Since more and more TV-services are offered to the consumer by an increasing number of service providers, the revenues from the TV licence fee and from publicities do not ensure anymore the financial equilibrium of the production and the distribution of the services. Pay TV is a solution for this problem. Each consumer will receive at home a signal for example by cable, satellite, etc. containing free and pay services. The pay services are scrambled or encrypted in such a way that they can not be viewed without extra equipment supplied for instance by the service provider. This extra equipment takes care for the conditional access system and can be seen as a forerunner of the Set Top Box. This system must ensure that only identified users are able to descramble or decrypt pay-services. Also a billing method must be implemented in this system, the consumer can pay for a given period of time whatever the consumption is (subscribe), pay for a special event, pay for a consumption measured in time or number of events (Pay Per View), etc.
In the next paragraph a general description is given of a Pay TV system. In paragraph 3 some existing broadcasting systems are described together with the known hacks on these systems. Most of these systems are used for satellite broadcasting. The last one, DVB, is still under discussion and currently not operating. At the and of this paragraph the functionality of the Set Top Box in the future is discussed. In paragraph 4 the involved hardware and the attacks on this hardware by hackers are discussed. In paragraph 5 storage devices like analogue and digital VCR's are introduced. Also an overview of existing copy and copyright protection methods is given. Finally, in the last paragraph conclusions are drawn.
To make Pay TV services possible, each consumer needs a television, a decoder box (Set Top Box) and a smart card, which should be plugged into the decoder box. Since there is only a one-way communication channel from the service provider to the consumer, no interaction of the consumer is possible. Therefore, it is difficult for the service providers to implement services like Pay Per View, Video on demand etc. A solution for this problem is a return channel from the consumer to the service provider. In some existing sytems a simple modem line connected to the tephone-network is used to enable these services (see figure 1).
Figure 1. Basic Configuration of a Pay TV system.
Pay TV techniques rely on two independent mechanisms. On the first hand scrambling / encryption of the picture and of the sound, on the second hand management of commercial entitlements which have to be transmitted as secured messages to the descrambler box (control access).
Encryption can easily be applied on a digital bitstream. In this case, all bits are encrypted by using for example a blockcipher like DES. Scrambling is used for analogue broadcasting. Using the latter method the signal format is changed, the synchronisation signals are suppressed and separately transmitted in an encrypted form. Sometimes, the audio signal is converted to a digital signal and encrypted. This digital encrypted audio signal can be embedded in the video signal.
The data is scrambled or encrypted using a control word (CW) or key. The control word or key will change after a short period. To send the new keys to the descrambler ECM's (Entitlement Control Messages) and EMM's (Entitlement Management Messages) are used. Those messages have a digital signature field which ensures the integrity of the message (e.g. a HASH-code). This prevents users to modify the context of the message.
An ECM is transmitted together with the scrambled signal. An ECM consists of three fields. The first field contains the acces parameters. These parameters define the conditions under which access to the program is allowed. This field makes for example parental rating (additional PIN code is requested by the descrambler box) and geographical black out (a film may not be available in all European countries) possible. The second field contains the control word in encrypted form and the last field contains a data integrity check.
An EMM consists usually of four fields. Each EMM starts with an address field to select an individual descrambler box. There are two addressing modes, one for an individual descrambler box and one for a group of boxes. The second field contains the entitlement for the user. The third field contains the service keys in encrypted form and the last field contains a data integrity check. EMM's can also be used to send a command to the descrambler box (see VideoCipher and Videocrypt). Transmission of EMM's is generally the result from an explicit request from the user to the service provider. These messages are individual in general. Their content shall be interpreted by one descrambler box or by a limited number of descrambler boxes which are concerned by this particular entitlement.
EMM's do not have to be transmitted in a synchronous way with the program to which they apply. They have to be transmitted in advance in order to give access to the authorised consumer. Any network can be used to transmit them to the receiver: modem, mail or broadcast. Over air adressing means that the messages (EMM's) are broadcasted.
To be sure that an EMM is received by the user to renew a subscription
for instance, there is no other way than to repeat the message
sufficiently. EMM's are therefore organized in cycle for broadcasting.
The length of the cycle is the major parameter determining the
maximum time to wait to get an entitlement for a user, which has
switched of his descrambler box for a long time.
Figure 2. Key Management in a Pay TV system.
The complete key management system is represented in figure 2. The audio and video are scrambled using a cycling control word or key CW. Every fixed period (e.g. 10 seconds) an ECM is transmitted together with this scrambled signal. These ECM's contain the control words encrypted with the service keys SK, which must be present in the descrambler box. The service keys are less frequently updated by EMM's, for example once a month. The service keys are encrypted with one or more individual unique keys, which are safely stored inside the smart card or descrambler box.
The complete description of the key management system can be found in [2..4].
A main problem is that every service provider uses his own scrambling / encryption algorithm and key management system. This means that many different systems are in use today.
In the next paragraphs an overview is given of the forerunners of the Set Top Box, video broadcasting systems that are currently available on the market. All known hacks on the systems are also described. In general, the companies do not give out any detailed technical information about their scramblers and methods because of hackers. Therefore the information in these paragraphs may be incomplete or not very accurate. Two systems Videocrypt and DVB are studied in more detail.
Luxcrypt is used by the Dutch on RTL 4 and RTL 5 [5]. RTL 4 uses a very simple implementation of this method. It replaces the sync with a 4 MHz burst. If you can detect the 4 MHz burst, you can put the sync back in. RTL 5 uses a not quite so simple technique. As well as the 4 MHz burst, they invert the video. This may be done for any random line and is harder to detect. All information needed to descramble the video signal is within the decoder, so no additional smart cards are required. There is information on the internet available to build a complete decoder. Since Luxcrypt is not a pay TV system and only works for analogue video it is not of our interest.
Characteristics of Luxcrypt:
| Over the air initializing | no |
| Billing method / Interactivity | none / no interactivity |
| MPEG-2 compatibility | no, analogue system |
| PC-output | no |
| Copy-protection | no |
| Video/Audio scrambling | removing syncs and invert video / none |
Leitch is used by ABC, Global (Canadian) and some sporting events [6]. The video is a line renumbering scheme. The top 120 lines of the screen are put at the bottom and vice versa, then they are renumbered in their respective half screens. It also uses phase inversion every other line for the color information, which is why it looks black and white. The shuffling is done by a pseudo random algorithm, and changes from field to field. The color is lost because the horizontal sync is much narrower and so the color burst is in the wrong place. Audio is 4 level encrypted PCM in the area immediately after the narrow Horizontal Sync pulse. There are also usually analogue audio subcarriers.
