PowerVu management keys hacked

This document shows multiple security flaws in the PowerVu encryption

system that is used for digital television. It was possible to find out
management keys that are used to encrypt key updates. So decrypting the
Video & Audio of PowerVu programs from multiple providers (AFN, Teleippica
Discovery Europe, ...) was possible.
05.12.2014 (Version 1.0) up-to-date version http://colibri-dvb.info => PowerVu
Colibri <colibri.dvb@gmail.com>

16E_12653H_UNIRE 1 - GRIGIO

16E_12699H_SNAI Sat Active

5E_12303H_True Movies 1

1W_12303V_Animal Planet HD

Here a few sample

screen-shots from
different providers
(different ECM keys)
that use the PowerVu system.

9E_11766V_AFN Sports HD

Abstract
In my previous paper the "Cryptanalysis of PowerVu television broadcast encryption" [1] I have
described how it was possible find out the ECM key that can decrypt the video & audio DES keys.
For this old hack a security chip was necessary that had valid keys inside. A special hacking
hardware (for the old timing and the new key change interruption attack) was necessary also.
For the new hack the security chip isn't needed. A self build hacking hardware isn't needed too.
As hardware only a DVB-S2 card and a graphic card that supports CUDA is needed.
To find some management keys it has taken me one day (GeForce GTX 470). A slower card need
more time.
It's a brute fore attack on the EMMs, but because of multiple security flaws in the PowerVu system
it isn't necessary to test the full 56 bit key space to find a key.

Overview of the PowerVu system

You will know some of the pictures from my previous work. Here the key hierarchy is show:

The audio & video gets encrypted by a random DES key. The DES key will change after a few
seconds.
The DES key gets encrypted by the PowerVu algorithm and the Entitlement Control Message
(ECM) key. Typically the ECM key will change after months or years. The security chips (ISEs)
within a provider will have the same ECM key.
The ECM key gets encrypted by the PowerVu algorithm and the Entitlement Management
Messages (EMM) key. Each ISE has individual EMM keys. Each ISE has a unique address (UA)
also. There is a permanent EMM stream loop for all subscribed ISEs. I saw also EMMs for ISEs
that are not subscribed anymore, but the decrypted ECM key shows that the ECM key is invalid
(fake key). A valid key typically has 7 random looking bytes (with the exception of some channels
on 5E and 1W that have a very simple ECM key), but all fake keys I have seen starts with the three
bytes "00 00 30". So the provider can overwrite a valid key with a fake key to make the ISE useless.
Some details of the PowerVu algorithm can be found in my previous papers, the remaining details
can be extracted from the ISE firmware [2]
But to break an EMM key by a brute force attack it's not enough to know the algorithm. We need
also a corresponding cipher/plain text pair to verify that our random EMM key we tried is correct.

Here is an example of an EMM:

82
80
80
80
80
80
5D

30
C2
C2
C2
C2
C2
F7

9B
72
70
73
71
76
E4

10
68
4B
F6
EE
DE
01

99 01 0E
28 3F F8
2F 7F 5A
BF 91 C9
2F 4B D4
87 93 46
(crc32)

00
AF
61
F0
09
D1

00
F8
64
A1
6C
7C

00
16
6B
25
CD
49

06
13
D0
40
D0
D6

8F
FE
D7
EF
67
0B

00
D6
E7
65
6B
E3

5D
4D
24
18
2E
BD

9C
95
B2
6D
E2
E8

8A
32
F7
52
F4
79

00
AB
F5
66
BD
34

00
95
A6
62
40
6D

03
B2
16
C0
96
17

F4
46
54
CC
C4

89
BD
1C
DD
9D

3F
0D
0E
06
60

E8
7E
F0
76
BE

62
74
73
B4
3B

3F
3F
2E
FD
B0

2B
34
3D
15
7B

C3
61
64
75
66

The first line starts with the table id (82) and shows unencrypted info like the UA (00 5D 9C 8A) of
the ISE that should process this EMM.
Each of the next 5 lines have a fixed length and contains one plain text header (80) that indicates
that the remaining data is encrypted by an EMM key and should be forwarded by the IRD to the
ISE. So the ISE can decrypt the EMM and store the data to the internal EEPROM.
The last line shows the 4 byte crc32 check-sum of the previous data.
Not all the five blocks for the ISE are used to update the ECM key.
There is not only one ECM key, instead there are two ECM keys (called even and odd key).
One key is in use, the other key can be changed. Lets say the even key is in use. For a key change
the provider will send the same even key but a new odd key. After all ISEs have received the keys
the provider will use the odd key to encrypt the ECM. The plain ECM header will indicate if the
even or the odd key must used to decrypt the ECM. So there is no outage at the customer side
during a key change.
So one block is used to update the even ECM key and even tiers.
One block is used to update the odd ECM key and odd tiers.
One block is used to update the even extended tiers and even blackout codes.
One block is used to update the odd extended tiers and odd blackout codes.
One block is used to update blackout codes, location and lat comp.
Take a look at the 5 blocks and ignore the first 3 bytes that look similar.
Do you see the pattern in some of the blocks?
Here is one block with a pattern:
80 C2 70 4B 2F 7F 5A 61 64 6B D0 D7 E7 24 B2 F7 F5 A6 16 46 BD 0D 7E 74 3F 34 61

It's easier if we remove the spaces:

80C2704B2F7F5A61646BD0D7E724B2F7F5A61646BD0D7E743F3461

OK, on the next page I will reveal it.

