it just bogles my mind that iks servers have not yet have a solution to the ecms,mostly on thursday.I am beting that if someone hacks these codes has they happen he will be rich overnite:rolleyes::tehe:

it just bogles my mind that iks servers have not yet have a solution to the ecms,mostly on thursday.I am beting that if someone hacks these codes has they happen he will be rich overnite:rolleyes::tehe:

To this day know one knowhats they do when they do it its still being looked at and it no east task.. what i can tell you is this back and forth for the last month will show the men from the boys.. as it not cheap to keep coming back online it takes cash out servers pockets. but as always TV101 Will be back shortly :D :okay:

it just bogles my mind that iks servers have not yet have a solution to the ecms,mostly on thursday.I am beting that if someone hacks these codes has they happen he will be rich overnite:rolleyes::tehe:
There has been a lot of discussion on this subject and a lot rumors and guessing. But, nothing happens.
A-2

To this day know one knowhats they do when they do it its still being looked at and it no east task.. what i can tell you is this back and forth for the last month will show the men from the boys.. as it not cheap to keep coming back online it takes cash out servers pockets. but as always TV101 Will be back shortly :D :okay:
i am sure 101 will be back soon i am asubscriber to tv101 thanks guy

Also when tv101 comes back use the new IP...217.172.188.161.........I ping tv101...these are the numbers.
before the ECM it was working without freezes with these numbers! After you put the numbers boot the receiver.

Also when tv101 comes back use the new IP...217.172.188.161.........I ping tv101...these are the numbers.
before the ECM it was working without freezes with these numbers! After you put the numbers boot the receiver.

some boxes work better with url rather than ip
and vice versa

it just bogles my mind that iks servers have not yet have a solution to the ecms,mostly on thursday.I am beting that if someone hacks these codes has they happen he will be rich overnite:rolleyes::tehe:

charlie has & will always have the upper hand in this game. Yor playing his game, not him yours.

the sky italia boys are having same problem..
nagra 3 card gets hit..haven't found a way of reviving em..

the sky italia boys are having same problem..
nagra 3 card gets hit..haven't found a way of reviving em..

Nope we have not just brun and keep going... repalce as you go.. for now.. be some great day when they get to find out how to use them back....:comfort1:

IKS has actually stagnated the progress of testing, it has apparently become so dangerous for tester to push out their heads with any meaningful updates, that all you can read about these days are purely speculations and rumors. I am of the view that Dick is winning the war just as Direct T* did some time ago.

glass is always half full on one side and half empty on the other.... if anything the real hack will now stay underground. :grr:....

I have an idea. It is a really simple one. My (imaginary) Iks provider could be immune to iks if it worked in two modes:

Mode 1 : No ecm in course -> Proxy control words from nfps, rocket. I am suggesting this imaginary service would actually buy codes from the big providers. If our imaginary service offers 200 channels, 200 codes would be needed. 400 codes would offer redundancy (200 from nfps, 200 from rocket).
Mode 2 : Ecm in course -> take cards out of the original receivers (where they are safe) and plug them into the card servers (Actually a Y connection for the cards could let this be done in a snap). Put the card servers online, direct the card server proxy to them. If a service offers 200 channels, 80% of the users will be watching 20% of the channels. 20% of 200
equals 40 channels. Therefore you need 40 cards and 40 receivers. A vip 211 can be bought for 50 dollars these days. One would need 2000 dollars to buy the receivers. Pretty simple.

simple?lol
cards aren't safe if they aren't in receiver
try reading up on this
I have an idea. It is a really simple one. My (imaginary) Iks provider could be immune to iks if it worked in two modes:

Mode 1 : No ecm in course -> Proxy control words from nfps, rocket. I am suggesting this imaginary service would actually buy codes from the big providers. If our imaginary service offers 200 channels, 200 codes would be needed. 400 codes would offer redundancy (200 from nfps, 200 from rocket).
Mode 2 : Ecm in course -> take cards out of the original receivers (where they are safe) and plug them into the card servers (Actually a Y connection for the cards could let this be done in a snap). Put the card servers online, direct the card server proxy to them. If a service offers 200 channels, 80% of the users will be watching 20% of the channels. 20% of 200
equals 40 channels. Therefore you need 40 cards and 40 receivers. A vip 211 can be bought for 50 dollars these days. One would need 2000 dollars to buy the receivers. Pretty simple.

simple?lol
cards aren't safe if they aren't in receiver
try reading up on this

Well, you just gave the answer. Keep the cards in the receivers!!! I have a smartcard in my hands right now. I bet any guy with experience in digital electronics could attach some really thin wires (like those strips they use in cell phones) to the contacts of the card. Then a simple circuit could be put together to grab the data words being exchanged between the card and the receiver, relaying that data to the card servers. If you couple that with the limited exposure (simply proxying nfps and rocket) we are in business...

