The rec.video.cable-tv FYI
* For Your Information
Last updated September 21, 199
(Added information on Scientific-Atlanta product line
a short blurb on Oak Sigma scrambling, and several ne
terms to the glossary.
Feel free to mail me any additional information, additions o
corrections, but PLEASE DO NOT E-MAIL ME ASKING FOR MORE
INFORMATION. If something is not listed here, I don't know
enough about it to comment any further.
Note that this information has been collected from magazines, various
posts to many UseNet groups over the past several years, etc. I do not
have any personal experience with this stuff (which is why it may
seem so vague in places where I've only heard bits and pieces about it
but at least it's a start. All standard disclaimers apply
IMPORTANT_NOTICE
The ownership of a signal descrambler does NOT give the owner the righ
to decode or view any scrambled signals without authorization from th
proper company or individual. Use of such a device without permissio
may be in violation of state and/or federal laws. The informatio
contained herein is intended to serve as a technical aid to those perso
seeking information on various scrambling techniques. No liability b
myself or my employer is assumed for the (mis)use of this information.
_______________________________________________________________________
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
{Note: Someone recommended a book called "Satellite TV Descrambling" by
Sheets/Graf. I've never seen it, but it may be of interest to some.
_________________________Scrambling_Technologies_______________________
................No Scrambling (Traps/Addressable Taps).................
A cable system may not be scrambled at all. Some older systems (and man
apartment complexes) use "traps" or "filters" which actually REMOVE th
signals you aren't paying for from your cable. (These are negative trap
because they remove the WHOLE signal.) These systems are relativel
secure because the traps are often located in locked boxes, and onc
a service technician finds out they're missing or have been tampere
with (by pushing a pin through a coax trap it to change its frequency
for example), it's a pretty solid piece of evidence for prosecution
Another method is where the head-end ADDS an extraneous signal abou
2.5 MHz above the normal visual carrier which causes a tuner to thin
its receiving a very strong signal--the tuner then adjust the automati
gain control and buries the real signal. If you pay for the service, th
cable company adds a "positive trap" which then REMOVES the extraneou
injected signal so it becomes viewable. (This system is very easy t
circumvent by building your own notch filter, so it is not very commonl
used.) Advantages to a cable system with this technology is that yo
don't need a cable box--all your cable-ready TVs, VCRs, etc. will al
work beautifully. The disadvantage is that pay-per-view events are no
possible, and that every time someone requests a change in service,
technician has to be dispatched to add/remove the traps
Becoming more and more popular, not only because of the Cable Act o
1992 but also in an effort to stop "pirates" are addressable taps. Man
cable companies WILL be moving to this technology in the near future
These are devices located at the pole, where your individual cable fee
is tapped from the head-end. Similar to addressable converters, the
each have a unique ID number and can be turned on/off by a computer a
the head-end. Any stations which you are not paying for are filtere
out by electronicly switchable traps in the units. (Including the whol
signal if you haven't paid your bill or had the service disconnected.
{Several patents have already been issued for various methods of makin
SURE you don't see a channel you don't pay for.} Again, these almos
GUARANTEE an end to piracy and don't have any of the disadvantage
of the manual traps. Plus, they provide a superior signal to thos
customers paying for service because they no longer need complicate
cable boxes or A/B switches -- and they can finally use all of th
"cable-ready" capabilites of the VCR, TV, etc. About the only know
attack on this type of system is to splice into a neighbors cable, whic
again provides plenty of physical evidence for prosecution
...............................Sine-Wave...............................
Early Oak (and some very early Pioneer boxes) employed a sine-wave syn
suppresion system. In this system, the picture would remain verticall
stable, but wiggling black bars with white on either side would ru
down the center of the screen. The lines were caused by a 15,750 H
sine-wave being injected with the original signal, causing the syn
separator in the TV to be unable to detect and separate the sync pulses
Later, Oak came out with a "Vari-Sync" model, which also removed
31,500 Hz sine-wave added to the signal. Oak was one of the first t
use extra signals ("tags") as a counter-measure for pirate boxes -- i
the normal mode, a short burst of a 100 KHz sine-wave (the tag signal
would be sent during the VBI, along with the AM sine-wave referenc
on the audio carrier and scrambled video. They would then put the A
sine-wave reference signal onto the audio carrier, leave the vide
alone, and NOT send the tag. Any box which simply looked for the A
sine-wave reference would effectively scramble the video by adding
sine-wave to the unscrambled video! Real decoders looked for the ta
signal and still worked correctly. Other combinations of tag/no tag
scrambled/unscrambled video were also possible
.....................6 dB In-Band Sync Suppression.....................