Characteristics of Leitch:
| Over the air initializing | unknown |
| Billing method / Interactivity | unknown / no interactivity |
| MPEG-2 compatibility | no, analogue system |
| PC-output | no |
| Copy-protection | no |
| Video/Audio scrambling | pseudo random line shuffling / 4 level encrypted PCM |
Videocipher One (VC-I) is used by CBS and Major League Baseball [6,7,8]. Generally the audio is not scrambled, and the video is scrambled in such a way that it looks like you are looking through a wavy watery screen. VC-I uses a variable pseudo random line delay meaning that the beginning of each line of video occurs at a different part of the scan line. If you squint you can almost make out the picture. The color information is not exactly right, and the images also seem darker than normal. VC-I was the original system proposed for HBO by M/A-Com back in the mid 1980's, but was not adopted due to the expenses of the total system.
A sequel to VC-I is the VC-II system, the de-facto standard in the USA. The consumer descramblers for VC-II are manufactured by General Instrument (GI). Each descrambler contains four fixed seed keys, which are needed together which other cycling keys to descramble the video. The cycling keys change every few days and are subject to an ongoing ECM program. The service provider can switch off a particular descrambler by sending an EMM, which changes the service keys in such a way that the signal can not be descrambled using the seed keys of that particular descrambler.
The Videocipher II system also offers a Pay Per View movie service. This service is realized by connecting a modem to the descrambler (see figure 1) as return channel to the service provider. Somewhere in the descrambler system the number of consumed Pay Per View events are counted and stored into a RAM memory. At the end of each month the service provider polls the descrambler for the number of Pay Per View purchases.
The "de-facto" standard VC-II was the world's most hacked scrambling system. Therefore, all older VC-II decoders will be replaced by VC-II+ and forthcoming VC-II+ RS (Renewable Security) systems, which hope to thwart this piracy through the use of a renewable smart card.
The current system employs what is called "sound in sync". The audio portion of the program is encoded as little winky dots hidden in the sync pulses (the bars on top or aside the screen that you do not normally see). So the sound is digital. The real reason the sound is digital is not to provide sound quality, but rather to insure that unauthorized reception is not all that easy, and a decoder can not be built from scratch. No hacker has ever build a complete new decoder, they always tamper with legal decoders.
The scrambling system uses a dual decryption key system, and is based on the DES algorithm (making export of VC-II type decoders illegal). The video is a simple matter to decode, as it is only video inversion and sync suppression.
Characteristics of Videocipher II:
| Over the air initializing: | maintain and update ACM authorizations |
| Billing method / Interactivity | unknown / unknown |
| MPEG-2 compatibility | no, analogue system |
| PC-output | no |
| Copy-protection | no |
| Video/Audio scrambling | inversion and sync suppression / embedded in video signal encrypted using DES |
The first of three attacks on the VCII system involved an unsuccessful attempt to duplicate the critical proprietary IC's through the use of a chip stripper (reverse engineering of custom IC's). Then a group euphemistically referred to as DESUG (Data Encryption Standard Users Group) attempted to reverse the DES (Data Encryption Standard) algorithm. This was time consuming and it was not a valid option. The third attempt involved disassembling the decoder control program which is stored in the system's EPROM. This approach proved successful and lead to some major hacks on the system.
About a year after the introduction of the 3M chips, the "wizard" hack, which irrevocably destroyed the system was discovered. One of the early chips which featured this hack was aptly called Doomsday. In addition to the 32 bytes which provides a unique identity for each VCII decoder, there are ECM's of 28 bytes transmitted in the data stream which are critical to the decoding function. Included is a unique service ID and channel identifier for each channel, and a period indicator which indicates the month the data is valid for. Seven bytes are the authorization mask which identify which services are subscribed to. The VCII does a series of calculations involving unit ID information and the ECM to obtain a control word (key). It was discovered that this key was the same for all VCII's of the same series and that this common key turned on all services except the pay-per-view channels. The most amazing thing about the VC II system was that all non-PPV services would be decoded if the correct working key was entered into the correct RAM addresses, and none of the calculations mattered, and it did not matter whether the VCII was authorized or not or even if the unit ID data was valid. The wizard software which was developed as a result of these discoveries calculated the working key automatically for the current and next month. It's operation was essentially transparent to the user,though it was necessary to enter keys for the pay-per-view movie services like Request TV, First Choice and Action Pay-Per-View manually because their working keys required different calculations. The keys were entered through the keypad on the satellite receiver's remote control.
There was an-going EMM program which was operated by G.I.(General Instrument) after they bought out M/A-Com. When the first 3M fixes were used in 1986 it was not known that the box ID was stored in two locations. A message was sent in the data stream to decoders to compare the ID's in both locations. If they did not match the box was shut off. VCII's suspected of being clone masters would be shut off on the grounds that they were oversubscribed.
Hackers monitored the datastream on certain channels and they were able to observe EMM's being tested. This often allowed them to modify software and hardware fixes and have the fixes ready to sell before an EMM was actually employed.
By 1992 General Instrument started to take control of its system. It established a swap out program to issue VCII PLUS units to legitimate subscribers with untampered decoders. Instead of a common key which turned on all services except the PPV's each service now had its own unique working key but it was still a common key which worked in all residential decoders. Instead of entering a 20 digit monthly key which would turn on all the basic services, it became necessary to enter 20 digits for each of the 60 or so channels available. Then the keys started changing more frequently, with some changing weekly and then daily. This led to the development of modem based fixes which would allow the user to simply press a button on their remote control which would cause the modem to call a BBS and download the latest working keys into the RAM of the Videocipher board. This worked for a while but other ECM's made it necessary to make frequent software and hardware changes. In addition, many individuals were paying for long distance charges to a BBS in order to download the keys. When the movie channels like HBO and Showtime moved to the VCII PLUS system, most dishowners abandoned piracy because they could no longer get the channels they really wanted and the cost of piracy was higher than the cost of subscribing to the channels which were still available.
