Pirate decryption
Encyclopedia
Pirate decryption most often refers to the reception of compromised pay TV
Pay TV
Pay television, premium television, or premium channels refers to subscription-based television services, usually provided by both analog and digital cable and satellite, but also increasingly via digital terrestrial and internet television...

 or pay radio signals without authorization from the original broadcaster. The term "pirate" in this case is used in the sense of copyright infringement
Copyright infringement
Copyright infringement is the unauthorized or prohibited use of works under copyright, infringing the copyright holder's exclusive rights, such as the right to reproduce or perform the copyrighted work, or to make derivative works.- "Piracy" :...

 and has little or nothing to do with sea piracy or pirate radio
Pirate radio
Pirate radio is illegal or unregulated radio transmission. The term is most commonly used to describe illegal broadcasting for entertainment or political purposes, but is also sometimes used for illegal two-way radio operation...

, which involved the operation of a small broadcast radio station
Radio station
Radio broadcasting is a one-way wireless transmission over radio waves intended to reach a wide audience. Stations can be linked in radio networks to broadcast a common radio format, either in broadcast syndication or simulcast or both...

 without lawfully obtaining a license to transmit. The MPAA
Motion Picture Association of America
The Motion Picture Association of America, Inc. , originally the Motion Picture Producers and Distributors of America , was founded in 1922 and is designed to advance the business interests of its members...

 and other organizations which try to protect copyright and licensing agreements often call such decryption "signal theft" even though there is no direct tangible loss.

History

The concept of pay TV is almost as old as TV itself and involves a broadcaster deliberately transmitting signals in a non-standard, scrambled or encrypted format in order to charge viewers a subscription fee for the use of a special decoder needed to receive the scrambled broadcast
Broadcasting
Broadcasting is the distribution of audio and video content to a dispersed audience via any audio visual medium. Receiving parties may include the general public or a relatively large subset of thereof...

 signal.

Early pay TV broadcasts in countries such as the United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...

 used standard over-the-air transmitters; many restrictions applied as anti-siphoning law
Anti-siphoning law
Anti-siphoning laws and regulations are designed to prevent pay television broadcasters from buying monopoly rights to televise important and culturally significant events before free-to-air television has a chance to bid on them. The theory is that if such a monopoly was allowed, then the poor...

s were enacted to prevent broadcasters of scrambled signals from engaging in activities to harm the development of standard free-to-air
Free-to-air
Free-to-air describes television and radio services broadcast in clear form, allowing any person with the appropriate receiving equipment to receive the signal and view or listen to the content without requiring a subscription or one-off fee...

 commercial broadcasting. Scrambled signals were limited to large communities which already had a certain minimum number of unencrypted broadcast stations, relegated to certain frequencies. Restrictions were placed on access of pay TV broadcasters to content such as recent feature films in order to give free TV broadcasters a chance to air these programs before they were siphoned away by pay channels.

Under these conditions, the pay TV concept was very slow to become commercially viable; most television and radio broadcasts remained in-the-clear and were funded by commercial advertising
Advertising
Advertising is a form of communication used to persuade an audience to take some action with respect to products, ideas, or services. Most commonly, the desired result is to drive consumer behavior with respect to a commercial offering, although political and ideological advertising is also common...

, individual and corporate donations to educational broadcasters
Broadcasting
Broadcasting is the distribution of audio and video content to a dispersed audience via any audio visual medium. Receiving parties may include the general public or a relatively large subset of thereof...

, direct funding by governments or license fees charged to the owners of receiving apparatus (the BBC
BBC
The British Broadcasting Corporation is a British public service broadcaster. Its headquarters is at Broadcasting House in the City of Westminster, London. It is the largest broadcaster in the world, with about 23,000 staff...

 in the UK, for example).

Pay TV only began to become common after the widespread installation of cable television
Cable television
Cable television is a system of providing television programs to consumers via radio frequency signals transmitted to televisions through coaxial cables or digital light pulses through fixed optical fibers located on the subscriber's property, much like the over-the-air method used in traditional...

 systems in the 1970s and 1980s; early premium channels were most often movie broadcasters such as the US-based Home Box Office
Home Box Office
HBO, short for Home Box Office, is an American premium cable television network, owned by Time Warner. , HBO's programming reaches 28.2 million subscribers in the United States, making it the second largest premium network in America . In addition to its U.S...

 and Cinemax
Cinemax
Cinemax, sometimes abbreviated as simply "Max", is a collection of premium television networks that broadcasts primarily feature films, along with softcore erotica, original action series, documentaries and special behind-the-scenes features. Cinemax is operated by Home Box Office, Inc., a...

, both currently owned by Time Warner
Time Warner
Time Warner is one of the world's largest media companies, headquartered in the Time Warner Center in New York City. Formerly two separate companies, Warner Communications, Inc...

. Signals were obtained for distribution by cable companies using C-band satellite dish antennae of up to ten feet in diameter; the first satellite signals were originally unencrypted as extremely few individual end-users could afford the large and expensive satellite receiving apparatus.

As satellite dishes became smaller and more affordable, most satellite signal providers adopted various forms of encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...

 in order to limit reception to certain groups (such as hotels, cable companies, or paid subscribers) or to specific political regions. Nowadays some free-to-air satellite
Satellite
In the context of spaceflight, a satellite is an object which has been placed into orbit by human endeavour. Such objects are sometimes called artificial satellites to distinguish them from natural satellites such as the Moon....

 content in the USA still remains, but many of the channels still in the clear are ethnic channels, local over-the-air TV stations, international broadcasters, religious programming, backfeeds of network programming destined to local TV stations or signals uplinked from mobile satellite trucks to provide live news and sports coverage.

Specialty channels and premium movie channels are most often encrypted; in most countries, broadcasts consisting of explicit pornography
Pornography
Pornography or porn is the explicit portrayal of sexual subject matter for the purposes of sexual arousal and erotic satisfaction.Pornography may use any of a variety of media, ranging from books, magazines, postcards, photos, sculpture, drawing, painting, animation, sound recording, film, video,...

 must always be encrypted to prevent reception by those who wish not to be exposed to this sort of "adult content."

Technical issues

Initial attempts to encrypt broadcast signals were based on analogue techniques of questionable security, the most common being one or a combination of techniques such as:
  • Weakening or attenuating specific portions of the video signal, typically those required to maintain synchronization
    Synchronization
    Synchronization is timekeeping which requires the coordination of events to operate a system in unison. The familiar conductor of an orchestra serves to keep the orchestra in time....

    .
  • Inverting video signals so that white becomes black (and vice-versa).
  • Adding an interfering signal at one specific frequency which could be simply filtered out at a suitably equipped receiver.
  • Moving the audio portion of the signal to some other frequency or sending it in a non-standard format.


These systems were designed to provide decoders to cable operators at low cost; a serious tradeoff was made in security. Some analogue decoders were addressable so that cable companies could turn channels on or off remotely, but this only gave the cable companies control of their own descramblers — valuable if needed to deactivate a stolen cable company decoder but useless against hardware designed by signal pirates.

The first encryption methods used for big-dish satellite systems used a hybrid approach; analogue video and digital encrypted audio. This approach was somewhat more secure, but not completely free of problems due to piracy of video signals.

