Rogers Set Top Box Hacking Discussion - Canadian TV, Computing and Home Theatre Forums
 

Go Back   Canadian TV, Computing and Home Theatre Forums > Canadian Internet, Phone, TV and Wireless Service Providers > Rogers Communications > Rogers Cable TV

Digital Home Helpful Information

Reply
 
Thread Tools Search this Thread Display Modes

Old 2010-03-02, 03:20 PM   #1
99gecko
Veteran
 
Join Date: Mar 2006
Location: Markham, ON
Posts: 2,557
Question Rogers Set Top Box Hacking Discussion

Rumour - confirmation needed please.

Someone I know who is in Roger's Cable service area (Pickering, ON to be exact), claims that until about a month ago they were getting full-open Rogers HD for free using hacked equipment. They claim they paid ~$900 for the box?? I can't remember the actual value claimed to buy the hacked stb, but I'm almost certain they said it was just less than $1000. There was "programming" involved; I'm not sure if that is actually the case, or if it is a generic term to thwart copy-cats (because pirates are such a trustworthy bunch ) and it was just hardware hacks. Apparently they were up until about one month ago when Rogers shut everyone down in the GTA.

My source says the programmer(s) claim they will be back. I didn't think to ask how long they had been "up".

This goes against everything I know about digital cable. Because digital cable boxes require constant updating of keys, done by 2 way communication, by their very nature they were essentially a much harder target than DTH satellite. The only thing I can think of is they are cloning local boxes. There are many more cable co.s than sat providers, making integration nationally/globally very difficult and driving up costs. As well since cable co.'s are rolling out SDV, it would make it doubly difficult.

I guess I'm looking for confirmation that this is, or was, happening. Also, if it is happening, is it being done by the former, out-of-work, DTH hackers??? i.e. have they changed their targets? To me it doesn't add up, but the person telling me about this is knowledgeable and has no reason to lie.

cheers
99gecko is offline  
Sponsored Links
Advertisement
 
Old 2010-03-02, 03:34 PM   #2
hugh
Member #1
 
Join Date: Dec 2001
Location: Toronto
Posts: 47,585
Default

Note to all posters

If you wish to post on this thread and wish to remain a member then remember the following:
  • Digital Home does NOT condone cable piracy.
  • Don't try to justify or condone cable piracy;
  • Don't post links to piracy sites;
  • Don't post any how-to's;
  • Hitler / Communism comments and accusations will get you an infraction without warning!

Cable piracy is stealing therefore it is illegal and there is no justification for it so don't even try!

Why this thread is allowed on Digital Home?

The sociology of "white collar crime" is a valid topic of discussion and members are free to discuss the nature of the crime, the number of people committing the crime and similar statistics.

A grim analogy would be the discussion of homicides. Murder is illegal however discussing murder rates in different cities and countries, number of murders committed using guns vs. knives etc is acceptable.
__________________
As of January 2012, I am no longer the owner of the Digital Home website and have disabled private messaging. For personal inquiries contact me at the Hugh Thompson website or via twitter.
hugh is offline  
Old 2010-03-02, 05:11 PM   #3
awhite2600
Rookie
 
Join Date: Jun 2008
Location: London, ON (Rogers)
Posts: 26
Default

First of all a Thank You to hugh for leaving this post open. I agree with all of his statements and do not condone piracy at all.

I was chatting with a Rogers technician a few months ago while he was installing service for a friend. (She was called into work at the last minute and I agreed to let the tech into the residence.) The technician told me that they are normally given a STB for testing purposes. This box is authorized for all channels and is supposed to be kept in the truck unless needed to diagnose a problem that cannot be solved with a customer's box, signal meter, etc. I was told the some technicians just keep the box at home as "free cable" for their own personal use.

I would not be surprised if some of these "pirate" boxes are just technician boxes that are being sold on the black market. A tech could sell the box, perhaps through a friend, and it would appear to be wide open. After a month or two the tech could report the box as stolen or damaged. Rogers would deactivate the box based on the serial number and the seller would be long gone.

Another scenario might be similar to a method used by satellite hackers a few years ago. Stolen boxes would be activated by someone at Rogers "on the inside" working in conjunction with the "sellers". After a period of time the box would be deactivated - either by the insider or through routine audits at Rogers.

I realize that much of the info here is second hand or speculation, but it might explain the original poster's story. Based on my understanding of digital cable a true "hack" is close to impossible.

