PDA

View Full Version : Decryption



dburckh
08-27-2007, 02:42 PM
I've been around on the forums for a while and I see a lot of OMG, my Tivo HDD is dying and I have encryption on. What can I do? Or I'm trying to extract a file and it fails (because encryption is on).

Short of a kernel hack, I haven't seen a way to deal with this. Does anybody know how to find the key and/or what the encryption algorithm is? Is the value in the CSO the actual key?

The reason I ask is that if it's a common algorithm and the key is available, it wouldn't take too much to write something to decrypt on the fly.

ronnythunder
08-27-2007, 02:48 PM
we sort of already have that. there's an unscramble.o for series 1 and a s2_unscramble for series 2. basically, it's just easier to turn encryption off and not have to worry about it.

ronny

dburckh
08-27-2007, 03:01 PM
we sort of already have that. there's an unscramble.o for series 1 and a s2_unscramble for series 2. basically, it's just easier to turn encryption off and not have to worry about it.

ronny

Doesn't s2_unscramble require a custom kernel? That's a little nerve racking for most. Even if you can monte, it is still not easy (my first monte required a Torx screw driver :) )

ronnythunder
08-27-2007, 03:40 PM
Doesn't s2_unscramble require a custom kernel? That's a little nerve racking for most. Even if you can monte, it is still not easy (my first monte required a Torx screw driver :) )yes, it does. it seems clear that the author intended for it to be mainly used to "rescue" encrypted recordings and that users should move forward with encryption disabled.

ronny

Jamie
08-27-2007, 06:32 PM
The encryption key is formed from the recording specific MFS metadata (aka CSO keys in older software versions), the DiskConfigurationKey in MFS, and data on the tivo motherboard cryptochip. This is briefly discussed in the mfs_ftp scramble_utils/readme.txt file. The descrambling is done in hardware using the keys provided by the software via an ioctl.

It might be possible to reverse this. You'd need to figure out how the 3 data sources are combined into a key, and develop a software implementation of the hw decryption the tivo uses. I suspect it isn't trivial, or it would have been done by now. Just being able to construct the crypto key from the three data sources would be a good start, as it would allow decrypted extraction without a custom kernel.

dburckh
08-27-2007, 06:46 PM
If the encryption algorithm isn't known or is proprietary, that's a pretty big show stopper.

I was hoping it would be software based and possibly part of the s2_unscramble stuff. Since it's hardware based, I don't think it's going to be easy to identify, maybe impossible.

Java implements a lot of standard encryption algorithms, most notably AES and DES. I was hoping it would be a supported one, then the encryption would be easy to add. All that would be left was deriving the keys.

Jamie
08-27-2007, 07:49 PM
If the encryption algorithm isn't known or is proprietary, that's a pretty big show stopper.

I was hoping it would be software based and possibly part of the s2_unscramble stuff. Since it's hardware based, I don't think it's going to be easy to identify, maybe impossible.

Java implements a lot of standard encryption algorithms, most notably AES and DES. I was hoping it would be a supported one, then the encryption would be easy to add. All that would be left was deriving the keys.You can probably dig around product data sheets to see if you can figure out the hw scramble/descrambling algorithm. If I remember right, in the old days, it was done in a custom tivo asic that did all the scrambled disk I/O. On recent hw, it's done by the broadcom integrated STB chips, I think.

If you can derive the keys, it would be relatively simple to descramble-on-the-fly in the tivo side software (e.g. mfs_uberexport/tserver/vserver etc). As far as I know, no one has been able to do this, hence the s2_unscramble method of having the kernel cache the keys for us.

dburckh
08-27-2007, 11:23 PM
Looks like it's they use BlowFish for data transmission.

http://www.tivo.com/assets/pdfs/policies/ftc_letter.pdf

And here's the Java cypher library:

http://www.koders.com/java/fid3CAADD04E226273E16CA252D9A0AFDA46D55DB45.aspx?s=blowfish

Now to figure out how to get the keys...

Jamie
08-27-2007, 11:51 PM
Looks like it's they use BlowFish for data transmission.

http://www.tivo.com/assets/pdfs/policies/ftc_letter.pdf

...It uses blowfish for communications with the "TiVo Broadcast Center" (aka the mothership), but I'm not at all convinced that the streams are blowfish encrypted. Did you see something there that indicated that? As far as I can see, that white paper concentrates on describing how private user data is protected via encryption, not how recordings are protected.

dburckh
08-28-2007, 12:06 AM
Yeah. I got a little too excited there. I saw a post on another forum that one model uses a AT90SC6464, but I couldn't find any information on that chip. It might be unique per model too.

Anyway, time for a little BioShock!

AlphaWolf
08-28-2007, 08:28 AM
Doesn't s2_unscramble require a custom kernel? That's a little nerve racking for most. Even if you can monte, it is still not easy (my first monte required a Torx screw driver :) )

Not really, it's only slightly more complicated than installing a hard drive to a PC, and there is virtually no risk in bricking anything if all you remove/unplug is the hard disk. You want nerve wracking, try doing a prom mod.

dburckh
08-28-2007, 11:23 AM
There are different levels. Personally, I would never do a prom mod myself. I shake like tree in the wind with a soldering iron in my hand. I had to repaint a trace with a defroster repair kit when I hacked my X-Box.

Until you do something the first time, it's pretty intimidating. Some of us having only been doing this for 9 months. :)