Since Fixed key channels can be decrypted by any previously authorized box and the keys are stored in rom, it must mean there's only one key and it's never changed. On the other hand, a softcam might be useful for channels that are fixed key encrypted. So, even if we had a softcam at this point you would be able to do nothing without the seed keys or the unit ID of an authorized unit. Anyway, it would seem that until there's a way to brute force the 3 seed keys or derive the seed keys from a unit ID, it's not really cracked.
Anyway, If i understand it correctly the seeds keys are used to decrypt the EEM95 to get the category key, which then is used to derive the program and working keys. Wonder if there's a relationship between those and the unit ID or if they are randomly generated? You would think there must be so the provider can generate the keys to encrypt the EMM. Without a STB to read those from you'd have to brute force them. You need the 3 seed keys from a unit with an active subscription. What he did was extract the keys from ram. From this someone could probably make a softcam emulator but to get keys is going to be the problem. After watching the video, it looks like it's a little more complicated.
