Infinite Lives

Introduction

Early smartcards used EEPROM memory to store data which is expected to change such as subscription status or PPV credits. This type of memory required a voltage to be applied to it in order to re-write its contents, a voltage much higher than its typical operating voltage (21 volts, for example, as opposed to the 5 volts required to read the memory). This was provided to the chip via a dedicated input pin, or pad contact in the case of a smartcard such as a viewing card, whenever the contents of the memory were to be changed.

How It Worked

The exposure of the dedicated voltage pin allowed for modification of decoders such that the voltage supplied to the chip when the receiver was instructed to alter the card’s contents would be reduced to a voltage insufficient to enable the chip to be written to. This could be achieved in various ways, perhaps a resistor, a diode with a sufficient voltage drop or installed backwards, a zener diode to restrict the voltage to a given level, or even disconnecting the pin entirely by cutting a conductor or obstructing the pad with an insulator such as a small piece of tape.

Messages broadcast from Sky’s satellites to customers’ receivers which updated their subscription status (such as subscribing, unsubscribing, changing packages, etc) would be received by the decoder and the decoder would attempt to write the change to the viewing card.

The insufficient programming voltage would mean that the changes the decoder believed it had written to the card were not actually committed to memory, so in the event that a subscriber had unsubscribed or their subscription had lapsed, the card could not be instructed to deactivate its subscription and the user would continue to access scrambled Sky channels.

Mitigation

Had there been validation that the changes were correctly written to the card, the decoder would immediately detect that it or the card had been modified or that there was a technical fault. After several failed attempts, it could deny access to scrambled channels and instruct the user to contact their TV service provider.

Use of an alternative type of memory which did not require an additional programming voltage to be applied would have negated the need for an externally-accessible write-enable input, thereby preventing external tampering. Cost, maturity, and availability of alternative memory types may have made this an unattractive or unviable solution, although flash memory had existed for some years by the time these cards were produced.

Actual solution employed: The voltage could be generated internally and prevent external tampering whilst still using the same proven EEPROM memory technology. The card’s chip requires only the typical operating voltage and employs an internal boost converter to create its own programming voltage internally. This makes it considerably more difficult, effectively impossible in any practical sense, to obstruct the programming voltage and prevent writing to the memory.