Direct broadcast satellites and digital cable
Digital cable
Digital cable is a generic term for any type of cable television distribution using digital video compression or distribution. The technology was originally developed by Motorola.-Background:...

 services, because of their digital format, are free to use more robust security measures such as the Data Encryption Standard
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...

 (DES) or the RSA and IDEA
International Data Encryption Algorithm
In cryptography, the International Data Encryption Algorithm is a block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. As a block cipher, it is also symmetric. The algorithm was intended as a replacement for the Data Encryption Standard[DES]...

 digital encryption standards. When first introduced, digital DBS
Direct broadcast satellite
Direct broadcast satellite is a term used to refer to satellite television broadcasts intended for home reception.A designation broader than DBS would be direct-to-home signals, or DTH. This has initially distinguished the transmissions directly intended for home viewers from cable television...

 broadcasts were touted as being secure enough to put an end to piracy once and for all. Often these claims would be made in press releases.

The enthusiasm was short-lived. In theory the system was an ideal solution, but some corners had been cut in the initial implementations in the rush to launch the service. The first US DirecTV smart cards were based on the BSkyB VideoCrypt
VideoCrypt
VideoCrypt is a cryptographic, smartcard-based conditional access television encryption system that scrambles analogue pay-TV signals. It was introduced in 1989 by News Datacom and was used initially by Sky TV and subsequently by several other broadcasters on the SES Astra satellites at 19.2°...

 card known as the Sky 09 card. The Sky 09 card had been introduced in 1994 as a replacement for the compromised Sky 07 card. It, the Sky 09 card, had been totally compromised in Europe at the time (1995). The countermeasure employed by NDS Group
NDS Group
NDS Group Plc. is a developer of pay TV technology. NDS was established in 1988 as an Israeli start up company. It was acquired by News Corporation in 1992. The company is currently headquartered in Staines, United Kingdom...

, the designers of the VideoCrypt system was to issue a new smartcard (known as the Sky 10 card) that included an ASIC
Application-specific integrated circuit
An application-specific integrated circuit is an integrated circuit customized for a particular use, rather than intended for general-purpose use. For example, a chip designed solely to run a cell phone is an ASIC...

 in addition to the card's microcontroller
Microcontroller
A microcontroller is a small computer on a single integrated circuit containing a processor core, memory, and programmable input/output peripherals. Program memory in the form of NOR flash or OTP ROM is also often included on chip, as well as a typically small amount of RAM...

. This innovation made it harder for pirates to manufacture pirate VideoCrypt cards. Previously, the program in the Sky card's microcontroller could be rewritten for other microcontrollers without too much difficulty. The addition of an ASIC
Application-specific integrated circuit
An application-specific integrated circuit is an integrated circuit customized for a particular use, rather than intended for general-purpose use. For example, a chip designed solely to run a cell phone is an ASIC...

 took the battle between the system designers and pirates to another level and it bought BSkyB at least six months of almost piracy-free broadcasting before the pirate Sky 10 cards appeared on the market in 1996. Initial pirate Sky 10 cards had an implementation of this ASIC but once supplies ran out, pirates resorted to extracting the ASICs from deactivated Sky cards and reusing them.

The first US DirecTV "F" card did not contain an ASIC and it was quickly compromised. Pirate DirecTV cards based on microcontrollers that were often ironically more secure than that used in the official card became a major problem for DirecTV. Similar errors had been made by the developers of the UK's terrestrial digital Xtraview Encryption System
Xtraview Encryption System
Xtraview Video Encryption System refers to the now-defunct patented "encryption" system used on Xtraview and a number of other Top Up TV services, including Setanta Sports, Television X and Red Hot TV....

, which provided no encryption and relied on hiding channels from listings.

The DirecTV "F" card was replaced with the "H" card, which contained an application-specific integrated circuit
Application-specific integrated circuit
An application-specific integrated circuit is an integrated circuit customized for a particular use, rather than intended for general-purpose use. For example, a chip designed solely to run a cell phone is an ASIC...

 to handle decryption. However, due to similarities between the "H" and other existing cards, it became apparent that while the signal could not be received without the card and its ASIC
Application-specific integrated circuit
An application-specific integrated circuit is an integrated circuit customized for a particular use, rather than intended for general-purpose use. For example, a chip designed solely to run a cell phone is an ASIC...

, the card itself was vulnerable to tampering by reprogramming it to add channel tiers or additional programming, opening TV channels to the prying eyes of the pirates.

Two more card swaps would be necessary before the piracy headaches at DirecTV would finally go away; a number of other providers are also in the middle of swapping out all of their subscribers' smartcards due to compromised encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...

 methods or technology.

A number of vulnerabilities exist even with digital encryption:
  • The same algorithm is used, potentially, for millions of subscribed receivers and or smartcards. The designers have the choice of using their own custom, and secret algorithm or using a publicly tested one. The first approach is often referred to as security by obscurity. It can work well if the technology and the algorithm are robust. This approach also has a hidden catch for any potential pirate in that he would have to understand and emulate the custom algorithm in order to implement a pirate device.

  • With many digital TV encryption systems relying on smartcards for their security, any compromise of the smartcard would require a complete replacement of all smartcards being used. That could potentially involve the replacement of millions of smartcards. On a system with a low number of subscribers, the smartcards can be replaced periodically. However as the number of subscribers grows, the cost of replacing the smartcards and the logistics of the replacement encourages the system users to try to get the longest use out of the smartcards before replacement. The chances of a fatal compromise on the smartcard increases as the time between replacement increases.

  • Any compromise of the smartcard or algorithm will become public quickly. Computer
    Computer
    A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...

    s and Internet
    Internet
    The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...

     can be used to make crucial design details publicly available. Internet sites may be located offshore in countries where local laws permit the information and software
    Computer software
    Computer software, or just software, is a collection of computer programs and related data that provide the instructions for telling a computer what to do and how to do it....

     to be distributed openly; some of the more notorious software distributed to pirates ranges from NagraEdit (a program intended to edit the information stored on Swiss-designed Kudelski NagraVision 1 smartcards) to firmware which may be used to reprogram some free-to-air
    Free-to-air
    Free-to-air describes television and radio services broadcast in clear form, allowing any person with the appropriate receiving equipment to receive the signal and view or listen to the content without requiring a subscription or one-off fee...

     set-top boxes or desktop PCs equipped with Digital Video Broadcasting (DVB) tuner cards to permit them to decode encrypted broadcasts.

  • The secrecy of any algorithm is only as trustworthy as the people with access to the algorithm; if any of them were to divulge any of the design secrets, every card with the compromised algorithm
    Algorithm
    In mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...

     may need to be replaced for security to be restored. In some cases, outside personnel (such as those employed by lawyers in the NDS vs. DirecTV intellectual property
    Intellectual property
    Intellectual property is a term referring to a number of distinct types of creations of the mind for which a set of exclusive rights are recognized—and the corresponding fields of law...

     lawsuit
    Lawsuit
    A lawsuit or "suit in law" is a civil action brought in a court of law in which a plaintiff, a party who claims to have incurred loss as a result of a defendant's actions, demands a legal or equitable remedy. The defendant is required to respond to the plaintiff's complaint...

     over the P4 card design) may obtain access to key and very sensitive information, increasing the risk of the information being leaked for potential use by pirates.

