VideoCrypt
VideoCrypt is a cryptographic, smartcard-based conditional access television encryption system that scrambles analogue pay-TV signals. It was introduced in 1989 by News Datacom and was used initially by Sky TV and subsequently by several other broadcasters on SES' Astra satellites at 19.2° east.
Users
Broadcaster | Market | Medium |
---|---|---|
British Sky Broadcasting | United Kingdom, Ireland | SES' Astra satellites |
The Adult Channel | Europe | SES' Astra satellite |
JSTV | Europe | SES' Astra satellite |
SKY Network Television | New Zealand | terrestrial UHF (Ended 10 Mar 2010) |
Sky Fiji | Fiji | terrestrial VHF |
MTV Europe | Europe | SES' Astra satellite |
Foxtel (until 2005) | Australia | Telstra terrestrial HFC |
Versions
Three variants of the VideoCrypt system were deployed in Europe: VideoCrypt I for the UK and Irish market and VideoCrypt II for continental Europe. The third variant, VideoCrypt-S was used on a short-lived BBC Select service. The VideoCrypt-S system differed from the typical VideoCrypt implementation as it used line shuffle scrambling.
- Sky NZ and Sky Fiji may use different versions of the VideoCrypt standard, probably based on VideoCrypt-S.
- Sky NZ used NICAM stereo for many years until abandoning it when the Sky DTH technology started replacing Sky UHF.
Operating principle
The system scrambles the picture using a technique known as Line Cut-and-Rotate. Each line that made up each picture (video frame) is cut at one of 256 possible "cut points", and the two halves of each line are swapped around for transmission. The series of cutpoints is determined by a pseudo-random sequence. Channels were decoded using a pseudorandom number generator (PRNG) sequence stored on a smart card (aka Viewing Card).
To decode a channel the decoder would read the smart card to check if the card is authorised for the specific channel. If not, a message would appear on screen. Otherwise the decoder seeds the card's PRNG with a seed transmitted with the video signal to generate the correct sequence of cut points.
The system also included a cryptographic element called the Fiat Shamir Zero Knowledge Test. This element was a routine in the smartcard that would prove to the decoder that the card was indeed a genuine card. The basic model was that the decoder would present the card with a packet of data (the question or challenge) which the card would process and effectively return the result (the answer) to the decoder proving that it was a genuine card without disclosing any critical information. If the decoder received the wrong result from the card, it was supposed to stop decoding the video. However a technologically insecure implementation of this otherwise strong cryptographic element made it redundant.
The VideoCrypt-S variant, used by the BBC Select service, was based on line shuffle scrambling. This form of video scrambling changes the order in which lines are transmitted thus line 20 may be transmitted as line 32. The VideoCrypt-S variant used six blocks of forty seven lines per field. It had three scrambling formats: full shuffle in which 282 lines were affected; half shuffle, in which every alternate field was scrambled; and a line delay scramble in which the start position of the video in each line was pseudo-randomly delayed.
Attacks
The VideoCrypt system was far from secure and a number of hacks were employed.
Although, the analog UHF option is still available, the introduction of Sky Digital has ameliorated these issues significantly, as the VideoGuard system employed by SkyDigital has not been widely defeated, as of 2009.
Card attacks
- Hackers discovered methods of preventing Sky from killing or deactivating their cards. The simplest of these attacks relied on the fact that Sky was using EPROM technology for its smartcards at the time. Thus by modifying the decoder to limit the write voltage to the card, it was possible to stop cards being turned off over the air. Another, known as the KENtucky Fried Chip attack relied on replacing the microcontroller that controlled the smartcard to decoder interface. This attack relied on blocking packets with the smartcard's identification number. The voltage based attack failed after Sky changed to smartcards that used EEPROM technology.
- Commercial pirates completely reverse engineered the Sky smartcard, removed the access control routines and created working pirate smartcards using different microcontroller types (typically the PIC16C84) from that used by Sky.
- Hackers also discovered (after the commercial pirate code became public) ways of switching on "dead" cards using a computer and smartcard interface by sending a properly formatted and addressed activation packet to the card. Variations on this attack also allowed existing subscriber cards to be upgraded to more expensive subscription packages. This attack was known as the "Phoenix Hack" after the mythical bird that could bring itself back to life.
Datastream attacks
- Other successful hacks involved sampling the datastream between the card and the decoder, for example you could record a movie and store the decoder information so that people could then use it to decode the same movie that they recorded earlier with a decoder and "dummy" card (the dummy smartcard was an interface that received the synchronised decryption seeds from a computer). The attack was known as the Delayed Data Transfer hack and it worked because the conditional access data, decoder addressing and encrypted keys, were on the video lines that are recorded by normal VCRs and the data rate, unlike that of Teletext, was slow enough to allow the data to be recorded with the encrypted video.
Decoder card datastream attacks
- The most successful hack on the VideoCrypt system is the "McCormac Hack" devised by John McCormac. [citation needed] This attack involved broadcasting the decryption keys from the decoder-card data live so that other decoders could use it to watch the encrypted channels, effectively sharing a card with several decoders. Card sharing is an implementation of the McCormac Hack.
Brute force
- As desktop computing power increased, such a simple system was always inherently vulnerable to brute force 'image-processing' attacks.
- Even without any information at all about the cutpoint sequence, adjacent lines in a picture can be 'correlated' to find the best match, and the picture reconstructed.
- The Brute force method will not work for all pictures, but is an interesting proof-of-concept.
- Markus Kuhn's Antisky.c program from 1994 is an early example of such an attack.
- More recently it has been shown that, using detailed knowledge of the way colour is transmitted in analogue TV systems, 'perfect' reconstruction could be achieved for many scenes.
- Cheap PC TV cards (~£40) with particular chipsets (e.g.: Brooktree) were capable of descrambling the image in near real time (sound was delayed to match). This was made possible with software such as MoreTV or hVCPlus and a reasonably fast PC. The picture quality was on par with an old VHS videotape, with some colour distortion depending on PC performance.
References
- Michael Cohen, Jonathan Hashkes: A system for controlling access to broadcast transmissions. EP 0428252, 22 May 1991.
- John McCormac: European Scrambling Systems 5 – The Black Book, Waterford University Press, 1996, ISBN 1-873556-22-5.
- Markus Kuhn: Attacks on pay-TV access control systems, seminar talk slides, 1997.
- Markus Kuhn: Some technical details about VideoCrypt, 1996.
- Markus Kuhn: AntiSky – an image processing attack on VideoCrypt, 1994. This C programme reassembles VideoCrypt encoded stills.