Thread: Irdeto ACS v5.0
View Single Post
  #1 (permalink)  
Old 10-11-2005
Geremia Geremia is offline
Registered User
  
Join Date: Jun 2004
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
Geremia is on a distinguished road
Irdeto ACS v5.0
Hi all,

I've an Irdeto ACS v5.0 card of a local dvb-t provider that is not readable by any cardserver, logging with season betwen card and dvb-t decoder give me something i can't understand. I'm new in smartcard analizyng, just started studying this my first card 2 days ago, so i need more studying and a little advice please

ATR: 3B 9F 11 40 60 49 52 44 45 54 4F 20 41 43 53 20 56 35 2E 30

Convention: DIRECT
Protocol: T=0
TA1 = 11
TC1 = 60

Historical Bytes: 49 52 44 45 54 4F 20 41 43 53 20 56 35 2E 30
I R D E T O A C S V 5 . 0

Programming Voltage = 0.0 volts
Programming Current = 25ma
Maximum Clock Frequency = 5.0MHz

Assuming a 3.5790MHz clock:
Work ETU = 0.0001039396 seconds
Guard Time = 0.0112254815 seconds
Baud Rate After Reset = 9621

My dvb-t decoder have an oscillator of 3,376mhz, so i logged with unilogger at 9076 8E1. Parity even otherwse i get garbage data. Serial umber is ** for privacy.

[00.43.08]
00 3B ED F7 5A 61 D0 60 49 52 44 45 54 4F 20 41 43 53 20
56 35 2E 30

[00.43.08]
3B 9F 11 40 60 49 52 44 45 54 4F 20 41 43 53 20 56 35 2E
30

[00.43.08]
FF 10 11 FE FF 10 11 FE DD 26 00 00 03 26 10 01 40 90 09
F7 23 F7 23 F7 23 3B 9F 11 40 60 49 52 44 45 54 4F 20 41
43 53 20 56 35 2E 30

