TRY TO CRACK SAT/TV ENCRYPTION

During 1984 a friend gave me a ten foot diameter fiberglass satellite TV parabolic antenna. It weighed a ton, so I traded it to another friend for a six foot diameter aluminum mesh Winegard satellite TV parabolic antenna with an equatorial antenna mount. Rotating the antenna caused it to sweep across the geostationary TV satellites in the sky some 25,000 miles above the earth. They rotated at the same rate as the earth so appeared to remain stationary to an observer on earth.

Home Box Office switched to transmitting Videocipher scrambled TV via satellite on January 29, 1985. This caused the market to be glutted with satellite receivers, preamps, mixers, etc. Prices had dropped precipitously. Many were available at prices way below cost. For less than $150. I purchased a complete ready to go 'C' band satellite TV receiving system with a very low noise state of the art antenna mixer. At the same time, another friend gave me a complete 'Ku' band, 12 Ghz satellite TV receiving system. I rigged up one of my Gunnplexer SnowSled parabolic dishes for the antenna and designed and built my own azimuth/elevation antenna mount. A graphic of the two systems installed at my home is is displayed below.



This is an interesting story about the Digital Encryption Standard Users' Group (DESUG), a group of radio amateurs, professional engineers, PhD's and hackers who many years ago worked nearly two years on descrambling the General Instrument Videocipher 2000 satellite TV encoding system.

I founded DESUG at the spring 1985 Dayton, Ohio, hamfest after the satellite skies began going dark with HBO's, Home Box Office's, scrambling of their satellite's TV program output using the M/A Com ... General Instrument encryption sytem. Up to Janaury 29, 1985 all U.S. satellite TV channels on all the satellite repeaters had been FREE. Same as all the FREE channels on local TV broadcast and cable TV at that time. It virtually killed the thriving home TV satellite sales and installation business in the U.S. Hundreds of small TV satellite sales and installation local businesses were driven into bankruptcy and out of business as potential customers/home owners heard about scrambling and switched to cable if available. The cable industry launched dozen of ads in newspapers throughout the U.S. peddling the scrambling story and urging readers to subscribe to cable to avoid the cost of a General Instrument Videocipher descrambler....then about $450.

Well before the Dayton Hamfest I announced the founding of DESUG in a number of publications including the Institute of Electrical & Electronic Engineers publications including: IEEE Micro magazine and IEEE Computer magazine. Announcements were also printed in QST magazine, Ham Radio magazine and 73 magazine. In essence the announcements invited assembly language experts to send me a resume. Those that looked promising I invited to the opening DESUG meeting during the above Dayton Hamfest.

About 20 people showed up for the first DESUG meeting in Dayton that was held in a convenient local Dayton motel's meeting room. Their backgrounds ranged from a PhD physicist/programmer, many electrical engineer programmers and a few just curious radio amateurs whose invited friends brought them along. I was voted Chairman of DESUG and the PhD physicist was voted Vice Chairman of DESUG with the responsibility of setting up the working groups.

Those who were unable attend the meeting were invited to send me their resumes. Those who qualified were assigned to the appropriate working group. We had a monthly DESUG newsletter which discussed progress and was NOT secretive in any sense. Even MA Com's and General Instrument's chief engineers were on the distribution list including GI's Dr. Mark Medress.

A second annual DESUG meeting was held at the Dayton Hamfest the spring of 1986. Progress was being made on both the 'Clone' and "Three Musketeers' approaches to beating the overall encryption system as the DES code showed NO possibility of being cracked in our life times. Later in 1986 these two approaches paid off. In essence they were:

CLONE APPROACH:
Extract the Videocipher I.D. from a unit that has paid for all channels authorization. Burn in a new EPROM with the authorized I.D. for each clandestine Videocipher installation and install it.

THREE MUSKETEERS APPROACH = one for all and all for one:
Have a Videocipher user pay for authorization of a single channel. Insert a special EPROM that allows authorization for ALL channels.

General Instrument's counter attack to these two approaches was:
CLONE 1: Turn off or telephone each customer with an all channel subscription and ask WHY he/she subscribed to all channels at about $100. per month? IF no satisfactory answer, turn them off.
CLONE 2: General Instrument sent out a data stream the fall of 1986 to each Videocipher forcing it check its number 1 ID with its number 2 ID and if not the same turn off the audio channel. It worked on some clones, but the clone makers figured out how to thwart it in a few days by up dating both ID numbers to the same number.
MUSKETEER: Turn off authorization for each customer with only a single channel subscription. When they telephoned in to complain, ask why only a single subscription? If no satisfactory answer then keep them turned off.

Actually, General Instrument's countermeasures proved that the Videocipher had indeed been compromised, though only in two roundabout ways.....the Videocipher was indeed a LITTLE pregnant even though General Instrument never admitted it outright.

Myths and folklore about who was doing what, with which and to whom were spreading like wildfire throughout the by then nationwide descrambling underground who told their friends in confidence who told their friends in confidence, etc. One kind fellow who loaned his fully authorized Videocipher to a working group to play with, (extract his ID number), had his ID later show up in hacked Videociphers as far away as Hawaii and Europe in a very short time. Extracting an authorized user's ID from a Videocipher was not an easy task. Legend has it that one group in Texas paid $20,000 for the micro surgery that was required to do it.....and it only got ONE ID! Another legend has it that a neophyte with a VIC-20 microcomputer started feeding 'purely random' data to the Videocipher's computer input and after a few days of this operation the Videocipher computer dumped its entire contents for later printout. Those that believe this story MUST believe in Santa Claus and the tooth fairy.

