Understanding the Irdeto Algorithm and Smartcard Tables in the Nokia MM9500 Series Receivers

Introduction

The Irdeto algorithm is a complex encryption standard widely used in the field of digital television encryption. It is designed to protect broadcast content by encrypting the data sent to receivers. The content can only be decrypted by authorized users, with unique smartcards provided by the broadcasting company. In this article, we’ll dive into the inner workings of the Irdeto algorithm, particularly focusing on its application in the Nokia MM9500 and MM9xxx series receivers. This article also highlights key tables such as RotTable1 within the smartcard and explains the Master Keys (PMK), providing a few calculation examples for educational purposes.

The Irdeto Algorithm

The Irdeto algorithm is used to encrypt data to ensure that only authenticated users with the correct smartcard can access the broadcast content. The smartcard contains unique keys and tables that interact with encrypted transmissions to produce the correct decryption key or plain key, which the receiver then uses to decode the content.

Key Components of the Irdeto Smartcard

  1. Master Key (PMK): The Primary Master Key (PMK) is a critical element that helps in generating the plain key (decryption key) for encrypted content. With access to the PMK, you can work out the decryption keys for specific transmissions.
  2. RotTable1 and Other Tables: Inside the Irdeto smartcard are several tables, with RotTable1 being one of the most important. These tables define specific transformations or rotations that occur as part of the algorithm’s encryption or decryption process. Each table contains unique data that contributes to the decryption process, especially when combined with the PMK.

How the Tool Works

The tool you’ve developed automates the process of calculating plain keys for the Nokia MM9500 and MM9xxx series receivers. When the PMK is known, the tool uses it in combination with data from RotTable1 and other tables in the smartcard to compute the correct plain key. This is particularly useful for analyzing and understanding the Irdeto algorithm without having to manually process each step.

The following section explains the tables and how the tool calculates decryption keys.

Explanation of RotTable1

The RotTable1 is a predefined table in the smartcard that plays a key role in the decryption process. This table contains rotation values or transformations, which are applied to specific parts of the encrypted data, modifying it in a way that only the correct combination of table data and PMK can decode.

For example, consider that RotTable1 has certain rotation patterns which are applied sequentially to parts of the data. These rotations change the data’s byte order, effectively altering its encrypted form in a way that requires knowledge of RotTable1 to revert.

Example of RotTable1 Data:

plaintext
RotTable1:
0x1C, 0x2A, 0x3B, 0x4F, ... (see below the article for the real table)

Each of these values represents a specific rotation or transformation that is applied in the algorithm’s process.

Calculation Examples Using the Tool

Here are some simplified steps to demonstrate how the tool calculates the plain key from the PMK and RotTable1.

Example 1: Plain Key Calculation

  1. Input the PMK: Assume we have a PMK value of 0xA1B2C3D4E5F6.
  2. Apply RotTable1 Transformations:
    • Using RotTable1, each byte of the PMK undergoes a specific rotation according to the values in RotTable1.
    • For instance, if the first rotation value is 0x1C, the tool would rotate the first byte of the PMK by 28 bits to the left.
    • This process continues byte by byte across the PMK, creating a transformed value.
  3. Generate Plain Key:
    • After all transformations, the resulting value is compared or XORed with a specific checksum or value that is pre-defined in the algorithm.
    • This produces the final plain key, which the receiver can use to decrypt the broadcast data.
  4. Output: The tool outputs this plain key, ready for decryption of content on the Nokia MM9500.

Example Calculation Walkthrough

For a clearer example, let’s walk through a calculation using hypothetical values:

  1. Initial PMK: 0xAABBCCDDEEFF
  2. RotTable1 Transformations:
    • Suppose the values in RotTable1 are 0x03, 0x0C, 0x2F, 0x1A...
    • Each rotation value would be applied to the corresponding byte in the PMK.
  3. Step-by-Step Calculation:
    • Rotate the first byte (AA) by 3 bits as per RotTable1[0].
    • Rotate the second byte (BB) by 12 bits.
    • Continue this process for each byte in the PMK.
    • After completing these rotations, combine the transformed bytes.
  4. Final XOR with Checksum:
    • XOR the result with a checksum to finalize the plain key.
  5. Result: The output plain key allows decryption of the intended content on the Nokia MM9xxx series.

Educational Purpose and Practical Applications

This tool is intended for educational purposes, specifically for understanding the Irdeto algorithm in older model receivers like the Nokia MM9500. By analyzing the algorithm, researchers and developers can gain insight into legacy encryption methods, contributing to advancements in digital security.

Conclusion

The Irdeto algorithm and its associated tables, such as RotTable1, form a robust framework for digital television encryption. Your tool, designed for the Nokia MM9500 and MM9xxx receivers, offers an automated way to study this encryption, provided the PMK is known. By automating the calculation of plain keys, it simplifies the otherwise complex decryption process for educational analysis and research into encryption techniques used in digital broadcasting.