Well, you just gave the answer. Keep the cards in the receivers!!! I have a smartcard in my hands right now. I bet any guy with experience in digital electronics could attach some really thin wires (like those strips they use in cell phones) to the contacts of the card. Then a simple circuit could be put together to grab the data words being exchanged between the card and the receiver, relaying that data to the card servers. If you couple that with the limited exposure (simply proxying nfps and rocket) we are in business...


it not as simple as you may try to make it sound and lots have been tested. here is a 2 part question, if you answer this then you have solved half the problem... ready for it here you go.


Question #1 What does and ECM do when it is in effect and (part2) how does it do it even when card is in original ird or server card reader? lot have speculated but to-date no one really knows so think about your answer...

TIP* It does not matter if the card is in the original ird at time of the ecm or not it still gets burnt....

Now once you have solved that then you then tell me how will you replace what ever data that was taken/written to said card.. and while thinking that remember the card is covered in security layers.. that is why they went from N2 to N3..... i am not trying to knock your creativity but they have been lot of ppl smart and not smart trying to fig'r this out and are still knocking there heads on the wall some make baby steps and have posted such in undergrounds site but one real fact of this is if one does crack it they would be the fool to openly post or brag they did best to enjoy what we got while we do as things have been changing again and as of late others who know about this know what i am saying....


keep the brain storming thou it does help others who may have not seen it from other person view..


again am not trying to bring you down just shine some light on what may look simple to fix from just looking at it..

it not as simple as you may try to make it sound and lots have been tested. here is a 2 part question, if you answer this then you have solved half the problem... ready for it here you go.


Question #1 What does and ECM do when it is in effect and (part2) how does it do it even when card is in original ird or server card reader? lot have speculated but to-date no one really knows so think about your answer...

TIP* It does not matter if the card is in the original ird at time of the ecm or not it still gets burnt....

Now once you have solved that then you then tell me how will you replace what ever data that was taken/written to said card.. and while thinking that remember the card is covered in security layers.. that is why they went from N2 to N3..... i am not trying to knock your creativity but they have been lot of ppl smart and not smart trying to fig'r this out and are still knocking there heads on the wall some make baby steps and have posted such in undergrounds site but one real fact of this is if one does crack it they would be the fool to openly post or brag they did best to enjoy what we got while we do as things have been changing again and as of late others who know about this know what i am saying....


keep the brain storming thou it does help others who may have not seen it from other person view..


again am not trying to bring you down just shine some light on what may look simple to fix from just looking at it..

Great post. I respect this view. You are probably right and the only reason I say this things is to give us all food for thought. Just two things:
- With regards to the cards, what I am suggesting is that you read the data while the receiver is also reading the same data, so your are not interfering with the original scheme of things. This is the same thing you do when you use a multimeter to measure voltage. The multimeter needs a very very low current going through it to read the voltage.
- If cards can get burnt inside the receiver, that means charlie knows your card is being used for iks. That can only happen if you exposed it to the service subscribers (charlie being one of them), and, there is a card id being broadcast in the control words payload. I have no solution to that. If anybody knew how to interpret the control words, there would be no need for iks.
There are algorithms though, that can cluster similarities in data. If an algorithm can draw a (mathematical) relation between card ids and the control words, then even if we are not able to crack nagravision 3, we maybe able to generate a valid control word that has a dummy id in the payload, and as a result charlie will not know which card was used for iks. Charlie did create a problem to himself if he did put a deterministic element to these keys. Given enough data, a machine can crack it. Let's think about this, every 15 seconds or so there is a piece of data that has one and only id in it. It is just a matter of time till someone finds the answer.

Finally, I don't think the minds behind nfps and rocket do this because they want to watch tv. It is not even the money (if it isthe money then they are no better than charlie). This is a hobby and a game, everybody wants to beat charlie.

Finally, I don't think the minds behind nfps and rocket do this because they want to watch tv. It is not even the money (if it isthe money then they are no better than charlie). This is a hobby and a game, everybody wants to beat charlie.


