Rom11 revb0c bd0 password

[v12]

hi,

okay ive managed to unlock my original card revb0c with a t911 and the multi script which worked very well, unlocked in 1hour. Then i read the card in nagra and it read 100% complete etc, great!

So I tried writing an revb04 au ex-c&w image in nagra and it failed (tried it 2 or 3 times). So moved over to rom studio and it read and wrote to the card successfully, I used the blank image and didnt change anything (im following a tut). However now it wont read in either program without asking for the bd0 password which I don't know what it is. I've tried all 8's and all 0's but it wont have it. I've also tried xncs to open, but no joy!

nagra dump:
Opening of COM1 was successful
ATR String: 3F FF 95 00 FF 91 81 71 A0 47 00 44 4E 41 53 50
30 31 31 20 52 65 76 42 30 34 4C
ROM Revision: 011
EEPROM Revision: RevB04
ProviderID: 5C
CamID: CC CC CC CC
Using BD3 Key: 4E 69 70 50 45 72 20 49 73 20 61 20 62 75 54 74
Attempting to login to BD3
BackDoor login verified
Dumping Dataspace
Backdoor retrieval has been blocked
Attempting to login to BD3
Attempting to login to BD0
Unable to login, bad password detected
Attempting to login to BD0
Unable to login, bad password detected
Login attempt aborted
Reading ROM11 failed
Closing of COM1 was successful

xncs dump:
Opening of port was sucessfull.
ATR=3FFF9500FF918171A04700444E415350303131205265764230344C
Info=DNASP011 RevB04
Retrieving card info...
Card info retrieved
Dumping card,try #0.
Dumping card,try #1.
Dumping card,try #2.
Dumping card,try #3.
Couldnt Dump Card...

rom studio just asks for a bd0 password straight away.

ive tried using busted also but that didn't help it. anyway i can get the bd0 from the image i used? (have attached).

any ideas??? im pulling my hair out over here been working on this for 5hours straight, thought I was so close to getting the channels.

 

[bammy]

Use XNCS to read the card, then you should be able to retrieve the BD0 password and use that in Rom Studio to write a clean image onto the card.

 

[carwash]

hi,

okay ive managed to unlock my original card revb0c with a t911 and the multi script which worked very well, unlocked in 1hour. Then i read the card in nagra and it read 100% complete etc, great!

So I tried writing an revb04 au ex-c&w image in nagra and it failed (tried it 2 or 3 times). So moved over to rom studio and it read and wrote to the card successfully, I used the blank image and didnt change anything (im following a tut). However now it wont read in either program without asking for the bd0 password which I don't know what it is. I've tried all 8's and all 0's but it wont have it. I've also tried xncs to open, but no joy!

nagra dump:
Opening of COM1 was successful
ATR String: 3F FF 95 00 FF 91 81 71 A0 47 00 44 4E 41 53 50
30 31 31 20 52 65 76 42 30 34 4C
ROM Revision: 011
EEPROM Revision: RevB04
ProviderID: 5C
CamID: CC CC CC CC
Using BD3 Key: 4E 69 70 50 45 72 20 49 73 20 61 20 62 75 54 74
Attempting to login to BD3
BackDoor login verified
Dumping Dataspace
Backdoor retrieval has been blocked
Attempting to login to BD3
Attempting to login to BD0
Unable to login, bad password detected
Attempting to login to BD0
Unable to login, bad password detected
Login attempt aborted
Reading ROM11 failed
Closing of COM1 was successful

xncs dump:
Opening of port was sucessfull.
ATR=3FFF9500FF918171A04700444E415350303131205265764230344C
Info=DNASP011 RevB04
Retrieving card info...
Card info retrieved
Dumping card,try #0.
Dumping card,try #1.
Dumping card,try #2.
Dumping card,try #3.
Couldnt Dump Card...

rom studio just asks for a bd0 password straight away.

ive tried using busted also but that didn't help it. anyway i can get the bd0 from the image i used? (have attached).

any ideas??? im pulling my hair out over here been working on this for 5hours straight, thought I was so close to getting the channels.

Did you write to card with BDOs in zeros

Did you change all three CAM IDs to anything else

Did you save the original image?? If so put bd3 password from that image

 

[v12]

No I didn't write to card with bd0's in 0's, should I have?
I haven't touched the cam's yet, was gonna edit the cam, ird and bk once the blank image was loaded.

I have got the original image .bn11 from nagra that i saved, but didn't make a note of the bd3 when it logged in. Is there another way to find it?

