latest rom11 file

dabs

Inactive User
Joined
Feb 1, 2005
Messages
603
Reaction score
0
hi all
anyone tell me the best/latest rom11 file to use or pure ntl with 4001 box and infinityusb
cheers
 

davidh

<font color="RED">Administrator</font>
VIP Member
Joined
Aug 9, 2001
Messages
14,953
Reaction score
121
Location
LIVERPOOL
dabs said:
hi all
anyone tell me the best/latest rom11 file to use or pure ntl with 4001 box and infinityusb
cheers


try this one m8
 

dabs

Inactive User
Joined
Feb 1, 2005
Messages
603
Reaction score
0
garrytate cheers for the quick reply :Clap:
 

dabs

Inactive User
Joined
Feb 1, 2005
Messages
603
Reaction score
0
just a couple of quickies witch way does the bk go in and is that file ok for revB52
cheers
 

davidh

<font color="RED">Administrator</font>
VIP Member
Joined
Aug 9, 2001
Messages
14,953
Reaction score
121
Location
LIVERPOOL
dabs said:
just a couple of quickies witch way does the bk go in and is that file ok for revB52
cheers

i find it will work anyway
if u write the file with nagraedit 4 it will change the rom to rom11 bo4
 

dabs

Inactive User
Joined
Feb 1, 2005
Messages
603
Reaction score
0
think i fooked the card opened with nagra4.1 edited bk and ird wrote to card twice came back with
Opening of COM1 was successful
ATR String: 3F FF 95 00 FF 91 81 71 A0 47 00 44 4E 41 53 50
30 31 31 20 52 65 76 42 35 32 4F
ROM Revision: 011
EEPROM Revision: RevB52
ProviderID: 5C
CamID: 27 78 C2 45
Using BD3 Key: 4E 69 70 50 45 72 20 49 73 20 61 20 62 75 54 74
Attempting to login to BD3
BackDoor login verified
Dumping Dataspace
Error sending BackDoor 0 EMM
Write error encountered, attempting to restore original decrypt keys
ProviderID: 5C
CamID: 27 78 C2 45
Attempting to login to BD3
Decrypt keys successfully restored
Reading ROM11 failed
Closing of COM1 was successful
is it lost or is there a way to wipe it clean or is it locked out
 

nozzer

VIP Member
VIP Member
Joined
Jan 25, 2005
Messages
6,662
Reaction score
107
Location
Who knows !
dabs said:
is it lost or is there a way to wipe it clean or is it locked out

Looks like you have unrestricted access to the data space so you should be able to write records etc in RomStudio etc. Whichever image you've used though appears to of locked all access to the code segment. Judging by the revision of B52 I would guess its an adaptation of a US blocker

If it is a blocker then you can study the bugcatchers and probably find a way in - they normally leave some form of backdoor
 

spud1966

Moderator
Staff member
Moderator
Joined
May 2, 2005
Messages
12,501
Reaction score
6,941
Location
The Moon
Reboot your pc , and run 4.1 again see if that helps.

If not

Your backdoor key's will be in the blank image you have used to write to your card.

Cheers Garry
 

dabs

Inactive User
Joined
Feb 1, 2005
Messages
603
Reaction score
0
hi b
wrote to the card then tried to read it and got this reply
Opening of COM1 was successful
ATR String: 3F FF 95 00 FF 91 81 71 A0 47 00 44 4E 41 53 50
30 31 31 20 52 65 76 42 30 31 49
ROM Revision: 011
EEPROM Revision: RevB01
ProviderID: 5C
CamID: 27 78 C2 45
Using BD3 Key: 4E 69 70 50 45 72 20 49 73 20 61 20 62 75 54 74
Attempting to login to BD3
Unable to login, bad password detected
Using BD3 Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Attempting to login to BD3
Unable to login, bad password detected
Using BD3 Key: 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88
Attempting to login to BD3
Unable to login, bad password detected
Using BD3 Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Attempting to login to BD3
Unable to login, bad password detected
Using BD3 Key: 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88
Attempting to login to BD3
Unable to login, bad password detected
Login attempt aborted
Reading ROM11 failed
Closing of COM1 was successful
checked the file i used for bd keys
C000: 4F F4 20 0A 38 F3 8D 00 26 00 00 00 00 00 00 FF | Oô .8ó..&......ÿ
C010: FF FF FF FF FF FF FF FF FF FF FF FF 0B 01 F4 00 | ÿÿÿÿÿÿÿÿÿÿÿÿ..ô.
C020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C040: 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 | ˆˆˆˆˆˆˆˆˆˆˆˆˆˆˆˆ
C050: 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 | ˆˆˆˆˆˆˆˆˆˆˆˆˆˆˆˆ
C060: 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 | ˆˆˆˆˆˆˆˆˆˆˆˆˆˆˆˆ
C070: 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 | ˆˆˆˆˆˆˆˆˆˆˆˆˆˆˆˆ
C080: D0 00 52 65 76 42 30 31 20 05 24 35 14 DB 27 05 | Ð.RevB01 .$5.Û'.
C090: 0D 0B 0D 38 79 1D 26 29 23 12 00 00 0F 54 54 68 | ...8y.&)#....TTh
C0A0: 01 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C0B0: 00 00 00 00 00 00 00 00 00 21 45 71 F6 01 9A D8 | .........!Eqö.šØ
C0C0: 5D 86 02 03 00 00 00 2E FF 1F BC EF 1F 17 33 07 | ]†......ÿ.¼ï..3.
C0D0: 00 00 29 99 63 C1 DA 00 00 00 00 00 00 00 00 00 | ..)™cÁÚ.........
C0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C1D0: 00 00 00 01 95 12 01 CC 99 E9 A6 08 CC 99 64 00 | ....•..Ì™é¦.Ì™d.
C1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
C220: 00 00 00 0
whitch are the keys and how do i enter them into nagra to open the bd
cheers
 

