technical thread on MOSC's and reacent EMM

[fes_786]

ok first this is a technical thred so no spamming only techie talk

i started this thread so we could get together and basically find out what this emm is targeting in the code or data space thats making it so effective at killing the cards

so please could people post images that work for now and please some one with a logger, start loggin the streams

once we got the emm derypted it should be a lot easier to block it

could a mod make this a sticky

cheers

EDIT//

please no post coplaining on box or card not working this thread is for thechnical talk only

 

[davidh]

ok first this is a technical thred so no spamming only techie talk

i started this thread so we could get together and basically find out what this emm is targeting in the code or data space thats making it so effective at killing the cards

so please could people post images that work for now and please some one with a logger, start loggin the streams

once we got the emm derypted it should be a lot easier to block it

could a mod make this a sticky

cheers

EDIT//

please no post coplaining on box or card not working this thread is for thechnical talk only

not being funny m8 but no images
this is how the cc's kill them
logs r ok

 

[fes_786]

ok logs

by the way been reading up that some peeps with subbed box's have had there card fooked and when they foned up the advisor said he sending out a HIT to get the card working again

those cards reported no atr's "supposedly"

so u reckon we could fix our cards with some so called emm???

 

[davidh]

ok logs

by the way been reading up that some peeps with subbed box's have had there card fooked and when they foned up the advisor said he sending out a HIT to get the card working again

those cards reported no atr's "supposedly"

so u reckon we could fix our cards with some so called emm???

the diff is they have the front door key we dont

 

[davidh]

i have been working on an image
with 13 standard tiers on i have most channels
all movies
sports except satanta
just tring to work out the channels that r missing
u have to spread the channels out
and u also have to have the correct right identifiyer

and sorry i wont let anybody have this image
y
cos that is how the cc's r fooking them up
it is up to all of us to modify there own images

 

[clive58]

OK this log says there are 3 new emms after parseing it, they are 0, 20, 21

This is already being discused in the right section for it HERE

Clive.

 

[PIJ]

tw emm log

PIJ

 

[tlogic]

i have been working on an image
with 13 standard tiers on i have most channels
all movies
sports except satanta
just tring to work out the channels that r missing
u have to spread the channels out
and u also have to have the correct right identifiyer

and sorry i wont let anybody have this image
y
cos that is how the cc's r fooking them up
it is up to all of us to modify there own images

is there any tuts davidh in how to modify your images coz i ain't got a clue when it comes to this.

cheers m8

:Cheers:

 

[i-zombie]

i have been working on an image
with 13 standard tiers on i have most channels
all movies
sports except satanta
just tring to work out the channels that r missing
u have to spread the channels out
and u also have to have the correct right identifiyer

and sorry i wont let anybody have this image
y
cos that is how the cc's r fooking them up
it is up to all of us to modify there own images

ive done the same thing-but i only got 10 tiers and it seems to be working fine-so far lol lets see if its still running when i get up

 

[davidh]

is there any tuts davidh in how to modify your images coz i ain't got a clue when it comes to this.

cheers m8

:Cheers:

have u got any dumps of cards
legit i mean

look on them for tiers

 

[gazzas]

Know how to add the tiers but havent a clue how to edit them.
seems you only need 8 tiers for this methode to work from what i have been reading

 

[davidh]

1 of the emm's


for a rom11

SIGNATURE: OK!
3F -> Filter: ANY CARD
5A01 PROVIDER ID (Telewest (Cable))
FB -> RUN CODE FOR ROM11:
CD74E933CD754FC0 DFA704CD754FC0E3 FF01CD754FC0E4B4 03CD754FC0E3AB01
AE34CD74FF8181F2 C23081F2C6730000 0000000000000000 00000000
DISASSEMBLY OF CODE:
------------------------------
0081: CD 74 E9 jsr CHECKCYCLEBYTE ; Abort if CYCLEBYTE is diferent
0084: .db 33 ; CYCLEBYTE to compare
0085: CD 75 4F jsr WRT_ZP_BLK ; Write a block from ZP
0088: .db C0 ; ?
0089: .db DF ; ?
008A: .db A7 ; ?
008B: .db 04 ; ?
008C: CD 75 4F jsr WRT_ZP_BLK ; Write a block from ZP
008F: .db C0 ; ?
0090: .db E3 ; ?
0091: .db FF ; ?
0092: .db 01 ; ?
0093: CD 75 4F jsr WRT_ZP_BLK ; Write a block from ZP
0096: .db C0 ; ?
0097: .db E4 ; ?
0098: .db B4 ; ?
0099: .db 03 ; ?
009A: CD 75 4F jsr WRT_ZP_BLK ; Write a block from ZP
009D: .db C0 ; ?
009E: .db E3 ; ?
009F: .db AB ; ?
00A0: .db 01 ; ?
00A1: AE 34 ldx #$34 ; Load in X
00A3: CD 74 FF jsr WRT_UPDAT_FROMX ; Write update level from X
00A6: 81 rts ; Return from subroutine
BYTES DUMP:
---------------------
00A7: 81 F2 C2 30 81 F2 C6 73
00AF: 00 00 00 00 00 00 00 00
00B7: 00 00 00 00 00 00


