Black Sunday Fix Is in for DBS Pirates
By DAVID ILER -- Multichannel News, 3/19/2001
Emulators, bootloaders, unloopers and EEPROM: They're not the weapons of invading robotic aliens, but rather tools of the trade wielded by direct-broadcast satellite pirates, whose efforts at intercepting DBS signals represent a rather large cottage industry.
Although DirecTV Inc. scored a significant victory against pirates in January, when it sent a "data bomb" in its broadcast signal that rendered doctored conditional-access cards useless, workarounds are being developed and sold through dozens of Web sites devoted to DBS signal theft-or, in pirate parlance, access-card "testing."
A massive January electronic countermeasure (ECM) directed against hackers by DirecTV Inc. was, by all accounts, very successful. The day it was unleashed has become known as "Black Sunday" among pirates.
Since then, however, Web sites have been littered with "Black Sunday Fix" advertisements.
While DirecTV and NDS Americas aren't talking about how they disabled pirated conditional access cards that day, it's believed that the January ECM disabled key data stored on hacked cards' EEPROM, or electrically erasable programmable read-only memory. Previous ECMs have inserted "looping" programs that prevent cards from being reprogrammed to enable unauthorized access to programming.
Thus, card "unloopers" have typically lowered the normal operating voltage, which allows hackers to insert commands and break that loop.
As a result of the Black Sunday ECM, however, traditional unlooping is no longer effective on most access cards hit by DirecTV's data bomb. Workarounds have involved the configuration of a dedicated personal computer and performing a service-access emulation that removes the hacked access card from any contact with the satellite signal datastream and masks the damaged parts of the card.
What's needed to perform this workaround, according to a revised program guide found on the DSS Underground site, include a Windows-run PC, an ISO 7816 smart card programmer and an emulator board designed to interface with the PC.
From there, the PC would also need to run software that mimics a genuine DSS access card that authorizes programming, a specially programmed access "H" card, and a boot disk.
Several software programs are also required for this scheme, including a program that bypasses damaged portions of cards exposed to the Black Sunday ECM.
After the smart card is modified via a series of steps, the programmer loads an unlooping program on a DOS boot disk and "cleans" the corrupted access card and then the basic emulation software is installed.
With the emulation board connected on one end to the PC's serial port, the configured boot disk placed in the PC's floppy drive and the doctored access card inserted in the smart-card reader, the emulation board itself is inserted into the card slot of the satellite receiver. If all the rather sophisticated programming and configuration steps have been performed correctly, then, in theory, the hacker should be able to watch TV.
Pirates' Web sites prominently display information and ads for the various pieces of hardware needed for the Black Sunday fix. According to the Webmaster of the DSS Underground, who responded to questions via e-mail, the scheme described above is "extremely effective. I personally believe that this way of running things will work until the very last day they use the H card stream. I don't think anyone with this set-up will see any down time until they simply stop feeding the H stream."
The driving force behind the many sites and dozens of dealers who provide information, hardware and software for capturing the DSS signal, is "the want of the public for free TV ... (and) that motivation turns to money when the Web sites and dealers get into it," the DSS Webmaster conceded.
"There will always be the hack-counterhack scenario we see now," the Webmaster added. "If someone wants something bad enough, it will be hacked."
He concluded: "Although I still have a thought in the back of my head that (DirecTV) owns all the stuff.major stuff.data uplinks and everything.I still think they could do more, but for some reason they don't. The fact still remains that there will always be the cat-and-mouse (game)."
