This program is a DES calculator with a front end processor
to make data input compatable with the Macom/GI format which
is byte reversed from standard DES. It can encode or decode
8 bytes of data with a 7 byte key. It has some built in
functions to ease simulation of some VC-2 calculations.
It can't compute a key from known plaintext and ciphertext.
To do that would mean breaking DES. No one knows how to
do that other than exaustive search of the 2^56th possible keys
which, at 30 milliseconds per trial, would take 68 million years
on a IBM PC. Will your PC run a program that long? Will you care
what the result is? Of course you might get lucky ,
if you started at 00000000000000 and the key was 00000000000002.
To get a general idea of how it works, do this:
k 11 22 33 44 55 66 77 <--- this is the 7 byte key
p 00 00 00 00 00 00 00 01 <---8 bytes "plaintext"
Ciphertext: ce cd 3d b3 e4 b1 54 09 <--encrypted output
You can then enter the Ciphertext to recover plaintext again.
note: You MUST enter all 8 data bytes and all 7 key bytes.
The VC-2 is a bit more complicated. It goes through
5 DES decryptions to get a clear program key. Then, 8 times
per second, the 3 byte frame count (last 3 bytes on setup 0 screen)
are decrypted using the program key to produce 8 bytes that go
into U5 which generates a high speed stream of bits to XOR with
the audio data. What's really important is the MONTH key. GI
changes it every 2 months (used to be every month until sept. 1987.).
It only takes 4 DES operations to calculate it.
DESCALC has 4 storage locations for seed keys.
The first step is to enter the seed keys. This is done
by typing "s" followed by the seed key number (00..03) then
the 7 byte seed key itself.
Note: this example uses a real unit ID with real seed keys.
It was displayed on Boresight News and has been shut off
by GI as of FEB. 1, 1988.
Example:
s 00 84 ea de 53 60 79 e8
s 01 9c a5 ce 69 7c b7 9e
s 02 62 fb 7a 6f 59 91 db
s 03 4b 1d a2 e9 6a 15 6b
Next you need to enter the units TIER MASK (7 bytes)
t 01 00 00 08 00 00 00
The next step will cause the program to calculate the unit key from
the unit ID number, GI's key selector number, and the seed keys.
This example is for unit 0181 97FA with the normal unit key selector
of 38 53 13 08. The unit ID must be typed in byte reversed order.
By the way, the key selector is in U20 at 6102 and 6165.
u fa 97 81 01 38 53 13 08 <--unit id plus key selector
unit key= b6 3d ac 1a ad d8 2b 1a <--program output
The 1st 7 bytes of the "unit key" are loaded into the DES key
register automatically as if a "k" command had been given.
Then the clear month key can be calculated. You just enter
the units encrypted month key as ciphertext.
c 8a 3d 2e eb 49 05 dd 53
Plaintext: e9 80 cf d9 9e ad ae 00 <--this is the decoded month key
Now for some fun. This unit had only 2 bits in the tier mask set.
One bit is the one every unit gets and the other is for one of
the superstations. Lets compute the encrypted month key for a
tier mask of all ones! It will decode all services with a stock
U30 chip installed.
t ff ff ff ff ff ff ff <--enter tier mask of all ones
u fa 97 81 01 38 53 13 08 <-- enter unit id plus key selector
unit key: 48 c2 53 ed 52 27 d4 1a <--program outputs unit key
Unit key is put in DES key register for next step.
Now, enter the clear month key that was calculated above as
plaintext.
p e9 80 cf d9 9e ad ae 00
ciphertext: 71 6b de 1b 2c 84 88 dc <--new encrypted month key
for a tier mask of all ones.
Now if you were to enter this data into U20 at the proper place,
the VC-2 will receive all scrambled channels...until it takes a
hit that changes the data back to normal. Of course this program
can also be used to calculate authorization data for "clones" to
make them come up instantly but you wouldn't want to get GI pissed
off at you....would you?
Note: The real VC2 XORs the 3 bytes following the encrypted month
key with the last 3 bytes of the clear month key. Those 3 bytes
are 00 80 00 in 010x boxes and usually 00 00 00 in 018x boxes.
The clear month key will be calculated correctly for 018x but
but byte 6, bit 8 will be inverted for 010x boxes because
this program doesn't do that XOR calculation. This really
only matters if your messing with the Wizard chip.
The blues brothers system encrypts the seed keys that they
store in U20. The key is also in U20 at 6760 and is
usually 11 22 33 44 55 66 77.
seed 00 is at 6740
seed 01 is at 6748
seed 02 is at 6750
seed 03 is at 6758
To encrypt a seed key for use with that system just enter
the seed key key as a DES key, then enter the 7 byte key
with a byte of 00 added to fill out the 8 bytes.
example:
k 11 22 33 44 55 66 77
p 84 ea de 53 60 79 ea 00
Ciphertext: b9 ea a3 99 60 6a 2c 9c
