Rom A82 Unlocked [=
- Thread starter chriz2000
- Start date
JIMLCHIPIT
Inactive User
- Joined
- Sep 16, 2004
- Messages
- 627
- Reaction score
- 2
don't retire theres more to come
Slickvguy i would't retire if i were you, do you really think the uk cable companys will rollover ( i doubt it) i'm sure there will be new card revisions for you to get your teeth into in the future and there are a a few uk ones that havn't been unlocked. especially some rom 7s
Sky digital also, theres a challenge for you!
Retiring sounds like giving up and would be a wasted talent.
I am sure most members on here would agree.
Slickvguy i would't retire if i were you, do you really think the uk cable companys will rollover ( i doubt it) i'm sure there will be new card revisions for you to get your teeth into in the future and there are a a few uk ones that havn't been unlocked. especially some rom 7s
Sky digital also, theres a challenge for you!
Retiring sounds like giving up and would be a wasted talent.
I am sure most members on here would agree.
S
Slickvguy
Guest
imrane: Congratulations, man! Good for you. Feels good, eh?
jimlchipit: Thanks for the kind words. Speaking of new revisions, there was one for DishNet (A24) just a few days ago. Some pretty cool looking code! Only problem is, it doesn't work. LMAO!!! Some other guys reported successfully gitching it before I even had a chance to analyze it! lol! But then I got around to it a few hours later, and confirmed that it is easily glitched into. I think somone at DishNEt or Nagra is going to get fired over that one. How embarassing! I wonder ifA81 and A82 will be updated? Seems futile to me.
ROM7 intrigues me, and I await that card to analyze it and see if I can get it unlocked. But it's still Nagra1. Do you really think there could be a lot of ROM7 unlocking interest?
SKY? I'm not familiar with their system or cards. It's hard to investigate a system that you cannot receive yourself - know what I mean? I can't log the stream, etc. I've helped people in quite a few countries, but it's always easiest testing a system that you can get in your own country!
I'm working on some ideas for new flashcode and glitchers, to fight the boredom, but it's time for me to step away for a little while. I was thinking of perhaps developing a standalone unlocker - one that you didn't need to connect to a PC or run any scripts with, etc. Cool idea - but I probabyl won't get around to it.
Of course, I will keep one eye on testing (as always). I wouldn't quite call it "retire". Call it a "sabbatical" perhaps? We'll see. Sometimes I feel like this, and then instead of backing away, I actually get MORE involved - not less. Who knows?
The real challenge now is Nagra2. Period. The rest is moot. Within a short while, BEV will be totally Nagra2, and then some months after that, DishNet will be all Nagra2.
They said that the DTV P4 would be hacked after the HU went down, but I NEVER believed that. I knew the security involved in the design of that cam. To date, I have been proven correct re: the p4. I make no predictions about the Nagra2. But until I see it with my own eyes, I'll be skeptical about any hack.
jimlchipit: Thanks for the kind words. Speaking of new revisions, there was one for DishNet (A24) just a few days ago. Some pretty cool looking code! Only problem is, it doesn't work. LMAO!!! Some other guys reported successfully gitching it before I even had a chance to analyze it! lol! But then I got around to it a few hours later, and confirmed that it is easily glitched into. I think somone at DishNEt or Nagra is going to get fired over that one. How embarassing! I wonder ifA81 and A82 will be updated? Seems futile to me.
ROM7 intrigues me, and I await that card to analyze it and see if I can get it unlocked. But it's still Nagra1. Do you really think there could be a lot of ROM7 unlocking interest?
SKY? I'm not familiar with their system or cards. It's hard to investigate a system that you cannot receive yourself - know what I mean? I can't log the stream, etc. I've helped people in quite a few countries, but it's always easiest testing a system that you can get in your own country!
I'm working on some ideas for new flashcode and glitchers, to fight the boredom, but it's time for me to step away for a little while. I was thinking of perhaps developing a standalone unlocker - one that you didn't need to connect to a PC or run any scripts with, etc. Cool idea - but I probabyl won't get around to it.
Of course, I will keep one eye on testing (as always). I wouldn't quite call it "retire". Call it a "sabbatical" perhaps? We'll see. Sometimes I feel like this, and then instead of backing away, I actually get MORE involved - not less. Who knows?
