ok guyz not my work
credit goes to dstream from wizardmodz
Key roll ecm and the fix go do it its simple
--------------------------------------------------------------------------------
DECRYPTED EMM:
--------------------------------------------------------
SIGNATURE: OK!
3F -> Filter: ANY CARD
5401 PROVIDER ID (NTL)
FA -> RUN CODE FOR ROM10:
5FA679B741A6022D 079BCD20209A2003 CD20209FB8B1B7B1 9FB8B6B7B6A626CC
6B01000000835501 420562BD220AC686 E593428580D4D1D3 8090FF2B
DISASSEMBLY OF CODE:
------------------------------
0081: 5F clrx ; x <-- 0
0082: A6 79 lda #$79 ; Load in A
0084: B7 41 sta TEMPA ; Store A in...
0086: A6 02 lda #$02 ; Load in A
0088: 2D 07 bms $91 ; Branch if mask=1
008A: 9B sei ; I <-- 1
008B: CD 20 20 jsr $2020 ; Go to subroutine
008E: 9A cli ; I <-- 0
008F: 20 03 bra $94 ; Branch always
0091: CD 20 20 jsr $2020 ; Go to subroutine
0094: 9F txa ; X --> A
0095: B8 B1 eor $B1 ; A= A xor ...
0097: B7 B1 sta $B1 ; Store A in...
0099: 9F txa ; X --> A
009A: B8 B6 eor $B6 ; A= A xor ...
009C: B7 B6 sta $B6 ; Store A in...
009E: A6 26 lda #$26 ; Load in A
00A0: CC 6B 01 jmp $6B01 ; Jump
BYTES DUMP:
---------------------
00A3: 00 00 00 83 55 01 42 05
00AB: 62 BD 22 0A C6 86 E5 93
00B3: 42 85 80 D4 D1 D3 80 90
00BB: FF 2B
current keys are in the file for all to see if your stuck. This is the current streams new key update
00A3: 00 00 00 83 55 01 42 05
00AB: 62 BD 22 0A C6 86 E5 93 <<<< b1 key altered e5 to 9c for all thos what xors e5 to 9c use windows calc
00B3: 42 85 80 D4 D1 D3 80 90 <<<< b6 is altered from d4 to ad and stored back to the memory
00BB: FF 2B
current keys are in the file for all to see if your stuck. This is the current streams new key update
if you want it handed to you on a plate the file is doing a xor on byte b1 thats the e5 bit of the key
9F txa ; X --> A
0095: B8 B1 eor $B1 ; A= A xor ... key is e5 now 9c
0097: B7 B1 sta $B1 ; Store A in...
0099: 9F txa ; X --> A
009A: B8 B6 eor $B6 ; A= A xor ... load byte from b6 key is d4 now ad
009C: B7 B6 sta $B6
if you want it any simpler
its taking memory location b1 in the decrypted key xoring it with 79 storing it back in and copying it down
then it getting byte b6 xoring it with 79 hex and restoring it
0094: 9F txa ; X --> A ld a with#79
0095: B8 B1 eor $B1 ; A= A xor ... xor location b1 with a i.e #79
0097: B7 B1 sta $B1 ; Store A in... its turned e5 to 9c
0099: 9F txa ; X --> A ld a with 79
009A: B8 B6 eor $B6 ; A= A xor ... xor location b6 with a #79
009C: B7 B6 sta $B6 ; Store A in... its turned d4 to ad
009E: A6 26 lda #$26 ; Load in A store key all updated
00A0: CC 6B 01 jmp $6B01 ; Jump
go write the code its a piss easy one
credit goes to dstream from wizardmodz
Key roll ecm and the fix go do it its simple
--------------------------------------------------------------------------------
DECRYPTED EMM:
--------------------------------------------------------
SIGNATURE: OK!
3F -> Filter: ANY CARD
5401 PROVIDER ID (NTL)
FA -> RUN CODE FOR ROM10:
5FA679B741A6022D 079BCD20209A2003 CD20209FB8B1B7B1 9FB8B6B7B6A626CC
6B01000000835501 420562BD220AC686 E593428580D4D1D3 8090FF2B
DISASSEMBLY OF CODE:
------------------------------
0081: 5F clrx ; x <-- 0
0082: A6 79 lda #$79 ; Load in A
0084: B7 41 sta TEMPA ; Store A in...
0086: A6 02 lda #$02 ; Load in A
0088: 2D 07 bms $91 ; Branch if mask=1
008A: 9B sei ; I <-- 1
008B: CD 20 20 jsr $2020 ; Go to subroutine
008E: 9A cli ; I <-- 0
008F: 20 03 bra $94 ; Branch always
0091: CD 20 20 jsr $2020 ; Go to subroutine
0094: 9F txa ; X --> A
0095: B8 B1 eor $B1 ; A= A xor ...
0097: B7 B1 sta $B1 ; Store A in...
0099: 9F txa ; X --> A
009A: B8 B6 eor $B6 ; A= A xor ...
009C: B7 B6 sta $B6 ; Store A in...
009E: A6 26 lda #$26 ; Load in A
00A0: CC 6B 01 jmp $6B01 ; Jump
BYTES DUMP:
---------------------
00A3: 00 00 00 83 55 01 42 05
00AB: 62 BD 22 0A C6 86 E5 93
00B3: 42 85 80 D4 D1 D3 80 90
00BB: FF 2B
current keys are in the file for all to see if your stuck. This is the current streams new key update
00A3: 00 00 00 83 55 01 42 05
00AB: 62 BD 22 0A C6 86 E5 93 <<<< b1 key altered e5 to 9c for all thos what xors e5 to 9c use windows calc
00B3: 42 85 80 D4 D1 D3 80 90 <<<< b6 is altered from d4 to ad and stored back to the memory
00BB: FF 2B
current keys are in the file for all to see if your stuck. This is the current streams new key update
if you want it handed to you on a plate the file is doing a xor on byte b1 thats the e5 bit of the key
9F txa ; X --> A
0095: B8 B1 eor $B1 ; A= A xor ... key is e5 now 9c
0097: B7 B1 sta $B1 ; Store A in...
0099: 9F txa ; X --> A
009A: B8 B6 eor $B6 ; A= A xor ... load byte from b6 key is d4 now ad
009C: B7 B6 sta $B6
if you want it any simpler
its taking memory location b1 in the decrypted key xoring it with 79 storing it back in and copying it down
then it getting byte b6 xoring it with 79 hex and restoring it
0094: 9F txa ; X --> A ld a with#79
0095: B8 B1 eor $B1 ; A= A xor ... xor location b1 with a i.e #79
0097: B7 B1 sta $B1 ; Store A in... its turned e5 to 9c
0099: 9F txa ; X --> A ld a with 79
009A: B8 B6 eor $B6 ; A= A xor ... xor location b6 with a #79
009C: B7 B6 sta $B6 ; Store A in... its turned d4 to ad
009E: A6 26 lda #$26 ; Load in A store key all updated
00A0: CC 6B 01 jmp $6B01 ; Jump
go write the code its a piss easy one