I'm doing the Atmega Challenge

[nozzer]

@nozzer - alrite, i get it now. so we use emmstudio to decipher the rom10/11 code which then allows us to code our own code which works the same as the rom10/11 code? no wait that sounds the same as my earlier post. hmm, let me try again. so our atmega au contains code which looks at emm's and acts on bytes according to which emm it finds? does our code just do the same things that the rom10/11 code does? (in other words, the lda x and stuff that emmstudio decrypts, do we just copy those steps in our code?)

Effectively, yes. The idea is to suss out what an Emm does (using Emmstudio to decrypt it and disassemble it into 6805/ST7 code) and then to implement the same functionality in Atmel code (very different to 6805/ST7 code).

For Fun/ATMega cards the AU function consists of 2 distinct parts. The Emm recogniser, which basically just scans the Emm's and tries to recognise the new keyrolls whilst rejecting everything else, and the actual keyroll handler, which takes the recognised keyroll Emm and reconstructs actual new keys then saves them away for use.

 

[dont do it it"ll hurt]

Never used UltraEdit but sounds like its in hex edit mode. Dunno if there's an option to switch it to normal mode or whether it is actually a hex editor.

sorry i was opening the wrong file wot a fookin twot lol

 

[DodgyTech]

Effectively, yes. The idea is to suss out what an Emm does (using Emmstudio to decrypt it and disassemble it into 6805/ST7 code) and then to implement the same functionality in Atmel code (very different to 6805/ST7 code).

For Fun/ATMega cards the AU function consists of 2 distinct parts. The Emm recogniser, which basically just scans the Emm's and tries to recognise the new keyrolls whilst rejecting everything else, and the actual keyroll handler, which takes the recognised keyroll Emm and reconstructs actual new keys then saves them away for use.

wicked, at least i am on the right track. with me, i like to break down problems that i am faced with into individual components so that i may understand what i am doing and also maybe improve what i am doing or even find better ways of doing stuff.

i've been so busy that i haven't been able to sit down at the comp properly to continue.

just confirm for me mate, the keys are always in the bytes dump (scrambled) with the rom10/11 code used to unscramble them?

 

[nozzer]

just confirm for me mate, the keys are always in the bytes dump (scrambled) with the rom10/11 code used to unscramble them?

So far, in the uk, yes, but not necessarily !

Have a look above at the plain vanilla keyroll used by another provider.

 

[despdan]

Hi nozzer

just starting out on this & have a couple of noob questions on the following

; FA -> RUN CODE FOR ROM10:
; ;3F41A602CD90E33F 4DA6B9B74EA60ECD 90E3A6ADB74EA60E CD90E3A621CC6B01
; 835B014205F29612 F4475D5100000000 3C8B73CE26E32600 BC4285BD

; DISASSEMBLY OF CODE:
; ------------------------------
;
; 0081: 3F 41 clr TEMPA ; <-- 0
; 0083: A6 02 lda #$02 ; Load in A
; 0085: CD 90 E3 jsr $90E3 ; Go to subroutine
; 0088: 3F 4D clr RC2L ; <-- 0
; 008A: A6 B9 lda #$B9 ; Load in A
; 008C: B7 4E sta RC3H ; Store A in...
; 008E: A6 0E lda #$0E ; Load in A
; 0090: CD 90 E3 jsr $90E3 ; Go to subroutine
; 0093: A6 AD lda #$AD ; Load in A
; 0095: B7 4E sta RC3H ; Store A in...
; 0097: A6 0E lda #$0E ; Load in A
; 0099: CD 90 E3 jsr $90E3 ; Go to subroutine
; 009C: A6 21 lda #$21 ; Load in A
; 009E: CC 6B 01 jmp $6B01 ; Jump

where do you get the first 4 digits in the line? eg 0085: CD 90 E3
After them next 2 digits are the instruction then the following are values?

Also how would i get the following code for my provider 5E01. So i can see how it looks. Have dbv viewer on dreambox & vplug on pc

3F41A602CD90E33F 4DA6B9B74EA60ECD 90E3A6ADB74EA60E CD90E3A621CC6B01
; 835B014205F29612 F4475D5100000000 3C8B73CE26E32600 BC4285BD

 

[DodgyTech]

the 0085 i don't believe "we" get that. i think that is just an instruction reference put there by EMM studio.

 

[despdan]

the 0085 i don't believe "we" get that. i think that is just an instruction reference put there by EMM studio.

Thanks

Am i right on the other bit?

