******************************************************************
*---------------- Syndicated Hack Watch - 09:1994 ---------------*
******************************************************************
*-------------- Special Projects BBS +353-51-50143 --------------*
*--------------        SysOp: John McCormac        --------------*
******************************************************************
*------------- (c) 1994 MC2 (Publications Division) -------------*
*--------------- 22 Viewmount, Waterford Ireland ----------------*
******************************************************************
******************************************************************

Syndicated  Hack Watch is copyrighted material.  All  unauthorised 
reproduction whether in whole or in part, in any language will  be 
suitably dealt with.

******************************************************************
Contact Numbers:

Voice: +353-51-73640 
Fax: +353-51-73640
BBS: +353-51-50143  V32bis & V.Fast  Special Projects BBS
E-mail: mc2@cix.compulink.com.uk
FidoNet: 2:263/402 HackWatch
******************************************************************


Phoenix Program Kills Sky's Access Control

It looks like the VideoCrypt system has suffered yet another hack. 
This one is far more dangerous than previous hacks because it  can 
attack  the  access control system in a manner that  is  virtually 
invisible and perhaps undetectable by Sky.

Unlike the American Viet-Nam war project of the same name, Phoenix 
is concerned with the giving of life rather than taking it. To  be 
more precise it is concerned with the resurrection of dead Sky  09 
smart cards. The cards so resurrected are known as Lazarus cards.

The  reactivation of Quickstart and dead Sky cards has  long  been 
the subject of experimentation. It was not as relevant during  the 
lifetime  of  the  07 Ho Lee Fook hack. Then it  was  possible  to 
obtain  a very cheap pirate card anywhere in Europe. With the  09, 
things are different.

With the killing of the released 09 code on 28/06/94, Sky and News 
Datacom  may well have thought that the hackers had been  defeated 
for  good. Of course this was a view that only had currency  among 
those who watched Sky One for a bit too long.

The  09  code release gave away too much information. In  fact  it 
produced enough information to completely cripple the 09 Sky  card 
issue. If this indeed was a plausible deniability operation by Sky 
and  News Datacom then it is more than certain that  News  Datacom 
Research in Israel were not consulted on the code release.  Indeed 
a release of this much code was fatally stupid.

The VideoCrypt system was never designed to handle a code  release 
of  this  magnitude.  In  fact I do not think  that  it  was  ever 
designed  to handle a code release. The one thing that was  always 
made clear in the VideoCrypt brochures was that the cards would be 
replaced in the event of a hack.

The  release  of a replacement for the 09 has  not  happened  yet. 
There  are no visible indications that there will be an  0A  issue 
this  year.  Unless  Sky  and News  Datacom  can  switch  in  some 
alternate  and more secure card addressing encryption the 09  card 
issue  is effectively dead. At best it would now appear  that  Sky 
and News Datacom are back in the old ECM - ECCM cycle.

The  workhorse of the VideoCrypt access control system is  the  32 
byte  packet.  This  packet carries all  of  the  card  addressing 
information in addition to being the seed data for the  decryption 
key generation hash function.

The  last  five bytes of this packet are the checksums.  The  last 
byte ensures that the sum of all the bytes is an even multiple  of 
256. The other four bytes are the packet checksum. If these  bytes 
are  incorrect  then  the card will reject  the  packet  as  being 
tampered with and it will not act upon the instructions carried in 
the  packet.  This  ensures that thirty one of the  bytes  in  the 
packet  cannot be altered. The card would test to see if the  last 
byte  brings the sum to a multiple of 256 by adding the bytes  and 
checking  the  end result. In an byte wide  register  the  correct 
result would be zero.

Without  a  valid  keytable and algorithm it is  not  possible  to 
generate a correctly checksummed 32 byte packet.

Regardless  of  whether  the algorithm and  keytable  produce  the 
correct  decryption key, one valid keytable (not  necessarily  the 
one in use) and the algorithm are all that is needed.

VideoCrypt Access Control

The  VideoCrypt  system is based on the 32 byte 74h  packet.  This 
packet  is used to carry the addressing information for the  smart 
cards. It is also used by the hash function to generate the 8 byte 
decryption  key for the decoder. This key is returned in  the  78h 
packet.

The  system is based on the Exclusion Principle. Each  card  stays 
working until it gets a kill signal. The cards sent to  authorised 
subscribers  are  pre-authorised and will  work  immediately.  Any 
additional  channels that the customer wants can be  activated  on 
the  card by Sky in the same manner. The Quickstart cards have  to 
be activated over the air by Sky.

The  problem with the VideoCrypt system is that the cards  already 
have  the  code tables for each channel. It is  just  the  tiering 
mechanism that stops the subscriber from getting the channels that 
he is not entitled to.

Phoenix  takes advantage of this and one other  important  factor. 
The release of the 09 codes in June is perhaps the one aspect that 
allowed Phoenix to occur. Without those codes, it is probable that 
the  best attack would have been a modified form of  the  KENtucky 
Fried  Chip.  This would of course rely on  the  prospective  user 
getting a fully validated and active Quickstart card.

The main difference here is that the Phoenix does not require  the 
Quickstart  to  be active or validated. It just  requires  any  09 
issue smart card.