Early Jerrold boxes used in-band gated sync suppression. The horizonta
blanking interval was suppressed by 6 dB. A 15.734, 31.468 or 94.40
KHz reference signal (conveniently all even multiples of the horizonta
sync frequency) was modulated on the sound carrier of the signal, an
used to reconstruct the sync pulse. An article in February 1984 issu
of Radio-Electronics explains this somewhat-old technique. Converter
which have been known to use this system include the Scientific-Atlant
8500-321/421, a number of Jerrold systems [see numbering chart], Jerrol
SB-#, SB-#-200, SB-#A, RCA KSR53DA, Sylvania 4040 and Magnavox Magn
6400
...................Tri-mode In-Band Sync Suppression...................
A modification to the 6dB sync suppresion system, dubbed "tri-mode"
allows for 0, 6 and 10 dB suppression of the horizontal sync pulse. Th
three sync levels can be varied at random (as fast as once per field)
and the data necessary to decode the signal is contained in unused line
during the VBI (along with other information in the cable data stream.
See the February 1987 issue of Radio-Electronics for a good articl
(both theory and schematics) on the tri-mode system. Converters whic
have been known to use this system include a number of Jerrold system
[see numbering chart], Jerrold SBD-#A, SBD-#DIC, Jerrold Starcom V
(DP5/DPV models), Regency, Scientific- Atlanta 8550-321 {anyone know an
others for sure?} and early Pioneer systems {anyone know for sure whic
ones?}
.......................Out-Band Sync Suppression.......................
Out-band gated sync systems also exist, such as in early Hamli
converters. In this system, the reference signal is located on a
unused channel, usually towards the higher end (channels in the 40'
and 50's are common, but never in the low 30's due to potential fals
signalling.) The signal is comprised of only sync pulse informatio
without any video. Tuning in such a channel will show nothing but
white screen and will usually have no audio
.............................SSAVI / ZTAC..............................
SSAVI is an acronym for Synchronization Suppression and Active Vide
Inversion and is most commonly found on Zenith converters. ZTAC is a
acronym for Zenith Tiered Addressable Converter. Besides suppressin
sync pulses in gated-sync fashion, video inversion is used to yiel
four scrambling modes (suppressed sync, normal video; suppressed sync
inverted video; normal sync, inverted video; and normal sync, norma
video). The mode of scrambling can be changed as fast as once per field
Their is no "reference signal" per-se, but the horizontal sync pulse
during the VBI are not suppressed, allowing a phased-lock loop to b
used to generate the missing sync pulses. Information on whether th
video is inverted or not is contained in the latter-half of one of th
lines of video, usually line 20 or 21. The Drawing Board column o
Radio-Electronics starting in August '92 and going through early '9
described the system and provided several circuits for use on an SSAV
system. Audio in the system can be "scrambled" - usually by burying i
on a subcarrier that's related mathematically to the IF component of th
signal. Addressable data for Zentih systems is sent in the VBI, line
10-13, with 26 bits of data per line
..............................Tocom systems............................
The Tocom system is similar to the Zenith system since it provides thre
levels of addressable baseband scrambling: partial video inversion
random dynamic sync suppression and random dynamic video inversion
Data necessary to recover the signal is encrypted and sent during line
17 and 18 of the VBI (along with head-end supplied teletext data fo
on-screen display). The control signal contains 92 bits, and is a 53 m
burst sent just after the color burst. Up to 32 tiers of scrambling ca
be controlled from the head-end. Audio is not scrambled
..........................New Pioneer systems..........................