The real challenge now is Nagra2. Period. The rest is moot. Within a short while, BEV will be totally Nagra2, and then some months after that, DishNet will be all Nagra2.
They said that the DTV P4 would be hacked after the HU went down, but I NEVER believed that. I knew the security involved in the design of that cam. To date, I have been proven correct re: the p4. I make no predictions about the Nagra2. But until I see it with my own eyes, I'll be skeptical about any hack.
Dunchippin
Inactive User
- Joined
- Sep 28, 2004
- Messages
- 254
- Reaction score
- 0
must admit jimlchipit the rom7 later revs are a pain ,that would be nice to see them sods popped, why dont the canadians have rom 7 over there?
spaceman07
Inactive User
- Joined
- Nov 26, 2004
- Messages
- 115
- Reaction score
- 0
I was getting too many timeout errors running in winxp so I borrowed a win98 laptop from work.
I put the script in test mode and its been running all night! and still running? Shall I leave it running or do I need to try another delay?
Somone in modshak posted the following success delay -
&h156A Works well on A82 / BOC
&h154A Works well on A82 / BOC
&h17FF A82
&h0D00 BOC
&h0DFF BOC
Can anyone confirm as being good hits?
Many thanks for your help
I put the script in test mode and its been running all night! and still running? Shall I leave it running or do I need to try another delay?
Somone in modshak posted the following success delay -
&h156A Works well on A82 / BOC
&h154A Works well on A82 / BOC
&h17FF A82
&h0D00 BOC
&h0DFF BOC
Can anyone confirm as being good hits?
Many thanks for your help
S
Slickvguy
Guest
Dunchippin said:
As soon as I get one, I will work on it.
What rev are they at? Do you have any bins of previous (recent) revs?
Do you know what the Rev history/roder is? I know there were 704's and 715's. What else?
Which provider are they for? Is it NTL ($5C or $54)?
Answer as many of these questions as you can, and I will do my best to crack it.
Problem with rom 11 B0C modded t911 using script form link in this post.
TX Data : A0
TX Data : A1
TX Data : 07 0E 03 10 01 03 9A 00
RX Data : 07 1B
RX Data : 3F FF 95 00 FF 91 81 71 A0 47 00 44 4E 41 53 50
30 31 31 20 52 65 76 42 30
TX Data : 14 03 10 15 AB 21 00 08 A0 CA 00 00 02 12 00 06
55 0E 03 87 00
RX Data : 14 08
RX Data : 12 00 08 92 04 24 79 B3
Now we will try 16FF delay
TX Data : B0 30
TX Data : 07 0E 03 10 01 03 9A 00
RX Data : 07 1B
TX Data : 47 15 E0
TX Data : 21 00 3D A0 CA 00 00 37 03 35 54 01 10 31 05 4E
69 70 50 45 72 20 49 E3 40 7C AD FD B9 64 29 F4
F6 77 C2 35 6D 74 74
TX Data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 05 CE
TX Data : 0E 05 8A 00
RX Data : 47 0B
RX Data : 12 00 07 83 03 B1 01 01 90 00 B4
TX Data : 53 15 E8
TX Data : 21 00 45 A0 D7 10 80 40 66 E1 24 39 14 1A CA A1
C1 D5 E9 B2 9B 68 F8 61 EF 7F 04 3C 26 55 63 F3
37 FE 29 F5 61 DB 8E
TX Data : 17 B5 E1 9B D3 83 99 50 49 EC 66 52 53 E2 81 95
DF 32 90 53 12 C9 95 CE 26 F0
TX Data : D9 26 86 05 BE FE F2 B0 20 16 FF 06 0E 05 85 00
RX Data : 53 06
RX Data : 12 40 02 69 00
+++++++++++++-++-+++++++--++++++++-++++-+++-++++++++-++++--++--+-++++++++-++--+++-+-+-+++++-++-+-+++++-++--++--+++++++ ! +-+--++++++++-+++++++-+-+++++-+-++++++-++++++++-+---+-+-++++++-+-+-++++-+--+-+++++ ! +++-+-+ ! +++++++ ! +++++-+++++-+-+--+++---+-+++-+++++-+ ! +++++-+++++++--+--++++-+++ ! -+++++-+-++++ ! +--+++++-++-+++--++-++++--+++++++++++-+++
