hacktv:eurocypher:start

# EuroCypher (BSB)

EuroCypher was a variant of VideoCipher II which was designed for the ill-fated BSB (British Satellite Broadcasting) satellite service. The system was only used for a year and is now absolutely and completely obsolete, but it is interesting to look at from a historical perspective. This section is my attempt to explain a little about Eurocypher and its implementation, for the historical record.

Eurocypher is a cardless, tier-based system, which is based around an ACM (access control module). It includes some 'value added' features which were relatively novel in the European satellite industry at the time.

• Tiered access control system.
• Channel access control is done with 256 tier bits.
• The ACM performs a logical AND of its tier bits and those transmitted in the channel ECMs. If the result is nonzero (the ACM and channel share at least one tier bit), then access is allowed.
• Messages, both 'personal' and 'tiered' (ref: Bennett and Moroney, 1990 via 2014 EWHC 1559 (Pat)).
• Personal messages are addressed to a specific ACM.
• Tiered messages are addressed to a programme tier.
• Display of the message can be forced, or the message can be stored for later viewing. Stored messages cause a 'message indicator' to appear on screen.
• Message display can be for a fixed period of time, or indefinite.
• Programme information – now-and-next and time remaining
• Programme names may be up to 35 characters in length (ref: 2014 EWHC 828 (Pat)).
• Parental control data is included with the programme data
• By default, BSB receivers have broadcaster-provided L (language), V (violence), and S (sexual situations) flags (ref: 2014 EWHC 828 (Pat)).
• The ratings configuration (a map from the ratings ID numbers to textual messages) was downloaded from over-the-air messages, allowing this to be reconfigured as needed by the broadcaster (ref: 2014 EWHC 828 (Pat)).
• Circular regional blackouts.
• The ACM's physical location is set when it is activated.
• The CA data for a given programme includes regional blackout data: a location and radius.
• The ACM calculates the distance from its programmed location and the regional blackout's location, to produce a distance. If the distance exceeds the radius (distance) set in the CA data, access is either allowed or disallowed depending on the policy set in the ECM message.
• Integrated on-screen text display controller
• There is a software interface to allow the receiver to display its own messages using the ACM's OSD controller. This helps simplify the receiver, by removing the need for a separate OSD chip for IRD messages.

The CA function, in general, is a 'key ladder' system. This description is based on the Videocipher patent (US4613901A). Eurocypher is assumed to behave similarly.

• Each ACM starts out with a Unit ID and a set of four Subscriber Key Seeds (seed keys). These are unique to each ACM.
• The programme provider has a Category Address and a Category Key.
• These are transmitted to each box individually when it is activated, or when the Category Key has been compromised.
• Category Key is encrypted with one of the unique seed keys, and addressed to a specific ACM.
• The channel transmits a Channel Key, which is encrypted using the Category Key.
• These change on a monthly basis, and are addressed to any ACM which is assigned to the category.
• Every ten seconds, a new Working Key (control word) is generated.
• This is done by decrypting the frame count with the Channel Key to produce a Working Key.
• The final control word is sent to the DMAC descrambler IC, and used to descramble the audio and video.

This scheme is secure, provided that the seed keys and monthly keys remain secure. The main risks to the system are:

• “Three Musketeers” (3M). The ACM firmware is modified to remove the tier-bit checks.
• Because all channels under one Category share the same root key, a basic subscription can be made to unlock all channels under that provider (except pay-per-view events).
• The name comes from the Three Musketeers' motto: All for one, and one for all!. In this context, that means all (channels) for (the price of) one channel.
• Cloning. If the seed keys and unit ID can be cloned from one ACM to another, then multiple ACMs can share a single subscription.
• This of course relies on the original box remaining subscribed and undetected: an “unsubscribe” message sent to one ACM will cause all of the clones to unsubscribe too.
• If the original box is unsubscribed, it will no longer receive key updates – so even if the subscription check is bypassed too, the boxes will lose access when the key is changed.
• Channel or Category key cloning. The ACM firmware is modified. Channel or Category keys are dumped from a modified, subscribed ACM, and are distributed to others.
• Owners of pirate receivers would enter the leaked keys using a keypad.
• This is similar to attacks on D2MAC Eurocrypt: monthly keys were posted on BBSes and websites, for pirates to enter into their pirated smartcards using a keypad.

The ACM is responsible for generating the following menus:

• Programme Control
• ACM diagnostics (partial: some elements are set by the IRD)

The content of these screens is found in the ACM ROM.

Eurocypher was assigned Packet Index 0x88, CAID 0x30 in the DMAC/Packet SI data.

ECMs, EMMs and programme information are likely sent via this data path, and forwarded to the ACM by the receiver.

Technical information on the various parts of Eurocypher has been split out into separate sections for convenience:

• ACM ↔ STB communications interface

I'm looking for copies of the following articles or papers – please email me at philpem@philpem.me.uk if you have a copy:

• EBU Tech 3258-E: “Specification of the systems of the MAC/packet family”
• Proposal For New Part 6 Of The EBU Specification For The MAC/Packet Family, published Oct. 1988.
• Especially Appendix 1 To Proposed New Part 6: Eurocypher ACM/ Receiver Interface Message Definition, Version of 24.
• Bennett, C. J., Moroney, P., and Cutts, D. J. (1990), The Architecture and Security Design Goals of the Eurocypher System. In: Proceedings of ACSA 1990 “Conditional access for audiovisual services : 1st International seminar” (a.k.a.: Accès conditionnel aux services audiovisuels ACSA '90 ; actes des premières journées internationales). Rennes, France: CCETT.
• Cutts. D. J., “A complete system for controlled access television,” 1990 International Broadcasting Convention, IBC 1990, 1990, pp. 266-269.
• Chippindale, Peter; Franks, Suzanne. (1991) Dished! The Rise and fall of British Satellite Broadcasting. ISBN 067171077X.
• EBU Tech 3258E: “Specification of the systems of the MAC/packet family”

#### Technical information

• A short one-page summary of the Eurocypher system and its basic capabilities
• Cutts, D. J. (1990) A complete system for controlled access television,” 1990 International Broadcasting Convention, IBC 1990, pp. 266-269.
• Four-page summary of the capabilities of Eurocypher and the ACM.
• Bagenal, P. W. and Upton, S. M. (1990). Customer management and the Eurocipher conditional access system at British Satellite Broadcasting,”. Proceedings of 1990 International Broadcasting Convention (IBC 1990), pp.270-277, 21-25 September 1990.
• Details of the corporate IT setup which underpins Eurocypher.
• Bennett, C. J., Moroney, P., and Cutts, D. J. (1990). “The Architecture and Security Goals of the Eurocypher System”. Proceedings of ACSA90, Rennes, France.
• I'm looking for a copy of this paper

#### Citations and quotes

• A court case which contains some high-level details of the features Eurocypher offers.
• References Bennett and Moroney (1990) and includes some quotes which explain more of Eurocypher's features, notably the OSD system.

#### Industry news

Per Chris Gerlinsky's 33c3 talk, there may be some similarity between Digicipher's data table format and SCTE-65. If Digicipher is based on Videocipher II, there may also be some data format similarity between them.