Oak Orion is used by CANCOM for the Canadian feeds and by North American Chinese Television on K2 (maybe also by some cable companies) [6,7]. There are two types of this system. Oak sine wave and Oak Orion are very different. Oak Orion is more like Videocipher except that included in the Oak is an inversion bit (on one of the lines in the vertical interval) that tell the descrambler to run normal or inverted video. The change from normal to inverted is somehow related to scene changes, possibly by a trigger based on brightness level. Sometimes it will stay in one mode for minutes before switching to the other mode (positive or negative video).
Oak sine wave puts a big sinewave into a positive image and fools the Horizontal sync, thus making the picture tear. Oak sinwave always has audio in the clear. Oak Orion has sound in sync just like Videocipher.
Characteristics of Oak Orion:
| Over the air initializing | unknown |
| Billing method / Interactivity | unknown / no interactivity |
| MPEG-2 compatibility | no, analogue system |
| PC-output | no |
| Copy-protection | no |
| Video/Audio scrambling | Videocipher like and inversion / no scrambling or like Videocipher |
The EuroCypher system was developed by the VideoCipher division, a part of General Instrument, as an enhancement of the VideoCipher II [9]. It has been used by the British Satellite Broadcasting Ltd from March 1990 until late 1992. Today, EuroCypher is no longer in use anywhere in the world. The access control module processes and descrambles the video signal. There is no information available about the used scrambling method.
The main concept of access control is the concept of tiering. A tier can be thought of as a kind of switch that, if turned on, authorizes the Access Control Module to permit the receiver to access some service associated with the switch. To initialize a new service, the service provider has to make an agreement with the European Satellite Services Ltd. Once this agreement is made, the new service is associated with a tier, and the Program Control System controlling the service broadcasts an authenticated statement describing which tier is needed to access the service.
Characteristics of EuroCypher:
| Over the air initialization | maintain and update ACM authorizations |
| Billing method / Interactivity | Post-payment / no interactivity |
| MPEG-2 compatibility | no, analogue system |
| PC-output | no |
| Copy-protection | not addressed |
| Video/Audio scrambling | unknown / unknown (maybe like videocipher II) |
Remarks: No information is available about attacks on this system by hackers. Since the system is not in use anymore, hackers are not interested in EuroCypher.
The EuroCrypt system was developed by CCETT (France Telecom) [3,4,9]. Three kinds of informations can be broadcasted: analogue video, digital audio and data. It was designed for MAC/PAQUET systems family. Eurocrypt has been chosen by CSA in France for Pay-TV channels or TDF1/TDF2, by France Telecom for Pay TV services on its cable networks and in Scandinavia by Scansat for its ASTRA programs. The system was designed in order to permit to be used by many service providers with minimal constraints. Several service providers can be managed by one terminal, which is divided in independent areas. A central authority will give different resources to each service provider, afterward the service provider will manage their own resource independently from the others. Each user must acquire a terminal and the cards corresponding to each service provider. Cards must be distributed by the service provider which keeps the propriety of the cards. The terminal can be bought in the public market.
The EuroCrypt system makes use of a D2-MAC decoder. In this system the video is transmitted in an analogue form and multiplexed in time with the sound and data signals which are transmitted in digital form. At the beginning of each video line (analogue chrominance and luminance components) a packet of 105 bits is transmitted. This packet contains digital sound and data (among others ECM's and EMM's). The scrambling agorithm relies on Jennings pseudo random generators. In case of a digital packet (sound / data) the output bits of the pseudo random generators are added bit by bit to the clear data using the exclusive or operation. For the multiplex analogue signal (video) 16 bits of the output of the pseudo random sequence are taken so that they determine one or two cutting points in the luminance and chrominance spectrums. The spectrum parts obtained from these cuts, rotate between themselves to obtain the scrambled spectrum. The key management system works roughly as described in paragraph 2.2.
Characteristics of EuroCrypt:
| Over the air initialization: | The entitlements for services are delivered over the air |
| Billing method / Interactivity | not addressed / no interactivity |
| MPEG-2 compatibility | no, analogue system |
| PC-output | no |
| Copy-protection | not addressed |
| Video/Audio scrambling | double cut and rotation using PRBS / PRBSG XOR |
Remarks: EuroCrypt can be hacked by a smart card emulator. Several descriptions and construction schemes are available on the internet.
Nagravision or Syster is used in France, Spain, Turkey and Germany [9]. Unlike Videocrypt and Eurocrypt, Nagravision decoder boxes are not for sale. They are only rented out to subscribers, but still operate with a smart card. A main problem with a working hack on the Nagra system would be the decoders. It would be easy to replicate the pirate card, but the decoders are not easy to get. Therefore with access to the decoders controlled it is a very good demonstration of the philosophy of total access control.
A detachable Access Control Unit is provided to ensure security. The DES & Public Key encryption algorithms are used in order to provide high protection against piracy. The encoding pattern is continuously changed. The scrambling is never the same, even on two consecutive fields, and information about a new random pattern of encoding is sent to the decoder every second. Encrypted data is inserted on the video signal that is read by the decoder in order to decode the picture. Two systems are commercialized with different (unknown) characteristics, the SYSTER and the SYSTER XP system.
Characteristics of Nagravision:
| Over the air initialization | The entitlements for services are delivered over the air |
| Billing method / Interactivity | not addressed / no interactivity |
| MPEG-2 compatibility | no, analogue system |
| PC-output | Output of demultiplexer is redirected to RS-232C port |
| Copy-protection | not addressed |
| Video/Audio scrambling | Shuffle Cut & Rotation (like VideoCrypt) / Spectra inversion |
Remarks: No hacking has been reported yet, so for now it appears to be a secure system. (Maybe this is the only secure system currently operational, partly because the system can only be rented instead of bought).
Several software packages are available that can decode scrambled frames without knowledge about keys etc. The frames can be decoded by using correlation techniques to resort the scanlines. It takes about 3 minutes to decode a frame using a 486 DX PC, so no real-time decoder can be build using these techniques.
Videocrypt is a pay TV scrambling system jointly developed by Thomson Consumer Electronics and News Datacom [5,9..12]. Over one million users receive Videocrypt encrypted signals. It is used by British Sky Broadcasting Channels and Asian Satellite Television Network. Videocrypt is a multi-standard encryption system which is suitable for PAL, NTSC and SECAM transmissions. Language is no barrier for Videocrypt with its capacity for multi-lingual transmissions and broadcasts utilizing a comprehensive on-screen instruction menu.
