This is an old revision of the document!
GI/Jerrold video scrambling
Modes
- “RF” scrambling
- Sync suppression by attenuation (0dB, 6dB or 10dB)
- “Baseband” scrambling
- Video inversion
- Audio encoding
- Shifted sideband carrier
VBI Line 18 format
From Magicboxes, via Dave2.
The GI/Jerrold systems use sync suppression at 3 attenuation levels (0, 6, and 10dB), video inversion, and audio encoding. One of the last posts from MagicBoxes concluded that all this information was transmitted during the first field on line 18. The difficult part here is that the information on line 18 could also be used for other purposes besides scrambling mode (such as autorization codes). Therefore the correct data packet must be interpretted. From MagicBoxes (a little cleaned up):
Well, here for the first time ever is a a short summary of how GI protects their entire analog line:
- The data determining invert, sync supp. level, audio privacy is totally located on HL 18
- The data is in the form of a start bit followed by CRC, then the scrambling level.
- The bits are 2.2uS wide
- note: this is around 8 cycles of NTSC colour burst
- Only packets with a start bit should be processed.
- Valid packets appear on every second field, packets without a start bit are random junk.
- Only packets with a valid CRC are to be considered a mode change packet.
- A mode change only OCCURS after 2 fields.
- The packet data is encoded on Line 18 with 3.58Mhz bursts (2.2uS wide)
If a mode change packet below is received then mode is changed in 2 fields
| Sync Supp. Level | Inverted Video | Audio Privacy | Mode Packet |
|---|---|---|---|
| 0db (clear) | No | No | 8A18 |
| 0db (clear) | Yes | No | 8838 |
| 0db (clear) | No | Yes | 8298 |
| 0db (clear) | Yes | Yes | 80B8 |
| 6db | No | No | 8B08 |
| 6db | Yes | No | 8928 |
| 6db | No | Yes | 8388 |
| 6db | Yes | Yes | 81A8 |
| 10db | No | No | 8610 |
| 10db | Yes | No | 8430 |
| 10db | No | Yes | 8A90 |
| 10db | Yes | Yes | 88B0 |
The mode change packet includes the start bit.
The packet disassembled:
| [start bit] | 0 | 0 | 0 | [CRC - 4 bits] | [audio privacy] | 0 | [invert bit] | [6db bit] | [10db bit] |
- If [audio privacy] = 1 then audio privacy is being used
- If [invert bit] = 1 then video will be inverted
| Level | 6db | 10db |
|---|---|---|
| 0db | 1 | 1 |
| 6db | 0 | 1 |
| 10db | 1 | 0 |
| Illegal | 0 | 0 |
Above is the entire scrambling data which can be used to descramble any GI analog system. Notice that the data is NOT encrypted. This data stream (as the authorization stream) are both unencrypted.
PAL use of HL18
The GI PAL implementation reportedly (Magicboxes) uses the same data format on line 18.
Audio privacy
From Dave2.
Audio (from me Dave2) is usually simply encoded on to a higher carrier frequency than is normally expected by a receiver. On my system (CFT 2014) it is 31.5kHz higher, on others CFT 550 (from jpb) it is 25kHz. Because the audio is still completely in tact, it can't be called scrambling, it is simply modulated at a different frequency. This technique is widely known as SCA or SCS. It is the same manner that Second Audio Program (SAP) on televisions and how stereo FM primarily works. To retrieve the audio, all that needs to be done is to take the audio signal from the FM detector of an IF chip, prior to the de-emphasis circuit, and do an FM detect at the sub-carrier frequency. A simple PLL circuit using a MC14046B or LM/NE565 tuned to the sub-carrier frequency has been shown to work adequately.
Another method I've heard rumors of is identical but is used for stereo encoding. The audio is apparently FM modulated to 250kHz. I've seen US patent information on this one (US 4956862) but haven't had any confirmations yet.