Well now that the merger appears dead, it looks like echostar is going to take thier hacking problem a bit more seriously...

Hacker boards have posted pictures of a new card coming with recently purchased 301s.

The thing i found interesting was the cards don't register in irds that were shipped with the new cards to begin with.

Hardware modification? or New software?

Ill attach a pic...majorly shrunk and resized...

Well, assuming this IS a new card and not just a reprint on the old software, it is a very positive move for Dish. It's no lie that signal security has been ..... lacking. :(

Originally posted by mnassour
Well, assuming this IS a new card and not just a reprint on the old software, it is a very positive move for Dish. It's no lie that signal security has been ..... lacking. :(



From some research i have done, It is just a Dishnet ROM10 with a minor change to the reported ATR. No major EEPROM changes.

I wish they were more secure....deter signal theft. But I guess Charlie doesn't have enough $$$.


j/k

Why do people think Charlie does not have the money? Even if he buys PanAmSat, and pays 600mil to GM, E* will still have over a billion in cash. A few million dollars invested in smart card development would be chump change. Even if a new card cost $5 and had to mail out 8million of them, it would be worth it to cut out pirates.

The problem is not lack of money but lack of technology. A hacker proof card does not appear to exist yet. DirectTV is doing a complete replacement of cards now, it will be interesting to find out how long it takes to break it. I am sure if it proves hacker proof E* would come out at once with something similar.

Originally posted by Mike123abc
Why do people think Charlie does not have the money? Even if he buys PanAmSat, and pays 600mil to GM, E* will still have over a billion in cash. A few million dollars invested in smart card development would be chump change. Even if a new card cost $5 and had to mail out 8million of them, it would be worth it to cut out pirates.

The problem is not lack of money but lack of technology. A hacker proof card does not appear to exist yet. DirectTV is doing a complete replacement of cards now, it will be interesting to find out how long it takes to break it. I am sure if it proves hacker proof E* would come out at once with something similar.


One of the problems and a reason why it would take alot of $$$ to swap is the fact that enough is known about the current cards (ROM2, ROM3, ROM10, and ROM11) that a wedge type hack can be used without having to apply a hack to the smartcard itself.
Also the New cards comming in the 301 standalone is really nothing new. Here is some info I found about it (no hacking info)

ATR: 3F FF 95 00 FF 91 81 71 A0 47 00 44 4E 41 53 50 31 30 31 20 52 65 76 30 30 37 3D

Convention: INVERSE
Protocol: T=1
TA1 = 95
TA2 = 81
TA3 = A0
TB1 = 00
TB2 = 47
TC1 = FF
TC2 = 00
TCK = 3D Calculated TCK = 3D

Historical Bytes: 44 4E 41 53 50 31 30 31 20 52 65 76 30 30 37
D N A S P 1 0 1 R e v 0 0 7
TA3 is the max block size. Given that ROM10's can handle up to $A0 size packets, I guess they just finally decided to fix the ATR (which, BTW, might be the reason old receivers are having problems with these cards). Nothing a firmware update cannot fix.


Looks like the new cards are nothing new....just a fix to ROM10.
ROM11 is hacked for a provider overseas.

The best option for Dish is to swap out ROM2, and to put some updates to ROM3 to lock them down more securely. Maybe add updates that are REQUIRED for the card to get the video keys.

I would go into more detail on how Dish could make the current cards more secure, but that info could also be used by the wrong people. (pirates)

Yes it would be nice to see Dish secure the datastream. But if they plan on doing it with the "new" card that is out Charlie better think again.

Havent the cardless receivers used by other companies been compromised as well such as StarChoice in Canada that uses DCII ? I think that although pirates cost Dish and DirecTv money, I think that some of them would not subscribe to that many channels in the first place if they could not hack the system or they do it because they can.

I sometimes wonder if they satellite companies are not in pircacy themselves to make money off of those customers not willing to pay the big amount that they would at least get something. The satellite company would actually make more because they would not have to make a payment to the program providers for those customers that hack and if they make money off of that then thats pure profit. I think this is most likely not the case but a possibility.

There have been many reports of DCII being hacked - but with 15 million units in service wordwide as satellite/cable boxes - has anyone really seen a hacked one in operation? - internet postings of such never offer proof.