Now we will try Packet 1, 16FE delay, our VCC is about 24 and our Glitch Type was 08
+++-++-+---++-+-+-++++ ! -++++++-+++++++++-++++++-+-+++++-+-++++++--+++++ ! +-+-+-++--++++++-++++++--- ! +-+++++-+++++++++--+++--++-++++++--+--++++-+-+-+++-+-++++-+++++++++ ! +++---+--+++++-+--++++++-+-+-+-+-+++++++--+++-+-++++- ! ! +++-+++-++++-+++++--++-+++++++++++++-++++-++ ! +++++---+ ! +++-+---++++++--+++-+-+++++-++++++--++++++---+ ! +-+++-++++++-++
Now we will try Packet 1, 16FC delay, our VCC is about 26 and our Glitch Type was 08
+ ! -++-++--+-+++-+++++++++++++-++-++ ! -++-+-+-++++++--++-+-++++++++---+++++++++++-++-++++-++++-+--+++++-++++-++-+++++++-++---+-+++++++-++--+-++++++---++++-++++---+++++++--+++++--+---+++---++++--++++++-+++++++-+ ! ++++-+++-++++ ! -+++++-++++-+--+-++++++++++++++--+++++-++-+---+-+++--+ ! +-+--++++++++++--++ ! ++++++-+++++-+--++++-+++++++++++++++---
Now we will try Packet 1, 16FA delay, our VCC is about 24 and our Glitch Type was 08
+---+++++-++++++-+-+++++-++-++-++-++-+++-+-++ ! ++--+-++++++---+- ! +-+++++++++---+-++++++++++-++++++--+++++++--+++++++++--+++-+++--+--+++--++++++-++++++++++++-+ ! -+++- ! +---+++ ! +++--+++++++ ! +-+++-+-++--+++++++ ! +-- ! +++++-+-+ ! -++-+++-+-++-+++-++++++-+++++++-+++++++-+++--++-++-++--++++++++++++----+++++++-- ! +-+++ ! --+-++++++++++++++--+-
Sc.Read: Timeout Reading Data From Card - 2 Bytes Requested, 0 Bytes Read, Continuing Script
Script Error on Line 150
Sc.GetByte: Requested Byte Exceeds Last Read Request
Any Ideas Tips should I try changing delay as suggested above?
If so how do I do that??
Thanx..........
TX Data : A0
TX Data : A1
TX Data : 07 0E 03 10 01 03 9A 00
RX Data : 07 1B
RX Data : 3F FF 95 00 FF 91 81 71 A0 47 00 44 4E 41 53 50
30 31 31 20 52 65 76 42 30
TX Data : 14 03 10 15 AB 21 00 08 A0 CA 00 00 02 12 00 06
55 0E 03 87 00
RX Data : 14 08
RX Data : 12 00 08 92 04 24 79 B3
Now we will try 16FF delay
TX Data : B0 30
TX Data : 07 0E 03 10 01 03 9A 00
RX Data : 07 1B
TX Data : 47 15 E0
TX Data : 21 00 3D A0 CA 00 00 37 03 35 54 01 10 31 05 4E
69 70 50 45 72 20 49 E3 40 7C AD FD B9 64 29 F4
F6 77 C2 35 6D 74 74
TX Data : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 05 CE
TX Data : 0E 05 8A 00
RX Data : 47 0B
RX Data : 12 00 07 83 03 B1 01 01 90 00 B4
TX Data : 53 15 E8
TX Data : 21 00 45 A0 D7 10 80 40 66 E1 24 39 14 1A CA A1
C1 D5 E9 B2 9B 68 F8 61 EF 7F 04 3C 26 55 63 F3
37 FE 29 F5 61 DB 8E
TX Data : 17 B5 E1 9B D3 83 99 50 49 EC 66 52 53 E2 81 95
DF 32 90 53 12 C9 95 CE 26 F0
TX Data : D9 26 86 05 BE FE F2 B0 20 16 FF 06 0E 05 85 00
RX Data : 53 06
RX Data : 12 40 02 69 00
+++++++++++++-++-+++++++--++++++++-++++-+++-++++++++-++++--++--+-++++++++-++--+++-+-+-+++++-++-+-+++++-++--++--+++++++ ! +-+--++++++++-+++++++-+-+++++-+-++++++-++++++++-+---+-+-++++++-+-+-++++-+--+-+++++ ! +++-+-+ ! +++++++ ! +++++-+++++-+-+--+++---+-+++-+++++-+ ! +++++-+++++++--+--++++-+++ ! -+++++-+-++++ ! +--+++++-++-+++--++-++++--+++++++++++-+++
Now we will try Packet 1, 16FE delay, our VCC is about 24 and our Glitch Type was 08