The newer 6000-series converters from Pioneer supposedly offer on
of the most secure CATV scrambling technologies from a "major" CAT
equipment supplier. From the very limited information available on th
system, it appears that false keys, pseudo-keys and both in-band an
out-band signals are used in various combinations for a secure system
From U.S. patent abstract #5,113,441 which was issued to Pioneer i
May '92 (and may or may not be used in the 6000-series converters, bu
could be), "An audio signal is used on which a key signal containin
compression information and informaton concerning the position of
vertical blanking interval is superimposed on a portion of the audi
signal corresponding to a horizontal blanking interval. In addition
a pseudo-key signal is superimposed...so that the vertical blankin
interval cannot be detected through the detection of the audio signal..
Descrambling can be performed by detecting the vertical blankin
interval based on the information...in the key signal, and decodin
the information for the position which is transmitted in the form o
out-band data. Compression information can then be extracted fro
the key signal based on the detected vertical blanking interval, an
an expansion signal for expanding the signal in the horizontal an
vertical blanking periods can be generated." {If anyone has any bette
information on the 6000-series scrambling technique, please send mail!
Note that Pioneer boxes are "booby-trapped" and opening the unit wil
release a spring-mechanism which positively indicates access was gaine
to the interior (and sends a signal to the head-end on a two-way system
and may disable the box completely.) {See U.S. patent #4,149,158 fo
details.} The mechanism cannot be reset without a special device
Pioneer systems transmit their addressing data on 110.0 MHz
.....................New Scientific-Atlanta Systems....................
Some of the early S-A boxes used 6 dB only sync suppression (some o
the 8500 models), and some of the 8550 boxes are tri-mode systems
The three digit number after the model (such as 321) is a code whic
indicates the make of the descrambler in the unit. Apparently some o
the newer S-A boxes use a technique called "dropfield". {If anyone ha
more information on any of the 85xx-series or the 8600^x boxes, or a
explanation of "dropfield", send mail...
Scientific-Atlanta systems transmit their addressing data on 106.2 o
108.2 MHz
............................Oak "Sigma" Systems........................
This a secure system which replaces the horizontal sync of each lin
of video with a three-byte digital word. Video is switched fro
inverted to non-inverted between scene changes, and the colorburs
frequency is shifted "up". This is a standard "suppressed" syn
video scrambling method and is relatively simple to defeat with th
appropriate circuitry. HOWEVER, the three-byte digital word in th
area where the sync normally is contains audio and sync information
The first two bytes contain a digitized versions of the audio, th
third byte contains sync information (and perhaps addressing data?) Th
two bytes of digitized audio are encrypted; a separate carrier signa
contains the decryption keys for the digital audio datastream
............................Jerrold Baseband...........................
No information on techniques used by Jerrold "baseband" converters. {I
anyone has information on other Jerrold scrambling methods other tha
those mentioned above, send mail.
...............................Chameleon...............................
The research and development division of Fundy Cable Ltd., NC
Microelectronics, has a systemd dubbed "Chameleon". They claim it i
a cost-effective solution that prevents pay TV theft by digitall
encrypting the video timing information of sync suppression systems. Th
company claims the technology has been proven to be effective agains
pirate and tampered boxes. Supposedly, existing decoders can be upgrade
to Chameleon technology with a low-cost add-in circuit, and that th
card's sealed custom IC, developed by NCA, is copy-proof
..............................VideoCipher..............................
The VideoCipher system is now owned by General Instrument and is use
primarily for satellite signals at this time. VideoCipher I is th
"commercial" version which uses DES (Data Encryption Standard)-encrypte
audio AND video. A VCI descrambler is not available for "home" owners
VideoCipher II is the now-obsolete system which used a relatively simpl
video encryption method with DES-encrypted audio. (Specifically, th
audio is 15 bit PCM, sampled at ~44.1 KHz. It is mu-law companded t
10 bits before transmission.) This has recently been replaced by th
VideoCipher II+, which has been incorporated as the 'default' encryptio
method used by VideoCipher IIRS (a smart-card based, upgradeabl
system). Supposedly, coded data relating to the digitized, encrypte
audio is sent in the area normally occupied by the horizontal syn
pulse in the VCII system. (The Oak Sigma CATV system uses a simila
technology.) Several methods existed for pirating the VCII based system
and some SUPPOSEDLY exist for the new VCII+ format, although this ha
never been verified. See the rec.video.satellite FAQ list for mor
information
.........................DigiCable/DigiCipher..........................
