 |
| |||||||
| TV GUIDE | Live Football | Fantasy F1 | Register | Articles | DW Trader | CD Covers | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
| General Cable Discussion This is the general cable tv forums where you can talk about cable tv. |
| | LinkBack | Thread Tools | Display Modes |
30th November 2008, 11:14
| #111 (permalink) | |
| DW Guru   Join Date: Dec 2004 Location: here, there and everywhere
Posts: 2,077
Downloads: 23 Uploads: 0 Thanks: 24
Thanked 26 Times in 15 Posts
Feedback Score: 0 reviews   | Re: keyroll emm and the fix (code it ur self) Quote:
correct section http://www.digitalworldz.co.uk/18733...iles-here.html i really hope someone can do a dummies guide to this as i have read this thread numerous times and am still none the wiser....  .....lol....i get the concept of what needs to be done with a patch (a little bit of redirection ) but to be honest when i look at the code it just starts to blur into one big jumbled up mess...lol... Last edited by sempi; 30th November 2008 at 11:22. | |
|
    |
|
30th November 2008, 11:19
| #112 (permalink) |
| Senior Member +++  Join Date: Sep 2007
Posts: 327
Downloads: 0 Uploads: 0 Thanks: 4
Thanked 1 Time in 1 Post
Feedback Score: 0 reviews | Re: keyroll emm and the fix (code it ur self) cheers cydine for all your work and the others who have shown some intrest.... good work on the rom 10 patch...... we all need the basic stuff...like what the numbers mean on the code and wat its doing in real english lol.......im sure a lot of folk could poss understand more if this was done. |
|
|
|
|
30th November 2008, 11:23
| #113 (permalink) |
| Member +   Join Date: May 2007
Posts: 61
Downloads: 0 Uploads: 0 Thanks: 0
Thanked 0 Times in 0 Posts
Feedback Score: 0 reviews | Re: keyroll emm and the fix (ATMEGA Redneck) I know a ATMEGA fix has been posted but i am still trying to code my own. Not getting on as well as the last time. Any coders who can look at the KEYMASK below and tell me what i have wrong (as i cannot get it pass ) Code: ;------------------------------------------------------------------------------------------------ ; Keychange Method 8 ;------------------------------------------------------------------------------------------------ ; ; This is to handle the new keyroll method as implemented on 27/11/08 by NTL/TW ; KEYMASK8_data: .DB 0x3F,0x00,0x01,0xFA,0x5F,0xA6,0x00,0xB7 .DB 0x41,0xA6,0x02,0x2D,0x07,0x9B,0xCD,0x20 .DB 0x20,0x9A,0x20,0x03,0xCD,0x20,0x20,0x9F .DB 0xB8,0x00,0xB7,0x00,0x9F,0xB8,0x00,0xB7 .DB 0x00,0xA6,0x26,0xCC,0x6B,0x01,0x00,0x00 .DB 0x00,0x83,0x00,0x01,0x42,0x05,0x11,0x11 .DB 0x11,0x11,0x11,0x11,0x11,0x11,0x42,0x85 .DB 0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22 CHKKEYMASK8: LDI YH, high(M) ;Set Y pointer to start of decrypted EMM in RAM (0x019B) LDI YL, low(M) LDI ZH, high(KEYMASK8_data * 2) ;Set Z pointer to start of KEYMASK8 * 2 in Flash LDI ZL, low(KEYMASK8_data * 2) CLR R18 KEYMASK8TOP: CPI R18,0x01 BREQ KEYMASK8CHKLOOP CPI R18,0x06 BREQ KEYMASK8CHKLOOP CPI R18,0x19 BREQ KEYMASK8CHKLOOP CPI R18,0x1B BREQ KEYMASK8CHKLOOP CPI R18,0x1E BREQ KEYMASK8CHKLOOP CPI R18,0x20 BREQ KEYMASK8CHKLOOP ; Byte is a mask byte so check that its what we expect LPM LDD R17,Y+0 CP R0,R17 BRNE KEYMASK8CHKLOOPEND ; No, not an EMM we can use so exit KEYMASK8CHKLOOP: ADIW R30,0x01 ;Increase the ZL Flash pointer INC R28 ;Increase the YL EMM Buffer pointer INC R18 CPI R18,0x25 ;Have we done all 25 bytes of the EMM ? BRNE KEYMASK8TOP ;Nope carry on checking the mask RCALL DOKEYROLL8 ;Yes this is a keychange EMM so handle keyroll