 

[v12]

Use XNCS to read the card, then you should be able to retrieve the BD0 password and use that in Rom Studio to write a clean image onto the card.

i've tried xncs, but it doesnt read it.

xncs dump:
Opening of port was sucessfull.
ATR=3FFF9500FF918171A04700444E41535030313120526576 4230344C
Info=DNASP011 RevB04
Retrieving card info...
Card info retrieved
Dumping card,try #0.
Dumping card,try #1.
Dumping card,try #2.
Dumping card,try #3.
Couldnt Dump Card...

 

[carwash]

The image you have posted has got BD0s in zeros"!!! What did you change them to??


Open the original saved image with nagraedit and then go to EEPROM Editor and under lines BDO=C040 BD1=C050, BD2=C060 and BD3=C070

 

[v12]

Thanks for all your help so far.
I opened the revb04 file in nagra and got the bd0 key from c040, I never set one but hey i've finally got it.

Tried to update the image with my cam's, ird and bk and write in nagra, but nagra wouldn't have it - so used rom studio which wrote all the data successfully!! Yey! Thanks again.

Im in ex-c&w area and the box is from my area and has been used with a paid subscription before, I have cut the talk back, programmed the card correctly (afaik) and have now plugged the card in. Im using the bk and ird off of the card.

The engineers menu shows that the frequency for my area (bournemouth) is correct at 666.750 but when i go theru the pages it just says "please wait..." next to "smart card status" and "network information" says "not found" and a few things dotted around are in the red boxes.

When I let it boot up normally it goes to message saying no channels avail and check connections etc and then just to a black screen. Does this mean the BK and/or IRD is wrong? I reversed the IRD which got from card.
Or do I need to jtag some local area settings information onto the box? Not getting a single channel thru

In the "status monitoring" page in eng menu (pg.16) it keeps repeating 3 messages: "failed to range" , "current nid value invalid" and "current gid value invalid".

Any help would be greatly appreciated.
Gary

 

[jase02476]

Thanks for all your help so far.
I opened the revb04 file in nagra and got the bd0 key from c040, I never set one but hey i've finally got it.

Tried to update the image with my cam's, ird and bk and write in nagra, but nagra wouldn't have it - so used rom studio which wrote all the data successfully!! Yey! Thanks again.

Im in ex-c&w area and the box is from my area and has been used with a paid subscription before, I have cut the talk back, programmed the card correctly (afaik) and have now plugged the card in. Im using the bk and ird off of the card.

The engineers menu shows that the frequency for my area (bournemouth) is correct at 666.750 but when i go theru the pages it just says "please wait..." next to "smart card status" and "network information" says "not found" and a few things dotted around are in the red boxes.

When I let it boot up normally it goes to message saying no channels avail and check connections etc and then just to a black screen. Does this mean the BK and/or IRD is wrong? I reversed the IRD which got from card.
Or do I need to jtag some local area settings information onto the box? Not getting a single channel thru

In the "status monitoring" page in eng menu (pg.16) it keeps repeating 3 messages: "failed to range" , "current nid value invalid" and "current gid value invalid".

Any help would be greatly appreciated.
Gary

hi i had the same prob the other day round my m8s house i had that message saying no channels avail and check connections etc and then just to a black screen. i found out that ntl had disconected him from the green cab box outside his house and i had to go and open it up and reconect him. so if you have done every thin correct and you are still getting the same that may be your prob m8

 

[v12]

hi i had the same prob the other day round my m8s house i had that message saying no channels avail and check connections etc and then just to a black screen. i found out that ntl had disconected him from the green cab box outside his house and i had to go and open it up and reconect him. so if you have done every thin correct and you are still getting the same that may be your prob m8

cheers mate, will get that checked out soon. I have analogue cable already running in my house, but im not sure if its the same wiring in the cab, so best to get it checked out I guess. Thanks for your reply

 

[jase02476]

when you open the cab you will find cables what look like the ones that go in the back of your box but there black all you will have to do is screw it back in they will have tags on with house numbers on just look for yours

 

[v12]

Its working!!
The cab was fine, all plugged in etc although the wiring into this house was a bit iffy, 2 isolators are being used for some reason and I suspect it was the youths of ntl when they fit my cable modem.

I got my jtag this morning and about 30mins later, set my netid and all channels are up and running!! Im really happy and feeling a great sense of achievement

Would just like to thank everyone who contributes to this forum as it is brilliant! Couldn't have done it without all the tuts etc, I only started to learn 15days ago and a complete newbie to cable has done it without any major upsets! Thanks to everyone who contributed and helped me