So if someone offers you a hacked STB that gets all channels you would be wise to keep your money. Not only are you breaking the law, but you are most likely being ripped off.
awhite2600 is offline  
Old 2010-03-03, 03:29 AM   #4
NR4250
 
Join Date: Jan 2009
Posts: 41
Default

I too had heard about the alleged Rogers digital cable hack and despite my skepticism that such a thing was possible, I was able to find some sources of information about it online. I didn't expect to find much because I figured that cable piracy was gone since the days of analog cable premium channels and descrambler boxes. After browsing through some other discussion forums, however, there were comments from users who claimed to have "wide open" Rogers digital cable boxes. The first such post was made in July 2009 and the original poster claimed that he'd been using it "for the last six months" which indicates that he acquired his hacked cable box in early 2009. Ironically, the moderators at that forum doubted his claims and banned that user because they thought that he was a scammer. In the weeks and months ahead, however, other users posted in the same thread that such boxes did in fact exist and opened all of the incoming digital cable channels (including HD, pay-per-view and adult) with the exception of video on demand.

Based on the information available online, the hack apparently worked by removing electronic chips from the receiver's circuit board and programming them with some sort of private code. After this was done, the chips were placed back in to the circuit board and secured with glue. A hardware modification was then done to disable the talk-back feature of the box and prevent two-way communication. This service didn't come cheap, however, and the people who bought these boxes apparently paid over $700 or $800 for hacked 4250HD receivers (and possibly over $1,000 for hacked 8300HD PVR receivers). I have no idea as to how their active their sales were, and I would guess that the high prices weren't much of a selling point, but it was only a matter of time until Rogers did something about it.

It appears as though the person(s) who handled the hack operated the business through dealers in and around Toronto. According to recent forum posts, the people who ran the operation were arrested and charged earlier this year and many (if not all) of the hacked digital boxes out there stopped working shortly thereafter. These electronic counter-measures by Rogers took place despite claims by some dealers that the hack was "guaranteed" to last for years. If there's one thing you can count on when it comes to television piracy, there are never any guarantees and I think that those who invested hundreds of dollars in hacked digital cable boxes learned that lesson the hard way.

As far as I'm concerned, the programming that I subscribe to on Rogers is all that interests me since I don't really care for premium content with the exception of occasional UFC pay-per-view events that can be ordered for a lot less than the price of a hacked digital cable box. I guess you could say that someone out there did the impossible and hacked digital cable to some extent, but selling (or buying) that service was undoubtedly a risky move and the end result was inevitable. The hacked units which were electronically disabled by Rogers are useless at this point since I doubt that they can be activated for service after the modifications that were done to hack them in the first place. I'd also be quite surprised if anyone who fell for "guarantees" on hacked boxes can expect any kind of actual support after the people involved in the operation were arrested and charged.

Last edited by NR4250; 2010-03-03 at 04:28 AM.
NR4250 is offline  
Old 2010-03-03, 12:40 PM   #5
99gecko
Veteran
 
Join Date: Mar 2006
Location: Markham, ON
Posts: 2,557
Default

NR4250,

Thanks for that very detailed post.

I did some more reading yesterday, and found some other end-user narratives as well. Nothing as detailed on how they did it as you described. It seems Rogers starting shutting down hacked boxes around 29 January (2010).

I suspect that other hackers will follow. It seems that sat. hackers (the ones actually reverse engineering the stb's and writing code, not the end-consumers) view it as a challenge, and others view it as a money making opportunity. Cable hackers are likely the same.

Quote:
If there's one thing you can count on when it comes to television piracy, there are never any guarantees and I think that those who invested hundreds of dollars in hacked digital cable boxes learned that lesson the hard way.
The hackers who rip off their "customers" are seldom viewed as the evil ones - a lot of pirates accused Bell and Dish of robbing them blind, when those DTH providers upgraded their nagra security in 2008/2009.

What I'm really interested in this story is whether these hackers are directing their attention away from DTH satellite onto cable. That would speak volumes about their perceived ability to defeat Dish/Bell and others.
99gecko is offline  
Old 2010-03-04, 01:13 AM   #6
NR4250
 
Join Date: Jan 2009
Posts: 41
Default

I can think of several different forums which discussed the alleged Rogers digital cable hack and almost all of them had users confirming that such boxes did exist and were available for a period of time. Some of the discussions were more technical than others and one of the more interesting posts even included a picture of the inside of a modified 4250HD box. No matter what people speculated and discussed about this online, it seems as though the source of the digital cable hacks didn't want to make the information public for both security and business reasons. It was a gamble that the hacker(s) and dealers may have profited from for a while but they had to expect the actions that ultimately brought them down.

