How Star Trek Breached The Defences Of A Major Broadcaster

Back in 2000 in the brief lull between COVID lockdowns in the UK, I found myself abruptly on the move, with a very short time indeed to move my possessions into storage. As I was going through the accumulated electronic detritus of over four decades, I happened upon a grey box with some wires hanging out of it, and more than a few memories. This was a Sky VideoCrypt decoder, and the wires were part of the so-called “Season” interface to attach it to the serial port of a PC. It had this modification in the hope of catching some unauthorised free satellite TV, and in its day this particular hack caused some headaches for the broadcaster.

When More Than 4 Channels Was A Novelty

Break encryption? This man can make it so. Stefan Kühn, CC BY-SA 3.0.

In the 1980s and early 1990s, there was very little in the way of digital broadcasting on either satellites or terrestrial networks, almost everything on TV was sent out as standard definition analogue video. The four terrestrial channels where I grew up were all free-to-air, and if you had a satellite dish you could point it at any one of a variety of satellites and receive more free-to-air channels if you didn’t mind most of them being in German. Premium satellite programming was encrypted though, either through a range of proprietary analogue schemes, or for the British broadcaster Sky’s offering, through their VideoCrypt system. This used a 64 kB buffer to store each line of video, and rotate it round any one of 256 points along its length, resulting in an unintelligible picture.

Sky was the UK’s big gorilla of premium broadcasters, a role they kept for many years, and which was only eroded by the advent of streaming services. As such they snapped up exclusive first access to much of the most desirable content of the day, restricting it to only their British pay-to-subscribe customers. A viewer in the UK who grumbled about Star Trek Next Generation not being on the BBC could at least cough up for Sky, but if they didn’t have a British address they were out of luck. It was in this commercial decision, whether it was based upon business or on licensing, that Sky unwittingly sowed the seeds of Videocrypt’s demise.


How Trekkies Broke An Encryption System

Star Trek is a very popular program in our community. And it’s popular not just among British hackers, but also among Germans, who sadly couldn’t get a Sky subscription to watch it. This provided all the motivation needed for one of them to set to work, and from that was born the interface I had inside my hacked VideoCrypt box. It was called Season7 after TNG season 7, and it worked by having the PC emulate the smart card supplied to subscribers by Sky.

VideoCrypt in action. Zcooger, CC BY-SA 4.0.

At this point it’s worth explaining from memory some of the workings of a VideoCrypt decoder. Hardware-wise it had the video interfaces and that 64 kB line buffer, controlled by a processor which matched the sequence of line flips to that transmitted. The encryption itself was determined by a piece of software running on a microcontroller in the smart card, which talked via a serial link to another microcontroller in the decoder. This then fed the codes to the main processor. The Season7 code ran on a PC and emulated the smart card, and the “hack” was a MAX232 level shifter between the smart card serial pins and a PC serial connector.

In the early 1990s there was not a lot in the way of home internet usage in the UK, so the Season software would arrive passed around on floppies that some lucky person with USENET access had downloaded. The mystery German Star Trek fan soon found himself in a battle of wills with Sky, who changed the cards and tweaked the algorithm in an arms race that meant trying to watch Sky with Season was a patchy affair at best. There were a few of us in my local radio club who played around with it, but it’s fair to say that as a TV service, it was cumbersome and unreliable. Eventually Sky released a new card that couldn’t be cracked by Season, then moved to an all-digital system, and this particular chapter in hacker history drew to a close.

Our Mystery Hacker Went On To Great Things

Thirty years later and having a nose around the Internet, I’m pleased to find that not only does the mystery German hacker have a name, he also posted a Season FAQ back in the day. He’s now an academic at Cambridge University, his name’s Markus Kuhn, and his FAQ can be found in his university website. It’s a trip down memory lane for me, and a realisation that had I had an internet connection of my own back in 1994 my Season usage might have been more successful.

This is a thirty year old tale of a long-gone technology, but it’s a little piece of hardware hacker culture from that decade that’s worth recording. I’m sorry to say I didn’t have the room for my VideoCrypt decoder, so it went into the e-waste. Meanwhile, after Sky’s first broadcast rights to TNG season 7 expired it aired on the BBC and other terrestrial channels, so I, and presumably the Germans too, were able to watch it legally.

Header image: Riton99, CC BY-SA 4.0.







Leave a Reply

Your email address will not be published. Required fields are marked *

Generated by Feedzy