BISS-E

[dankargo]

Hi there,

Can BISS-E feeds be easily decrypted by receivers? This year's Eurovision Song Contest will use BISS-E encryption as opposed to BISS-1 like last year. Is it easily cracked?

I have a Freesat V7 Max receiver, will it work on this? (I don't mind it being 4:2:2 as i can record to a hard drive and watch on a PC afterwards)

 

[Biciosat]

Hi, i' think is not easy to decrypt, because Biss-E is based on double code...this is from Wikipedia:


BISS-1 transmissions are protected by a 12 digit hexadecimal "session key" that is agreed by the transmitting and receiving parties prior to transmission. The key is entered into both the encoder and decoder, this key then forms part of the encryption of the digital TV signal and any receiver with BISS-support with the correct key will decrypt the signal.

BISS-E (E for encrypted) is a variation where the decoder has stored one secret BISS-key entered by for example a rightsholder. This is unknown to the user of the decoder. The user is then sent a 16-digit hexadecimal code, which is entered as a "session key". This session key is then mathematically combined internally to calculate a BISS-1 key that can decrypt the signal.

Only a decoder with the correct secret BISS-key will be able to decrypt a BISS-E feed. This gives rightsholder control as to exactly which decoder can be used to decrypt/decode a specific feed. Any BISS-E encrypted feed will have a corresponding BISS-1 key that will unlock it.

I hope to be proved helpful

 

[barney115]

This year's Eurovision Song Contest 9, 11 and 13 May 2017

There was 2 EBU Feeds around this morning probably Testing for Eurovision Song Contest
Feeds were switching from FTA->BISS->Tandberg
but BISS Keys and Tandberg were found ,
but no idea if this will still be the case for This year's Eurovision Song Contest .

EBU However never usually use BISS-E only ARQIVA Has started doing that so far : )))

 

[Stefan2k16]

From the hacker standpoint there is no difference between BISS 1 and BISS E. Both ultimate use the same type of control word and work exactly the same when it comes to decrypting the stream. The only purpose of BISS E is that it prevents the people who are operating the decoder and have to enter the "session key" into it from leaking that key to the public. If that person did leak the key to the public that key would not work because it's not the final working control word. If a hacker uses something like the rainbow table or a brute force method to find the control word and is successful, what he has found is the control word and the BISS E or session keys don't matter.

 

[dankargo]

Thanks guys.

They are definetely using BISS-E as I've seen the technical specs. It's why I'm so keen for a way of decrypting them

 

[dankargo]

From the hacker standpoint there is no difference between BISS 1 and BISS E. Both ultimate use the same type of control word and work exactly the same when it comes to decrypting the stream. The only purpose of BISS E is that it prevents the people who are operating the decoder and have to enter the "session key" into it from leaking that key to the public. If that person did leak the key to the public that key would not work because it's not the final working control word. If a hacker uses something like the rainbow table or a brute force method to find the control word and is successful, what he has found is the control word and the BISS E or session keys don't matter.

Thanks for the explanation.

So in other words, even if the session key was obtained, it would not be enough to simply enter into a softcam.key file or directly into a receiver itself?

 

[Stefan2k16]

I guess I wasn't clear in the terminology in my previous comment. Here's a paper that describes it.

https://tech.ebu.ch/docs/tech/tech3292.pdf

It depends on whether it's a clear session word or an encrypted one. First all let's clarify our terminology.

Encrypted session word- this is the session word that would be provided to the person operating the decoder. This would be the 16 digit hexadecimal number they'd have to enter to decrypt the signal. However in the case of BISS E, it is not the final session word. It's not the final session word because it is encrypted and there is another piece of information that is stored in the decoder and is used to decrypt the encrypted session word that the operator will enter to produce the Clear session word. So, this is the extra layer that BISS E adds. If you were given this encrypted session word, you could not use it to decrypt the signal.

Clear session word- the clear session word is the 12 digit hexadecimal number that an operator of a decoder would enter in BISS mode 1. This is used to derive the control word. Control words are 16 digit hexadecimal numbers and they are used directly to decrypt the signal. To get from the Clear session word to the control word you calculate the checksum of bytes 1-3 and insert that checksum as the 4th byte in the control word. Then you calculate the checksum of digits 4-6 and that becomes the 8th byte in the control word. To summarize the difference between a clear session word and a control word is the session word is only 6 bytes whereas the Control word is 8 bytes, with the 4th byte being the checksum of digits in bytes 1-3 and the 8th byte being the checksum of 4-8. So, going from a Clear session word to a control word is easy and just simple math, but an encrypted session word is not. An encrypted session word is encrypted by some other piece of the puzzle and you will no idea what it is.

So in other words, even if the session key was obtained, it would not be enough to simply enter into a softcam.key file or directly into a receiver itself?

That depends on whether it's an encrypted session word, a Clear session word, or a control word. If it's someone who had access to the session word that would be entered into the decoder, that is someone is simply leaking information from the provider, then it's probably the encrypted session word and of no use. If however the it's derived from a rainbow table attack or a brute force attack, they it's not the encrypted session word but will either be the clear session word or the control word and should work if it's correct. The brute force attack or rainbow attack care nothing about BISS E and doesn't return an encrypted session word. It will return either a clear session word or control word.