  • If less secure encryption is used due to processor limitations on the smartcards, the system is vulnerable to cryptographic attack using distributed processing. While most secure Internet and online banking transactions require 128-bit encryption, 56-bit codes are not uncommon in video encryption. A cryptographic attack against a 56-bit DES
    Data Encryption Standard
    The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...

     code would still be prohibitively time-consuming on a single processor. A distributed approach in which many users each run software to scan just a portion of the possible combinations, then upload results to one or more central points on a network such as the Internet
    Internet
    The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...

    , may provide information of value to pirates who wish to break security
    Security
    Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...

    . Distributed processing attacks were used, successfully in some cases, against the D2-MAC/EuroCrypt system used in Europe during the 1990s.

  • The resources available for reverse engineering
    Reverse engineering
    Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation...

     increase significantly if a direct competitor with smartcard manufacturing knowledge were to attempt to maliciously compromise the system. Integrated circuits may be vulnerable to microprobing or analysis under an electron microscope once acid or chemical means have been used to expose the bare silicon circuitry. One lawsuit has already been launched by Canal+
    Canal+
    Canal+ is a French premium pay television channel launched in 1984. It is 80% owned by the Canal+ Group, which in turn is owned by Vivendi SA. The channel broadcasts several kinds of programming, mostly encrypted...

    , dropped as the result of the one billion Euro deal to sell TelePiu (Italy), then continued by Echostar (USA). The suit alleged that competitor NDS Group
    NDS Group
    NDS Group Plc. is a developer of pay TV technology. NDS was established in 1988 as an Israeli start up company. It was acquired by News Corporation in 1992. The company is currently headquartered in Staines, United Kingdom...

     had maliciously used reverse engineering to obtain the computer programs contained within various pay-TV smartcards (including SECA
    Mediaguard
    Mediaguard is a conditional access system for digital television developed by SECA , company renamed to Canal+ Technologies SA , a subsidiary of Canal+ Group, sold to Thomson...

     and Nagra cards) and allowed the results had been posted to Internet sites such as the notorious DR7.com.


On May 15, 2008 a jury in the Echostar vs NDS civil lawsuit(8:2003cv00950) awarded Echostar just over $1500 USD in damages, Echostar original sought 1 billion in damages from NDS however a jury was not convinced of the allegations Echostar had made against NDS and awarded damages only for the factual claims that were proven and for which the jury believed an award should be given in accordance with the laws of the United States.
  • The signals moving between the smartcard and the receiver can be easily intercepted and analyzed. They can be vulnerable to a "glitch" by which the incoming power and clock signals are disrupted for a short and carefully timed length of time (such as a millionth of a second) in order to cause the processor to skip an instruction. In many cases, off-the-shelf hardware with modified firmware designed to exploit this weakness was sold to pirates for use in tampering with cards for the US-based DirecTV
    DirecTV
    DirecTV is an American direct broadcast satellite service provider and broadcaster based in El Segundo, California. Its satellite service, launched on June 17, 1994, transmits digital satellite television and audio to households in the United States, Latin America, and the Anglophone Caribbean. ...

     system.

  • In some cases, buffer overflow
    Buffer overflow
    In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....

     exploits have been used to gain access to otherwise locked cards in order to reprogram them.

  • A scheme to monitor the exact instantaneous power consumption of smartcards as they make their computations also provides clues as to what type of computations are being performed.


In some cases, fraudulent cloning has been used to assign identical serial numbers to multiple receivers or cards; subscribe (or unsubscribe) one receiver and the same programming changes appear on all of the others. Various techniques have also been used to provide write protection
Write protection
Write protection is any physical mechanism that prevents modification or erasure of valuable data on a device. Most commercial software, audio and video is sold pre-protected.-Examples:...

 for memory on the smartcards or receivers to make deactivation or sabotage of tampered cards by signal providers more difficult.

Systems based on removable smartcards do facilitate the implementation of renewable security
Renewable security
Renewable Security was a concept that evolved after the repeated hacks of analogue TV encryption systems in the late 1980s. Simply stated, rather than completely replacing a hacked TV encryption system, only part of it would have to be replaced to make it secure again.The decoders at that time...

, where compromised systems can be repaired by sending new and redesigned cards to legitimate subscribers, but they also make the task of replacing smartcards with tampered cards or inserting devices between card and receiver easier for pirates. In some European systems, the conditional access module
Conditional access module
A conditional access module is an electronic device, usually incorporating a slot for a smart card, which equips an Integrated Digital Television or set-top box with the appropriate hardware facility to view conditional access content that has been encrypted using a conditional access system...

 (CAM) which serves as a standardized interface between smartcard and DVB receiver has also been targeted for tampering or replaced by third-party hardware.

Improvements in hardware and system design can be used to significantly reduce the risks of any encryption system being compromised, but many systems once thought secure have been proven vulnerable to sufficiently sophisticated and malicious attackers.

Two-way communication has also been used by designers of proprietary digital cable TV equipment in order to make tampering more difficult or easier to detect. A scheme involving the use of a high-pass filter
High-pass filter
A high-pass filter is a device that passes high frequencies and attenuates frequencies lower than its cutoff frequency. A high-pass filter is usually modeled as a linear time-invariant system...

 on the line to prevent two-way communication has been widely promoted by some unscrupulous individuals as a means of disabling communication of billing information for pay-per-view
Pay-per-view
Pay-per-view provides a service by which a television audience can purchase events to view via private telecast. The broadcaster shows the event at the same time to everyone ordering it...

 programming but this device is effectively worthless as a cable operator remains free to unsubscribe a digital set-top box if two-way communication has been lost. As a device intended to pass signals in one direction only, the line filters offer nothing that couldn't be done (with the same results) by an inexpensive signal booster - a simple one-way RF amplifier already widely available cheaply and readily for other purposes. Also, many such boxes will disallow access to pay-per-view content after a set number of programs are watched before the box can transmit this data to the headend, further reducing the usefulness of such a filter.

Terminology and Definitions

Some of the terminology used to describe various devices, programs and techniques dealing with Pay-TV piracy is named for the particular hacks. The "Season" interface for example is named after the Season7 hack on Sky TV which allowed a PC to emulate a legitimate Sky-TV smartcard. The Season7 referred to the seventh and final season of Star Trek: The Next Generation
Star Trek: The Next Generation
Star Trek: The Next Generation is an American science fiction television series created by Gene Roddenberry as part of the Star Trek franchise. Roddenberry, Rick Berman, and Michael Piller served as executive producers at different times throughout the production...

 which was then showing on Sky One. The "Phoenix" hack was named after the mythical bird which can reanimate itself. The hack itself reactivated smartcards that had been switched off by the providers.

Some of the terminology used on Internet discussion sites to describe the various devices, programs and techniques used in dealing with video piracy is strange, non-standard, or specific to one system. The terms are often no different to the brandnames used by legitimate products and serve the same function.