Ok ran the MAKE32 & got the following

Creating 'redneck.eep'
Creating 'Redneck.hex'
Creating 'redneck.obj'
Creating 'redneck4.lst'
Creating 'redneck.map'

Assembling 'redneck4.asm'
Including 'm163def.inc'
redneck4.asm(77) : redneck4.asm(78) : redneck4.asm(80) : Including 'i2c.inc'
Including 'autoroll.asm'
Including 'Choruskeys.asm'
Including 'MUL8x8_m.asm'
Including 'MUL32x32.ASM'
Including 'SQU32x32.ASM'
Including 'MulMonty.asm'
Including 'Decrypt1.asm'
Including 'Div_Modu.asm'
Including 'ExpMod.asm'
autoroll.asm(70) :
Assembly complete with 1 error

Deleting 'redneck.eep'
Deleting 'redneck.obj'
Deleting 'Redneck.hex'
Deleting 'redneck.map'

Missing files Redneck.hex & redneck.map Any ideas?

 

[DodgyTech]

you have a problem somewhere. Where did you get your files from?

 

[despdan]

you have a problem somewhere. Where did you get your files from?

edds i think sent me them.

 

[edds]

edds i think sent me them.

I missed nowt out. They are as downloaded from here a few years ago.

 

[despdan]

I missed nowt out. They are as downloaded from here a few years ago.

Sorry edds wasn't complaining. I am greatfull you sent them just started into it so am learning slowly no knowlage of this stuff.
just willing to learn if i can but after reading the posts it may be a bit of a challange???

 

[edds]

Sorry edds wasn't complaining. I am greatfull you sent them just started into it so am learning slowly no knowlage of this stuff.
just willing to learn if i can but after reading the posts it may be a bit of a challange???

Hey no worries, I didn't think you were. I just wanted to state the facts. I too am experiencing the same error and yet when I ran the batch file ages ago it did work.

 

[despdan]

Hey no worries, I didn't think you were. I just wanted to state the facts. I too am experiencing the same error and yet when I ran the batch file ages ago it did work.

Yeh had a look at your status file

Creating 'Redneck.hex'
Creating 'redneck.obj'
Creating 'redneck4.lst'
Creating 'redneck.map'

Assembling 'redneck4.asm'
Including 'm163def.inc'
redneck4.asm(77) : redneck4.asm(78) : redneck4.asm(80) : Including 'i2c.inc'
Including 'autoroll.asm'
Including 'ntlkeys.asm'
Including 'MUL8x8_m.asm'
Including 'MUL32x32.ASM'
Including 'SQU32x32.ASM'
Including 'MulMonty.asm'
Including 'Decrypt1.asm'
Including 'Div_Modu.asm'
Including 'ExpMod.asm'

Program memory usage:
Code : 5055 words
Constants (dw/db): 577 words
Unused : 2469 words
Total : 8101 words

Assembly complete with no errors.
Deleting 'redneck.eep'

 

[despdan]

@edds

in the file autoroll.ASM on line 70

RCALL CHKKEYMASK99

i deleted this & have it working.

hope this helps

 

[nozzer]

If your having problems with using the command line assembler (DOS) then i'd recommend you to install AVRStudio. Download for free direct from the Atmel website.

AVRStudio gives you a nice project editor as well as a full device simulator allowing you to single step through code instruction by instruction or via breakpoints.

As an option you can also install the ATmega 'C' toolchain of the free GNU toolchain and write programs in 'C' if you wish.......

 

[edds]

@edds

in the file autoroll.ASM on line 70i deleted this & have it working.

hope this helps

Ah, solved, bugger I remember now, that's a fake call I added to the file to call a "subroutine" and forgot to rem it out. Sorry. :silly:

 

[DodgyTech]

lool @ edds. Yeah I noticed that line in the file too. Honestly, haven't had a chance to touch the challenge while I have been dealing with my now recovered hard drive.

Well done despan for starting on the challenge and sorting out your first bug.

@nozzer: Thanks for the tip

 

[despdan]

:wtf:

If your having problems with using the command line assembler (DOS)

then i'd recommend you to install AVRStudio. Download for free direct from the Atmel website.

:thnks: thats going to help

As an option you can also install the ATmega 'C' toolchain of the free GNU toolchain and write programs in 'C' if you wish.......

Jesus are you trying to put me off :Laugh::Laugh:

 

[edds]

Wish there was a VB option instead, lol.

 

[despdan]

Whats the best card to use for this project?

The NEW Atmega 128 Wafer with an 18.000 MHz XTAL is this the one i should go for? Will a Infinity USB programme these cards?

I have a few fun VI 85A(1024)would these be any good?