Hi guys, the STBs (set-top-box) in occidental europe use CSA (common scrambling algorithm)and it is implemented hardware side.
Indeed in datasheet SoC of STBs, there is a "transport demultiplexer/descrambler"( schema in attached photo). what I want to know is the scrambling algorithm is implemented in memory like eprom/rom? or something of the operating logic escapes me.
thanks

 

There are many ways to implement scrambling algorithms. The exact choice is up to the hardware designer and that decision is based on a number of factors. A lot of it depends on the complexity and design of the scrambling algorithms and whether it was intended to be efficiently descrambled using simple hardware, which this one probably was.

 

There are many ways to implement scrambling algorithms. The exact choice is up to the hardware designer and that decision is based on a number of factors. A lot of it depends on the complexity and design of the scrambling algorithms and whether it was intended to be efficiently descrambled using simple hardware, which this one probably was.

which one?in eprom?or is it implemented in design of support in this case "transport demultiplexer/descramblers"?
if I wanted get the algorithm, what is the way?

 

which one?in eprom?or is it implemented in design of support in this case "transport demultiplexer/descramblers"?

There is no way for anyone to know how the algorithm in any particular piece of hardware is implemented -- that is up to the hardware designer that designed that particular piece of hardware.

if I wanted get the algorithm, what is the way?

Look it up. It's been publicly available for 15 years.

But it would appear that you don't want the algorithm, you want to steal content that you haven't paid for. That's a different problem and for that you need a way of compromising the keys that are used.

 

There is no way for anyone to know how the algorithm in any particular piece of hardware is implemented -- that is up to the hardware designer that designed that particular piece of hardware.



Look it up. It's been publicly available for 15 years.

But it would appear that you don't want the algorithm, you want to steal content that you haven't paid for. That's a different problem and for that you need a way of compromising the keys that are used.

I know, CSA is public , but there is another scrambling algorithm not public which is implemented and I would like to get it but I have to know the specific location where algorithm is implemented.
I thought to link with jtag to SoC and I could dump ROM, but I don't know if algorithm is there.

 

I know, CSA is public , but there is another scrambling algorithm not public which is implemented and I would like to get it but I have to know the specific location where algorithm is implemented.
I thought to link with jtag to SoC and I could dump ROM, but I don't know if algorithm is there.

Maybe you need to explain why you would like to "get it". But I think WBahn already came up with that answer.

 

I know, CSA is public , but there is another scrambling algorithm not public which is implemented and I would like to get it but I have to know the specific location where algorithm is implemented.
I thought to link with jtag to SoC and I could dump ROM, but I don't know if algorithm is there.

If the security of the system is dependent on safeguarding the contents of a ROM, then you won't be able to just connect to it with a JTAG interface and dump the ROM -- that would have been pretty stupid on the designer's part, no?

The replacement, CSA3, is based on AES-128. So perhaps first you should break that algorithm.

 

If the security of the system is dependent on safeguarding the contents of a ROM, then you won't be able to just connect to it with a JTAG interface and dump the ROM -- that would have been pretty stupid on the designer's part, no?

The replacement, CSA3, is based on AES-128. So perhaps first you should break that algorithm.

I don't think that this different algorithm of which I m writing it is CSA3, and I don't want break algroithm, I would reverse algorithm from STB and I m right to thing that there is a possibility to interface with jtag.
But my problem is the location of algorithm, as I said before.

 

I don't think that this different algorithm of which I m writing it is CSA3, and I don't want break algroithm, I would reverse algorithm from STB and I m right to thing that there is a possibility to interface with jtag.
But my problem is the location of algorithm, as I said before.

And as I've said before, twice, how the algorithm is implemented and where it is located is entirely, completely, and totally up to the person that designed THAT piece of hardware. That brand, that model, and that version.

Why do you want to access the algorithm?

If the designer of the hardware doesn't want certain information about the implementation to be accessible, then they will take steps to make it extremely difficult (i.e., all but impossible) to access it. The manufactures of programmable parts know that many of their customers will want this capability and so they have parts in their product line that support it.