A smart card is the central key to the Videocrypt system, and the card can be used for a variety of applications. The card is pre-coded to determine a user requirements and it can subsequently be addressed utilizing the decoders logic to amend the users services at the broadcasters will. The Access Control Unit for the Videocrypt system is a removable secure processor with memory. There is no return channel from the user to the access manager, so the user can not ask for entitlements from his home.
There are a number of broadcasting modes which the smart card can be used within including:
| Clear Mode | Signals sent in the clear are recognized by the decoder and passed to the display without further processing. |
| Free Access | Pictures transmitted with an encryption key are delivered directly to the display through the decoder |
| Controlled Access | Access to encrypted pictures is determined by the level of access authorized to the users smart card. No signals will be transmitted in an unencrypted state without prior authorization |
Programs can be tailored to usage with the Videocrypt system and the system offers a flexible way for pay-TV operators. There are a number of operations mode offered as standard including:
Videocrypt enables smart cards to be pre-programmed to suit the specific programming requirements. Since there is no return channel. ordering is performed by special offices or mail. Videocrypt can be used in a number of applications other than TV signals protection. They include:
An existing customer would receive a new card which contains part of the new code, the remainder of the code would be transmitted when the card is inserted into the decoder and the subscriber compiles with the instructions contained within the on-screen graphics.
Systems operators can now address individual subscribers, which is a vast improvement over other scrambling systems. The operator can provide additional services, reduce service entitlements, send individual messages, blacklist and/or whitelist viewers.
Messages can be transmitted to individual subscribers or to a group, so target messaging is now a potential. Messages like: "Satellite owners in LONDON call 081 XXX XXXX now for a great bargain".
Sales over the air can be utilized with the unique identity number which verifies an owner and their registered address. Data can be matrixed with a user personality during ad-breaks to tailor-make the advertisement. A unique transaction alphanumeric can be displayed on the TV screen, and the subscriber will telephone a given number and quote the alphanumeric - and the deal can then be completed in total security.
Characteristics of Videocrypt:
| Over the air initialization | activate / block smart cards, address individual subscribers, reduce service entitlements, send messages, etc. |
| Billing method / Interactivity | buy pre-programmed card / no interactivity |
| MPEG-2 compatibility | no, analogue system |
| PC-output | no |
| Copy-protection | stamping |
| Video/Audio scrambling | PRBS (Cut & Rotation) / possibility for spectrum inversion |
To avoid piracy several protection mechanisms are used. Some possible attacks are described together with the protection methods, which should prevent such attacks.
The majority of scrambling systems currently on the market are dependent on analogue processing circuitry, and it is a hard task to get a secure system without picture deterioration. Videocrypt can encode and decode a picture without degradation. The crux of the scrambling system evolves around a patented development of Active Line Rotation (Cut and Rotate principle). Every line of the signal is cut at a number or points along its length, and this is chosen at random by a 60 bit pseudo random binary sequence generator (PRBS). As each cut point differs from the next the signal has no viewing value to an unauthorized recipient, but authorized recipients decoders recode the picture so that the true state of the unscrambled line is always first out for display. The PRBS is re-seeded at times too, to enhance the security of the system even more.
Before this ALR process can take place, the decoder needs to be aware of the cut point on each of the transmitted lines, this is provided within the encryption process. Each decoder utilizes an PRBS which reflects the characteristics of the system so that the two halves can be synchronized and a viewable picture displayed.
The Videocrypt encryption system is based around a tightly-guarded secret which has defeated system hackers throughout the world. A final control algorithm is central to the systems security and this can be changed at will if the system has been hacked.
Complex calculations are performed within the system in order not to compromise its security.
Videocrypt also has the capability of encrypting sound sources to enhance the security of premium events. To date this level of security has not been utilized by broadcasters. The system of spectrum inversion renders the sounds received without authorization worthless. Videocrypt transposes the frequencies transmitted and this in turn removed distortion of the sound.
Nanocommands over the air can call subroutines in the smart card to change key tables etc.
A number of steps have been taken to stop smart cards being copied or cloned. A physical deterrent is the first line of defense, and the integrated circuit contained within the card makes "probing" very difficult as the IC is likely to become damaged in the process. Cost is a second factor which is likely to deter manufacturers of illegal decoders. A considerable amount of time, trouble and expensive resources would be required to clone the card. The manufacturers of Videocrypt recommend that the cards are replaced every six months, and each time this is done a "secret encrypting algorithm" will be changed. Any pirate decoders manufactured during this time would be relatively useless. And should a pirate decoder be manufactured, it will contain a unique security code, which could be blacklisted by the systems operator once the code has been discovered - leading to calls of complaint by angry customers.
Videocrypt offers an simple method of tracking down pirates which tape high-value programming and then distribute it. The customers unique ID number can be hidden in the picture and retrieved by a technician at a later stage.
The Fiat Shamir Zero Knowledge test is used to check whether a valid smart card is inserted in the decoder or not. However, due to a programming error on many of the original decoders and IRD's this test did not work properly.
In this paragraph a historical overview is given of the most famous hacks on the Videocrypt system.
Figure 3. Mac Cormac hack.
At this time, Videocrypt is still hacked. There are several working Omigod programs available for the PC and the MAC that can hack all of the Videocrypt channels. These programs are free, most of the BBSes in Europe have copies. When Sky implements an ECM, the modified versions of the programs are posted on the BBSes within a few hours. Some pirate cards have a keypad. When there is an ECM, the pirate card user just telephones an answering service to retrieve a set of numbers. After entering these numbers the card operates again. Another card uses a modem to receive the new codes. Things will change, because Sky brings out a new 0A card. From this history it appears that the smart cards has to be changed every six months. Otherwise it is certain that they will be hacked.
The new protection methods have to be more complex than the existing ones. Since the level of electronic knowledge required for hacking is high, most hackers are technicians, engineers or at least people with a good knowledge of electronics. Most commercial hackers work together with each other and try to become rich by selling their pirate cards, updates and cloned decoders. Since they make a lot of money, they are able to do big investments in hard-ware etc.
