I'm posting this info I found on another forum orginally posted by the coder and thought it would be useful to see what responses are received.
Mods feel free to remove this post if I'm breaking any rules.
Script - Read DT06/DT08
rs
Mods feel free to remove this post if I'm breaking any rules.
Originally Posted by TheCoder
There are three different pairing methods used N3 boxes presently. These are DT06, DT08 and Secondary key.
The DT06 method transfers a compressed form of an rsa pq keyset from which the CAM public/private rsa keyset and its associated modulus can be derived.
The DT08 method transfers the cam modulus along with the IRD number of the married box. The public rsa key is not transferred but it is implied that the box already knows this value.
The Secondary key method does not involve a transfer. It imples that the box already knows the cards matching CAM modulus and rsa public key value.
Various boxes, depending on make/model, may use any of the above pre-pair key transfer methods but it could be useful to know which box uses which method.
So, for you guys in Ireland/Leeds/Others that have N3 cards and are willing to experiment the following two simple NagraEdit scripts will attempt to dump the relevant tiers from your cards. These scripts wont harm your card - they simply replicate some commands your stb issues to the cards when it first boots.
Instructions:
1 Stick your N2/N3 card in your card reader
2 Run NagraEdit - DO NOT ATTEMPT TO READ YOUR CARD !!!
3 Select the Comm Tab. This should give you an upper and lower text pane
4 Cut/Paste the scriptt below into the top pane
5 Press the "Send D2C" button/icon
6 Results should appear in bottom pane
7 Interpret your results based on info below.
There are three different pairing methods used N3 boxes presently. These are DT06, DT08 and Secondary key.
The DT06 method transfers a compressed form of an rsa pq keyset from which the CAM public/private rsa keyset and its associated modulus can be derived.
The DT08 method transfers the cam modulus along with the IRD number of the married box. The public rsa key is not transferred but it is implied that the box already knows this value.
The Secondary key method does not involve a transfer. It imples that the box already knows the cards matching CAM modulus and rsa public key value.
Various boxes, depending on make/model, may use any of the above pre-pair key transfer methods but it could be useful to know which box uses which method.
So, for you guys in Ireland/Leeds/Others that have N3 cards and are willing to experiment the following two simple NagraEdit scripts will attempt to dump the relevant tiers from your cards. These scripts wont harm your card - they simply replicate some commands your stb issues to the cards when it first boots.
Instructions:
1 Stick your N2/N3 card in your card reader
2 Run NagraEdit - DO NOT ATTEMPT TO READ YOUR CARD !!!
3 Select the Comm Tab. This should give you an upper and lower text pane
4 Cut/Paste the scriptt below into the top pane
5 Press the "Send D2C" button/icon
6 Results should appear in bottom pane
7 Interpret your results based on info below.
rs
Code:
tx 21 C1 01 FE 1F rx tx 21 00 08 A0 CA 00 00 02 12 00 06 55 dl 02 00 rx dl 02 00 tx 21 00 09 A0 CA 00 00 03 22 01 00 1C 7E dl 02 00 rx dl 02 00 mg * mg *** DT06 info *** tx 21 00 09 A0 CA 00 00 03 22 01 06 13 ** dl 02 00 rx mg DT06 response1 dl 02 00 tx 21 40 09 A0 CA 00 00 03 22 01 86 13 ** dl 02 00 rx dl 02 00 mg DT06 response2 mg *** End DT06 info *** mg * mg *** DT08 info *** tx 21 40 09 A0 CA 00 00 03 22 01 08 13 ** dl 02 00 rx mg DT08 response1 dl 02 00 tx 21 00 09 A0 CA 00 00 03 22 01 C8 55 ** dl 02 00 rx dl 02 00 mg DT08 response2 tx 21 40 09 A0 CA 00 00 03 22 01 88 55 ** dl 02 00 rx mg DT08 response3 dl 02 00 mg *** End DT08 info ***
Originally Posted by TheCoder
The responses you get back will be along the line of -
and
in both of the above cases, you can see the returned data contains lots of 00's. This signifies that the cards doesn't use DT06 or DT08 packets so its likely to use a secondary key pairing method
The idea is to run the script, look at the results and decide which pairing method your box/card uses
If the DT06 response contains lots of 00's then its NOT DT06 pairing
If the DT08 response contains lots of 00's then its NOT DT08 pairing
If its not DT06 or DT08 then its probably secondary key.
When you've done, post up your box type and what you think the pairing method is.
DONT post the actual responses
The responses you get back will be along the line of -
Code:
***DT06INFO***
TX: 21 00 09 A0 CA 00 00 03 22 01 06 13 77
RX: 12 00 15 A2 11 08 E0 00 00 00 5E 01 20 00 00 00
00 00 00 00 00 00 90 00 B3
DT06RESPONSE1
TX: 21 40 09 A0 CA 00 00 03 22 01 86 13 B7
RX: 12 40 15 A2 11 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 90 00 64
DT06RESPONSE2
***ENDDT06INFO***
Code:
***DT08INFO***
TX: 21 40 09 A0 CA 00 00 03 22 01 08 13 39
RX: 12 00 15 A2 11 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 90 00 24
DT08RESPONSE1
TX: 21 00 09 A0 CA 00 00 03 22 01 C8 55 FF
RX: 12 40 57 A2 53 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 90 00 64
DT08RESPONSE2
TX: 21 00 09 A0 CA 00 00 03 22 01 88 55 BF
RX: 12 40 57 A2 53 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 90 00 64
DT08RESPONSE3
***ENDDT08INFO***
The idea is to run the script, look at the results and decide which pairing method your box/card uses
If the DT06 response contains lots of 00's then its NOT DT06 pairing
If the DT08 response contains lots of 00's then its NOT DT08 pairing
If its not DT06 or DT08 then its probably secondary key.
When you've done, post up your box type and what you think the pairing method is.
DONT post the actual responses
screw you nag3 
am i ok to post on ere dont want t brake any rules 
Comment