DigiCipher is an "upcoming" technology being developed by Genera
Instrument for use in both NTSC and HDTV environments. The DigiCiphe
format is for use on satellites, and the DigiCable variation wil
address CATV needs. It provides compression algorithms with forwar
error correction modulation techniques to allow up to 10 "entertainmen
quality" NTSC channels in the space normally occupied by one channel
It provides true video encryption (as opposed to the VCII-series whic
only DES encrypts the audio). In a Multiple Channel Per Carrier (MCPC
application, the data rate is ~27 MB/second via offset QPSK modulation
Audio is CD-quality through Dolby AC-2 technology, allowing up to fou
audio channels per video channel. The system uses renewable securit
cards (like the VCIIRS), has 256 bits of "tier" information, cop
protection capability to prevent events from being recorded, commercia
insertion capability for CATV companies, and more. The multichannel NTS
satellite version of DigiCipher started testing in July of 1992, an
went into production several months later
................................B-MAC..................................
MAC is an acronym for Mixed Analog Components. It refers to placing T
sound into the horizontal-blanking interval, and then separating th
color and luminance portions of the picture signal for periods of 2
to 40 microseconds each. In the process, luminance and chrominance ar
compressed during transmission and expanded during reception, enlargin
their bandwidths considerably. Transmitted as FM, this system, when use
in satellite transmission, provides considerably better TV definitio
and resoluton. Its present parameters are within the existing NTS
format, but is mostly used in Europe at this time. {Does anyone kno
if the D2-MAC system is just a variation of this, or is it completel
different? What's new in the D2-MAC system?
________________________Miscellaneous_Information______________________
.........................Two-Piece vs. One-Piece.......................
There are both advantages and disadvantages to the one-piece an
two-piece descramblers often advertised in the back of electronic
magazines. The "one-piece units" are real cable converters, jus
like you'd get if you rented one from the cable company. It has th
advantages of "real" descrambling circuitry and the ability to "fit-in
well when neighbors come over (avoids those "my box doesn't look lik
that...or get all these channels!" conversations :-) A disadvantage i
that if you move or the cable company installs new hardware, you may no
have a worthless box -- most one-piece units only work on the specifi
system they were designed for. Another disadvantage is that if the bo
has not been modified, it can be very easy for the head-end to disabl
the unit completely. (See Market Codes & Bullets, below.
A "two-piece unit" ("combo") usually consists of an any-brand cable T
tuner with a third-party "descrambler" (often referred to as a "pan"
which is designed to work with a specific scrambling technology. Th
descrambler typically connects to the channel 3 output of the tuner
and has a channel 3 output which connects to your TV. (Although som
tuners have a "decoder loop" for such devices.) They have the advantag
that if you move or your system is upgraded, you can try to purchase
new descrambler -- which is much cheaper than a whole new set-up. Yo
also can select the cable TV tuner with the features you want (remote
volume control, parental lockout, baseband video output, etc.) Two-piec
units typically cannot be disabled by the data stream on your cable
(Note however that there ARE add-on "pans" manufactured by the sam
companies who make the one-piece units that DO pay attention to the dat
stream and can be disabled similarly!) The main disadvantage is that
third-party descrambler MAY not provide as high of quality descramblin
as "the real thing", and it may arrouse "suspicion" if someone notice
your "cable thing" is different from theirs
........................Jerrold Numbering System........................
To decode older Jerrold converters, the following chart may be helpful
(Note that some spaces may be blank.) {Send along any additions or othe
numbering systems you know of!