EMM DECRYPTED RAW BYTES:
-------------------------
3F5A01FBCD74E933CD754FC0DFA704CD754FC0E3FF01CD754FC0E4B403CD754FC0E3AB01AE34CD74FF8181F2C23081F2C6730000000000000000000000000000

 

[davidh]

another

DECRYPTED EMM:
--------------------------------------------------------
SIGNATURE: BAD(15B4F0B2F8622615)
DECRYPTED BAD DATA: 74AE21B446C28076C81387EADE5AC23B023F9A8EF1CC0B295E44828CD20C92F87F74CB1C685E8533D86A9F88D0808D983E5997CDD95AD85476EFD4CB0AA28134
-- Trying decrypt with signature exchange...
NEW EMM SIGNATURE: E3FAD55A1F84DEF6
SIGNATURE: OK!
3F -> Filter: ANY CARD
5A01 PROVIDER ID (Telewest (Cable))
FB -> RUN CODE FOR ROM11:
C6C038261CC6C039 2617B6F8B7A343B7 A4A602AEA3CD456F C03838681055CD7F
A781000000000000 0000000000000000 0000000000000000 00000000
DISASSEMBLY OF CODE:
------------------------------
0081: C6 C0 38 lda $C038 ; Load in A
0084: 26 1C bne $A2 ; Branch if <>
0086: C6 C0 39 lda $C039 ; Load in A
0089: 26 17 bne $A2 ; Branch if <>
008B: B6 F8 lda $F8 ; Load in A
008D: B7 A3 sta $A3 ; Store A in...
008F: 43 coma ; One's complement of A
0090: B7 A4 sta $A4 ; Store A in...
0092: A6 02 lda #$02 ; Load in A
0094: AE A3 ldx #$A3 ; Load in X
0096: CD 45 6F jsr GET2PARMSTORC1 ; Put 2 bytes in RC1H:L
0099: .dw C0 38 ; New value of RC1
009B: 38 68 lsl EEWRITEOKBITS ; << 1
009D: 10 55 bset0 $55 ; Bit 0 <-- 1
009F: CD 7F A7 jsr $7FA7 ; Go to subroutine
00A2: 81 rts ; Return from subroutine
BYTES DUMP:
---------------------
00A3: 00 00 00 00 00 00 00 00
00AB: 00 00 00 00 00 00 00 00
00B3: 00 00 00 00 00 00 00 00
00BB: 00 00


EMM DECRYPTED RAW BYTES:
-------------------------
3F5A01FBC6C038261CC6C0392617B6F8B7A343B7A4A602AEA3CD456FC03838681055CD7FA7810000000000000000000000000000000000000000000000000000

 

[davidh]

looking at the emm's they have hit rom7 rom10 and rom11

didnt know t/w had rom7's
lol

but they got us good style

 

[gazzas]

k i see what you mean by read an origional untouched image. i have 13 tiers in mine so if i was to deleat one of the tiers in the middle would it be ok to put the rest on a modded image?

 

[davidh]

k i see what you mean by read an origional untouched image. i have 13 tiers in mine so if i was to deleat one of the tiers in the middle would it be ok to put the rest on a modded image?

i took a rom 11 nonlockable image and wrote all the teirs to that
if that helps
been running now for 3 hrs still ok (touch wood)

 

[gazzas]

np i understand it now.

:Clap: :Clap: tnks davidh

 

[ice2004]

@davidh could you explain what i should do with component and theme please.

When i open the image i have 2 tiers originally. But i noticed that the theme and component change from the 1st tier to the 2nd. Is it necessary to change or which one should i use?

thanx

 

[cryptik]

perhaps someone could write a tutorial on how to change add tiers etc
looks like the ccs have had a good day

 

[gazzas]

get an untouched image and copy all tiers over to your modded image.
just deleat the 2 tiers that are on the modded image before you copy all the un modded tiers over