ISO/IEC 7816 smartcard terminology

  • ATR
    Answer to reset
    An Answer To Reset is a message output by a contact Smart Card conforming to ISO/IEC 7816 standards, following electrical reset of the card's chip by a card reader...

     is the answer-to-reset data from an ISO/IEC 7816-compliant smartcard. A card reader would provide power, clock and reset signals to a smartcard, along with a bidirectional serial data interface to permit communication. On reset, the card would send a standard block of serial data (nominally at 9600 bit/s) to identify the card type and indicate the desired bitrate for further communication. The frequency of clock to be supplied may vary from one system or card type to another as it appears not to have been specified in the ISO standard.

  • A smart card reader
    Card reader
    A card reader is a data input device that reads data from a card-shaped storage medium. Historically, paper or cardboard punched cards were used throughout the first several decades of the computer industry to store information and programs for computer system, and were read by punched card readers...

     is a device that allows a computer to communicate with a smartcard. Technically, these are simple devices consisting of a smartcard socket, some voltage level conversion circuitry and a crystal oscillator to supply the card with its clock signal. Early models were connected to the serial port on computers so the interface circuitry had to convert between the ISO/IEC 7816 card voltage levels and the RS-232
    RS-232
    In telecommunications, RS-232 is the traditional name for a series of standards for serial binary single-ended data and control signals connecting between a DTE and a DCE . It is commonly used in computer serial ports...

     voltage levels used by the computer's serial port. More recent models use a USB
    Universal Serial Bus
    USB is an industry standard developed in the mid-1990s that defines the cables, connectors and protocols used in a bus for connection, communication and power supply between computers and electronic devices....

     connection to the computer. The simplest of earlier devices was the Phoenix interface. More sophisticated readers are often used in systems where the personal computer itself is to be secured using smartcard systems.

  • AVR and ATmega are trade names for a series of general-purpose 8-bit microcontroller
    Microcontroller
    A microcontroller is a small computer on a single integrated circuit containing a processor core, memory, and programmable input/output peripherals. Program memory in the form of NOR flash or OTP ROM is also often included on chip, as well as a typically small amount of RAM...

     chips manufactured by Atmel
    Atmel
    Atmel Corporation is a manufacturer of semiconductors, founded in 1984. Its focus is on system-level solutions built around flash microcontrollers...

     Corporation. The terms have been misused widely to refer to blank smartcards or various other hardware devices which were built around these processors. The widely available European funcard series of blank generic ISO/IEC 7816 smartcards were based upon the Atmel processor series; there was also a PIC card based on the Microchip
    Microchip Technology
    Microchip Technology is an American manufacturer of microcontroller, memory and analog semiconductors. Its products include microcontrollers , Serial EEPROM devices, Serial SRAM devices, KEELOQ devices, radio frequency devices, thermal, power and battery management analog devices, as well as...

     Corporation PIC series of processors.

  • Emulation
    Emulator
    In computing, an emulator is hardware or software or both that duplicates the functions of a first computer system in a different second computer system, so that the behavior of the second system closely resembles the behavior of the first system...

     refers to the use of a personal computer in place of a smartcard using an ISO/IEC 7816-compatible "Season" interface. The PC, as far as the decoder is concerned, becomes a legitimate smartcard due to the program running on it. The program responds like a legitimate smartcard. Sometimes, for development purposes, the PC is programmed to simulate the entire instruction set of the smartcard's microcontroller
    Microcontroller
    A microcontroller is a small computer on a single integrated circuit containing a processor core, memory, and programmable input/output peripherals. Program memory in the form of NOR flash or OTP ROM is also often included on chip, as well as a typically small amount of RAM...

     to allow smartcard code to be developed more readily. As some encryption systems require an application-specific IC (ASIC
    Application-specific integrated circuit
    An application-specific integrated circuit is an integrated circuit customized for a particular use, rather than intended for general-purpose use. For example, a chip designed solely to run a cell phone is an ASIC...

    ) on the card to perform decryption, a pirate would also use a card which had been "auxed" (reprogrammed to pass received computer data directly to the application-specific decryption chip) in order to employ such an emulation system. Alternatively, pirates can sometimes emulate the functionality of the ASIC itself to gain access to the encrypted data.

  • A looped smartcard is one where defective or malicious program code written to non-volatile memory
    Non-volatile memory
    Non-volatile memory, nonvolatile memory, NVM or non-volatile storage, in the most basic sense, is computer memory that can retain the stored information even when not powered. Examples of non-volatile memory include read-only memory, flash memory, ferroelectric RAM, most types of magnetic computer...

     causes the smartcard's microcontroller
    Microcontroller
    A microcontroller is a small computer on a single integrated circuit containing a processor core, memory, and programmable input/output peripherals. Program memory in the form of NOR flash or OTP ROM is also often included on chip, as well as a typically small amount of RAM...

     to enter an endless loop
    Endless Loop
    Endless Loop is overall, the fifth EP by Japanese singer Eiko Shimamiya but this is her second EP produced by both I've Sound and Geneon Entertainment. It was released on December 14, 2005...

     on power-up or reset, rendering the card unusable. This is typically a countermeasure used by encryption system owners to permanently deactivate smartcards. In many cases, not even the ISO/IEC 7816 ATR message would be sent. Unloopers were smartcard repair stations intended to cause the card to skip one or more instructions by applying a "glitch" in some form to the power or clock signal in the hope of allowing the smartcard's microcontroller to exit from the endless loop.

  • Bootloaders were hardware which used a similar "glitch" to break a card out of an endless loop on power-up each time the card was used; these did not provide any smartcard reprogramming ability. These could permit DirecTV "H" cards (now no longer in use) to operate despite the permanent damage done by malicious code during the "Black Sunday" attack of 2001. These devices are currently believed to be obsolete.

Receiver (IRD) and microprocessor terminology

  • DVB is an international standard for digital video broadcasting used by virtually all European broadcasters; some North American providers use incompatible proprietary standards such as DSS
    Digital Signature Algorithm
    The Digital Signature Algorithm is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology in August 1991 for use in their Digital Signature Standard , specified in FIPS 186, adopted in 1993. A minor...

     (DirecTV) or DigiCipher
    DigiCipher 2
    DigiCipher 2, or simply DCII, is a proprietary standard format of digital signal transmission and encryption with MPEG-2 signal video compression used on many communications satellite television and audio signals...

     (Motorola) which predate the DVB standardisation effort. The packet size, tables and control information transmitted by proprietary systems require proprietary non-DVB receivers, even though the video itself nominally in some form will often still adhere to the MPEG-2
    MPEG-2
    MPEG-2 is a standard for "the generic coding of moving pictures and associated audio information". It describes a combination of lossy video compression and lossy audio data compression methods which permit storage and transmission of movies using currently available storage media and transmission...

     image compression standard defined by the Moving Picture Experts Group.

  • An IRD
    Integrated receiver/decoder
    An integrated receiver/decoder is an electronic device used to pick-up a radio-frequency signal and convert digital information transmitted in it.-Consumer IRDs:...

     is an integrated receiver-decoder, in other words a complete digital satellite TV or radio receiver; "decoder" in this context refers not to decryption but to the decompression and conversion of MPEG video into displayable format.

