Emu now on final straight.

babycakes said:
What is the difference between the ROM and EMU? How do they deal with the incorrect byte of the key?
Click to expand...

The Emulator is the thing that creates an environment that looks like the hardware of a Nagra card. Within that environment the code from the Rom is run, along with any code from Emm's etc.

The present problem is down the the emulator not fully copying the cards hardware functions. Kudelski (the creators of Nagra) have exploited this weakness in the emulator by creating an Emm that attempts to manipulate a hardware control register in a particular way that a real card wouldn't allow.

In order to fix the problem the emulator needs to be fixed so that the hardware emulation of this particular register is more consistant with what happens on a real card.

An alternative fix, which isn't really a fix (its more of a kludge) is to patch the ROM code in such a way that whenever an Emm is delivered to the emulator the patch gains control, examines the Emm, determines if its a keyroll and, if it is, then patches that keyroll to make the problem code go away. The emulator will no longer see the bad hardware manipulation.

In essance the, the patch changes a keyroll like so -

Code: 
You don't have permission to view the code content. Log in or register now.

The loads from register 2 are replaced by constant value loads (obviously loading the correct values that would be expected from Register2 on a real card).
 
A simpler patch is just to patch

0084: A4 10 and #$10

and

0092: A4 18 and #$18

To

0084: A6 10 lda #$10

and

0092: A6 18 lda #$18

That way the correct values are loaded for xor'ing parts of the key with. Not only is it a smaller patch, but iirc you mentioned something about the linux emulators not liking the bit clear opcodes all that much in another thread (i.e. you can't set bit 0 of $02 to 0?), so it's necessary for the correct xor values to be calculated (and this is indeed what's done in the current patches for the roms used with evocamd etc.).

That said, if the values they pulled out of $02 and manipulated didn't turn out to be $10 and $18 anyway then a patch like yours would be entirely necessary, I think (as well as nop'ing out the bit clear).
 
Last edited:
nozzer said:
The Emulator is the thing that creates an environment that looks like the hardware of a Nagra card. Within that environment the code from the Rom is run, along with any code from Emm's etc.

The present problem is down the the emulator not fully copying the cards hardware functions. Kudelski (the creators of Nagra) have exploited this weakness in the emulator by creating an Emm that attempts to manipulate a hardware control register in a particular way that a real card wouldn't allow.

In order to fix the problem the emulator needs to be fixed so that the hardware emulation of this particular register is more consistant with what happens on a real card.

An alternative fix, which isn't really a fix (its more of a kludge) is to patch the ROM code in such a way that whenever an Emm is delivered to the emulator the patch gains control, examines the Emm, determines if its a keyroll and, if it is, then patches that keyroll to make the problem code go away. The emulator will no longer see the bad hardware manipulation.
Click to expand...

gr0wl said:
A simpler patch is just to patch

0084: A4 10 and #$10

and

0092: A4 18 and #$18

To

0084: A6 10 lda #$10

and

0092: A6 18 lda #$18

That way the correct values are loaded for xor'ing parts of the key with. Not only is it a smaller patch, but iirc you mentioned something about the linux emulators not liking the bit clear opcodes all that much in another thread (i.e. you can't set bit 0 of $02 to 0?), so it's necessary for the correct xor values to be calculated (and this is indeed what's done in the current patches for the roms used with evocamd etc.).

That said, if the values they pulled out of $02 and manipulated didn't turn out to be $10 and $18 anyway then a patch like yours would be entirely necessary, I think (as well as nop'ing out the bit clear).
Click to expand...


God you sure know your stuff :Clap: :Clap: :Clap:
 
gr0wl said:
A simpler patch is just to patch

0084: A4 10 and #$10

and

0092: A4 18 and #$18

To

0084: A6 10 lda #$10

and

0092: A6 18 lda #$18

That way the correct values are loaded for xor'ing parts of the key with. Not only is it a smaller patch, but iirc you mentioned something about the linux emulators not liking the bit clear opcodes all that much in another thread (i.e. you can't set bit 0 of $02 to 0?), so it's necessary for the correct xor values to be calculated (and this is indeed what's done in the current patches for the roms used with evocamd etc.).

That said, if the values they pulled out of $02 and manipulated didn't turn out to be $10 and $18 anyway then a patch like yours would be entirely necessary, I think (as well as nop'ing out the bit clear).
Click to expand...

Ex-Squeeze me?...Baking powder?!!!
 
Last edited:
You must log in or register to reply here.

Similar threads

O
    • Like
Eden Project day ticket; £1 for universal credit & pension credit & legacy payment claimants
Replies
2
Views
377
Oggiman
O
O
    • Like
FREE: IPTV Smart Player Pro (for Android), Google Play
Replies
1
Views
366
Kryton
Kryton
O
    • Like
World News NASA plans Armageddon-style deflection after experts name date asteroid could hit Earth
Replies
0
Views
275
Oggiman
O
alimac
    • Like
Basilisk Browser
Replies
0
Views
259
alimac
alimac
Kodi Tech
https www Twitch TV Activate Code on PS, Roku, Xbox, iOS and so forth
Replies
1
Views
412
stormrider
stormrider
Back
Top