In some ways, this reminds me of the early days of satellite hacking when people had to rely on dealers to get their fixes rather than being able to download the files and program their own hardware. The alleged methods for these digital cable hacks appear to be more complicated and technical than programming smart cards or simply updating receiver firmware, however, which makes me question whether or not end users could easily duplicate what the digital cable hackers did even if the methods and files were made public.

I agree that plenty of customers may think that satellite and cable providers charge too much for their services but those providers also spend millions of dollars on security measures and you can't blame them for taking action to protect their content. I hold the belief that as long as there are ways to pirate television, people will continue to do so simply because there are methods which make it possible. The goal of the N2 to N3 security upgrade for Bell TV and Dish Network was to reduce (if not eliminate) satellite piracy and that was accomplished to some degree since the only current work-arounds are based on Internet Key Sharing rather than true hacks.

It's really hard to say if the people behind the Rogers digital cable hacks had any background in satellite hacking. There are very few people with enough knowledge and resources to compromise the security of major television providers today and those who choose to do so publicly risk the legal consequences. Even if new hackers and dealers replace the ones who were busted and charged, what are the odds that they can avoid the same outcome for themselves and their clients who are left with useless receivers? It's one thing to hack a technology like digital cable (which appears to be quite an accomplishment from a technical aspect) but it's another matter to maintain it publicly over the long run.
NR4250 is offline  
Old 2010-03-04, 09:50 AM   #7
99gecko
Veteran
 
Join Date: Mar 2006
Location: Markham, ON
Posts: 2,557
Exclamation

I opened my email today to see that I had received multiple Private Messages from what appears to be a new member asking me to facilitate contacting the sellers of the hacked boxes.

Let me make this clear in no uncertain terms.

I will not facilitate such requests. EVER. Any private messages with such requests will be forwarded to the site administrator.

If you had bothered to read the posts in this thread you would have clearly seen that buying a hacked box is lost money. The hackers have been caught. Any remaining boxes are likely part of a white van scam.
99gecko is offline  
Old 2010-03-04, 10:07 AM   #8
99gecko
Veteran
 
Join Date: Mar 2006
Location: Markham, ON
Posts: 2,557
Default

NR4250,

The more I think about this, I am beginning to think more and more that this might have been started by someone with inside knowledge of the box/firmware architecture. Perhaps someone who actually designed part(s) of the system. Kind of like what awhite2600 proposed, but instead of activating legit boxes, worked on the physical box. Or perhaps it was a combination of strategies - someone on the inside required to activate hacked boxes - if that were the case, no wonder they got caught.

Anyway it is pure speculation at this point.

Quote:
Even if new hackers and dealers replace the ones who were busted and charged, what are the odds that they can avoid the same outcome for themselves and their clients who are left with useless receivers? It's one thing to hack a technology like digital cable (which appears to be quite an accomplishment from a technical aspect) but it's another matter to maintain it publicly over the long run.
I remember reading an article way back in the days when pirates were emulating cards. It discussed how either Dish or DTV, shut down a hacker network because a "client" called the BDU because of poor reception. The "client" had no idea that they weren't actually a legit client. The point is, once the hackers get big and try to make money off selling systems, the BDU's will discover it and take remedial action. There is no other end game.
99gecko is offline  
Old 2010-03-04, 10:21 AM   #9
hugh
Member #1
 
Join Date: Dec 2001
Location: Toronto
Posts: 47,585
Default

I think you can almost guarantee that anyone hacking a set top box in this fashion has some "inside" technical connection with the manufacturer, the service provider or both.
__________________
As of January 2012, I am no longer the owner of the Digital Home website and have disabled private messaging. For personal inquiries contact me at the Hugh Thompson website or via twitter.
hugh is offline  
Old 2010-03-04, 04:21 PM   #10
NR4250
 
Join Date: Jan 2009
Posts: 41
Default

I too believe that the source of the hacked code must have been someone with advanced knowledge of the Scientific Atlanta digital cable hardware and firmware. It's highly unlikely that an ordinary person could implement a digital cable hack using only reverse engineering. A recent post at another forum had this to say on the matter:

Quote:
I was offered to purchase a modded Rogers HD cable box a few months ago but I declined. (Too much money and I wasn't sure how long it would last... smart move on my part.) And so you know almost everything was available for viewing... PPV, all premium channels, etc. (My friend was using it for about 5 months and it was very cool to see that it was all open to view. It reminded me of an open 3M).