  • FTA
    Free-to-air
    Free-to-air describes television and radio services broadcast in clear form, allowing any person with the appropriate receiving equipment to receive the signal and view or listen to the content without requiring a subscription or one-off fee...

     is often used to refer to receivers and equipment which contain no decryption hardware, built with the intention of being able to receive unencrypted free-to-air
    Free-to-air
    Free-to-air describes television and radio services broadcast in clear form, allowing any person with the appropriate receiving equipment to receive the signal and view or listen to the content without requiring a subscription or one-off fee...

     broadcasts; more properly FTA refers to the unencrypted broadcasts themselves.

  • A CAM
    Conditional access module
    A conditional access module is an electronic device, usually incorporating a slot for a smart card, which equips an Integrated Digital Television or set-top box with the appropriate hardware facility to view conditional access content that has been encrypted using a conditional access system...

     or conditional access module is defined by the DVB standard as an interface between a standardised DVB Common Interface
    Common Interface
    In Digital Video Broadcasting, the Common Interface is an extensible digital interconnect found in the digital TV market. It is also known as DVB-CI for Digital Video Broadcast Common Interface....

     receiver and one or more proprietary smartcards for signal decryption. It is not the smartcard itself. The standard format of this module follows PCMCIA specifications; some receivers bypass the requirement for a separate module by providing embedded CAM functionality in the receiver to communicate with specific proprietary smartcards such as Nagravision
    Nagravision
    Nagravision is a company of the Kudelski Group that develops conditional access systems for cable and satellite television. The name is also used for their main products, the Nagravision encryption systems.-Digital systems:...

    , Conax
    Conax
    Conax is a global technology company that provides conditional access solutions for digital television. Based in Oslo, Norway, Conax has subsidiaries in the USA, India and Germany and sales & support offices in Russia, Singapore, China, South Korea, Brazil, and Canada.- Overview :Between 1986 and...

    , Irdeto
    Irdeto
    Irdeto B.V. is a global software security and media technology company with dual headquarters in Hoofddorp, Netherlands and Beijing, China. It is a subsidiary of multinational media group Naspers...

    , Viaccess
    Viaccess
    Viaccess is a conditional access system developed by France Télécom. There are six versions in use today, Viaccess PC2.3, Viaccess PC2.4, Viaccess PC2.5, Viaccess PC2.6, Viaccess PC3.0 and Viaccess PC4.0....

    , Betacrypt. In the North American market, most "package receivers" sold by signal providers provide embedded CAM operation; terminology is therefore often misused to misidentify the smartcard as a CAM.

  • JTAG
    JTAG
    Joint Test Action Group is the common name for what was later standardized as the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. It was initially devised for testing printed circuit boards using boundary scan and is still widely used for this application.Today JTAG is also...

     is a standard test interface defined by the Joint Test Action Group and supported on many late-model digital receivers for factory test purposes. Operating using a six-wire interface and a personal computer, the JTAG interface was originally intended to provide a means to test and debug embedded hardware and software. In the satellite TV world, JTAG is most often used to obtain read-write access to nonvolatile memory within a digital receiver; initially programs such as Wall and JKeys were used to read box keys from receivers with embedded CAMs but JTAG has since proven its legitimate worth to satellite TV fans as a repair tool to fix receivers where the firmware (in flash memory) has been corrupted.

  • The Sombrero de Patel is another device used to obtain direct memory access
    Direct memory access
    Direct memory access is a feature of modern computers that allows certain hardware subsystems within the computer to access system memory independently of the central processing unit ....

     to a receiver without physically removing memory chips from the board to place them in sockets or read them with a specialized device programmer. The device consists of a standard PLCC integrated circuit
    Integrated circuit
    An integrated circuit or monolithic integrated circuit is an electronic circuit manufactured by the patterned diffusion of trace elements into the surface of a thin substrate of semiconductor material...

     socket
    Jack (connector)
    In electronics and electrical assemblies, the term jack commonly refers to a surface-mounted connector, often, but not always, with the female electrical contact or socket, and is the "more fixed" connector of a connector pair...

     which has been turned upside-down in order to be placed directly over a microprocessor
    Microprocessor
    A microprocessor incorporates the functions of a computer's central processing unit on a single integrated circuit, or at most a few integrated circuits. It is a multipurpose, programmable device that accepts digital data as input, processes it according to instructions stored in its memory, and...

     already permanently soldered to a printed circuit board
    Printed circuit board
    A printed circuit board, or PCB, is used to mechanically support and electrically connect electronic components using conductive pathways, tracks or signal traces etched from copper sheets laminated onto a non-conductive substrate. It is also referred to as printed wiring board or etched wiring...

     in a receiver; the socket makes electrical contact with all pins of the microprocessor and is interfaced to one or more microcontrollers which use direct memory access to pause the receiver's microprocessor and read or write directly to the memory. The term sombrero is used for this hack as the novel use of an inverted IC socket somewhat resembles a hat
    Hat
    A hat is a head covering. It can be worn for protection against the elements, for ceremonial or religious reasons, for safety, or as a fashion accessory. In the past, hats were an indicator of social status...

     being placed upon the main processor.

SmartCard Piracy

Smart card piracy involves the illegitimate use of conditional access smart card
Smart card
A smart card, chip card, or integrated circuit card , is any pocket-sized card with embedded integrated circuits. A smart card or microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally polyvinyl chloride, but sometimes acrylonitrile...

s, in order to gain, and potentially provide to others, unauthorised access to pay-TV or even private media
Mass media
Mass media refers collectively to all media technologies which are intended to reach a large audience via mass communication. Broadcast media transmit their information electronically and comprise of television, film and radio, movies, CDs, DVDs and some other gadgets like cameras or video consoles...

 broadcasts. Smart card piracy generally occurs after a breach of security in the smart card, exploited by computer hackers
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...

 in order to gain complete access to the card's encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...

 system.

Once access has been gained to the smart card's encryption system, the hacker can perform changes to the card's internal information, which in turn tricks the conditional access system into believing that it has been allowed access, by the legitimate card provider, to other television channels using the same encryption system. In some cases, the channels do not even have to be from the same television provider, since many providers use similar encryption systems, or use cards which have the capacity to store information for decoding those channels also. The information on how to hack the card is normally held within small, underground groups, to which public access is not possible. Instead, the hacking groups may release their hack in several forms. One such way is simply to release the encryption algorithm and key. Another common release method is by releasing a computer program
Computer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...

 which can be used by the smart card user to reprogram their card. Once complete, the now illegally modified smart card is known as a "MOSC." (Modified Original Smart Card). A third such method, more common in recent times, is to sell the information gained on the encryption to a third party, who will then release their own smart card, such as the K3 card. This third party, for legal reasons, will then use a fourth party to release encrypted files, which then allow the card to decode encrypted content.