Digital Satellite System was developed by Thomson Consumer Electronics for the US market. News Datacom developed the conditional access system and security encryption for DSS (and Videocrypt also described in this chapter) equipment [7,9,13,14]. The DSS encryption is based on the VideoCrypt access control system. It is being used by DirectTV service as well as United States Satellite broadcasting. Now, Toshiba America, Uniden America and Hugues Network System are also involved in DSS.
Conditional access is provided with a unique smart card for a set top decoder.
DSS systems would use Macrovision chips in RCA and Primestar receivers for copyprotection. All products which defeat copy protection schemes would become illegal (copyright laws Commerce Department).
Characteristics of DSS:
| Over the air initialization | Ability of maintaining, updating EMM authorization |
| Billing method / Interactivity | Connection to telephone line for program initiation and billing |
| MPEG-2 compatibility | yes |
| PC-output | no |
| Copy-protection | not addressed (Macrovision?) |
| Video/Audio scrambling: | DES / unknown |
According to information from the Hack Watch News, the DSS smart card has been hacked and the pirate cards will enter the market in soon. However, the plan to offer four different pirate cards with different tiers of programming has been abandoned because it has been found that the card cannot be duplicated.
The patent number on the DSS smart card referred to the Fiat Shamir Zero Knowledge test. It is an authentication algorithm that the decoder runs to see that the smart card inserted in the decoder is a genuine smart card. The same authentication algorithm is used in the analog VideoCrypt system in Europe. There are more similarities with this older system. Anyone trying to reverse engineer the smart card will encounter the nefarious code 99. The card developed by RCA and Motorola can be rendered useless by hi-frequency, low voltage, temperature and other types of probing. Any type of tampering results in erasure of the micro code in the EEPROM and sets the card to code 99, rendering it absolutely useless. The smart card which has been developed for the DSS system is, at this moment in time, impervious to all known methods of hacking. In addition, code can be reprogrammed on-the-fly, every 29 seconds. Reprogramming was used in the 09 series smart cards in Europe (Videocrypt) which increased their longevity, although they eventually had to be replaced anyway.
Just as hacking the Videocipher II system never involved breaking the DES, hacks for the DSS system do not necessarily involve being able to reverse engineer the smart card. The fix to be released will probably involve reprogramming the card to add existing services to those already being paid for, including pay-per-view credits, sports etc.
The Digicipher system has been produced and commercialized by general Instrument (GI) in its first version in 1992 [6,9]. It includes Uplink Encoding System and Commercial Integrated Receiver/Decoder products. PBS is using Digicipher I for its feeds to affiliates. They plan to convert to Digicipher II when the equipment becomes available, some time in 1996. Digicipher II uses digital transmission and is designed with an open architecture. Only Digicipher II is here discussed.
The initial application for Digicipher II is to deliver digital television signals by satellite and cable to subscribers. Digicipher II signals are also transportable through microwave, fiber, and ATM networks. Finally, the basic digital platform is described as usable in the future for such applications as interactive television, multimedia and HDTV. A smart card can optionally be provided to the user if the service provider wish to enhance the access security.
Characteristics of Digicipher:
| Over the air initialization | It is possible to address home satellite consumers and/or cable subscribers |
| Billing method / Interactivity | not addressed / no interactivity |
| MPEG-2 compatibility | yes |
| PC-output | not addressed |
| Copy-protection | Macrovision Copy-protection |
| Video/Audio scrambling | DES / DES |
Remarks: For the North American C-band market, Digicipher is capable of decoding Videocipher II+ signals. No hacking reported yet and no information available about security.
In September 1994, the major European television producers, broadcasters,
and manufacturers agreed on a new standard for the digital broadcast
of video sequences called the Digital Video Broadcast (DVB) [9,15..18].
This new technology will gradually replace the current analog
PAL and SECAM broadcast norms. The digital nature of the signals
increases the quality of the video transmission and allows the
creation of new services that were not possible before. However,
these advantages come with technical challenges are both the digital
and modulation levels. DVB uses digital technology to transmit
video. The video sequences are coded using MPEG-2, then interleaved
and error coded. The Reduced Reed Solomon code may be a candidate.
The actual broadcast will be performed using the Orthogonal Frequency
Division and Multiplexing (OFDM).
The first generation of DVB consumer receivers is expected to be a set top box called an Integrated Receiver Decoder (IRD). I.e. a small box which contains only a receiver and the above MPEG decoder. These IRDs will have the usual RF and SCART interfaces to the antenna, cable and TV/VCR. In addition IRDs are expected to have also data transmission interfaces for personal computers and other multimedia systems. One original point of the DVB system will be that the control access module (CA) will be a separated box which will be connected to the IRD using a PCM/CIA interface. A chip card slot will be optionally provided on the module.
There are two proposals for the conditional access module due to the different views of the participants. The established broadcasters, who already offer video services, would like make sure that their investment in their current descramblers is not lost. They will accept standardization only up to a certain point. On the other hand, the newcomers, consisting mainly of network operators and the smaller broadcasters, would like to cooperate, since they know that not many people would buy a decoder box to watch only one or two channels. So, complete standardization of the module would really be the solution for them. The equipment manufacturers also wish to standardize to come to cheap mass production.
The first proposal is now commonly known under the name of Simulcrypt. The "newcomer" that wishes to access the "established broadcasters" set of installed decoder boxes, first has to come to a business agreement with the broadcaster who then ensures that his CA system also provides the newcomers service. This means that the newcomer should deliver the scrambling keys and the subscriber information to him, who then returns the corresponding ECM's and EMM's and makes sure that the smart card is capable of the newcomers' service. This proposal is heavily backed by BSkyB (British Sky Broadcasting Channels), Canal+, Filmnet and their respective CA (Control Access Module) system suppliers using the VideoCrypt system.
The second proposal is called Multicrypt (or Transcript?) but is better known as the Common Interface. The Common Interface today consists of a detailed draft specification of a standard interface between the decoder box and a detachable module. Since the interface would have to fit all incompatible CA systems in use today, the interface was chosen at the MPEG-2 Transport Layer. This means that scrambled MPEG-2 data goes across the interface into the module and descrambled (thus clear) data is returned, both at a rate of up to 50 Mbit/sec. The detachable module contains the descrambler chip. The Common Interface is backed by the newcomers, who see this as a fundamentally good and secure solution to the standardization problem, it allows them to cooperate and still use their own proprietary CA system.