 

[dankargo]

I guess I wasn't clear in the terminology in my previous comment. Here's a paper that describes it.

https://tech.ebu.ch/docs/tech/tech3292.pdf

It depends on whether it's a clear session word or an encrypted one. First all let's clarify our terminology.

Encrypted session word- this is the session word that would be provided to the person operating the decoder. This would be the 16 digit hexadecimal number they'd have to enter to decrypt the signal. However in the case of BISS E, it is not the final session word. It's not the final session word because it is encrypted and there is another piece of information that is stored in the decoder and is used to decrypt the encrypted session word that the operator will enter to produce the Clear session word. So, this is the extra layer that BISS E adds. If you were given this encrypted session word, you could not use it to decrypt the signal.

Clear session word- the clear session word is the 12 digit hexadecimal number that an operator of a decoder would enter in BISS mode 1. This is used to derive the control word. Control words are 16 digit hexadecimal numbers and they are used directly to decrypt the signal. To get from the Clear session word to the control word you calculate the checksum of bytes 1-3 and insert that checksum as the 4th byte in the control word. Then you calculate the checksum of digits 4-6 and that becomes the 8th byte in the control word. To summarize the difference between a clear session word and a control word is the session word is only 6 bytes whereas the Control word is 8 bytes, with the 4th byte being the checksum of digits in bytes 1-3 and the 8th byte being the checksum of 4-8. So, going from a Clear session word to a control word is easy and just simple math, but an encrypted session word is not. An encrypted session word is encrypted by some other piece of the puzzle and you will no idea what it is.



That depends on whether it's an encrypted session word, a Clear session word, or a control word. If it's someone who had access to the session word that would be entered into the decoder, that is someone is simply leaking information from the provider, then it's probably the encrypted session word and of no use. If however the it's derived from a rainbow table attack or a brute force attack, they it's not the encrypted session word but will either be the clear session word or the control word and should work if it's correct. The brute force attack or rainbow attack care nothing about BISS E and doesn't return an encrypted session word. It will return either a clear session word or control word.

Thanks so much for the thorough explanation. It's made things a lot clearer to me now

 

[Ragnarok]

I guess I wasn't clear in the terminology in my previous comment. Here's a paper that describes it.

https://tech.ebu.ch/docs/tech/tech3292.pdf

It depends on whether it's a clear session word or an encrypted one. First all let's clarify our terminology.

Encrypted session word- this is the session word that would be provided to the person operating the decoder. This would be the 16 digit hexadecimal number they'd have to enter to decrypt the signal. However in the case of BISS E, it is not the final session word. It's not the final session word because it is encrypted and there is another piece of information that is stored in the decoder and is used to decrypt the encrypted session word that the operator will enter to produce the Clear session word. So, this is the extra layer that BISS E adds. If you were given this encrypted session word, you could not use it to decrypt the signal.

Clear session word- the clear session word is the 12 digit hexadecimal number that an operator of a decoder would enter in BISS mode 1. This is used to derive the control word. Control words are 16 digit hexadecimal numbers and they are used directly to decrypt the signal. To get from the Clear session word to the control word you calculate the checksum of bytes 1-3 and insert that checksum as the 4th byte in the control word. Then you calculate the checksum of digits 4-6 and that becomes the 8th byte in the control word. To summarize the difference between a clear session word and a control word is the session word is only 6 bytes whereas the Control word is 8 bytes, with the 4th byte being the checksum of digits in bytes 1-3 and the 8th byte being the checksum of 4-8. So, going from a Clear session word to a control word is easy and just simple math, but an encrypted session word is not. An encrypted session word is encrypted by some other piece of the puzzle and you will no idea what it is.



That depends on whether it's an encrypted session word, a Clear session word, or a control word. If it's someone who had access to the session word that would be entered into the decoder, that is someone is simply leaking information from the provider, then it's probably the encrypted session word and of no use. If however the it's derived from a rainbow table attack or a brute force attack, they it's not the encrypted session word but will either be the clear session word or the control word and should work if it's correct. The brute force attack or rainbow attack care nothing about BISS E and doesn't return an encrypted session word. It will return either a clear session word or control word.

As long as Biss E doesn't use an ecm stream, the control word will be fixed. Thus no change , same as we know around here. it really does not change much for us at all.

 

[dankargo]

Apologies in advance, I don't plan on making this a Eurovision discussion topic but there appeared to be some Eurovision Song Contest tests on 7E this afternoon. I was at work so didn't get the opportunity to scan it in myself.

Did anyone have any success finding the CW for it?

 

[barney115]

i tried many times feed was active @ 7°East 11051 V 19200
but there will not be any key found i'm afraid
because all Cryp8's that were sent on Feed Video/Audio stream were all either Fakes or Empty
i think Eurovision [ BISS-E ] Feeds will not successfully produce good Crypt8 and CW Key like last year , BISS-E Always a nightmare and pretty much impossible to break im afraid .

