Sammy Ram Dump with USB Jtag how to:

[nozzer]

It depends on the box but I think the 2110 is a standard DDR part pretty much identical to those used on a PC simm card. The newer Sammy/Cisco uses DDRII I think.

I'm sure you could probably track both using a fast logic analyser (you'd need to be able to capture 2.5nS or faster events for DDR) but I suspect finding the data from a capture would be damn near impossible without some serious analysis. Maybe you could run the captured data through a DDR simulation program to end up with a RAM image. Capture would probably need to occur for upto 30 seconds initially which is going to require a hell of a deep capture buffer (2.5ns events would require 400 Million captures per sec)

 

[IRpaj]

Hello.

As a newby on this forum, permission to speak.

It's been a hard browse to reach this page at last. I'm glad ppl willing to share the jtag info.

I have a up256 flash reader, and know how to hot air rework the bga flash chips, my question does the flash dump reveal the rsa? or it still encrypted in the flash and then decrypted in the RAM.

I would like to proceed more, but since my STB is security sealed by the cable company with a hologram sticker. its samsung SMT c 5050 cable receiver STB. with a NAgra "DNASP110 RevAC3" card.



Good Luck...

 

[Simba92]

Kinda wish i was still on cable side to have a play with this.
Fes786, you say you dont want to spoon feed, but you pretty much have done Thanks for the info, will certainly be helpful to others.

 

[Black_Gold]

I aint had much to do with cable for a while now but after reading this im going to try and dump my sammy at the weekend, cant wait.

 

[D1GG3R]

I used to love reading these posts on the cable stuff...

I see nozzer is still on form :thumbup:

Sent from my GT-I9000 using Tapatalk

 

[fes_786]

well u will need a n3 active card in sammy
once u got ram dumps and have researched then the block of data u after is very easy to spot

 

[Black_Gold]

well u will need a n3 active card in sammy
once u got ram dumps and have researched then the block of data u after is very easy to spot

I have all of the above just need a bit of me time to mess about with it. Does it have to be the jtag in your post as i do have a sammy jtag already made up but its parallel port.

 

[fes_786]

Nice to see u taking a interest in cable again

get a few dumps together and if u need any help or want me to double check your findings send me a pm

 

[Black_Gold]

Well the weekend didnt go the way i thought m8 lol, I didnt get any me time just checking does it have to be the same jtag as in your first post if so i will get one ordered.

Cheers.

 

[fes_786]

if u get the 1 i got it will make things alot easier and faster

any other jtag then u will b stuck at first hurdle (trying to get dumps fast)

 

[Tr0jan]

Hello.

As a newby on this forum, permission to speak.

It's been a hard browse to reach this page at last. I'm glad ppl willing to share the jtag info.

I have a up256 flash reader, and know how to hot air rework the bga flash chips, my question does the flash dump reveal the rsa? or it still encrypted in the flash and then decrypted in the RAM.

I would like to proceed more, but since my STB is security sealed by the cable company with a hologram sticker. its samsung SMT c 5050 cable receiver STB. with a NAgra "DNASP110 RevAC3" card.



Good Luck...

going by your post. it seems that you are still on nagra 2 and not nagra 3 so u should be able to dump your card using one of the many scripts that are out there for nagra2 rom110 AC3.

 

[Black_Gold]

if u get the 1 i got it will make things alot easier and faster

any other jtag then u will b stuck at first hurdle (trying to get dumps fast)

Jtag aint come and im off to work in the morning so i will have to leave it for a week or two.

 

[fes_786]

no problem m8

once u got it just go through the tut get a couple of dumps and then start looking through them

 

[paulcarter]

What programmer do you recommend for that?

Best Regards
Paul

 

[fes_786]

Read the thread everything is there