__________________ You only need two things to fix anything. WD40 and Duct Tape. If it should move and doesn't Use WD40 If it moves and it shouldn't use the Duct Tape.  |
|
|
|
|
30th November 2008, 16:00
| #114 (permalink) |
| Member + Join Date: May 2007
Posts: 61
Downloads: 0 Uploads: 0 Thanks: 0
Thanked 0 Times in 0 Posts
Feedback Score: 0 reviews | Re: keyroll emm and the fix (code it ur self) Got it working at last. will post my Redneck Keyroll Code if anyone wants it
__________________ You only need two things to fix anything. WD40 and Duct Tape. If it should move and doesn't Use WD40 If it moves and it shouldn't use the Duct Tape. |
|
|
|
|
30th November 2008, 16:29
| #115 (permalink) |
| Jnr Member Join Date: Nov 2008
Posts: 17
Downloads: 0 Uploads: 0 Thanks: 0
Thanked 0 Times in 0 Posts
Feedback Score: 0 reviews | Re: keyroll emm and the fix (code it ur self) Yes please Windy, that would be very helpful for those of us who are trying to understand how to make good avr asm. |
|
|
|
|
30th November 2008, 17:33
| #116 (permalink) |
| Member + Join Date: May 2007
Posts: 61
Downloads: 0 Uploads: 0 Thanks: 0
Thanked 0 Times in 0 Posts
Feedback Score: 0 reviews | Re: keyroll emm and the fix (code it ur self) Additional keyroll code to go into Redneck autoroll.asm (don't forget to add RCALL CHKKEYMASK8 to list of Keyrolls to call new Roll method) Code:
;------------------------------------------------------------------------------------------------
; Keychange Method 8
;------------------------------------------------------------------------------------------------
;
; This is to handle the new keyroll method as implemented on 27/11/08 by NTL/TW
;
KEYMASK8_data:
.DB 0x3F,0x00,0x01,0xFA,0x5F,0xA6,0x00,0xB7
.DB 0x41,0xA6,0x02,0x2D,0x07,0x9B,0xCD,0x20
.DB 0x20,0x9A,0x20,0x03,0xCD,0x20,0x20,0x9F
.DB 0xB8,0x00,0xB7,0x00,0x9F,0xB8,0x00,0xB7
.DB 0x00,0xA6,0x26,0xCC,0x6B,0x01,0x00,0x00
.DB 0x00,0x83,0x00,0x01,0x42,0x05,0x11,0x11
.DB 0x11,0x11,0x11,0x11,0x11,0x11,0x42,0x85
.DB 0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22
CHKKEYMASK8:
LDI YH, high(M) ;Set Y pointer to start of decrypted EMM in RAM (0x019B)
LDI YL, low(M)
LDI ZH, high(KEYMASK8_data * 2) ;Set Z pointer to start of KEYMASK8 * 2 in Flash
LDI ZL, low(KEYMASK8_data * 2)
CLR R18
KEYMASK8TOP:
CPI R18,0x01
BREQ KEYMASK8CHKLOOP
CPI R18,0x06
BREQ KEYMASK8CHKLOOP
CPI R18,0x19
BREQ KEYMASK8CHKLOOP
CPI R18,0x1B
BREQ KEYMASK8CHKLOOP
CPI R18,0x1E
BREQ KEYMASK8CHKLOOP
CPI R18,0x20
BREQ KEYMASK8CHKLOOP
; Byte is a mask byte so check that its what we expect
LPM
LDD R17,Y+0
CP R0,R17
BRNE KEYMASK8CHKLOOPEND ; No, not an EMM we can use so exit
KEYMASK8CHKLOOP:
ADIW R30,0x01 ;Increase the ZL Flash pointer
INC R28 ;Increase the YL EMM Buffer pointer
INC R18
CPI R18,0x20 ;Have we done all 20 bytes of the EMM ?
BRNE KEYMASK8TOP ;Nope carry on checking the mask
RCALL DOKEYROLL8 ;Yes this is a keychange EMM so handle keyroll
KEYMASK8CHKLOOPEND:
RET
;If the mask check above passed then we are going to do the following block of code to process
;a Type 8 Keyroll .