Characteristics of DVB that seems to be already fixed (can change in the future):
| Over the air initialization | not addressed (entitlements for services, updating authorizations etc.) |
| Billing method / Interactivity | IRDs should include a modem for connection to a public telephone network for access control, billing, interactive service etc. |
| MPEG-2 compatibility | yes |
| PC-output | yes |
| Copy-protection | not addressed |
| Video/Audio scrambling | own standard / own standard |
In figure 4 a proposed scheme for the DAVIC Conditional Access system is represented. This proposed model works with a Set Top Box implemented by a standard terminal and a detachable CA module (PCMCIA card).
Figure 4. DVB proposal for decoder and CA system.
The questions arise if the descrambled stream can be tapped and if the descrambler has been equipped with a digital output, which can be used for PC, multimedia applications and a SMASH storage device.
Remarks:
The scrambling algorithm specified for common EP-DVB applications has been designed to minimize the likelihood of piracy attack over a long period of time. The scrambling algorithm operates on the payload of a Transport Stream packet in the case of TSlevel scrambling. A structuring of PES packets is used to implement PESlevel scrambling with the same scrambling algorithm.
The PES level scrambling method requires that the PES packet header shall not be scrambled (as required in ISO/IEC 13818-1) and Transport Stream packets containing parts of a scrambled PES packet shall not contain an Adaptation Field (with the exception of the Transport Stream packet containing the end of the PES packet). The header of a scrambled PES packet shall not span multiple Transport Stream packets. The Transport Stream packet carrying the start of a scrambled PES packet is filled by the PES header and the first part of the PES packet payload. In this way, the first part of the PES packet payload is scrambled exactly as a Transport Stream packet with a similar size payload. The remaining part of the PES packet payload is split in super-blocks of 184 bytes. Each super-block is scrambled exactly as a Transport Stream packet payload of 184 bytes. The end of the PES packet payload is aligned with the end of the Transport Stream packet (as required in ISO/IEC 13818-1) by inserting an Adaptation Field of suitable size. If the length of the PES payload is not a multiple of 184 bytes, the last part of the PES packet payload (from 1 to 183 bytes) is scrambled exactly as a Transport Stream packet with a similar size payload. A schematic diagram describing the mapping of scrambled PES packets into TS packets is given in figure 5.
Figure 5: PES level scrambling diagram.
The PES level scrambling method puts some constraints on the multiplexing process in order to make the descrambling process easier.
For applications that scramble MPEG-2 Sections, a problem occurs as the MPEG-2 specified syntax does not include any scrambling control bits. Therefore, the scrambling of Sections shall be at the Transport Stream level and shall be signalled by the scrambling control field bits. Clear and scrambled Sections cannot be combined in a single Transport Stream packet. The MPEG-2 defined padding mechanism can be used to create Transport Stream packets with only clear or only scrambled Sections. This means that the end of a Transport Stream packet carrying a Section shall be filled with bytes having a value of 0xFF, in order to separate clear and scrambled Sections into different Transport Stream packets.
The algorithm is designed to minimise the amount of memory in the descrambler circuit at the expense of the complexity in the scrambler. The exact amount of memory and the descrambling delay depend on actual implementations. Maximum flexibility in the operation of a broadcast infrastructure requires scrambling to be allowed at the PES level. In order to avoid complex implementations at the consumer receiving equipment, only a single descrambling circuit shall be required. The DVB scrambling algorithm can scramble data with a rate up to 54 Megabits/sec.
The descrambler boxes described in the previous paragraphs are precursors of the Set Top Box that will bring the future digital services in the home within a few years. The descrambler boxes only offer TV and limited information services. The Set Top Box of the future will offer much more services like Teleshopping, mailbox and on-line information services, games on demand etc.
The prototypes of DVB Set Top Boxes (e.g. Nokia DVB 9500 S) are equipped with a wide range of interfaces (SCSI, RGB, Audio analogue, RS-232, modem line, VCR control lines, etc.) [19]. An MPEG-2 decoder is implemented. The STB's are expected to have also data transmission interfaces (e.g. SCSI) for personal computers and other multimedia systems. The first prototypes do not have a digital video or audio output. This means that only an analogue VCR can be connected to such a Set Top Box.
DVB proposed that the control access module (CA) will be a separated box which will be connected to the STB using for example a PCM/CIA interface. A chip card slot will be optionally provided on the module. The service providers can implement their own proprietary CA system in this detachable module. This means that different service providers can work with only one Set Top Box.
It is expected that in the future all digital interfaces of the Set Top Box will be replaced by one digital bus interface. For example a P1394 bus interface. The DVC-camcorder already has such an interface. It is questionable if the connection to the TV is also digital. If this line is still analogue, there must be an MPEG-decoder in the Set Top Box, otherwise the MPEG-decoder will be implemented in a digital TV or in a PC. For sure, the Set Top Box will have some computational power to execute for example an Electronic Program Guide. One of the most important tasks of the Set Top Box is to deal with conditional access and encrypted signals.
From the previous paragraphs it appears that most hackers do not try to build a complete new decoder. They only try to modify the existing decoder boxes to add new services to services they already pay for or modify the decoders in such a way that they do not have to pay at all. Most hacks were not caused by cryptanalysis, but by implementation errors. This happens in most cryptosystems [20]. So, the hackers are not only examining the scrambled signals, but also the decoder boxes and Smart Cards. The Smart Card is the most secure part of the cryptosystem. Some information about Smart Cards is given in the first paragraph.
It is easier to derive the scrambling algorithms from the program code stored somewhere in the decoder than to derive the algorithms directly from the signals. The most common way to get such code is extracting programs from microcontrollers and EPROM's. The most attacked hardware is located close to the interface with the smart card. This is the weakest place in the existing scrambling systems, almost all hacks are focused on this interface (Mac Cormac, PC-driven Smart Cards, cardless decoders, etc.). To avoid these hacks the newer microcontrollers are equipped with a protection mechanism, that should prevent people from reading out the code. However, some mechanisms fail. In this paragraph some hacks on this kind of hardware are described.
Smart Cards are already in use in most TV scrambling systems. They are also widely used for pay telephone applications. There are basically two classes of Smart Cards [21]; contactless and contact. The contact type Smart Card requires direct electrical connection to the decoder. It is the cheapest format. The non-contact type Smart Card has not been used in decoder applications yet. It uses oscillators running at different frequencies to supply power to the card. A filter and rectifier arrangement circuit on the card picks up the signal generated by the descrambler and produces a DC voltage. Data can be transferred in a similar fashion. This type of card may be used in the future but the cost is prohibitive.
