viaccess ?????

beacause last byte of the Key is Even (94).

I will post later how to change the crypted word after I explain the

Signture chack Algo.

Signature OK!!


CA 88 instruction send to the card the encrypted word

The P2 byte (09 in the example) is the key number to be used

to decode the encrypted data obtained shortly.

The P3 byte indicates the number of bytes to be received by the card,

in this example hex 21 decimal 33.

In the 21 byte string are two encrypted 8 byte words which have to be

decrypted using the 7 byte of the key.

The card must send 88 ACK to the Reseiver in order to receive the P3 21


Finally the card sends 90 00 if the Signature ok.



before decoding first 7 keybytes are rotated left by 2 bytes.

we rotate each half 1 or 2 bits to the left depending on which of the

16 rounds we’re on then put the two halves together.

(most significant or left hand) bit moves to the last

(least significant or right hand) position and all the other bits move

one to the left.

The exact number of left rotations is determined by the table:

We then create a new 48 bit key by reordering 48 of the bits

in the 56 bit shifted key according to the pattern:

This means that the new 1st bit is the 14th old bit, new 2nd bit is

old 17th and so on with the new 48th bit being the old 32nd bit.

This operation is called a Permutation and the table is called

Permuted Choice 2 or PC-2 in DES terminology.

then we split the result up into eight 6-bit blocks

Preparation of the key is now complete for a single round.

Note that the net result is that we have a new 48 bit in form

eight 6-bit blocks key for use later on.

The encrypted word is 8 bytes or 64 bits long.

The first thing to do is to split this into two halves each 32 bits

long or 4 byte called L and R.


1-8th byte of key multiplied by the first byte of R

(to get 2 byte or 16 bits word).

(add 1 to upper byte if there was a carry with the lower byte).

3-8th byte of key is added to result on the same way.

4-the upper byte is subtracted from the lower byte.

(If there was a carry in this subtract then add 1)


by using the pattern:

This means our R1 has its 1st bit as old R’s last bit,

its 2nd bit as old R’s 1st bit and so on with its last bit being

the ols R’s 1st bit.

As you can see, some of old R’s bits are used more than once.

The table is called the Expansion or E-Table.

then we split the result up into eight 6-bit blocks

We now XOR one block of R1 with one block of key we prepared earlier,

Each of these blocks is used to locate an entry in one of the eight

tables below, called Substitution or S-Boxes.

the 1st block uses Box-1 + the 2nd Box-2 to form frist byte of R2

the 3rd block uses Box-3 + the 4th Box-4 to form second byte of R2

the 5th block uses Box-5 + the 6th Box-6 to form third byte of R2

the 7th block uses Box-7 + the 8th Box-8 to form forth byte of R2


this is the location 15 in the frist box (which is = 10)

this is the location 33 in the second box (which is = 0D)

The last operation is to create a (third and final) R called R3 from

R2 by using the following Permutation or P Table:

This means that the 1st bit of R3 is the 16th of R2, the 2nd is the 7th and

so on, with the 32nd being the 25th bit of R2.

The net result of the previous sections was to split the encrypted word into

two halves, ignore the left-hand one L and eventually create a new

right-hand one R3.

Now we XOR L and R3 together, and we’ve finished a decryption round.

For the next round, we treat old R (before applay viaccess mode)

as the left-hand half of a new data word and the result of


We do this 16 times and we end up with a last left-right pair of 32 bits

each. Put these together and we have a decrypted 8 byte word.

Continue the whole decryption process for the second encrypted word obtained

from the 88 instruction dialogue and then both can be sent to the Receiver

via the C0 instruction dialogue and the TV picture is unscrambled!

Google Bookmarks Digg Reddit Ma.gnolia Technorati Slashdot Yahoo My Web БобрДобр.ru RUmarkz Ваау! МоёМесто.ru Mister Wong

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Оставить комментарий