;
DOKEYROLL8:
;
;
; Do Key 0
;
LDI YH, high(MP) ;Load Y with memory pointer
LDI YL, low( MP)
LDS R16, (MP+ 0x19) ;Load R16 with emm key byte
SUBI R16,0x7d ;Subtract difference in memory position from offset to emm buffer byte
ADD R28,R16 ;Set Y to point to byte to xor (R28=YL)
LD R17,Y ;Load R17 with keyByte from emm position
LDS R18,(MP + 0x06) ;Load R18 with XOR Value
EOR R17,R18 ;XOR byte (R17 now hold write back value)
LDI YL, low( MP) ;Set Y pointer back to start of buffer
LDS R18, (MP + 0x1B) ;load keywrite back byte value
SUBI R18,0x7d ;Subtract difference in memory position from offset to emm buffer byte
ADD R28, R18 ;Set Y to point to byte to write back xor byte (R28=YL)
ST Y, R17 ;Write keyByte back to emm position
;
;
; Do Key 1
;
LDI YH, high(MP) ;Load Y with memory pointer
LDI YL, low( MP)
LDS R16, (MP+ 0x1E) ;Load R16 with emm key byte
SUBI R16,0x7d ;Subtract difference in memory position from offset to emm buffer byte
ADD R28,R16 ;Set Y to point to byte to xor (R28=YL)
LD R17,Y ;Load R17 with keyByte from emm position
LDS R18,(MP + 0x06) ;Load R18 with XOR Value
EOR R17,R18 ;XOR byte (R17 now hold write back value)
LDI YL, low( MP) ;Set Y pointer back to start of buffer
LDS R18, (MP + 0x20) ;load keywrite back byte value
SUBI R18,0x7d ;Subtract difference in memory position from offset to emm buffer byte
ADD R28, R18 ;Set Y to point to byte to write back xor byte (R28=YL)
ST Y, R17 ;Write keyByte back to emm position
; Copy new Key 0 to buffer
LDI XH, high( MP + 0x2E)
LDI XL, low( MP + 0x2E )
LDI R29,0x02
LDI R28,0x63
LDI R18,0x08
KR8_1:
LD R16,X+
ST Y+,R16
DEC R18
BRNE KR8_1
; Copy new Key 1 to buffer
LDI XH, high( MP + 0x38 )
LDI XL, low( MP + 0x38 )
LDI R29,0x02
LDI R28,0x6B
LDI R18,0x08
KR8_2:
LD R16,X+
ST Y+,R16
DEC R18
BRNE KR8_2
; Write new keys to ext EEprom
RCALL Update_Keys
RET
__________________ You only need two things to fix anything. WD40 and Duct Tape. If it should move and doesn't Use WD40 If it moves and it shouldn't use the Duct Tape. |
|
|
|
|
30th November 2008, 21:15
| #118 (permalink) |
| DW Guru ++  Join Date: Jul 2005 Location: In the bookies
Posts: 5,276
Downloads: 0 Uploads: 0 Thanks: 5
Thanked 0 Times in 0 Posts
Feedback Score: 0 reviews | Re: keyroll emm and the fix (code it ur self) IDA pro? anyone link me to it?can find a freeware version 4.9 will this work?
__________________ It matters not how strait the gate. How charged with punishments the scroll,I am the master of my fate,I am the captain of my soul. |
|
|
|
|
30th November 2008, 21:23
| #119 (permalink) | |
| Senior Member +++  Join Date: Feb 2006
Posts: 313
Downloads: 2 Uploads: 0 Thanks: 0
Thanked 0 Times in 0 Posts
Feedback Score: 0 reviews | Re: keyroll emm and the fix (code it ur self) Quote:
 | |
|
|
|
|
30th November 2008, 21:41
| #120 (permalink) | |
| Senior Member ++   Join Date: Feb 2006 Location: Notts
Posts: 264
Downloads: 0 Uploads: 0 Thanks: 0
Thanked 0 Times in 0 Posts
Feedback Score: 0 reviews | Re: keyroll emm and the fix (code it ur self) Quote:
RapidShare: Easy Filehosting Pass: vx.eof-project.net
__________________  If everything seems in control, you're just not going fast enough!!! | |
|
|
|
| Bookmarks |
| Tags |
| code, ecm, emm, fix, keyroll |
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