[00.43.12]
D2 04 03 00 01 04 3D 60 90 19 D2 FE 03 00 19 FE 01 02 00
00 02 03 00 10 06 05 12 06 19 06 20 06 21 06 22 00 00 49
54 41 5A 90 00 D2 00 03 00 01 00 3F 60 90 1D D2 FE 03 00
1D FE 01 02 00 00 00 03 00 14 34 ** ** ** ** ** ** ** **
** ** ** ** ** ** ** ** 00 00 00 0C 90 00 D2 02 03 00 01
02 3E 60 90 19 D2 FE 03 00 19 FE 01 02 00 00 01 03 00 10
FF FF FF 00 00 00 00 00 00 00 04 07 CD 13 F7 18 E3 90 00
D2 06 03 00 01 06 3C 60 90 21 D2 FE 03 00 21 FE 01 02 00
00 03 03 00 18 00 06 63 5A 00 00 00 00 00 00 01 37 01 01
2D 2D 2D 82 62 00 00 00 00 00 E0 90 00 D2 06 03 01 01 06
3D 60 90 21 D2 FE 03 01 21 FE 01 02 00 00 03 03 01 18 01
00 04 00 00 00 00 00 00 00 00 00 00 00 2D 2D 2D 82 62 00
00 00 00 00 ED 90 00 D2 06 03 02 01 06 3E 60 90 21 D2 FE
03 02 21 FE 01 02 00 00 03 03 02 18 02 FF FF FF 00 00 00
00 00 00 00 00 00 00 00 00 00 82 62 00 00 00 00 00 3B 90
00 D2 06 03 03 01 06 3F 60 90 21 D2 FE 03 03 21 FE 01 02
00 00 03 03 03 18 03 FF FF FF 00 00 00 00 00 00 00 00 00
00 00 00 00 82 62 00 00 00 00 00 3B 90 00 D2 38 03 00 01
38 23 60 90 10 D2 FE 03 00 10 FE 01 02 00 00 1C 03 00 07
00 00 00 00 00 00 00 24 90 00 D2 06 03 00 01 06 3C 60 90
21 D2 FE 03 00 21 FE 01 02 00 00 03 03 00 18 00 06 63 5A
00 00 00 00 00 00 01 37 01 01 2D 2D 2D 82 62 00 00 00 00
00 E0 90 00 D2 38 03 01 01 38 22 60 90 10 D2 FE 03 01 10
FE 01 02 00 00 1C 03 01 07 00 00 00 00 00 00 00 25 90 00
D2 08 00 00 02 08 00 39 60 90 45 D2 FE 00 00 45 FE 01 02
00 00 04 00 00 3C 00 02 01 37 D2 00 00 31 00 92 D2 00 00
16 00 C1 1E 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
FF FF FF FF FF FF FF FF FF 5A 90 00 D2 38 03 02 01 38 21
60 90 10 D2 FE 03 02 10 FE 01 02 00 00 1C 03 02 07 00 00
00 00 00 00 00 26 90 00 D2 46 00 00 01 46 1F 60 90 09 D2
FE 00 00 09 FE 01 02 00 50 23 00 00 00 4F 90 00 D2 46 00
00 01 46 1F 60 90 09 D2 FE 00 00 09 FE 01 02 00 50 23 00
00 00 4F 90 00 D2 46 00 00 01 46 1F 60 90 09 D2 FE 00 00
09 FE 01 02 00 50 23 00 00 00 4F 90 00 D2 38 03 03 01 38
20 60 90 10 D2 FE 03 03 10 FE 01 02 00 00 1C 03 03 07 00
00 00 00 00 00 00 27 90 00 D2 46 00 00 01 46 1F 60 90 09
D2 FE 00 00 09 FE 01 02 00 50 23 00 00 00 4F 90 00 D2 46
00 00 01 46 1F 60 90 09 D2 FE 00 00 09 FE 01 02 00 50 23
00 00 00 4F 90 00 D2 46 00 00 01 46 1F 60 90 09 D2 FE 00
00 09 FE 01 02 00 50 23 00 00 00 4F 90 00 D2 10 03 00 01
10 37 60 90 49 D2 FE 03 00 49 FE 01 02 00 00 08 03 00 40
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 77 90 00 D2 46 00 01 01 46 1E 60 90
09 D2 FE 00 01 09 FE 01 02 00 50 23 00 01 00 4E 90 00 D2
46 00 01 01 46 1E 60 90 09 D2 FE 00 01 09 FE 01 02 00 50
23 00 01 00 4E 90 00 D2 46 00 01 01 46 1E 60 90 09 D2 FE
00 01 09 FE 01 02 00 50 23 00 01 00 4E 90 00 D2 2A 00 00
01 2A 29 60 90 89 D2 FE 00 00 89 FE 01 02 00 00 15 00 00
80 75 14 C6 27 F1 FF 40 B6 93 8B FE EB A6 1C 0C 94 AF 89
5D 2A B1 86 70 EE 53 8C A4 46 AA 7C 83 D6 13 E6 7F 4B FC
99 23 4E CE 6D 87 D3 D8 74 CF CC 08 4A 6B 7B EA F8 39 9A
34 10 62 E3 37 4B 54 47 E7 7F F3 B3 F6 76 0C 42 E7 63 3C
61 41 0E 9B 2C 0A 82 47 BA 35 1D 3D 1A EA E1 89 40 2F 9E
AB 48 60 BA 1C 87 A2 6F C6 0B FE 91 BE 29 6C A8 8E 09 EF
BE 11 5A E4 81 02 6E FE C5 72 8E 54 16 1F 61 CF 90 00 D2
46 00 02 01 46 1D 60 90 09 D2 FE 00 02 09 FE 01 02 00 50
23 00 02 00 4D 90 00 D2 46 00 02 01 46 1D 60 90 09 D2 FE
00 02 09 FE 01 02 00 50 23 00 02 00 4D 90 00 D2 46 00 02
01 46 1D 60 90 09 D2 FE 00 02 09 FE 01 02 00 50 23 00 02
00 4D 90 00 D2 1C 02 00 01 1C 30 60 90 49 D2 FE 02 00 49
FE 01 02 00 00 0E 02 00 40 C2 3E 9D 9D D1 82 87 F6 A7 5D
6F 84 82 46 E3 CE 61 3C B8 18 BA 62 20 C7 4D F3 CE 5E BB
DE 6A B8 9C 0A 7B 7F 79 50 F1 E0 2E 9B 8E 65 3F 03 9C F2
FF 83 D5 00 96 B2 06 85 98 3E 69 CF 13 69 1A 61 A4 90 00
D2 46 00 03 01 46 1C 60 90 09 D2 FE 00 03 09 FE 01 02 00
50 23 00 03 00 4C 90 00 D2 46 00 03 01 46 1C 60 90 09 D2
FE 00 03 09 FE 01 02 00 50 23 00 03 00 4C 90 00 D2 46 00
03 01 46 1C 60 90 09 D2 FE 00 03 09 FE 01 02 00 50 23 00
03 00 4C 90 00 D2 1C 03 00 01 1C 31 60 90 49 D2 FE 03 00
49 FE 01 02 00 00 0E 03 00 40 19 39 A1 DC FA 91 3F 12 44
45 E2 F1 39 90 21 D0 5E 99 2A BD 71 3B 4D 47 B6 2E F0 4A
A8 47 74 95 78 D7 CE CF 52 43 D1 FC 85 06 4E CC 1F E4 82
7B B5 37 0D 81 BC 7B 92 F8 53 08 92 73 09 8B 89 F7 68 90
00 D2 12 03 01 41 12 3C 6C 64 84 5F B1 A7 5F AC 7A 48 9B
FE 8F 7C 13 88 A2 3E 22 C2 DE 52 AD 44 54 CE B8 98 71 EB
CE 6B 31 50 38 26 93 E1 D7 DD 96 0E 55 30 EC E9 CF 0C 6D
6F 97 DE C6 1E 8A 7B C0 81 87 4E 47 39 E9 9F 60 90 09 D2
FE 03 01 09 FE 01 02 55 00 09 03 01 00 62 90 00 D2 40 00
00 11 40 02 1A 00 01 01 00 00 00 00 01 00 00 00 00 00 00
15 60 90 09 D2 FE 00 00 09 FE 01 02 00 00 20 00 00 00 1C
90 00 D2 3C 00 00 01 3C 22 60 90 15 D2 FE 00 00 15 FE 01
02 00 00 1E 00 00 0C 50 53 01 0E 00 03 00 00 00 00 00 00
21 90 00 D2 3E 00 00 01 3E 23 60 90 0B D2 FE 00 00 0B FE
01 02 00 00 1F 00 00 02 00 82 A3 90 00 D2 10 03 00 01 10
37 60 90 49 D2 FE 03 00 49 FE 01 02 00 00 08 03 00 40 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 77 90 00