The connector specifications for the contact Smart Card have been established as an ISO 7816 standard. The ISO standard specifies eight connections of which only six are actively used as can be seen in table 1.
Tabel 1. Layout of the connectors
| Contact | Designation | Contact | Designation |
| C1 | VCC (Supply Voltage) | C5 | GND (Ground) |
| C2 | RST (Reset) | C6 | VPP (Programming Voltage |
| C3 | CLK (Clock Signal) | C7 | I/O (Input/Output) |
| C4 | Reserved | C8 | Reserved |
Due to the difficulties involved in reverse engineering a card, it is very difficult to extract the data from the card without destroying the card. The fact that the structure of the card is known does not imply that the actual program in the card is known. It should be stated that extracting the program from a smart card is not impossible.
The structure of the card is basically simple. It consists of a microprocessor and memory. This description fits the microcontrollers used to control receivers and video recorders. The type of memory used can vary. It generally involves:
The information stored in the ROM is fixed and cannot be altered without changing the design of the Smart Card. The information in the EPROM generally has to be erased with ultra violet light. This would imply that once the card has been programmed, the information cannot be erased in the card. The EEPROM is more usable in Smart Cards for one specific reason - it can be reprogrammed in the card. The manner in which the VideoCrypt cards can be turned on and off seems to indicated that the VideoCrypt Smart Card uses EEPROM memory rather than EPROM. In table 2 some configurations are listed of available Smart Cards.
Table 2. Microprocessor / memory configurations of Smart Cards
| Manufacturer Type | CPU | RAM | ROM | EEPROM |
| Siemens SLE 44xx | 8 Bit 8051 derivative | 128 Byte | 4 kByte | 2 kByte |
| Motorola 68HC05xx | 8 Bit 6805 | 128 Byte | 6 kByte | 3 kByte |
| SGS ST9 | 8 Bit 6805 derivative | 256 Byte | 20 kByte | 1.5 kByte |
| Toshiba TOSMART | 8 Bit Z80 derivative | 512 Byte | 8 kByte | 8 kByte |
| Hitachi H8/310 | 8 Bit H8 | 256 Byte | 10 kByte | 8 kByte |
| Philips 83C852 | 8 Bit 80C51 derivative | 256 Byte | 6 kByte | 2 kByte |
| OKI MSM627xxx | 8 Bit 8051 derivative | 448 Byte | 14 kByte | 16 kByte |
The Smart Card's Microcontroller is fabricated on one chip. This chip contains EEPROM. If any attempt is made to scan the chip with an electron microscope, the EEPROM will be wiped. Since the design is all on a single chip the data flow between the memory areas cannot be directly examined.
The ROM area of the card is not accessible. It cannot be read out by pumping the card. For this reason it holds the most critical information. The programs held in ROM are used for all services or channels that use the card. The algorithms will be identical but the keys will be totally different. This section will also hold the routine for decryption the data in the EEPROM area of the memory. The EEPROM contains the enabling data for each channel that the card user has paid for. The data entry for each channel would consist of a channel identifier, a billing period, a regional identifier, key data and authorisation data for the channel. The RAM section is used by the decryption algorithm and other programs as a tempory storage area.
The design of a Smart Card is complex and prototyping can take a few months. The ROM in the card has to be mask programmed. This essentially means that the programs to be stored in the ROM are designed as part of the chip. The procedure is straightforward.
The programs to be included in the ROM are developed on a Smart Card emulator. This is a microprocessor development system that is configured to imitate a Smart Card. It is hooked to a personal computer. The program developer will write the programs on the computer, test them, and if they run successfully, load them into the Smart Card emulator. The Smart Card emulator will then be plugged into a decoder to ensure that the programs work.
The programs will then be supplied on floppy disc to the chip manufacturer. The manufacturer will program an EPROM with the programs and send it to the card issuer for verification. Once the EPROM is checked, the manufacturer will then produce the chips in sample quantity. These chips will also be tested for correct operation. The chips can then be mass produced. The chips are glued to a printed circuit board substrate with epoxy resin. The connection pins on the chip are wired to the connections on the substrate. The substrate connections are then wired to the connector array. The actual plastic card is injection moulded with an indent for the chip. The chip is then glued into the indent. The card is then tested to ensure that it is operational.
The Smart Card at this stage will only have the bare minimum of data. There will be no service data in the EEPROM. This data is programmed into the card by the card issuer. In VideoCrypt's case, the programming and card assembly would be carried out at the Gemplus factory in Scotland.
The SMART card is essentially a partial computer on a card. It is a partial computer because it requires other circuitry and inputs to operate. The first requirement is supply voltage. This is generally a 5 Volt DC supply. The second requirement is a clock signal. This is a stable frequency square wave of 5 volts amplitude. This frequency is derived from a crystal in the descrambler. The frequency used in the VideoCrypt card is 3.5 Mhz. The third requirement is a reset line. This is used to initiate the programs and routines in the card when the card is inserted into the socket. The fourth requirement is the EEPROM voltage. The EEPROM programming voltage is high, typically over twenty volts. This voltage is only on for a few milliseconds every three seconds. The chip would generate too much heat if it was continually fed with high voltage. The fifth requirement is the data port.
The data flows to and from the card on one line. It is serial data. This port would be connected to the RAM in the card. The serial data would be clocked into the RAM. The microprocessor on the chip would then read the data in a parallel format. The data flows at 9600 Baud or at 9600 bits per second. The serial data line makes the card more secure. When the card is inserted into the descrambler, the reset pin is activated. This zeroes the RAM and causes the microprocessor to select the boot-up program. This program will verify that the card is valid for the period and not on the blacklist.
The card will then read the data from the descrambler. This data, along with service data from the EEPROM, will be used in the decryption algorithm stored in the ROM. The product of the decryption algorithm will then be passed back to the descrambler.
In the VideoCrypt system, the information flowing to and from the card is not useful on its own. The data is not the actual key used to descramble the picture. This data is passed via the 8052 Housekeeper microcontroller to a secure microprocessor, the ZC404044 or ZC404047, where it is then used in a further algorithm to generate the seed for cutpoint generator. The secure microprocessor is actually a Mask ROM version of the 6805 microcontroller.