Sorry to say They do this and do this for one thing $$$$$$$$$ let do the math and you tell me at last estimate NFPS and Rocket combined have around 175K users at even worse case say $10 each. 1.7mill per year.... and remember am low balling it as most that buy pay around $40..... and at worse case they are paying real subs to keep sever going around 10k-13k a month that's just 10% of total income to run a server for year.. it simple.. if they paid to find a real crack and get it done can you say what the point to share this or let it out.... would you??? matter fact most business savvy pirate would pay to keep from coming to open market..

JM2C..

Again keep the thoughts flowing..

O yea still waiting on the answer to the question :innocent: i like your response you talk lots tech and you must know your way around it but long post don't answer the question ..... lol just make fun with you. don't steam up:drunk1:. let keep the juice going....

The reason the seeder cards get burned is probably because they're changing channels all the time to keep up with the codeword changes. It wouldn't be hard for the smartcards to have a counter that checks the frequency of channel changes and disable the ones that reach a certain threshold.

The only way to defeat this type of system would be to have a large # of seeders and a limited # of channel changes. But, the p$ providers don't want to invest in a larger / more stable environment, so you have the system in place now which regularly goes down completely or with a significant # of missing chans.

- With regards to the cards, what I am suggesting is that you read the data while the receiver is also reading the same data, so your are not interfering with the original scheme of things.
- If cards can get burnt inside the receiver, that means charlie knows your card is being used for iks. That can only happen if you exposed it to the service subscribers (charlie being one of them), and, there is a card id being broadcast in the control words payload.

The problem is keeping the card in the original IRD and using it in a card reader can't be done at the same exact time afaik. Also I think they fixed that issue with CW payload sabotage awhile ago at the cost of twice the amount of cards. Example if the ECM payload returns the cam id, just run it by two cams. If the CW returned is the same from both cams its legit, if different just discard the request.


The reason the seeder cards get burned is probably because they're changing channels all the time to keep up with the codeword changes.

CW counter could exist but it isn't the factor. People have setup single cards and left them on one channel with one client and still got fried. Anything that serves as a seeder card will get marked for the next hit.

My two cents is the damage of these ECMs are actually all hidden in the EMMs. Problem is we can't figure out what is going on with EMMs, they are all encrypted. We can take an educated guess and allow/block them if desired though. So imagine the stream sends down two EMMs. The first tells your IRD to check a temporary mark on the card in 10ms. The second temporarily marks the seeder card to be checked by the IRD. Due to latency (even on a LAN) when the IRD checks a seeder card (in reader) the mark isn't valid yet due to delay. But when a card that is in the original IRD it will write/respond instantly and the mark will be valid.

Now just repeat this 50-100 times to make sure there isn't any odd flukes. In the end increasing a counter on the card whenever it fails to respond in the correct time. Then come the next "big bad" Thursday just send another EMM to check the counter and if incorrect 005 the card with a invalid key change. Legit cards will get the correct keys since their counter is zero. Again not sure if any of this is correct but just a random guess. Projects get done when you get everyone brain storming :thumbsup:

The problem is keeping the card in the original IRD and using it in an card reader can't be done at the same exact time afaik.

I don't exactly understand what you mean. One could certainly record whatever is going on in that metal interface between the card and the receiver, by sampling the voltages there. So in theory, the same control word that goes to the receiver could go to the card server.

But now that you raised the issue, if was charlie, I would delay the act of fetching the control word to the last second. So that if someone wire taps the card, there would not be enough time to broadcast the cw to overseas clients.

some boxes work better with url rather than ip
and vice versa

so what u recommend for limesat and kbox . thanks

so what u recommend for limesat and kbox . thanks
leave it to the noobs to derail a great thread

^^^ lol what he said....i was havin fun ...imagineing...the big bang theroy peeps sittin around discussing this......then ruined buy the pretty blonde next door....)) well not really ...she is easy on the eyes !!!......live long & prosper ;)

leave it to the noobs to derail a great thread

So True..... :offtopic1:
:lolpound::lolpound::lolpound::clap1:

I don't exactly understand what you mean. One could certainly record whatever is going on in that metal interface between the card and the receiver, by sampling the voltages there. So in theory, the same control word that goes to the receiver could go to the card server.

But now that you raised the issue, if was charlie, I would delay the act of fetching the control word to the last second. So that if someone wire taps the card, there would not be enough time to broadcast the cw to overseas clients.

In lamest terms, you cant tap into cards I/O without emulating firmware and you cant emulate firmware as its closed.