Only for education purposes ofcourse…

 

 

DOWNLOAD

v0.1  [ from somewhere in the year 2000 ]

 

Tables

[php] RotTable1 (
0, 1, 2, 3, 4, 5, 6, 7, 0, 3, 6, 1, 4, 7, 2, 5
)

AsciTable (
$61, $62, $63, $64, $65, $66, $67, $FE
)

Table1 (
$DA,$26,$E8,$72,$11,$52,$3E,$46,$32,$FF,$8C,$1E,$A7,$BE,$2C,$29,
$5F,$86,$7E,$75,$0A,$08,$A5,$21,$61,$FB,$7A,$58,$60,$F7,$81,$4F,
$E4,$FC,$DF,$B1,$BB,$6A,$02,$B3,$0B,$6E,$5D,$5C,$D5,$CF,$CA,$2A,
$14,$B7,$90,$F3,$D9,$37,$3A,$59,$44,$69,$C9,$78,$30,$16,$39,$9A,
$0D,$05,$1F,$8B,$5E,$EE,$1B,$C4,$76,$43,$BD,$EB,$42,$EF,$F9,$D0,
$4D,$E3,$F4,$57,$56,$A3,$0F,$A6,$50,$FD,$DE,$D2,$80,$4C,$D3,$CB,
$F8,$49,$8F,$22,$71,$84,$33,$E0,$47,$C2,$93,$BC,$7C,$3B,$9C,$7D,
$EC,$C3,$F1,$89,$CE,$98,$A2,$E1,$C1,$F2,$27,$12,$01,$EA,$E5,$9B,
$25,$87,$96,$7B,$34,$45,$AD,$D1,$B5,$DB,$83,$55,$B0,$9E,$19,$D7,
$17,$C6,$35,$D8,$F0,$AE,$D4,$2B,$1D,$A0,$99,$8A,$15,$00,$AF,$2D,
$09,$A8,$F5,$6C,$A1,$63,$67,$51,$3C,$B2,$C0,$ED,$94,$03,$6F,$BA,
$3F,$4E,$62,$92,$85,$DD,$AB,$FE,$10,$2E,$68,$65,$E7,$04,$F6,$0C,
$20,$1C,$A9,$53,$40,$77,$2F,$A4,$FA,$6D,$73,$28,$E2,$CD,$79,$C8,
$97,$66,$8E,$82,$74,$06,$C7,$88,$1A,$4A,$6B,$CC,$41,$E9,$9D,$B8,
$23,$9F,$3D,$BF,$8D,$95,$C5,$13,$B9,$24,$5A,$DC,$64,$18,$38,$91,
$7F,$5B,$70,$54,$07,$B6,$4B,$0E,$36,$AC,$31,$E6,$D6,$48,$AA,$B4
)

Table2 (
$8E,$D5,$32,$53,$4B,$18,$7F,$95,$BE,$30,$F3,$E0,$22,$E1,$68,$90,
$82,$C8,$A8,$57,$21,$C5,$38,$73,$61,$5D,$5A,$D6,$60,$B7,$48,$70,
$2B,$7A,$1D,$D1,$B1,$EC,$7C,$AA,$2F,$1F,$37,$58,$72,$88,$FF,$87,
$1C,$CB,$00,$E6,$4E,$AB,$EB,$B3,$F7,$59,$71,$6A,$64,$2A,$55,$4D,
$FC,$C0,$51,$01,$2D,$C4,$54,$E2,$9F,$26,$16,$27,$F2,$9C,$86,$11,
$05,$29,$A2,$78,$49,$B2,$A6,$CA,$96,$E5,$33,$3F,$46,$BA,$D0,$BB,
$5F,$84,$98,$E4,$F9,$0A,$62,$EE,$F6,$CF,$94,$F0,$EA,$1E,$BF,$07,
$9B,$D9,$E9,$74,$C6,$A4,$B9,$56,$3E,$DB,$C7,$15,$E3,$80,$D7,$ED,
$EF,$13,$AC,$A1,$91,$C2,$89,$5B,$08,$0B,$4C,$02,$3A,$5C,$A9,$3B,
$CE,$6B,$A7,$E7,$CD,$7B,$A0,$47,$09,$6D,$F8,$F1,$8B,$B0,$12,$42,
$4A,$9A,$17,$B4,$7E,$AD,$FE,$FD,$2C,$D3,$F4,$B6,$A3,$FA,$DF,$B8,
$D4,$DA,$0F,$50,$93,$66,$6C,$20,$D8,$8A,$DD,$31,$1A,$8C,$06,$D2,
$44,$E8,$23,$43,$6E,$10,$69,$36,$BC,$19,$8D,$24,$81,$14,$40,$C9,
$6F,$2E,$45,$52,$41,$92,$34,$FB,$5E,$0D,$F5,$76,$25,$77,$63,$65,
$AF,$4F,$CC,$03,$9D,$0C,$28,$39,$85,$DE,$B5,$7D,$67,$83,$BD,$C3,
$DC,$3C,$AE,$99,$04,$75,$8F,$97,$C1,$A5,$9E,$35,$0E,$3D,$1B,$79
)[/php]

 

LINKS

http://nl.wikipedia.org/wiki/Irdeto_Access