mosc fix from the downloads

L33tpL4y4

L33tpL4y4

Inactive User
Joined
Jul 27, 2005
Messages
1,097
Reaction score
1
can someone please tell me where im going wrong this this image, i have locked two cards already which are now asking for the bd 0 key, tryed c040 to c070 with no luck, this is not my main prob at the min, as i have another rom11 unlocked to try but need to make sure the image is 100% before i put my ird and bk in.

Can someone please tell me why its not working, its just comming up with the writing, not updating or nothing, im in Pure NTHELL.

Thanks in advance
 
Last edited:
Image

its saying invalid file, ?? What can i do to fix this. Thanks
 
From what you've said so far i've no real idea what your problem is. Without knowing which files your playing with there's little chance of diagnosing this.

Can someone please tell me why its not working, its just comming up with the writing, not updating or nothing, im in Pure NTHELL
Click to expand...

What exactly does that mean ?
What writing ?
 
nozzer said:
From what you've said so far i've no real idea what your problem is. Without knowing which files your playing with there's little chance of diagnosing this.



What exactly does that mean ?
What writing ?
Click to expand...

I mean the unsubscribed channel writing. I cant seem to post the image, tried changing it to bin and hex format still no joy. Do you know why it not let me post it? Thanks.

Im play with the image from the downloads, the mosc fix ROM11 Fixed 21-11-2006.
 
Last edited:
Easy bit first are the ird and bk correct/progged correct,throwing caution to the wind is the image confirmed working and not taking the hit.
I'd be wary about using an image from downloads without customising it first such as dates,tiers etc.
 
L33tpL4y4 said:
I mean the unsubscribed channel writing. I cant seem to post the image, tried changing it to bin and hex format still no joy. Do you know why it not let me post it? Thanks.

Im play with the image from the downloads, the mosc fix ROM11 Fixed 21-11-2006.
Click to expand...

the image u put on ur card stick it in a .rar file and post it make sure u edit bk .etc
 
Thanks for the help guys. Here it is ziped. Cheers i have removed my bk and ird.

Yes ird and bk is ok, image has been proved working in ntI.
 
Last edited:
This is a blockered (to some extent) public image that has been doing the rounds on the forums. I have just done a quick disasm on it and it seems that the blocker just protects against eeprom writes to certain areas of codespace. (this is not 100% safe, as there are other ways to write to these areas avoiding this bugcatcher!)
It does have an extra command hooked in on the A0 handler - class D8 with a password check against the boxkey (this removes the codespace protection but doesnt completely unlock the card).
I cant see any reason why this wouldnt work for you - (although I didnt check the dataspace).

Also, for the cards that you cant get back into - I cant see any reason why MROM wouldnt be able to repair it.

edc.

PS: I wouldnt solely rely on a public blocker - at least make the effort to put a few tiers on it etc.
 
Last edited:
edcase said:
This is a blockered (to some extent) public image that has been doing the rounds on the forums. I have just done a quick disasm on it and it seems that the blocker just protects against eeprom writes to certain areas of codespace. (this is not 100% safe, as there are other ways to write to these areas avoiding this bugcatcher!)
It does have an extra command hooked in on the A0 handler - class D8 with a password check against the boxkey (this removes the codespace protection but doesnt completely unlock the card).
I cant see any reason why this wouldnt work for you - (although I didnt check the dataspace).

Also, for the cards that you cant get back into - I cant see any reason why MROM wouldnt be able to repair it.

edc.

PS: I wouldnt solely rely on a public blocker - at least make the effort to put a few tiers on it etc.
Click to expand...

Is it possibly the 'bigmaq' image?
 
edcase said:
This is a blockered (to some extent) public image that has been doing the rounds on the forums. I have just done a quick disasm on it and it seems that the blocker just protects against eeprom writes to certain areas of codespace. (this is not 100% safe, as there are other ways to write to these areas avoiding this bugcatcher!)
It does have an extra command hooked in on the A0 handler - class D8 with a password check against the boxkey (this removes the codespace protection but doesnt completely unlock the card).
I cant see any reason why this wouldnt work for you - (although I didnt check the dataspace).

Also, for the cards that you cant get back into - I cant see any reason why MROM wouldnt be able to repair it.

edc.

PS: I wouldnt solely rely on a public blocker - at least make the effort to put a few tiers on it etc.
Click to expand...

Thanks m8 you surely know your stuff, ill try mrom to repair the two cards, i put the dates in but dont know if there ok. Is there any tuts about explaining the tiers etc?
 
Donnie Darko said:
Is it possibly the 'bigmaq' image?
Click to expand...

looks like a blocker i was given a few weeks ago, except someone has changed the tier info slightly... the readme i have says the author is carwash, im not sure who edited it.

to anyone thats going to use this image.... please take edcase's advice, there is at least 4 ways for the CC to kill this blocker without even really trying... not that they would setup their network to do it so easily, but the fact that it CAN be done easily is worrying.

try to keep your dataspace looking legit!!! use glitched subbed cards to compare with ;-)

ImH.
 
iamhim said:
looks like a blocker i was given a few weeks ago, except someone has changed the tier info slightly... the readme i have says the author is carwash, im not sure who edited it.

to anyone thats going to use this image.... please take edcase's advice, there is at least 4 ways for the CC to kill this blocker without even really trying... not that they would setup their network to do it so easily, but the fact that it CAN be done easily is worrying.

try to keep your dataspace looking legit!!! use glitched subbed cards to compare with ;-)

ImH.
Click to expand...


sooo

they can target dataspace???

hmmm so how could we get it looking more or less legit if we dont have a subbed card??

and what are the main things they could look out 4 in the dataspace?
 
L33tpL4y4 said:
can someone please tell me where im going wrong this this image, i have locked two cards already which are now asking for the bd 0 key, tryed c040 to c070 with no luck, this is not my main prob at the min, as i have another rom11 unlocked to try but need to make sure the image is 100% before i put my ird and bk in.

Can someone please tell me why its not working, its just comming up with the writing, not updating or nothing, im in Pure NTHELL.

Thanks in advance
Click to expand...


I've got 2 sammys which was hit by the killer emm and since then i've run 1 with a multi tier img copied from a subbed card using realistic dates no more than a month in advance and the other using the img you've posted but again using realistic dates, changing them each month. To read the card you have to use mrom with delay settings

Tx_Delay = 180
Rx_delay = 180
Loop_delay = 80

should be able to read in nagraedit

this img gives 100% of all channels while i find the multi tier gives me 90+%.

the dates ur using are unrealistic with expiry dates 2016 and ur begin date is 0 sept 2004..but as others have said this is a risky img but as yet i've run it and changed dates 3 times and, as yet, all has been ok

cheers
 
fes_786 said:
sooo

they can target dataspace???

hmmm so how could we get it looking more or less legit if we dont have a subbed card??

and what are the main things they could look out 4 in the dataspace?
Click to expand...


as long as the CAM-ID, TIER INFO and CREDIT LIMIT are setup correctly, theres not much to target..... YET.

but if the CC ever try to attack blocker coding (which rely on custom CMD numbers) with a default password/current password -OR- by using bugs in the backdoor code/ROM... they could gain access to a fair few cards to disable their patch table (bugnum = 00) and then corrupt dataspace pointer/loop ATR.
 
neathdrew said:
I've got 2 sammys which was hit by the killer emm and since then i've run 1 with a multi tier img copied from a subbed card using realistic dates no more than a month in advance and the other using the img you've posted but again using realistic dates, changing them each month. To read the card you have to use mrom with delay settings

Tx_Delay = 180
Rx_delay = 180
Loop_delay = 80

should be able to read in nagraedit

this img gives 100% of all channels while i find the multi tier gives me 90+%.

the dates ur using are unrealistic with expiry dates 2016 and ur begin date is 0 sept 2004..but as others have said this is a risky img but as yet i've run it and changed dates 3 times and, as yet, all has been ok

cheers
Click to expand...


this image is the first b09 emm image what went up after the killer emm..mrom will get back into card easy.....try 150...0...150 delays.
 
iamhim said:
as long as the CAM-ID, TIER INFO and CREDIT LIMIT are setup correctly, theres not much to target..... YET.

but if the CC ever try to attack blocker coding (which rely on custom CMD numbers) with a default password/current password -OR- by using bugs in the backdoor code/ROM... they could gain access to a fair few cards to disable their patch table (bugnum = 00) and then corrupt dataspace pointer/loop ATR.
Click to expand...

not so true m8...have a good luck at the iomages what are about....theres plenty to target..decryupt keys for 1..i have 2 images for cw that use 2 sets of diffrent decrypt keys..so theres 1 and the other..well ill let you think of them.
 
hi guys yes mrom can get into this card or xncs but if ya having problems use caton as this can disable the 6300 login to 9000 ok login but you need the bk on the card to do this. so basicly all this does is turn the blocker off.

its best to run a patched one tier image not multiple tiers as suggested
 
fes_786 said:
sooo

they can target dataspace???

hmmm so how could we get it looking more or less legit if we dont have a subbed card??

and what are the main things they could look out 4 in the dataspace?
Click to expand...


Pretty much anything on the card that is not correct could be targetted. One of the easiest would be the expire date as the cc's tend to use a very specific date for this field in all tiers. Others are rights dates more than 2 months in the future, Modification dates more than 2 months in the past, incorrect component, themes or levels, right identifiers, rights identifiers not matching channel maps, obviously incorrect channel maps, incorrect status bytes, spending limits obviously wrong, incorrect callback dates, incorrect callback phone number and likely hundreds more !


In the code section there's probably an equal number or even more possibilities for attack. One of the easiest would be to kill all cards where people have fiddled around with backdoor keys 2/3 but a more interesting one might be if the cc's actually decide to checksum the code section contents and verify for a particular version. I would expect that would kill off more than 50% of Mosc's at a single stroke !
 
so thats were some one's change the byte or somthing making a b04 rom 11 look like a b0d

and if some one has done cycle byte mod so they still running b04

they could kill anything less than bod and a86??
 
You must log in or register to reply here.

Similar threads

shabbaranks
Any BMW mechanics (electrical fault) can shed some light (excuse the pun)
Replies
1
Views
282
Oggiman
O
Grimeire
    • Wow
    • Like
    • Sad
amazon support!!!!!!
Replies
3
Views
839
Sandra51
S
biffo1
    • Like
Android How to install apps from unknown sources onto Amazon echo show 15 after the new update
Replies
1
Views
1K
chookey
chookey
alimac
    • Like
Disable TPM, Secure Boot and RAM requirements for Windows 11 with the latest Rufus beta
Replies
0
Views
637
alimac
alimac
alimac
    • Like
How to bypass the TPM requirement in Windows 11
Replies
2
Views
876
Rpetrover
R
Back
Top