Along with modifying original cards, it is possible to use the information provided by the smart card to create an encryption emulator. This, in turn, can be programmed
Computer programming
Computer programming is the process of designing, writing, testing, debugging, and maintaining the source code of computer programs. This source code is written in one or more programming languages. The purpose of programming is to create a program that performs specific operations or exhibits a...

 into a cable or satellite receiver's internal software, and offered for download on the internet as a firmware
Firmware
In electronic systems and computing, firmware is a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices...

 upgrade. This allows access to the encrypted channels by those who do not even own a smart card. In recent times, many underground forum
Internet forum
An Internet forum, or message board, is an online discussion site where people can hold conversations in the form of posted messages. They differ from chat rooms in that messages are at least temporarily archived...

 websites dedicated to the hobby of satellite piracy and encryption emulated Free To Air (FTA) receivers have been set up, giving up to date information on satellite
Satellite television
Satellite television is television programming delivered by the means of communications satellite and received by an outdoor antenna, usually a parabolic mirror generally referred to as a satellite dish, and as far as household usage is concerned, a satellite receiver either in the form of an...

 and cable
Cable television
Cable television is a system of providing television programs to consumers via radio frequency signals transmitted to televisions through coaxial cables or digital light pulses through fixed optical fibers located on the subscriber's property, much like the over-the-air method used in traditional...

 piracy
Copyright infringement
Copyright infringement is the unauthorized or prohibited use of works under copyright, infringing the copyright holder's exclusive rights, such as the right to reproduce or perform the copyrighted work, or to make derivative works.- "Piracy" :...

, including making available firmware downloads for receivers, and very detailed encryption system information available to the public.

Upon gaining the knowledge that their system has been compromised, the smart card providers often have several counter measure systems against unauthorised viewing, which can be put in place over the air, in most cases causing virtually no disruption to legitimate viewers. The simplest form of counter measure is a key change. This simply halts viewing for those viewing without authorisation temporarily, since the new key can easily be accessed in the hacked card, and implemented. There are often other more complicated procedures which update a part of the smart card in order to make it inaccessible. These procedures can also, however, be hacked, once again allowing access. This leads to a game of "cat and mouse" between the smart card provider, and the hackers. This, after several stages of progression, can leave the smart card provider in a situation where they no longer have any further counter measures to implement. This leaves them in a situation where they must perform a card and encryption change with all legitimate viewers, in order to eliminate the viewing of the service without permission, at least for the foreseeable future.

Such has been the success of implementing new smart card systems, that another form of smart card piracy has grown in popularity. This method is called card sharing
Card Sharing
Card sharing, also known as control word sharing, is a method of allowing multiple clients or digital television receivers to access a subscription television network with only one valid subscription card...

, which works by making available the smart card decoding information in real time to other users, via a computer network. Police monitoring of unsecured card sharing networks has led to prosecutions.

Virtually every common encryption system is publicly known to have been compromised. These include Viaccess
Viaccess
Viaccess is a conditional access system developed by France Télécom. There are six versions in use today, Viaccess PC2.3, Viaccess PC2.4, Viaccess PC2.5, Viaccess PC2.6, Viaccess PC3.0 and Viaccess PC4.0....

, Nagravision
Nagravision
Nagravision is a company of the Kudelski Group that develops conditional access systems for cable and satellite television. The name is also used for their main products, the Nagravision encryption systems.-Digital systems:...

, SECA Mediaguard
Mediaguard
Mediaguard is a conditional access system for digital television developed by SECA , company renamed to Canal+ Technologies SA , a subsidiary of Canal+ Group, sold to Thomson...

 and Conax
Conax
Conax is a global technology company that provides conditional access solutions for digital television. Based in Oslo, Norway, Conax has subsidiaries in the USA, India and Germany and sales & support offices in Russia, Singapore, China, South Korea, Brazil, and Canada.- Overview :Between 1986 and...

. The MediaCipher system, owned by Motorola, along with Scientific Atlanta's PowerKEY system, are the only digital TV encryption systems which have not publicly been compromised. This is largely thanks to there being no PC card
PC card
In computing, PC Card is the form factor of a peripheral interface designed for laptop computers. The PC Card standard was defined and developed by the Personal Computer Memory Card International Association which itself was created by a number of computer industry companies in the United States...

 Conditional Access Modules (CAMs) available for either encryption system.

Despite the unauthorised decryption of media being illegal in many countries, smart card piracy is a crime which is very rarely punished, due to it being virtually undetectable, particularly in the case of satellite
Satellite television
Satellite television is television programming delivered by the means of communications satellite and received by an outdoor antenna, usually a parabolic mirror generally referred to as a satellite dish, and as far as household usage is concerned, a satellite receiver either in the form of an...

 viewing. Laws in many countries do not clearly specify whether the decryption of foreign media services is illegal or not. This has caused much confusion in places such as Europe, where the proximity of many countries, coupled with the large land mass covered by satellite beams, allows signal access to many different providers. These providers are reluctant to pursue criminal charges against many viewers as they live in different countries. There have, however, been several high profile prosecution cases in the USA
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...

, where satellite dealers have been taken to court resulting in large fines or jail time.http://www.msnbc.msn.com/id/3078496

Political issues

In some countries such as Canada
Canada
Canada is a North American country consisting of ten provinces and three territories. Located in the northern part of the continent, it extends from the Atlantic Ocean in the east to the Pacific Ocean in the west, and northward into the Arctic Ocean...

 and many Caribbean
Caribbean
The Caribbean is a crescent-shaped group of islands more than 2,000 miles long separating the Gulf of Mexico and the Caribbean Sea, to the west and south, from the Atlantic Ocean, to the east and north...

 nations, the black market in satellite TV piracy is closely tied to the gray market activity of using direct broadcast satellite signals to watch broadcasts intended for one country in some other, adjacent country. Many smaller countries have no domestic DBS operations and therefore few or no legal restrictions on the use of decoders which capture foreign signals.

The refusal of most providers to knowingly issue subscriptions outside their home country leads to a situation where pirate decryption is perceived as being one of the few ways to obtain certain programming. If there is no domestic provider for a channel, a grey market (subscribed using another address) or black market (pirate) system is prerequisite to receive many specific ethnic, sport or premium movie services.

Pirate or grey-market reception also provides viewers a means to bypass local blackout restrictions on sporting events and to access hard-core pornography where some content is not otherwise available.

The grey market for US satellite receivers in Canada at one point was estimated to serve as many as several hundred thousand English-speaking Canadian households. Canadian authorities, acting under pressure from cable companies and domestic broadcasters, have made many attempts to prevent Canadians from subscribing to US direct-broadcast services such as Liberty Media's DirecTV and Echostar's Dish Network.

While litigation has gone as far as the Supreme Court of Canada
Supreme Court of Canada
The Supreme Court of Canada is the highest court of Canada and is the final court of appeals in the Canadian justice system. The court grants permission to between 40 and 75 litigants each year to appeal decisions rendered by provincial, territorial and federal appellate courts, and its decisions...

, no judicial ruling has yet been made on whether such restrictions violate the safeguards of the Canadian Charter of Rights and Freedoms
Canadian Charter of Rights and Freedoms
The Canadian Charter of Rights and Freedoms is a bill of rights entrenched in the Constitution of Canada. It forms the first part of the Constitution Act, 1982...

 which are intended to protect freedom of expression and prevent linguistic
Linguistics
Linguistics is the scientific study of human language. Linguistics can be broadly broken into three categories or subfields of study: language form, language meaning, and language in context....

 or ethnic discrimination. Domestic satellite and cable providers have adopted a strategy of judicial delay in which their legal counsel will file an endless series of otherwise-useless motions before the courts to ensure that the proponents of the grey-market systems run out of money before the "Charter Challenge" issue is decided.

