I guess I wasn't clear in the terminology in my previous comment. Here's a paper that describes it.
https://tech.ebu.ch/docs/tech/tech3292.pdf
It depends on whether it's a clear session word or an encrypted one. First all let's clarify our terminology.
Encrypted session word- this is the session word that would be provided to the person operating the decoder. This would be the 16 digit hexadecimal number they'd have to enter to decrypt the signal. However in the case of BISS E, it is not the final session word. It's not the final session word because it is encrypted and there is another piece of information that is stored in the decoder and is used to decrypt the encrypted session word that the operator will enter to produce the Clear session word. So, this is the extra layer that BISS E adds. If you were given this encrypted session word, you could not use it to decrypt the signal.
Clear session word- the clear session word is the 12 digit hexadecimal number that an operator of a decoder would enter in BISS mode 1. This is used to derive the control word. Control words are 16 digit hexadecimal numbers and they are used directly to decrypt the signal. To get from the Clear session word to the control word you calculate the checksum of bytes 1-3 and insert that checksum as the 4th byte in the control word. Then you calculate the checksum of digits 4-6 and that becomes the 8th byte in the control word. To summarize the difference between a clear session word and a control word is the session word is only 6 bytes whereas the Control word is 8 bytes, with the 4th byte being the checksum of digits in bytes 1-3 and the 8th byte being the checksum of 4-8. So, going from a Clear session word to a control word is easy and just simple math, but an encrypted session word is not. An encrypted session word is encrypted by some other piece of the puzzle and you will no idea what it is.
That depends on whether it's an encrypted session word, a Clear session word, or a control word. If it's someone who had access to the session word that would be entered into the decoder, that is someone is simply leaking information from the provider, then it's probably the encrypted session word and of no use. If however the it's derived from a rainbow table attack or a brute force attack, they it's not the encrypted session word but will either be the clear session word or the control word and should work if it's correct. The brute force attack or rainbow attack care nothing about BISS E and doesn't return an encrypted session word. It will return either a clear session word or control word.