17 Nov 2015

PowerVu DES encryption hacked on Dreambox

Submitted by drhans
Once again the legendary Dreambox receivers make history. PowerVu channels encrypted in DES can now be decrypted on a Dreambox without the need to use stream relay or any hardware modification. There have been other receivers with such capability but all of those were low-end shitty boxes without Enigma2. Now PowerVu came to a real linux machine with autoupdate support.
It seems that the makers of OSCAM emulator found a way to use the hardware DES decoder on a Dreambox - and only on Dreambox for now. This method of opening PowerVu will not work on other Enigma2 box. On boxes such as Vu+, the use of Stream Relay was still necessary as of November 2015.
Considering how easy it now is to decrypt PowerVu including autoupdate, I wonder what the providers' reaction will be. So far nothing but lame attempts to change the ECM keys every day. I don't really understand what that's good for with EMM keys posted in the open for weeks or maybe months now. The providers do not even blacklist the leaked EMM keys.
It's not all that great, though. The OSCAM still has long way to go in order to make it work reliably. 2 bugs I noticed when testing: once a DES channel was decrypted, none of the CSA encrypted channels worked again until I rebooted the Dreambox and only the 1st audio track worked. However I believe this won't be difficult to fix for OSCAM team.
In order to install and test the PowerVu hack by yourselves, the following needs to be done:
1) get a Dreambox
2) compile the latest oscam with oscam-emu patch for mips platform
3) create your own SoftCam.Key file with PowerVu keys
4) in oscam settings, disable Stream Relay