80C2704B2F7F5A61646BD0D7E724B2F7F5A61646BD0D7E743F3461

You can see two times the pattern 4B2F7F5A61646BD0D7E7 in an encrypted block.
Only a bad algorithm shows pattern in an encrypted stream.
The PowerVu algorithm is a stream cipher with a 56 bit key. The key is the state of the shift register.
The output function (S-Box) is complex, but the security flaw is that the logic (the two XORs) that
produce the next internal state from the current state and the plain text during an encryption is to
simple. So when encryption a series of 0 bits the internal state will repeat and you can see the above
pattern in the encrypted block. An other security flaw is of course the small key size of 56 bits only.
Here a picture of the PowerVu algorithm that is used for decryption. For encryption swap the
arrows on the bottom so that they point from right to left:

So we can assume when we see a long pattern e.g. the 10 bytes in the encrypted block that the
corresponding plain text is 0.
So when we see the pattern we have the needed crypt and plain text pair that we need for the brute
force attack.

After the key was found you can see the following plain text. The place holder (XX) represents the
even ECM key and the (YY) represents the odd ECM key. The last three bytes (5D 9C 8A) must
match the last three bytes of the UA or the ISE will drop the block.
80
80
80
80
80

0C
0C
0C
0C
0C

00
02
01
03
06

XX
00
YY
00
C0

XX
00
YY
00
00

XX
00
YY
00
00

XX
00
YY
00
00

XX
00
YY
00
00

XX
00
YY
00
00

XX
00
YY
00
00

7F
00
7F
00
00

FF
00
FF
00
00

FF
00
FF
00
00

FF
00
FF
00
00

FF
00
FF
00
00

FF
00
FF
00
00

FF
00
FF
00
00

FF
00
FF
00
00

FF
00
FF
00
00

FF
00
FF
00
00

FF
00
FF
00
00

FF
00
FF
00
00

F8
00
F8
00
00

04
04
04
04
00

5D
5D
5D
5D
5D

9C
9C
9C
9C
9C

8A
8A
8A
8A
8A

To make a brute force attack the length of the known plain text should be a little bit larger than the
key. If you encrypt a much longer plain text the brute force attack would take unnecessary longer.
I have taken 9 bytes (72 x '0' bits) and encrypted it with different keys and checked if the encrypted
pattern match.
Even with the small 56 bit key space and the CUDA system that can try a few hundred keys in
parallel this will take to long. So the trick is not to compare the encrypted '0' bits with one EMM,
but with more than 131072 (17 bit). So you need to try only a 39 bit key space instead of 56 bit to
find a key.
So I have first recorded nearly all PowerVu EMMs of the different providers I got.
Then I have made a program that scans all the EMM files for a pattern that is at least 9 bytes long
and is present twice in a block. Than the program save a 256*256*256*9 byte table to a file.
The other CUDA program do only a single look-up to check if the encrypted text match the pattern.
It takes the first 3 bytes of the 9 bytes pattern multiplied by 9 and use it as an offset for the look-up
table. So the compare function after a key try is very fast.
AFN has the most subscribers and therfore the most EMMs with a pattern, so you will get most
likely an AFN key first.
But back to the plain text block:
80 0C 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 5D 9C 8A

Ignore always the first header byte (80), because it's never encrypted. For us only the payload is
interesting.
You can see that the pattern don't start at the first payload byte. If it would, a found key is directly
the EMM key that can be used to decrypt the two blocks that contains the even/odd ECM keys.
Typically the pattern will occur at an offset of 16 or 20 bits.
So the key is always only the pattern key instead of the EMM key.
A key is always the internal state of the 56 bit shift register.
So we need the state that the shift register had 16 bits before. If we manage this then we have the
EMM key. So we need do to the singe steps during the decryption of a single bit backwards (e.g.
shift the register to the other direction swap some XOR input/output ports).
It's possible that two previous stats will produce the same encrypted bits. So you must test both
when doing the next step backward. After that you may be have 4 possible states or maybe only 1
again because 3 of the 4 states produce an encrypted bit that doesn't match our encrypted bit.
To keep the possible intermediate states and the final possible EMM key low we need to know as
much as possible plain text of the 16 bits.
The typical plain text of the 16 bits is the following:
00001100 00000xxx
For the case you got more than one possible EMM key you can decrypt one of the remaining 4
blocks. If the last three bytes of the decrypted block match the last three bytes of the UA that are
present unencrypted in the header of the EMM your key is valid. Typically max. only a few keys
must be tested.
If you collect the 9 bytes patterns for your look-up table, don't take only one pattern per EMM,
instead take all up to three pattern that you can be found in the blocks. So you will find faster a key
during the brute force attack.

Conclusion
It's the worst case scenario that it's possible to find management keys for the PowerVu system in
just one day. No security chip is needed to find the keys, the data from an encrypted EMM stream is
enough. Only cheap standard hardware (a DVB-S2 card and a graphic card with CUDA support) is
needed.
Other conditional access manufacturers have improved the security element (smart card) from time
to time, but in the PowerVu system still the very old chip/algorithm is used. I saw some PowerVu
receivers with a smart card slot. Maybe some provider that use the PowerVu system to protect the
content can ask Cisco Systems (in 2005 they have purchased the company Scientific Atlanta that
has developed the PowerVu system) if the can provide a secure smart card with an improved
PowerVu system in the future.

References
[1] http://colibri-dvb.info => PowerVu
[2] pvufull.zip from cinosana http://id-discussions.com/forum/showthread.php?t=79393 referred in
thread http://id-discussions.com/forum/showthread.php?t=79487