Ramifications

The most obvious ramification of the Phoenix hack is that Sky  has 
once more lost control over its access control system. They cannot 
ensure that the average multichannel (minimum tier) subscriber  is 
not also watching the premium channels free of charge.

In financial terms, the person using a Phoenix activated card  and 
a  blocker  only has to pay for the minimum tier -  roughly  seven 
pounds  per  month as opposed to the twenty pounds  for  the  full 
subscription.

Of  course  the  person could also be using a  09  Quickstart  and 
therefore would not have to pay anything to Sky.

Whereas  Sky's problems with the 07 Ho Lee Fook hack  were  highly 
visible,  this new hack is far more dangerous. It is not  strictly 
quantifiable. This should give the statisticians a few  headaches. 
Of  course on the other hand it will allow the hack to  be  played 
down in the mainstream satellite press.

Many  of the figures spouted in the satellite press over the  last 
few months may well be totally inaccurate. According to one report 
in  the Observer, a UK Sunday newspaper, Sky were multiplying  the 
dish sales figures by three based on the average family in the  UK 
having  three  members. It is impossible that all of  the  systems 
sold  were new Sky subscribers. Perhaps the purchasers of many  of 
these  systems  were merely upgrading to new systems and  as  such 
were not first time buyers.

The  only measure of the hack is the number of missing  Quickstart 
and  Official  09 Sky cards. The main sources  of  information  on 
these numbers would be Sky and News Datacom.

Of course they are not likely to divulge such information, even if 
they  knew.  Indeed  some of the statistics on  dish  sales  being 
produced by Sky have been questioned in UK national newspapers.

The  legal aspect is also murkier than before. Whereas the  07  Ho 
Lee  Fook cards were definitely illegal to manufacture in the  UK, 
the legality of the Phoenix is more questionable.

The Phoenix is a program that can be used for theft of  copyright. 
The origin of the information that allows it to activate cards  is 
suspect. If the 09 codes were indeed sold by Sky and News  Datacom 
in  an attempt to sting the pirates, then it could be argued  that 
the Phoenix was a development of the codes that were purchased  by 
the  pirates and therefore the program is not Sky's  property.  It 
was not developed by Sky.

Undoubtedly  the Phoenix could not work without the 09  algorithm. 
The  keytable used is that that was operational up to  June  28th. 
The  backdoor in the 09 VideoCrypt card is that it recognises  any 
packet  generated  with a valid 09 keytable. It is  not  necessary 
that the keytable used is the one in use at the present time.

The  problem  now is that the Phoenix program  is  spreading  like 
wildfire. Indeed there are already reports that the hack has  been 
stolen by more than one pirate company. Naturally retribution will 
follow in true hacker fashion.

The  hack  will  probably  circulate for  a  few  thousand  pounds 
initially but the key section is the blocker. Without the blocker, 
the  Lazarus cards will be killed in a few hours. There are a  few 
possibilities for blockers though many initial attempts will  draw 
heavily  on  the  KENtucky Fried Chip design  of  1992.  The  more 
elegant  devices  will  use PIC16C84s though in  their  case,  the 
device will be an external solution rather than the internal  8752 
KFC solution.


Black Book 4 Now Available

The Black Book is now back from the printers and orders are  being 
shipped.  The  Black  Book is also known  as  European  Scrambling 
Systems. It is the bible  of the Blackbox Industry.

The new version concentrates on the smart card hacks and how  they 
operate. Details of smart cards and computer monitoring  circuitry 
are  provided.  The  majority of the systems  in  Europe  are  now 
hacked.  Perhaps more importantly it shows how the  present  hacks 
will develop in the near future.

The  chapter  on  cryptology has been expanded  to  cover  message 
digests,  hash  functions and one way functions. The  Fiat  Shamir 
Zero  Knowledge  Test,  allegedly  used  in  VideoCrypt  is  fully 
explained.  A  datasnatch of the Fiat Shamir  Test  in  VideoCrypt 
being spoofed is also included - the decoder did not lock out  the 
'card'  with  the implication being that the Fiat Shamir  Test  in 
VideoCrypt  does not work properly. It also shows how the  Ho  Lee 
Fook hack on the VideoCrypt crypto system operates, complete  with 
worked examples in psuedo code and C. A description of the 09  Sky 
code is given complete with structure.

The official price of the book is 32.00 plus postage but to  those 
electronically  aware  people reading this via a bbs,  fidonet  or 
usenet,  I have decided that the price of the book will  be  25.00 
pounds Including postage. 

This  special offer price includes postage in the EC. Payment  can 
be  made by UK or Irish cheque or draft. Alternatively payment  by 
credit card is possible. Visa and Mastercard / Access acceptable.

Either  fax  the  order  to the phone  number  below  or  use  the 
mc2@cix.compulink.co.uk  e-mail address.  Alternatively  telephone 
(voice) after 1400 Hrs to order.
 
------------------------------------------------------------------------- 
| John McCormac                          | Hack Watch News              |
| Editor - Hack Watch News               | MC2 (Publications Division)  |
| Voice & Fax: +353-51-73640             | 22 Viewmount, Waterford      |
| BBS: +353-51-50143                     | Ireland                      |
| e-mail: mc2@cix.compulink.co.uk        |-------------------------------
| john.mccormac@f402.n263.z2.fidonet.org | Black Book 4  Available  Now |
-------------------------------------------------------------------------