__ __ __ __ - __ __ _
| | | | | |
| | | | | | |___ T = two-way capability, C = PROM programmabl
| | | | |
| | | | | |______ DI = Inband decoder, DO = Outband decoder,
| | | | | PC = Single pay channel, A = Addressabl
| | | |
| | | | |_________ Output channel number (3 very common
| | | |
| | | |______________ D or I = tri-mode system, N = parental lockout
| | | feature (6 dB-only systems are "blank" here
| |
| | |_________________ M = mid-band only, X = thru 400 MHz
| | Z = thru 450 MHz, BB = baseban
| |
| |____________________ S = Set-top, R = Remot
|
|_______________________ D = Digital tuning, J = Analog tunin
Also note that some Jerrold converters (particularly the DP5 serie
and maybe others) have a tamper-switch, and that opening the box wil
clear the contents of a RAM chip in the converter. This may or may no
be corrected by letting the unit get "refreshed" by the head-end dat
stream
Most Jerrold systems transmit their addressing data near 106.5 MHz
................Scientific-Atlanta Suppressed Sync Boxes...............
Model 8600 - _ _ _
| | |
| | | |___ Impulse PPV Return: N=none, T=telephone, R=R
| | |_____ Dual cable option: N=none, D=dual cabl
| |_______ Descrambler type: S=SA standard, K=oa
|_________ Channel: S=selectable channel 3/
The 8600 has 240 character on-screen display, multimode scrambling,
8 event 14 day timer, and is "expandable"..
Model 859_ - 7 _ 7
| |
| | |__ Dual cable option: D=dual cabl
| |______ Descrambler: 5=SA scrambling+video inversion
| 7=5+Oa
|____________ 0=No Impulse PPV, 5=Telephone IPPV, 7=RF IPP
The 8590s feature volume control, multimode scrambling, 8 even
14 day timer..
Model 858_ - _ 3 _ - _
| | | |__ Dual cable option: D=dual cabl
| | |______ Data carrier: 6=106.2 MHz, 8=108.2 MH
| |__________ Channel: 3=channel 3, 4=channel
|______________ 0=No Impulse PPV, 5=Telephone IPPV, 7=RF IPP
The 8580s use dynamic sync suppression, 8 event 14 day timer, an
built-in pre-amp
The 8570 is similar to the 8580
Model 8550 - _ _
| | |__ 1=108.2 MHz data strea
| |____ Jerrold, dropfield, SA descramblin
|______ Channel: 3=channel
The 8550 is not a current model; it can be replaced with an 8580-321
Non-addressable products include the 8511, 8536, and 8540
{If anyone has more details/corrections, please send them along.
.............................Market Codes..............................
Note that almost every addressable decoder in use today has a uniqu
"serial number" programmed into the unit -- either in a PROM
non-volatile RAM, EAROM, etc. This allows the head-end to send command
specifically to a certain unit (to authorize a pay-per-view events, fo
example.) Part of this "serial number" is what is commonly called
"market code", which can be used to uniquely identify a certain cabl
company. This prevents an addressable decoder destined for use i
Chicago from being used in Houston. In most cases, when a box receives
signal with a different market code, it will enter an "error mode" an
become unusable. This is just a friendly little note to anyone who migh
consider purchasing a unit from the back of a magazine -- if the uni
has not been "modified" in any way to prevent such behavior, you coul
end up with an expensive paper weight... (see next section
.............................Test Chips................................
So-called "test chips" are used to place single-piece converters (tha
is, units with both a tuner and a descrambler) into full service. Ther
are a number of ways to accomplish this, but in most cases, the seria
number/market code for the unit is set to a known "universal" case (RAR
THESE DAYS) or, better yet, the comparison checks to determine whic
channels to enable/disable are bypassed by replacing an IC in the unit
Hence, the "descrambler" will always be active, no matter what. Thi
latter type of chip is superior because it cannot be disabled and i
said to be "bullet proof", even if the cable company finds out about
"universal" serial number. (When the cable company finds out about
universal serial number, it is easy for them to disable the converte
with a variation on the "bullet" described below.
................................Cubes..................................
