/aycwabtu

AYCWABTU is a brute force control word calculation tool for the DVB common scrambling algorithm (csa) that finds keys in encrypted transport streams

Primary LanguageC

AYCWABTU

overview

AYCWABTU is a proof of concept for a brute force control word calculation tool for the common scrambling algorithm used in digital video broadcasting.

AYCWABTU is not useful for live decryption of pay TV channels because the search for one key needs much more time than the key renewal interval. Majority of channels change keys multiple times a minute and AYCWABTU needs months to brute force one key. AYCWABTU is intended as proof of concept, and is not intended to be used for illegal purposes. The author does not accept responsibility for ANY damage incurred by the use of it.

It uses parallel bit slice technique. Other csa parallel bit slice implementations (like libdvbcsa) are meant for stream processing. They encrypt or decrypt many packets with one key. AYCWABTU uses parallel bit slice for decrypting one packet with many keys.

features

  • fast brute force key calculation due to bit sliced crack algorithm (sse2 and 32 bit versions available)
  • open source. License: GPL
  • read three encrypted data packets from ts file with many checks for valid data
  • writes a small probe ts file with these packets for sharing and distributed attack
  • test frame included to make sure, it really finds the keys. Also suitable for other brute force tools
  • written in C. Developed in Visual Studio 2013, tested with gcc 4.8.2+cygwin 2.844
  • much potential for speed improvements

to do list

  • speed improvement, see ideas below
  • multi threading
  • support for 256 bits parallel with advanced vector extensions AVX
  • OpenCL support
  • optimize the block sbox boolean equations. Only slightly faster with 128 bits. See da_diett.pdf Chpt. 3.1

speed optimization ideas

  • most important: OpenCL support (not only CUDA, please!).
  • check, why aycw_block_sbox(&sbox_out) fails in gcc, possible speedup ~19%
  • block decrypt first (does not depend on stream). Then stream afterwards, stop XORing immediately if foreseeable there is no PES header

developers

  • after changing the code, run tests with SELFTEST enabled to make sure the algorithm still works. It's too easy to break things.
  • run "make test"
  • test all the batch size implementations
  • publish all your work please, AYCWABTU is released under GPL

credits


"Sorry, it is hard to understand and modify but it was harder to design and implement!!!" fatih89r

Have fun.

ganymede