5

For example how does Direct TV's small plastic cards control who receives the TV signal? How is the signal encoded in a way that can allow future updates without the provider needing a new satellite?

Can someone add tags this question?

What does it mean to be hit or hashed. A friend of mine says that his TV is out because it was hit by the service provider. How can a satellite send a signal to fry your hardware?

Philipp
  • 48,867
  • 8
  • 127
  • 157
Gabriel Fair
  • 1,495
  • 2
  • 13
  • 23
  • To be honest, frying the set top box is also possible, you just send format c:\ command to the box, and this is it, and it can recognize your box by the id on the card. I am not kidding you, this thing happens, when you are using pirated cards. – Andrew Smith Jun 29 '12 at 18:50
  • 2
    Everything is through the very expensive and very secure smart card. You are able to receive the content because the card tells the reciever your allowed to view it. There are lots of articles on the web on this subject I will leave the rest for you research. Your friend is an idiot, they sent a signal to his card, which just disabled his content. His TV is fine. – Ramhound Jun 29 '12 at 18:51
  • 1
    @Ramhound Why would they send any signal to the card? Wouldn't they just revoke the card's certificate on the server? – Iszi Jun 29 '12 at 19:14
  • 1
    Because satellite TV isn't a two-way medium. – Blrfl Jun 29 '12 at 19:28
  • @AndrewSmith if the receiver box isn't connected to any network how can it receive a command? Can the provider control what signals are sent to any given dish? – Gabriel Fair Jun 29 '12 at 20:02
  • 1
    Yes of course, they can even develop a code to bypass built-in limitations to actually send hostile commands to fight piracy. So called, friendly, defensive hacking. – Andrew Smith Jun 29 '12 at 21:06
  • 3
    Seems like you want to know how [Broadcast Encryption](http://security.stackexchange.com/q/2728/396) works – makerofthings7 Jun 29 '12 at 22:18
  • 1
    @GabrielFair: They don't need to. They just send the signal to every dish, but the signal is encrypted with a key only known to one card, so all the other dishes can't make sense of it. – David Schwartz Jul 01 '12 at 12:18

1 Answers1

11

Essentially, each subscriber has a key in their smart card. When a new subscriber is added or changes their service, a new group key is sent over the broadcast system, encrypted with that subscriber's key. The keys to actually decrypt individual programs are themselves encrypted with the group key for the set of services that program belongs to. Legitimate subscribers decrypt the program keys using the group keys, which they decrypt using their subscriber keys.

If someone changes their service, change messages are sent over the system. They're repeated at random intervals to make sure someone gets a new service even if their box was off or missed a signal and to make sure someone eventually gets a service removed if they stopped paying for it or request it be removed.

All of this takes place inside the smart card, a physically secure computing system. Typically, the smart cards can be reprogrammed, but the new programming must be signed. To upgrade smart cards, new programming is sent over the satellite and is signed so existing cards accept it. The service provider knows what smart card each subscriber has and can run multiple distinct security systems concurrently, provided everyone who wants to watch the same show, and is allowed to do so, winds up with the same key to decrypt the actual contents.

There are many ways to pirate cards, but typically a number of pirated cards are all clones of a single subscriber. The system is one-way, so it can't tell if a card has been duplicated. When a card is "hit', that means the operator figured out the card was duplicated (often by one such duplicated card falling into its hands). They then de-authorize that subscriber, shutting off all the pirates using that particular subscriber key.

The pirated cards may be smart enough to ignore the de-authorization. But even so, as soon as the group keys are changed, they'll stop working, since they no longer have any way to decrypt the group keys and thus no way to decrypt the keys needed to decrypt the programming.

Sometimes cards are also "hit" by the provider simply changing the logic in the card. The change can be minor, but enough so that the pirated cards become incompatible with the system. This can be either because the pirated cards reject the update and become incompatible because the protocol has changed or it can be because the pirated cards accept the update and cease to be pirated cards. This can affect every pirated card of a particular type in existence, even if they all use different accounts.

David Schwartz
  • 4,203
  • 24
  • 21
  • ah, very well, but what if the pirated card was just an emulation of an actual card? – Gabriel Fair Jul 06 '12 at 13:44
  • @GabrielFair: The same arguments apply. For example, they can change the software so that the emulator no longer emulates their cards because their cards are now too different. Remember, the keys are changing over time. For the card to continue to work, it has to be able to decrypt the new keys all the time -- and they can change the way those keys are encrypted. – David Schwartz Jul 12 '12 at 11:06