A relatively new "test device" has been advertised in magazines suc
as Electronics Now (formerly Radio-Electronics) and Nuts & Volts
It's called a "cube" and it SIMULATES the addressing data signal fo
a cable box. You plug the cable into one side, where it filters ou
the real data signal, and out the other side comes a normal signal
with a new data stream. This new data signal tells whatever boxes ar
connected after it to go into "full-service" mode (including any cabl
company-provided boxes). It is usually a non-destructive signal, and i
the the "cube" is removed from the line, the real data signal gets sen
to the converter which then goes back to normal operating mode. I sa
"usually non-destructive" because there are some cubes that re-progra
the electronic serial number in a box to a new value. (This has th
advantage that it will work with ANY converter the unit was designe
for.) The "non-destructive" versions of the "cube" usually requir
that you provide the serial number from the bottom of the converte
you're interested in "testing". That way a custom IC can be programme
to address that converter with the necessary codes. (Otherwise th
converter would ignore the information, since the serial number the cub
was sending and the one in converter wouldn't match.
...............................Bullets.................................
First and foremost, THE "BULLET" IS NOTHING MORE THAN THE NORMAL CABL
DATA STREAM WITH THE APPROPRIATE "CODE" TO DISABLE A CONVERTER WHIC
HAS NOT BEEN ACKNOWLEDGED BY THE CABLE COMPANY. For instance, the hea
end could send a code to all converters which says "unless you've bee
told otherwise in the last 12 hours, shut down." All legitimate boxe
were individually sent a code to ignore this shut down code, but th
pirate decoders didn't get such a code because the cable company doesn'
have their serial number. So they shut down when the see the "bullet
code. The "bullet" is NOT a harmful high-voltage signal or something a
the cable companies would like you to believe -- if it was, it woul
damage anyone with a cable-ready TV or VCR connected to the cable (no
something the cable company wants to deal with!) The only way to ge
"caught" by such a signal is to contact the cable company and tell the
your illegal descrambler just quit working for some reason. :-) Not
smart thing to do, but you'd be surprised (especially if it's someon
else in the house who calls, like a spouse, child, babysitter, etc.
While we're on the subject, it's also not a good idea to have cabl
service personnel come into your residence and find an unauthorize
decoder. If you have one, use common sense and tell anyone you live wit
to call YOU and NOT the cable company if something goes wrong. Just som
friendly advice..
.............Time Domain Reflectometry / Leak Detection................
The cable company can use a technique called "Time Domain Reflectometry
(TDR) to try and determine how many devices are connected to your cable
In simple terms, a tiny, short test signal is sent into your residenc
and the time domain reflectometer determines the number of connection
by the various "echoes" returned down the cable (since each devic
is at a different point along the cable, they can be counted.) Eac
splitter, filter, etc. will affect this count. A simple way to avoi
being "probed" is to install an amplifier just inside your premise
before any connections. This isolates the other side of the cable fro
the outside, and a TDR will only show one connection (the amplifier)
The cable company also has various ways of detecting signal "leaks
in their cable. The FCC REQUIRES them to allow only so much signal t
be radiated from their cables. You may see a suspicious looking va
driving around your neighborhood with odd-looking antennas on the roof
These are connected inside to field strength meters which help locat
where the leaks are coming from so they can be fixed (to prevent
fine from the FCC!) If you've tampered with a connection at the pol
(say, to hook up a cable that had been disconnected) and didn't do
good job, chances are the connection will "leak" and be easily found b
such a device. This can also happen INSIDE your residence if you us
cheap splitters/amplifiers or have poorly-shielded connections. Th
cable company will ask to come inside, and bring with them a portabl
field strength meter to help them locate the problem. Often they wil
totally remove anything causing the leak, and may go further (e.g.
legal action) if they feel you're in violation of your contract wit
them (which you agree to by paying your bill.) Obviously it's a ba
idea to let cable service personnel into your house if you ARE doin
something you shouldn't (which you shouldn't be in the first place), bu
if you DON'T let them in (as is your right), it will definitely arous
suspicion. Eventually you will have to let them in to fix the "leak", o
they will disconnect your cable to stop the leak altogether. (After all
it's a service, not a right, to receive cable!
...................Some Common Ways Pirates Get Caught.................