Pay Per View is extremely easy to implement with a Smart Card. The card user will purchase a number of credits or tokens each billing period. A typical number would be 99 tokens. The Smart Card would be programmed so that the token counter would read 99 tokens. When ever the user wanted to watch a PPV film or event, a message would be shown on screen stating the number of tokens that the event is valued at. To watch the programme, the user would press the authorise or pay button on the front of the descrambler. The descrambler would then decrease the token register by the correct amount. Each service could have a token register. The actual operation of the counting mechanism would be more complex. It would be too easy to intercept the taken count value and substitute a continual 99 tokens. This type of hack is commonly used in computer games and is known as an "Infinite Lives POKE". At present the actual PPV algorithm for VideoCrypt lies mainly in the 8052.
The VIdeoCrypt cards are valid once they leave the subscription centre. This means that they can be used in any VideoCrypt descrambler. They can be deactivated over the air by Sky. When this occurs, a section of the EEPROM in the card is overwritten so that when the card is inserted into the descrambler, it will not work. In order to reactivate the card, the program providers Sky send out a message to the descrambler to reprogram the overwritten section of EEPROM. This weakness was actually used to hack the VideoCrypt system though it was quickly discovered and countered.
Other systems using Smart Card use over the air enabling. In this case, the cards cannot be used immediately. They have to be inserted into the descrambler and the subscription centre has to be informed. The subscription centre will then activate the card. This method of addressing is more time consuming and thus less economical. it is basically a trade off between medium security and very high security.
Reverse engineering a Smart Card is not an economically viable hack. The chip on the Smart Card is covered in epoxy resin. Trying to remove this resin can sometimes destroy the chip. If the memory and the microprocessor are on different chips, it would be barely possible to attack the connecting wires and monitor the data flow. if the memory and the microprocessor are on the same chip it is impossible. Using an electron microscope to read the memory may partially work on EPROM type Smart Cards. Smart Cards using EEPROM memory are reasonably secure against this hack. The scanning electron beam erases the EEPROM.
It is possible that a method for reprogramming the EEPROM on a Smart Card could be developed. Using such a method, the EEPROM contents of a valid card could be copied and loaded on to an old Smart Card. There is virtually no problem in obtaining old Sky Smart Cards. This hack has one fatal flaw. The ROM data on Smart Cards is changed from billing period to billing period. Therefore the algorithms and the EEPROM data decrypting algorithm are different. One potential weakness on a multi service card would be a cloning of a fully authorised card using a Smart Card with the minimum authorisation. This hack relies on the development of an EEPROM reading and writing method.
It would appear that the Smart Card is the most difficult aspect of the system to hack. It is certainly not economically viable to hack it. The use of a Smart Card does not confer immunity to hacking upon a system. There are usually fatal flaws in the descrambler that the hacker can exploit. The VideoCrypt system has become a rather lucrative target after the Sky / BSB merger.
The PIC16C84 is a relatively recent addition to Microchip Technology Incorporated's range of microcontrollers (for which they coined the name Peripheral Interface Controllers or PICs) [21,22]. The 16C84 is particularly interesting because its program memory is implemented in EEPROM technology. This gives the 16C84 a marked advantage over EPROM. The ESD protection method (using a fuse) is implemented to prevent people reading out the code in the chip. Many hackers used this chip in their piracy smart cards. However, this protection failed. The top of the chip could be removed and the fuse could be re-engineered. Also other hacks are known to read out the programming code.
It is also possible to hack Futuretron 8052 chips used for Videocrypt descramblers [21]. Unprotection of Futuretron chip is based on possibility to read the 8052 having the two security bits set with help of the instruction MOV a,@DPTR, if that instruction will be executed by internal EPROM. If the 8052 will be run in a particular mode, the instruction can be called via an external EPROM.
In the DSS IRD, the microcontroller that controls the card-decoder
interface is a custom microcontroller [22]. It is also protected.
The European Videocrypt microcontroller was not protected. Hackers
dumped out the code and rewrote it into an EPROM version (PIC).
Of course the card-decoder microcontroller would have been the
first chip in the DSS IRD to have been reverse engineered. The
reverse engineering of a customized microcontroller is not, in
most cases, as difficult as a smart card. There is a hack known
as "Vampire hack", which can dump the contents of the
ROM.
The forerunners of the Set Top Boxes are analogue descrambler
boxes for Pay TV services. An analogue VCR can be connected to
such a configuration as can be seen in figure 6. To prevent consumers
from copying services the analogue line between STB and TV is
protected using the Macrovision copy protection method. More details
about this method can be found in the next chapter. This protection
can easily be removed by additional equipment, however it will
discourage most, but not all consumers.
Figure 6. Basic configuration.
Nowadays, digital video services are available (e.g. DSS, DigiCipher).
The digital MPEG-2 signal enters the home in encrypted form and
is decrypted in the STB. After that, the clear MPEG-2 signal is
decompressed and converted to an analogue signal. So the output
of the STB is still analogue. This analogue signal is again protected
with the Macrovision copyprotection system.
Figure 7. D-VHS recorder connected to the STB.
Digital storage devices will enter the market soon like D-VHS, DVC, etc. [23] and of course our SMASH device in a later stage. To record digital signals the STB must be equipped with a digital output. Actually, service providers are reluctant to accept digital interfaces and storage devices, but they may accept solutions in which the data is recorded in encrypted form to enable the basic time-shift function of the analogue VCR (Figure 7). In this case they can still control the data, because the data must still pass the STB for descrambling and is nowhere in the system available in clear digital form. However, this solution has drawbacks since EMM's can change the service keys in the smart card. Therefore, the EMM's must be skipped when the data is recorded, otherwise valid service keys can be replaced by other ones if old data containing an EMM is played back. This also means that if a STB receives a new EMM, all recorded old data is lost. Because the keys needed to descramble this data are replaced. New keymanagement strategies would be needed to support the conceptual solution of storing digital scrambled data.
The prototypes of DVB Set Top Boxes (e.g. Nokia DVB 9500 S) are equipped with a wide range of interfaces: SCSI, RGB, Audio analogue, RS-232, modem line and also VCR control lines [19]. This means that in the future the Set Top Box is maybe able to control the storage device.