As has already been posted TiVo service is shutting down in Australia and NZ in October. My thoughts are if we can prom the tivo and then replace the Bob Arctor certificate with one we issue ourselves then we can create a set of keys that expire way into the future.

Looking through the lan traces I am wondering has anyone done investigation on how the HM_xxx_arctor files are created? keydump knows about the ST_arctor file.
Both the main payload and the ST_arctor files are "ElGamal Signed and Encrypted" not that I know how to sign a new file or verify the current certificate is valid but at least it's something. keydump doesn't know anything about the "4" files.

From the Otvlog

DecodeSecureBlob for prefix HM_DSC and type 2
DecodeSecureBlob for prefix HM_HSC and type 4
DecodeSecureBlob for prefix HM_ELOG and type 6
DecodeSecureBlob for prefix AA and type 7

But crypto doesn't seem to know how to create or decrypt those files from the tests I have done with different switches. So I suspect that's all embedded in tivoapp.

Has anyone looked at this or is it going into theft of service too much so no one talks about it?