I've interpreted like this, and tried to reproduce with winexplorer 9600 8E1, 0,0112 byte delay (according to ATR info) and phoenix at 3,579mhz

D2 04 03 00 01 3D
reply 60 90 19 (same as log)

D2 FE 03 00 19 01 02 00 00 02 03 00 10 06 05 12 06 19 06 20 06 21 06 22 00 00 49 54 41 5A
reply 90 09 (in log was 90 00)(Type 0605,country ITA), this seems to be from card to CAM

D2 00 03 00 01 3F
reply 60 90 1D (same as log)

D2 FE 03 00 1D 01 02 00 00 00 03 00 14 34 30 ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** 00 00 00 0C
reply 90 09 (in log was 90 00)(serial number) this seems from card to CAM


i'm not good in smartcard, do you see something interesting? In irdeto documents i've read, all commands starts with something like 01 01 xx xx xx..., here it seems that those commands are something like incapsulated in D2 class commands?!??

I can't understand the first command D2 04 03 00 01 3D , it has to be from CAM to card, because if i reproduce with winexplorer i've the same answere (60 90 19), but i can't undestand how the second command (from card to CAM) come out, because nothing appens more in winexplorer.
It's difficult to understand what command goes out or in, because any of the D2 class commands sent to the card give me back an ACK.
60 90 xx reply: xx seems to be the lengt of the next D2 class command...

didn't know anything about smartcards prior to the last 2 days, i'm confused, it's the first card i try to analize and i need some reference to other irdeto card raw log, any advice?

Maybe my log was bad? Card is T=0 asynchronous half duplex character transmission protocol, what means? maybe cards sends byte at a boud rate different from what the decoder sends? something wrong with parity?!?!?
Last edited by Geremia : 10-11-2005 at 08:15 AM.
Reply With Quote
Sponsored links
 
Page generated in 0.35031 seconds with 9 queries