There are many ways for a "pirate" to get caught. Since stealing cabl
is illegal in the U.S., you can be fined and sent to jail for theft o
service. Cable companies claim to lose millions of dollars in revenu
every year because of pirates, so they are serious in their pursuit o
ridding them from their system
First, a pirate will often show-off the fact they can get every channe
to their friends. Pretty soon lots of people know about it, and then th
cable company offers a "Turn In A Pirate And Get $100" program. A frien
needs the money and turns the pirate in. Busted
Second, a pirate (or unsuspecting housemate of a pirate who know
nothing about whats going on) calls the cable company to report
problem with the equipment or signal. The cable company makes a servic
call and finds illegal equipment connected to the cable. Busted
Third, during a pay-per-view event such as a fight, the cable compan
offers a free T-shirt to all viewers. Little does the pirate know tha
just before that message appeared on the screen, legitimate viewer'
boxes were told to switch to another channel WHILE STILL DISPLAYIN
THE ORIGINAL CHANNEL NUMBER (yes, cable boxes can do this.) So now th
legitimate subscriber continues to see the "original" signal (withou
the T-shirt offer), while the pirate gets an 800 number plastered o
the screen. The pirate calls, and the cable company gets a list of al
pirates. Busted
Fourth, a big cable descrambler business gets busted. The authoritie
confiscate their UPS shipping records and now have a list of "customers
who most likely ordered descramblers for illegitimate use. Busted
And this is only the beginning. Unconfirmed reports of the cable compan
driving around with special equipment allowing them to determine wha
you're watching on your TV (like HBO, which you don't pay for) have als
been mentioned
........................The Universal Descrambler......................
In May of 1990, Radio-Electronics magazine published an article o
building a "universal descrambler" for decoding scrambled TV signals
There has been much talk on the net about the device, and many hav
found it to be lacking in a number of respects. Several modifications
hoping to fix some of the problems have also been posted, with limite
success. The Universal Descrambler relies on the presence of th
colorburst for its reference signal. In a normal line of NTSC video
the colorburst is 8 to 11 cycles of a 3.579545 MHz clock (that come
out to 2.31 microseconds) which follows the 4.71 microsecond horizonta
sync during the horizontal blanking interval. {Whew!} Since a larg
number of scrambling systems depend on messing with the horizontal syn
pulse to scramble the picture, the Universal Descrambler attempts t
use the colorburst signal to help it replace the tainted sync pulse
Unfortunately, random video inversion is still a problem, as are colo
shifts which occur from distorted or clamped colorburst signals, etc
Most people have not had very good results from the system, even afte
incorporating some modifications
________________________Glossary_of_Related_Terms______________________
{Suggestions or contributions to the glossary are welcome!
CATV: Acronym for Community Antenna TeleVision. Originally cable TV
came about as a way to avoid having everyone in a community hav
to spend a lot of money on a fancy antenna just to get good T
reception. Really all you need is one very good antenna and
then just feed the output to everyone. It was called Communit
Antenna Television (CATV). Of course, it has grown quite a bi
since then and everyone now just calls it cable TV. The ol
acronym still sort-of works.
Converter
A device, sometimes issued by the cable company, to "convert
many TV channels to one specific channel (usually channel 3).
Used early-on when VHF & UHF channels were on different dial
(and before remote controls) to provide "convenience" to cabl
customers. Now mostly considered a nuisance, thanks to th
advent of cable-ready video equipment, they are mainly used a
descramblers
An "addresable" converter is one that has a unique serial numbe
and can be told (individually) by the head-end to act in
certain manner (such as enabling channel x, but not channel y).
Addressable converters nearly always contain descramblers fo
decoding premium services subscribed to by the customer.
Colorburst
Approximately 8 to 10 cycles of a 3.579545 MHz clock sent durin
the HBI. This signal is used as a reference to determine both
hue and saturation of the colors. A separate colorburst signal
is sent for each line of video, and are all exactly in phase (to
prevent color shifts).
Control Signal
The first 11.1 microseconds of a line of NTSC video. The signa
area from 0 to 0.3 volts (-40 to 0 IRE units) is reserved fo
control signals, the rest for picture information. If th
signal is at 0.3 volts (or 0 IRE) the picture will be black.
See IRE Units; Set-up Level.