By the fall/winter of 1986 there were about five or more splinter groups in the U.S., two in Canada, one in Nassau, Bahamas, and one in the U.K. peddling or about to peddle Clone chips or Three Musketeer chips with most of them priced in the $200. each ballpark. The greed and avariciousness in human nature came into play in this ballgame. Once one found out exactly how to make the chips, some splintered off and started their own illegal business. Sad, but true. Some were outright frauds that accomplished lttle or nothing and could be easily turned OFF by General Instrument's counter-counter measures and some were of superior quality that accomplished exactly what was offered.

MY FRIEND BOB COOPER ex-amateur radio K6EDX:
I first met Bob Cooper on the amateur radio six meter band during the sunspot cycle peak of 1956 and 1957. There were daily F2 propagation band openings from my home in Virginia to his home in California. We chatted almost daily having similar interests and hobbies. Later on, Bob started the monthly journal called "Coop's Satellite Digest" (CSD). This publication was aimed at the thousands of independent satellite TV resellers/installers throughout the U.S. and Canada. I wrote a number of "10 Ghz Gunnplexer" articles for his journal in 1979 and 1980.

In 1979 Bob started an annual "Satellite Private Terminal Seminar," (SPTS), which attracted thousands of resellers/installers as well as most all of the satellite TV system manufacturers. The first SPTS was a held at a lovely lake resort hotel in central Oklahoma. I attended and gave a color slide show lecture on using the 10 Ghz Gunnplexer to act as a TV repeater for short relays of a few miles where it was impossible or too expensive to install cable. One of the attendees and speakers was the President and owner of CNN, Ted Turner, Captain Courageous, recent winner of the America's Cup sailboat racing series. I was thrilled at having the opportunity to meet and chat with him. His and his crews' winning the Americas Cup was one of the greatest sailboat racing performances I had ever seen.


Jumping ahead a few years to November/December 1986, Bob Cooper decided that there was so much entropy, (an utter state of confusion), going on in the TV satellite marketplace due to the proliferation of Clone and Three Musketeer chips that he would hold a 'Descrambling Summit' at his home in the British West Indies, Provodenciales Island, in the Turks and Caicos group of islands in the Caribbean Sea. There was a recent law in the U.S. against making, selling or aiding and abetting anything that defeated the Videocipher's satellite TV scrambler. By holding the Descrambling Summit in British territory where it was not illegal, it seemed perfectly safe to discuss and demonstrate the strengths and weaknesses of the Clone, Musketeer and any other approaches to subvert the Videocipher scrambler.

Every one including General Instrument was invited to the Descrambling Summit. At first General Instrument agreed to attend and send 3 technical representatives, but later backed down and did not attend. The price of admission was reasonable and included roundtrip airfare on Sun Coast Airlines' new Boeing 727-200 aircraft from Miami International Airport to Provendenciales and return, hotel accomodations and meals. There were three sessions arranged each for about 125 people maximum on: January 14-16, 1987, January 16-19, 1987 and January 19-22, 1987. The Descrambling Summit was almost immediately soldout with people coming from the U.S., Canada, Central America, South America and the U.K. The graphic below illustrates the location of Provodenciales Island.



I accepted Bob Cooper's invitation to give the opening and closing lectures at each of the three Descrambling Summit sessions. As Chairman of DESUG I had been in on the development of the descrambling effort since its beginning, but had taken no active part in the actual engineering effort once it began other than to see that it kept moving in an orderly fashion. My opening and closing remarks/lecture were guarded and aimed at the scientific and educational aspects of our inquiry. The summit itself turned out exactly as planned. The demonstrations and discussions by the most successful descrambling groups were presented in great detail and covered all aspects of the subject.

Just as the first session ended, all attendees were given an assortment of various descrambling, educational demo chips to take home with them. When the first group returned and landed at Miami International Airport they passed through U.S. Customs with no problems whatsoever.

Unbekownst to anyone, General Instrument had somehow gotten a court order or the equivalent directing U.S. Customs to querry the second group on return to Miami, "do you have any illegal copyrighted chips to declare?" Customs personnel were adamant, down right nasty and even did some strip searches! While waiting in the Customs line the returnees did everything to get rid of the demo chips they had been given including squashing them with the heels of their shoes and most everything else except swallowing them. Most people missed their connecting flights home and were madder than all hell ..... though it did not help them a bit.

The third group at the Descrambling Summit were of course forewarned about the U.S. Customs gambit and did NOT carry any chips with them when returning to Miami. A few weeks later all the attendees in the first group were visited at their homes by either FBI, Secret Service or Customs personnel and asked for their demo chips.

END OF THE DESCRAMBLING STORY

A civil lawsuit alleging various violations of the 1934/1984 ammended Communications Act was filed against Bob Cooper and three others in March 1987 by General Instrument. The suit seeked $5 million in punitive damages, costs and injunctive relief from the defendents. I personally do not know how it all ended except for one of my friends who spent $30,000 in legal fees before he got off the hook. The power of a multi-billion dollar corporation going after four outstanding, law abiding, American citizens is awesome and terrifying in its consequences.

___________________________________________________________________________