spud1966

Moderator
Staff member
Moderator
Joined
May 2, 2005
Messages
12,501
Reaction score
6,941
Location
The Moon
Try this m8.... might work???

C040: F9 DB DE 81 17 ED 9C 81 B6 F7 0D 46 D5 49 42 04
 

dabs

Inactive User
Joined
Feb 1, 2005
Messages
603
Reaction score
0
how do i enter the keys into nagra
cheers for your help guys
 

dabs

Inactive User
Joined
Feb 1, 2005
Messages
603
Reaction score
0
silly me its obvious how to put the keys in doh
tried the one above but no joy
 

Larcher

Inactive User
Joined
May 21, 2005
Messages
220
Reaction score
0
Location
Hoopland
1. open xncs go to settings tick all the boxes and dump the card.
2. go to eeprom tab and take note of c040 and c070 (probably the same as nagra).
3. open rom studio click settings and phoenix and try to read the card.
4. box should appear saying ghost not found do u want to use nagra method, say yes.
5. login bd0 will appear put in the numbers found in xncs without the spaces.
6. if it reads the card save the image.
7. try to read in nagra if u can read it you can put a blank image on it then start from scratch with your new image.


Taken from Crackerchalk's mosc tutorial
 
Last edited:

nozzer

VIP Member
VIP Member
Joined
Jan 25, 2005
Messages
6,662
Reaction score
107
Location
Who knows !
Yet another example of why you should never trust an image that has backdoor keys modified in any way. People who do this kind of thing rarely have even an inkling of what they are actually doing !

There is absolutely NO REASON to EVER modify backdoor keys or the Nipper string. Its a total waste of time as the cable co's never use backdoors to log into a card. They would be insane to even try such a thing !
 

fatblerk

Inactive User
Joined
Mar 29, 2005
Messages
1,429
Reaction score
2
nozzer said:
Yet another example of why you should never trust an image that has backdoor keys modified in any way. People who do this kind of thing rarely have even an inkling of what they are actually doing !

There is absolutely NO REASON to EVER modify backdoor keys or the Nipper string. Its a total waste of time as the cable co's never use backdoors to log into a card. They would be insane to even try such a thing !

Totally agree ....... why would they use the back door when they can go in via the front door ......
 

carwash

Member ++
Joined
Mar 20, 2005
Messages
959
Reaction score
7
Larcher said:
1. open xncs go to settings tick all the boxes and dump the card.
2. go to eeprom tab and take note of c040 and c070 (probably the same as nagra).
3. open rom studio click settings and phoenix and try to read the card.
4. box should appear saying ghost not found do u want to use nagra method, say yes.
5. login bd0 will appear put in the numbers found in xncs without the spaces.
6. if it reads the card save the image.
7. try to read in nagra if u can read it you can put a blank image on it then start from scratch with your new image.


Taken from carwash's mosc tutorial


Credit canot go to me as I dint write that Tut m8”! I think you meant Crackerchalk
 

Larcher

Inactive User
Joined
May 21, 2005
Messages
220
Reaction score
0
Location
Hoopland
Oops yor right i'll edit it lol
 
TEST
Top