Sorry !

 

[ViaHussun]

i tried many times feed was active @ 7°East 11051 V 19200
but there will not be any key found i'm afraid
because all Cryp8's that were sent on Feed Video/Audio stream were all either Fakes or Empty
i think Eurovision [ BISS-E ] Feeds will not successfully produce good Crypt8 and CW Key like last year , BISS-E Always a nightmare and pretty much impossible to break im afraid .

Sorry !

Using payload size 8 empty ?

 

[barney115]

PAYLOAD SIZE 8 Crypt8 was posted Here => http://www.sat-universe.com/showpost.php?p=2036776946&postcount=30327

 

[ViaHussun]

PAYLOAD SIZE 8 Crypt8 was posted Here => http://www.sat-universe.com/showpost.php?p=2036776946&postcount=30327

08hFF table

CW not found

 

[K2TSET]

Could you make a 30 sec record of the ts and upload somewhere then I can try to do a FPGA search, thx

 

[dankargo]

Thanks to all of you for responding.

Such a shame that they've finally found a way to stop people watching the show and mainly, the dress rehearsals via the feed.

I'd be most grateful if anyone could let me know if there is any progress in finding the CW. I will try myself but unfortunately my knowledge in cracking BISS is quite limited! I rely on you professionals most of the time

 

[Ratzvan]

i tried many times feed was active @ 7°East 11051 V 19200
but there will not be any key found i'm afraid
because all Cryp8's that were sent on Feed Video/Audio stream were all either Fakes or Empty
i think Eurovision [ BISS-E ] Feeds will not successfully produce good Crypt8 and CW Key like last year , BISS-E Always a nightmare and pretty much impossible to break im afraid .

Sorry !

Sincerly, I've not understood which elements we have to say that such feed was encrypted in an Biss system evolution.
I was at home some minutes after Barney2222 post and the feed seemed to have already left.

I had a look over his post to c8 in pls 8 and I couldn't find anything good (as too often happen with pls 8 !!!)

We used to have everyday lots of feed (as arqiva) that often give us no c8 , c8 in other pls than 184 or fakes c8.

So if we have no other element, I believe it's a impossible to say that it was a different evoluion of biss.

@klim

 

[Spc]

I found this info on internet today:

HD1 on EU7B will be distributed in DVB-S2 MPEG4 4:2:2
HD2 on EU10A will be distributed in DVB-S2 MPEG2 4:2:2
All feeds will be BISS-E encrypted.

Please be reminded that for the correct reception of the HD1 & HD2 signal in MPEG4 4:2:2, an Ericsson RX8200 has to be used.

Why is Ericsson RX8200 required ?

 

[barney115]

ERICSSON RX8200 is a TANDBERG Reciever Used by Broadcasters
But i doubt very much if Eurovision Song Contest will have Tandberg Encrypted Feeds
its unlikely they would go to so much trouble
for such a boring event that very few people are even interested in watching IMHO : )

 

[Dave5118]

BISS-E has been around for years, wouldn't be surprised if ALL feeds are now BISS-E.

eg. From 15 years ago.

https://tech.ebu.ch/publications/tech3292

The reason some feeds are harder to get C8s, is because of hardware changes/operator practical changes as defined in a EBU document from a few years ago.

Recommended Practice on A/V streams protected by the BISS encryption system.


The EBU, Considering that:
1.
the security afforded to A/V content by the BISS conditional access system depends on the integrity of Session Words that are known only to the Eurovision transmission system (coders and decoders),
2.
current consumer computational power can be sufficient to enable successful, timely brute force attacks on the Session Words in an encrypted transport stream,
and that,
3.
the availability of long term repetitive and predictable values such as “Null / Padding Packets” in the A/V stream increase the vulnerability of the streams’ encryption.
4.
the security of any Conditional Access system can be enhanced by adopting appropriate operational practices concerning its use,
Recommends that:
5.
The following implementations be considered by equipment vendors:
a.
For constant bit-rate mode (CBR) transmission, where “null packets” are used to match the required bit-rate at PES level, to replace their value with a randomized sequence.
b.
For variable bit-rate mode (VBR) transmission, the padding (not encrypted) “null packets at the TS level be removed.
c.
The ability to select encryption per PID (per PES).
d.
Audio tracks, when coded in Dolby E, should be unencrypted.
6.
The following operational practices be followed by operators:
a.
Content be encrypted at the start of live programme only. Ideally this should be done five minutes before going live.
b.
All line-up and test signals must be transmitted unencrypted. To test the encrypted signal path prior to live transmission, a camera shot that is unique to each transmission must be used; pre-recorded signals MUST NOT be used.
c.
The Session Word must be changed per transmission session.
d.
Staff at transmission sites must never divulge Session Words to third parties, regardless of who these may be. All requests for Session Words must be referred to the EVC.
e.
A security pass phrase should be issued to all authorised receiving parties for use in the event that a Session Word needs be requested from the EVC during a live transmission.