How it works, or at least what I was told..... a modified firmware was created from an ex coding engineer. The unit is converted to be a receiver only instead of an addressable box (addressable = the mac address that is assigned to the box continually sends and receives data to the cable company and this is how the programming is set up). So with this modded firmware / hardware, the unit is put into full test mode which enables all available programming to be viewed without the company knowing that this is taking place.

Well recently this came to an end when Rogers sent out a recent firmware update. As well anyone who owns one of these units are now stuck with a paper weight. Also these receivers can not be used with a Rogers sub as the unit will not download updates as it's been disabled by the firmware / hardware mod. So there was definite risks in having "free" tv by this method but with a much bigger price than FTA.
For what it's worth, there have been forum posts from users in the USA that cable providers who use the same hardware in that country have also been hacked. If that is indeed the case, then perhaps the hack originated there and variants of it were developed for different markets across North America. I think we can rule out the theory that these hacks were based on activated cable technician units because I'm almost certain that those boxes would not have wide-open access to PPV channels like the hacked boxes did.
NR4250 is offline  
Old 2010-03-04, 05:57 PM   #11
57
Moderator
 
Join Date: May 2002
Location: Toronto, Rogers, 9865 & 8300-eHDD, Panasonic TCP65S1, Denon AVR4310Ci; Sony KDL40W3000, 8300-eHDD
Posts: 51,828
Default

...but it sounds as though the hack requires placing the STB in broadcast mode - one way communication. If that's the case, any STB in broadcast mode can be disabled by the service provider, negating the "hack".
__________________
57's Optimization Services (Home Theatre Optimization) . . . . 57's Home Theatre (Latest equipment & photos)
57 is offline  
Old 2010-03-04, 07:05 PM   #12
99gecko
Veteran
 
Join Date: Mar 2006
Location: Markham, ON
Posts: 2,557
Default

^^^ In post #4 NR4250 wrote (my bold)
Quote:
A hardware modification was then done to disable the talk-back feature of the box and prevent two-way communication.
I assumed this was a measure to prevent accidental outgoing PPV requests/updates etc.

Updating keys should require secure encrypted two communication - very high level hacking.
99gecko is offline  
Old 2010-03-04, 08:10 PM   #13
NR4250
 
Join Date: Jan 2009
Posts: 41
Default

The information I posted in this thread is simply gathered from what I read about the topic online across several different forums. I believe that the hardware modification basically did what a "digital cable filter" would do in order to restrict / prevent the box from transmitting certain information from the receiver back to the cable company. It would also explain why the hacked receivers were not able to access video-on-demand services. Ironically enough, the vast majority of Rogers' PPV selection is offered through through video-on-demand. The Viewers Choice PPV channels that were opened with the hack do grant access to live events and some movies but their movie selection is rather limited in comparison to VOD and often consists of adult material. If indeed the digital cable hack did last for about a year, I wonder how it even lasted for as long as it did. If I had to guess, it may have been due to Rogers not changing the encryption keys often enough which may have been understandable for a platform that was widely considered unhackable. On the other hand, their response may have been a calculated strategy to apprehend the hackers and dealers before shutting down all of the modified receivers around the same time. Another point of interest is that when reports of the disabled boxes started to surface, there were still some people online saying that their hacked boxes were up and running. If you think back to how Rogers rolled out the Quick Start Guide updates in some areas before others, the same process may have applied to their anti-hacking firmware updates. It's now been weeks since anyone has been able to confirm any of the hacked boxes as operational and I have to wonder if dealers or buyers would even consider going through this sequence of events all over again if a digital cable hack were to resurface.
NR4250 is offline  
Old 2010-03-04, 10:22 PM   #14
hugh
Member #1
 
Join Date: Dec 2001
Location: Toronto
Posts: 47,585
Default

At $700 to $1,000 for a hacked box and with you having to perform hardware modification, I doubt the number of hacked boxes was huge so the urgency to shut down the problem would not have been super high.

My guess is account splitting and similar scams are probably more of a concern.
__________________
As of January 2012, I am no longer the owner of the Digital Home website and have disabled private messaging. For personal inquiries contact me at the Hugh Thompson website or via twitter.
hugh is offline  
Old 2010-03-08, 10:52 AM   #15
joel401
 
Join Date: Jan 2007
Posts: 15
Default They exist

Ok, hacked boxes do exist--my friend has one, I've seen it. I was offered one at $900 but like in the days of the "free" sat. T.V., I just couldn't be bothered. I kinda figured it'd be shut down soon and well, it is illegal!!
He got his last september so it's been up for a while now.
joel401 is offline  
Reply

Tags
cable piracy, rogers, security

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 09:33 AM.

Search Digital Home

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.