the datastream would double in size and take as long to
transmit.
Other areas of the datastream would have to be expanded as well.
As some of the Sky Multichannels package are not yet cleared for
European rights they would have to transmit a secondary channel
identifier. This would ensure that a European Discovery smart card
would decode only Discovery and not the rest of the Sky
Multichannels package. This would mean that the channel identifier
bytes would be transmitted on an alternating basis hence the
delayed lock-up.
At this stage it is only possible to speculate on the circuitry
used on the VideoCrypt-2 decoder. Most of the VideoCrypt designs
on the market at the moment are based on the 1989 design. The
8052, 6805, custom logic chip have made this particular decoder
design vulnerable. The 8052 was not even protected. Over the last
few years there has been a tendency to go for surface mount
componentry but the main chipset appears the same.
The most logical areas for updating would be the 8052 and the
6805. In the VideoCrypt-2 decoder the functions of these chips
would probably be taken care of by one chip. This would give a
higher security to the decoder as the compromised programs could
be rewritten and perhaps given a few new twists and turns.
The question at this point relates to FilmNet's risk. Are they
walking into another ambush? VideoCrypt-1 is already totally
hacked. VideoCrypt-2 may not last very long unless there has been
some intense re-engineering of the software and the card-decoder
protocols.