Field: One half of a full video frame. The first field contain
the odd numbered lines, the second field contains the eve
numbered lines. Each field takes 1/60th of a second t
transmit. Note that both fields contain a complet
vertical-blanking interval and they both (should) have the sam
information during that interval. Since the NTSC standard i
525 lines, each field contains 262.5 lines--therefore it's th
half-line that allows the two fields of a frame to b
distinguished from one another. See Frame; Line.
Frame: An NTSC video signal which contains both fields. A fram
lasts 1/30th of a second. See Field; Line.
Head-end
The main cable distribution facility where your CATV signa
originates from. (Easily identifed by several large satellit
dishes, some smaller ones, and usually an antenna tower.
HBI: Acronym for Horizontal Blanking Interval. The first 11.
microseconds of a line of video. It contains the front porch
the 4.71 microsecond horizontal sync pulse, the 2.3
microseconds of colorburst, and the back porch. The horizonta
sync pulse directs the beam back to left side of the screen
Almost every scrambling method in use today mutataes this par
of the signal in some way to prevent unauthorized viewing. Se
Colorburst
Interlace
Term used to describe the dual-field approach used in the NTS
standard. By drawing every other line, screen flicker i
increased--but if all the lines were painted sequentially, the
top would begin to fade before the screen was completely "painted".
(Computer monitors, which do "paint" from top to bottom, do no
have the problem due to higher refresh rates.
IPPV: Impulse Pay-Per-View. A method whereby a viewer can order a
pay-per-view event "on impulse" by just pushing an "Order" (o
similar) button on a remote control or cable converter keypad
A customer's purchases are sent back to the head-end via
standard telephone connection (the converter dials into the cabl
co. computer and uploads the data) or via radio frequency (RF) if
the cable supports two-way communication (most don't). A pre-se
maximum number of events can be ordered before the box requires
the data to be sent to the head-end for billing purposes
IRE Units
IRE is an acronym for Institure of Radio Engineers. The NTS
standard calls for a peak-to-peak signal voltage of 1 volt.
Instead of referring to the video level in volts, IRE units ar
used instead. The IRE scale divides the 1- volt range into 14
parts, with zero-IRE corresponding to about 0.3V. The ful
scale goes from -40 IRE to +100 IRE. This is convenient scal
to make a distinction between control signals (< 0 IRE) an
picture signals (> 0 IRE). See Control Signal.
Line: A video signal is a series of repeated horizontal lines
consisting of control and picture information. The color NTS
standard allows a total time of 63.56 microseconds for eac
line, and each frame is composed of 525 lines of vide
information. The first 11.1 microseconds make up the horizonta
blanking interval, or control signal, the following 52.46
microseconds make up the picture signal. See HBI; VBI
NTSC: Acronym for National Television Standards Committee (o
Never The Same Color, if you prefer :-)
Picture Signal
The 52.46 microseconds of signal following the control signal.
Information in this area is between 0 and 100 IRE units. Se
IRE Units.
PPV: Acronym for Pay-Per-View. A revenue-enhancing system where
customer's pay to watch a movie or event on a "per view" basis
Cusomers usually place a phone call to a special number and orde
the event of their choice; some systems provide Impulse PPV
The presence of a PPV movie channel or your system guarantee
you have addressable converters. See IPPV
Set-up Level
Picture information technically has slightly less than 100 IR
units available. That's because picture information starts a
7.5 IRE units rather than at 0 IRE units. The area from 0 t
7.5 IRE units are reserved for what is commonly called th
"set-up level". Having a small buffer area between the contro
signal information and the picture information is a "fudg
factor" to compensate for the fact that real-life things tha
don't always work as nicely as they do on paper. :-) See IR
Units.
VBI: Acronym for Vertical-Blanking Interval. The first 26 lines o
an NTSC video signal. This signal is used to direct the bea
back to the upper-left corner of the screen to start the nex
frame. In order for the horizontal sync to continue operating
the vertical pulse is serrated into small segments which kee
the horizontal circuits active. Both actions can then tak
place simultaneously. The VBI is the most common place for
"extra" information to be sent, such as various test signals,
and in some cable systems, a data stream
|
|