+++-++-+---++-+-+-++++ ! -++++++-+++++++++-++++++-+-+++++-+-++++++--+++++ ! +-+-+-++--++++++-++++++--- ! +-+++++-+++++++++--+++--++-++++++--+--++++-+-+-+++-+-++++-+++++++++ ! +++---+--+++++-+--++++++-+-+-+-+-+++++++--+++-+-++++- ! ! +++-+++-++++-+++++--++-+++++++++++++-++++-++ ! +++++---+ ! +++-+---++++++--+++-+-+++++-++++++--++++++---+ ! +-+++-++++++-++
Now we will try Packet 1, 16FC delay, our VCC is about 26 and our Glitch Type was 08
+ ! -++-++--+-+++-+++++++++++++-++-++ ! -++-+-+-++++++--++-+-++++++++---+++++++++++-++-++++-++++-+--+++++-++++-++-+++++++-++---+-+++++++-++--+-++++++---++++-++++---+++++++--+++++--+---+++---++++--++++++-+++++++-+ ! ++++-+++-++++ ! -+++++-++++-+--+-++++++++++++++--+++++-++-+---+-+++--+ ! +-+--++++++++++--++ ! ++++++-+++++-+--++++-+++++++++++++++---
Now we will try Packet 1, 16FA delay, our VCC is about 24 and our Glitch Type was 08
+---+++++-++++++-+-+++++-++-++-++-++-+++-+-++ ! ++--+-++++++---+- ! +-+++++++++---+-++++++++++-++++++--+++++++--+++++++++--+++-+++--+--+++--++++++-++++++++++++-+ ! -+++- ! +---+++ ! +++--+++++++ ! +-+++-+-++--+++++++ ! +-- ! +++++-+-+ ! -++-+++-+-++-+++-++++++-+++++++-+++++++-+++--++-++-++--++++++++++++----+++++++-- ! +-+++ ! --+-++++++++++++++--+-
Sc.Read: Timeout Reading Data From Card - 2 Bytes Requested, 0 Bytes Read, Continuing Script
Script Error on Line 150
Sc.GetByte: Requested Byte Exceeds Last Read Request
Any Ideas Tips should I try changing delay as suggested above?
If so how do I do that??
Thanx..........
S
Slickvguy
Guest
Add a delay in between each card communication.
I onyl use my own scripts, so I don't know what you're using.
But stick the following statement before the Read () statement that gave you the timeout.
sc.delay(20)
If that doesnt' work, increase the value upward by 10 each time until you no longer get timeouts. You can just use sc.delay(100), but you dont' want the script running too slow. The problem is you're going just a bit too fast for the card/glitcher. Also, make sure your WinExplorer settings are set properly!
Also, your VCC range is way too high friend. See all those "+" compared to "-" ?
Use my VCC Analyzer (it's probably built-into that script you're using). Make sure the VCC range is set properly! Obviously 24 is too high. You're just wasting time with values like 26 and 24, because the odds of a successful glitch with such a high VCC (for that specific card) are very low. You should see about 40% +, 60% -. Understand? More - than +, with not too many !.
Got it?
I onyl use my own scripts, so I don't know what you're using.
But stick the following statement before the Read () statement that gave you the timeout.
sc.delay(20)
If that doesnt' work, increase the value upward by 10 each time until you no longer get timeouts. You can just use sc.delay(100), but you dont' want the script running too slow. The problem is you're going just a bit too fast for the card/glitcher. Also, make sure your WinExplorer settings are set properly!
Also, your VCC range is way too high friend. See all those "+" compared to "-" ?
Use my VCC Analyzer (it's probably built-into that script you're using). Make sure the VCC range is set properly! Obviously 24 is too high. You're just wasting time with values like 26 and 24, because the odds of a successful glitch with such a high VCC (for that specific card) are very low. You should see about 40% +, 60% -. Understand? More - than +, with not too many !.