According to K. William McKenzie, the Orillia Ontario lawyer who won the case in the Supreme Court of Canada, a consortium headed by David Fuss and supported by Dawn Branton and others later launched a constitutional challenge to defeat section 9(1)(c) of the Radiocommunication Act on the basis that it breached the guarantee of Freedom of Expression enshrined in section 2 (c) of the Canadian Charter of Rights.

The evidence compiled by Mr. McKenzie from his broadcasting clients in opposition to this challenge was so overwhelming that it was abandoned and the Court ordered that substantial costs be paid by the applicants.

In most cases, broadcast distributors will require a domestic billing address before issuing a subscription; post boxes and commercial mail receiving agencies are often used by grey-market subscribers to foreign providers to circumvent this restriction.

The situation in the US itself differs as it is complicated by the legal question of subscriber access to distant local TV stations. Satellite providers are severely limited in their ability to offer subscriptions to distant locals due to the risk of further lawsuits by local affiliates of the same network in the subscribers home designated market area. California stations have sued satellite providers who distributed New York signals nationally, as the distant stations would have an unfair advantage by broadcasting the same programming three hours earlier.

There is also a small "reverse gray market" for Canadian signals, transmitted with a footprint which sends full-strength DBS signals to many if not all of the contiguous 48 US states. This is desirable not only to receive Canadian-only content, but because some US-produced programs air in Canada in advance of their US broadcast. The question of signal substitution, by which Canadian cable and satellite providers substitute the signal of a local or domestic channel over a foreign or distant channel carrying the same program, is rendered more complex by the existence of a reverse grey market. Signal substitution had already been the cause of strong diplomatic protests by the United States, which considers the practice to constitute theft of advertising revenue.

The lack of domestic competition for premium movie channels in Canada is one factor encouraging grey-market reception; language is another key issue as most Spanish-language programming in North America
North America
North America is a continent wholly within the Northern Hemisphere and almost wholly within the Western Hemisphere. It is also considered a northern subcontinent of the Americas...

 is on the US system and most French-language programming is on the Canadian system. A larger selection of sports and ethnic programming is also available to grey-market subscribers.

It could be said that the 1000-channel universe is a reality in North America, but only for the signal pirates as many legal and geographic restrictions are placed on the ability to subscribe to many if not most of the physically available channels.

Other countries such as Iran
Iran
Iran , officially the Islamic Republic of Iran , is a country in Southern and Western Asia. The name "Iran" has been in use natively since the Sassanian era and came into use internationally in 1935, before which the country was known to the Western world as Persia...

 (Islamic Republic of Iran) and Afghanistan
Afghanistan
Afghanistan , officially the Islamic Republic of Afghanistan, is a landlocked country located in the centre of Asia, forming South Asia, Central Asia and the Middle East. With a population of about 29 million, it has an area of , making it the 42nd most populous and 41st largest nation in the world...

 during Taliban rule and Iraq
Iraq
Iraq ; officially the Republic of Iraq is a country in Western Asia spanning most of the northwestern end of the Zagros mountain range, the eastern part of the Syrian Desert and the northern part of the Arabian Desert....

 during the Saddam Hussein
Saddam Hussein
Saddam Hussein Abd al-Majid al-Tikriti was the fifth President of Iraq, serving in this capacity from 16 July 1979 until 9 April 2003...

 régime, have attempted to prohibit their citizens from receiving any satellite broadcasts from foreign sources.

The situation in Europe
Europe
Europe is, by convention, one of the world's seven continents. Comprising the westernmost peninsula of Eurasia, Europe is generally 'divided' from Asia to its east by the watershed divides of the Ural and Caucasus Mountains, the Ural River, the Caspian and Black Seas, and the waterways connecting...

 differs somewhat, due to the much greater linguistic diversity in that region and due to the use of standardized DVB receivers capable of receiving multiple providers and free-to-air signals. North American providers normally lock their subscribers into "package receivers" unable to tune outside their one package; often the receivers are sold at artificially low prices and the subscription cost for programming is increased in order to favour new subscribers over existing ones. Providers are also notorious for using sales tactics such as bundling
Product bundling
Product bundling is a marketing strategy that involves offering several products for sale as one combined product. This strategy is very common in the software business , in the cable television industry Product bundling is a marketing strategy that involves offering several products for sale as...

, in which to obtain one desired channel a subscriber must purchase a block of anywhere from several to more than a hundred other channels at substantial cost.
Many European companies like British Sky Broadcasting prohibit subscriptions outside of the UK. But other satellite providers like Premiere Germany do sell yearly subscription cards legally to customers in other European countries without the need for an address or other personal information. The latter also applies to virtually all the Adult channel cards sold in Europe.

Counter-piracy techniques

A number of strategies have been used by providers to control or prevent the widespread pirate decryption of their signals.

One approach has been to take legal action against dealers who sell equipment which may be of use to satellite pirates; in some cases the objective has been to obtain lists of clients in order to take or threaten to take costly legal action against end-users. Providers have created departments with names like the "office of signal integrity" or the "end-users group" to pursue alleged pirate viewers.

As some equipment (such as a computer interface to communicate with standard ISO/IEC 7816 smartcards) is useful for other purposes, this approach has drawn strong opposition from groups such as the Electronic Frontier Foundation
Electronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...

. There have also been US counter-suits alleging that the legal tactics used by some DBS providers to demand large amounts of money from end-users may themselves appear unlawful or border on extortion.

Much of the equipment is perfectly lawful to own; in these cases, only the misuse of the equipment to pirate signals is prohibited. This makes provider attempts at legal harassment of would-be pirates awkward at best, a serious problem for providers which is growing due to the Internet distribution of third-party software to reprogram some otherwise legitimate free-to-air DVB receivers to decrypt pay TV broadcasts with no extra hardware.

US-based Internet sites containing information about the compromised encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...

 schemes have also been targeted by lawyers, often with the objective of costing the defendants enough in legal fees that they have to shut down or move their sites to offshore or foreign Internet hosts.

In some cases, the serial numbers of unsubscribed smartcards have been blacklisted by providers, causing receivers to display error messages. A "hashing" approach of writing arbitrary data to every available location on the card and requiring that this data be present as part of the decryption algorithm has also been tried as a way of leaving less available free space for third-party code supplied by pirates.

Another approach has been to load malicious code onto smartcards or receivers; these programs are intended to detect tampered cards and maliciously damage the cards or corrupt the contents of non-volatile memories within the receiver. This particular Trojan horse
Trojan Horse
The Trojan Horse is a tale from the Trojan War about the stratagem that allowed the Greeks finally to enter the city of Troy and end the conflict. In the canonical version, after a fruitless 10-year siege, the Greeks constructed a huge wooden horse, and hid a select force of men inside...

 attack is often used as an ECM (electronic countermeasure
Electronic countermeasures
An electronic countermeasure is an electrical or electronic device designed to trick or deceive radar, sonar or other detection systems, like infrared or lasers. It may be used both offensively and defensively to deny targeting information to an enemy...

