[InitialLastName]

On the last thing, AIUI from some research (confirmed as plausible by experience with similar systems):

- The stream channels themselves are encrypted or scrambled in a way that is hard to unwind unless you have the keys (keeping non-SiriusXM radios from working)

- Each radio has two important pieces of information: a decryption key from SiriusXM and a UUID (I'd guess 64bit, as that's a pretty standard size for hardware-baked-in UUIDs. It might be 128bit instead). You can look up the UUID for your radio. Both of those things, by the way, are bog-standard now in consumer embedded systems exactly because they help prevent bootlegging.

- Channel 0 is an ID channel that constantly streams out a list of valid UUIDs and other configuration data. An un-activated radio can only tune that channel. When it sees its own ID, it enables the rest of the channels.

Quick sanity check: Assuming they have 40 million subscribers and can pass UUIDs at roughly audio rate (to make the math easy, 16-bit, 50kHz), that makes it about an hour to sync all the users. That can probably be watched by your radio in the background, so it's only an issue for initial activation.

[londons_explore]

This may be the way SirusXM works, but it is far from optimal. The best scheme is to give the radios simple sequential (or near sequential) id's, and have the station transmit a bitmap of which id's are enabled/disabled. Then it's one bit per subscriber, and can be transmitted in a few seconds. That bitmap is authenticated by a public key stored in the radio. You might want to run length encode the bitmap if you assume that in 30 years there might still be a handful of ancient radios still alive you wish to service.

Satellite bandwidth is expensive... Activation time is annoying for customers... The above scheme saves either (or both).

[tshaddox]

Just a random thought regarding activation: they could also have a channel broadcasting all new activations, so that you could put your radio into an activation mode while you're finalizing your subscription. Or they could give you an activation code that you could enter manually somehow (it could just be a simple message signed with Sirius' private key).

[InitialLastName]

Yeah, TBH I just assumed it was a unique ID baked into hardware because sequential IDs are a pain to manage, but your idea would be more efficient in the base case. As far as I can tell they also transmit things like channel-specific activations, but the sequential concept still works if that is a bitmap.

[tshaddox]

Yeah, they definitely must do decryption on the device, which means they must have some tamper-proof chip that has never been broken (as far as I can tell, there's no leaked decryption key). That's actually pretty surprising to me.

[InitialLastName]

Well, now I've got to get a radio and have a look.

Looking at teardowns of the current Onyx radio [0], the NXP LPC4078FET180 has both a unique ID and some mechanisms to make it very difficult to read the programmed code externally. One option would be to store the key there, and use that mcu to run all the audio decryption, processing, device activation, and protocol updates (under the control of the TMX570 running the UI etc).

[0] https://fccid.io/RS2SXPL1/Internal-Photos/Onyx-Plus-Internal...