Got it?
pburns said:
you lost me m8 what tut is that?
good good i know i am forgetful but i thought i was going banana's nearly sign my self in the nut house
lol
lol
lol
lol
S
Slickvguy
Guest
jimmyp said:
Hi.
It's just a simple script, that you use in NagraEdit, with an ISO Programmer.
It's purpose is to quickly show me information about certain dataitems on the card. It's very useful during the unlocking process. I run it on every card before I run my unlock script, because it's very important that the DT1, DT6, and DT7's are for the correct provider AND in the correct order. If they aren't, then the unlock scripts must be modified in order to work.
S
Slickvguy
Guest
pburns, in whatever script you are using, there are two variable for the "high" and "low" of the VCC range. I don't know what they're called in your particular script, perhaps one of these other guys can help you. After you run VCC Analyzer, you can see by the graph what the VCC range should be. I think the script you're using is setting too wide a range. I've seen that before. Better yet, you should change the part of VCC Analyzer where it makes a best guess at what the high and low VCC values should be. I use a pretty narrow range, and it works very well for me. Saves time. if you have a vcc range that's too wide, let's say an interval of 9, then either it's taking longer OR it's spending a large % of the overall glitching of Vcc's that will NOT work.
Your goal is to get a relatively stable alternating line, where you have about 60% "too low" ("-" in your case), and 40% "too high" ("+" in your case). The key thing is to not have too many +'s relative to the -'s.
You want something that looks sorta like:
--+--+-----+-+++---+-++---+--+---++----+---+-+-+++---+----+--+-----+
Not like this:
++++-+--+++-+++-++++-++-+++-++-++++--+---+-+-+++-++++--++
That's too high.
Your goal is to get a relatively stable alternating line, where you have about 60% "too low" ("-" in your case), and 40% "too high" ("+" in your case). The key thing is to not have too many +'s relative to the -'s.
You want something that looks sorta like:
--+--+-----+-+++---+-++---+--+---++----+---+-+-+++---+----+--+-----+
Not like this:
++++-+--+++-+++-++++-++-+++-++-++++--+---+-+-+++-++++--++
That's too high.
spaceman07
Inactive User
- Joined
- Nov 26, 2004
- Messages
- 115
- Reaction score
- 0
Hi
Sorry if the following sounds stupid.. I am new to all this and learning.
Earlier it was mentioned about adding sc.delay(30) and the script that comes with the tutorial(criz2000) already has this in the script.. so dont need to do anything here.
Slickguy mentions changing DT1,DT6,DT7 - I could not find this in the script.. can comeone help me understand this.
Many thanks
Sorry if the following sounds stupid.. I am new to all this and learning.
Earlier it was mentioned about adding sc.delay(30) and the script that comes with the tutorial(criz2000) already has this in the script.. so dont need to do anything here.
Slickguy mentions changing DT1,DT6,DT7 - I could not find this in the script.. can comeone help me understand this.
Many thanks
S
Slickvguy
Guest
hazera: Don't worry about DT1, DT6, DT7. That's not in the script. Those are the dataitems that are in the dataspace (eeprom) of the card. It's rare that you would have a problem with them. As for the sc.delay - you can have as many of them as you need, wherever you need them. All it does is delay x milliseconds, i.e. "sc.delay(1000)" = delay 1 second. You might have one in one place of the script, but need to increase the value or add another delay somewhere else. It depends on where the script is cr@pping out on you, and how often.
pburns: Vcc Analyzer is a little utility I wrote quite a few months ago. There are a few versions. I released it as a standalone script, and then incorporated it into my own scripts. Since then, I believe most of the public scripts have included the same code in them. I think it's automatic in those scripts - but I'm not sure. Mine is. Anyways - don't worry about it too much - they probably have the range set too wide, which should eventually work anyways, but can take much longer to successfully glitch. A narrower, more efficient VCC range (high and low) will take less time.
pburns: Vcc Analyzer is a little utility I wrote quite a few months ago. There are a few versions. I released it as a standalone script, and then incorporated it into my own scripts. Since then, I believe most of the public scripts have included the same code in them. I think it's automatic in those scripts - but I'm not sure. Mine is. Anyways - don't worry about it too much - they probably have the range set too wide, which should eventually work anyways, but can take much longer to successfully glitch. A narrower, more efficient VCC range (high and low) will take less time.