) by providers, especially in North America where cards and receivers are sold by the providers themselves and are easy targets for insertion of backdoors in their computer firmware
Firmware
In electronic systems and computing, firmware is a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices...

. The most famous ECM incident was the Black Sunday attack launched against tampered DirecTV "H" on 3 January 21, 2001 and intended to destroy the cards by overwriting a non-erasable part of the cards internal memory
Computer storage
Computer data storage, often called storage or memory, refers to computer components and recording media that retain digital data. Data storage is one of the core functions and fundamental components of computers....

 in order to lock the processor into an endless loop
Endless Loop
Endless Loop is overall, the fifth EP by Japanese singer Eiko Shimamiya but this is her second EP produced by both I've Sound and Geneon Entertainment. It was released on December 14, 2005...

.

The results of a provider resorting to the use of malicious code are usually temporary at best, as knowledge of how to repair most damage tends to be distributed rapidly by hobbyists through various Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...

 forums. There is also a potential legal question involved (which has yet to be addressed) as the equipment is normally the property not of the provider but of the end user. Providers will often print on the smartcard itself that the card is the property of the signal provider, but at least one legal precedent indicates that marking "this is mine" on a card, putting it in a box with a receiver and then selling it can legally mean "this is not mine anymore". Malicious damage to receiver firmware puts providers on even shakier legal ground in the unlikely event that the matter were ever to be heard by the judiciary.

The only solution which has shown any degree of long-term success against tampered smartcards has been the use of digital renewable security
Renewable security
Renewable Security was a concept that evolved after the repeated hacks of analogue TV encryption systems in the late 1980s. Simply stated, rather than completely replacing a hacked TV encryption system, only part of it would have to be replaced to make it secure again.The decoders at that time...

; if the code has been broken and the contents of the smartcard's programming widely posted across the Internet, replacing every smartcard in every subscriber's receiver with one of different, uncompromised design will effectively put an end to a piracy problem. Providers tend to be slow to go this route due to cost (as many have millions of legitimate subscribers, each of which must be sent a new card) and due to concern that someone may eventually crack the code used in whatever new replacement card is used, causing the process to begin anew.

Premiere in Germany has replaced all of its smartcards with the Nagravision Aladin card; the US DirecTV system has replaced its three compromised card types ("F" had no encryption chip, "H" was vulnerable to being reprogrammed by pirates and "HU" were vulnerable to a "glitch" which could be used to make them skip an instruction). Both providers have been able to eliminate their problems with signal piracy by replacing the compromised smartcards after all other approaches had proved to provide at best limited results.

Dish Network
Dish Network
Dish Network Corporation is the second largest pay TV provider in the United States, providing direct broadcast satellite service—including satellite television, audio programming, and interactive television services—to 14.337 million commercial and residential customers in the United States. Dish...

 and Bell TV had released new and more tamper-resistant smart cards over the years, known as the ROM2, ROM3, ROM10, ROM11 series. All these cards used the Nagravision 1
Nagravision
Nagravision is a company of the Kudelski Group that develops conditional access systems for cable and satellite television. The name is also used for their main products, the Nagravision encryption systems.-Digital systems:...

 access system. Despite introducing newer and newer security measures, older cards were typically still able to decrypt the satellite signal after new cards were released (A lack of EEPROM
EEPROM
EEPROM stands for Electrically Erasable Programmable Read-Only Memory and is a type of non-volatile memory used in computers and other electronic devices to store small amounts of data that must be saved when power is removed, e.g., calibration...

 space on the ROM2 cards eventually led to them being unable to receive updates necessary to view programming). In an effort to stop piracy, as by this point the Nagravision 1 system had been thoroughly reverse-engineered by resourceful hobbyists, an incompatible Nagravision 2
Nagravision
Nagravision is a company of the Kudelski Group that develops conditional access systems for cable and satellite television. The name is also used for their main products, the Nagravision encryption systems.-Digital systems:...

 encryption system was introduced along with a smart card swap-out for existing customers. As more cards were swapped, channel groups were slowly converted to the new encryption system, starting with pay-per-view
Pay-per-view
Pay-per-view provides a service by which a television audience can purchase events to view via private telecast. The broadcaster shows the event at the same time to everyone ordering it...

 and HDTV channels, followed by the premium movie channels. This effort culminated in a complete shutdown of the Nagravision 1 datastream for all major channels in September, 2005. Despite these efforts to secure their programming, a software hack was released in late August, 2005, allowing for the decryption of the new Nagravision 2 channels with a DVB-S
DVB-S
DVB-S is an abbreviation for Digital Video Broadcasting — Satellite; it is the original Digital Video Broadcasting forward error coding and demodulation standard for satellite television and dates from 1994, in its first release, while development lasted from 1993 to 1997...

 card and a PC
Personal computer
A personal computer is any general-purpose computer whose size, capabilities, and original sales price make it useful for individuals, and which is intended to be operated directly by an end-user with no intervening computer operator...

. Just a few months later, early revisions of the Nagravision 2 cards had been themselves compromised. Broadcast programming currently uses a simulcrypt of Nagravision 2 and Nagravision 3, a first step toward a possible future shutdown of Nagravision 2 systems.

One of the most severe sentences handed out for satellite TV piracy in the United States was to a Canadian businessman, Martin Clement MULLEN, widely known for over a decade in the satellite industry as "Marty" Mullen.

Mullen was sentenced to seven years prison with no parole and ordered to pay DirecTV and smart card provider NDS Ltd. US$24 million in restitution. He pled guilty in a Tampa, Florida court in September 2003 after being arrested when he entered the United States using a British passport in the name "Martin Paul Stewart".

Mr. Mullen had operated his satellite piracy business from Florida, the Cayman Islands and from his home in London, Ontario Canada. Testimony in the Florida court showed that he had a network of over 100 sub-dealers working for him and that during one six-week period, he cleared US$4.4 million dollars in cash from re-programing DirecTV smartcards that had been damaged in an electronic counter measure.

NDS Inc. Chief of Security John Norris is credited with pursuing Mullen for a decade in three different countries. When Mullen originally fled the United States to Canada in the mid-1990s, Norris launched an investigation that saw an undercover operator (a former Canadian police officer named Don Best) become one of Mullen's sub-dealers and his closest personal friend for over a year. In summer of 2003 when Mullen travelled under another identity to visit his operations in Florida, US Federal authorities were waiting for him at the airport after being tipped off by Canadian investigators working for NDS Inc..

Ironically the NDS Group
NDS Group
NDS Group Plc. is a developer of pay TV technology. NDS was established in 1988 as an Israeli start up company. It was acquired by News Corporation in 1992. The company is currently headquartered in Staines, United Kingdom...

were accused (in several lawsuits) by Canal+ (dismissed) and Echostar (now DishNetwork) of hacking the Nagra encryption and releasing the information on the internet. The jury awarded EchoStar $45.69 actual damages (one month's average subscription fee) in Claim 3.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK