any link to buy ?
Nagra Hex block Decryption
- Thread starter fes_786
- Start date
- Status
Hello all
Could someone please tell me wich programmer to buy and soft in order to dump my chip BGA24 pins.
Thanks in advance for any suggestions
Try flashcatUSB + bga24 socket (find in aliexpres........)
FlashcatUSB you can find here --> vvv.embeddedcomputers.net/products/FlashcatUSB/ (or in ebay)
and
Socket -->NEW ORIGINAL BGA24 to DIP8 BGA24 turn DIP8 programmer adapter 6*4MM+5*5MM Frame for W25Q54 TL866CS TL866A PEZP2010 2013 socket -in Integrated Circuits from Electronic Components & Supplies on Aliexpress.com | Alibaba Group
Last edited:
electron112
DW Member +
Thank you
electron112
DW Member +
wat is your box you can explain cpu / nand / ram
Thanks to everyone who replied to my question about the programmer to use for dumping.
I have a new question and please if someone who can privide just a litte knewledge by answer yes or no it will be a good thing.
I've just take the decesion to open my ci modul to dump for dump and as I'm a nobby in electronic aI'm facing some issue and I'm blocked at the first stage but perhaps I have reason for what I'm thinking about.
so I will attach 2 pics of my ci-modul front and back.
I see there is 3 memroy in front of the ci-modul and at the back there is also 3 places where I think we connect some pins to read the bga memory without desoldering the bga or the cpu or the flash?
so what they think some specialiste here? I have reason yes or no?
Please if anyone could give a little reply or litte help I will be so happy and it will give me more energy to continue to try dumping this modul.
The flash memory is Adesto® AT45DB161E its a BGA 8 PINS.
Kind regards to all.
I have a new question and please if someone who can privide just a litte knewledge by answer yes or no it will be a good thing.
I've just take the decesion to open my ci modul to dump for dump and as I'm a nobby in electronic aI'm facing some issue and I'm blocked at the first stage but perhaps I have reason for what I'm thinking about.
so I will attach 2 pics of my ci-modul front and back.
I see there is 3 memroy in front of the ci-modul and at the back there is also 3 places where I think we connect some pins to read the bga memory without desoldering the bga or the cpu or the flash?
so what they think some specialiste here? I have reason yes or no?
Please if anyone could give a little reply or litte help I will be so happy and it will give me more energy to continue to try dumping this modul.
The flash memory is Adesto® AT45DB161E its a BGA 8 PINS.
Kind regards to all.
Attachments
well you can find in network many speculations and fairy tales about why we have atmel now in nagra
i will try explain there
i just guess the first versions of rom180 was at90sc7272c or sc
anyways all of them are atmel now
nagra/kud does not make chips right but the main reason about nagra been moved to atmel from ST was seca license
before many year ago after N2 cardswap they bought seca canal+ and they still have they own license and agreements with sti
but they dropped it because too many smartcards need to be given still with seca protocoll and need atmel cpu to continue seca agreements perhaps also atmel provide little better security than ST
now in last years you can check every providers who using seca in past get nagravision smartcards with seca T=0 protocoll and mediahigway middleware in stb while old nagra providers get new nagravision smartcards with T=1 protocoll and nagra middleware in stb
but both of this smartcards have internally same encryption system
the rest of externalls just cases of licenses both for smartcards protocolls and stb firmwares
Does anybody know the chip number and maker for the rom180?
you can decap cpu and check with cheap microscope can be even biologicall
put the chip inside glass filled with isopropylic acid for few minutes
later than remove and warp offcourse you will damage it but die numbers would be visible to check
this method was fairly usefull some year ago , maybe in latest smartcards would be so hard to identiffy its version by informations from die
Last edited:
I decapped a UK ROM180 die some years ago when they were first issued and I found that the overall die dimensions were different to one which someone in Southern Europe had measured (die is approximately 3.14mm x 3.9mm here).
Some other measurements are here: Interesting info about stripped Nagra smart card chips
Which claim the ROM180 die to be 3.08mm x 3.02mm suggesting it is different.
Here are some micrographs of identification found on it if anyone is interested. These are the only visible markings outside of the tamper mesh.
Some other measurements are here: Interesting info about stripped Nagra smart card chips
Which claim the ROM180 die to be 3.08mm x 3.02mm suggesting it is different.
Here are some micrographs of identification found on it if anyone is interested. These are the only visible markings outside of the tamper mesh.
Last edited:
nice photo
well yes ive remember numbers like that comming also from nagravision cameleon V10 smartcards with T=0 protocoll
its atmel secure family 8/16bit , with quite different security than we know from past
such as ram+eeprom hardware encryption , unpon reset memory randomisation etc.
latest smartcards from nagra called rom420 comming for sure with much more powerfull cpu , they are very fast i think thats 32bit arm core
infineon has 32bit core too sle88cx/fx found in conax cas7 smartcards
- Status
