This may help some of you...

cydine_ said:
Oh well at least I know it isn't just me being thick......

LOL

Does anyone have any insight into how these softcams process keyroll emms?
Click to expand...

tbh, its best to work on patching the Rom7 roms and disable Rom10/11 AU functionality when working on dbox/dreambox stuff.

The baseline emulator is Rom7 with Rom10/11 emulation tacked on top.
 
nozzer said:
tbh, its best to work on patching the Rom7 roms and disable Rom10/11 AU functionality when working on dbox/dreambox stuff.

The baseline emulator is Rom7 with Rom10/11 emulation tacked on top.
Click to expand...

Can you tell me what the address of the EMM handler, or rather the address of the call to the EMM handler is in a rom7 dump please mate?
 
dont know if its me, but got the hex. eep. and flash prog onto tit2.. now tryed to add image using both winexplorer and nagra, (in phoenix mode) and in nagra is says "atr (all 00_ Error, unsupported card type.
Closing com1 was sucessful.

Any ideas ?
 
gr0wl said:
Can you tell me what the address of the EMM handler, or rather the address of the call to the EMM handler is in a rom7 dump please mate?
Click to expand...

You should be looking round about 52A9:

BD 81 jsr byte_0_81
 
gr0wl said:
Can you tell me what the address of the EMM handler, or rather the address of the call to the EMM handler is in a rom7 dump please mate?
Click to expand...
equivalent section seems to be
52A4 EMMCMDF7:
52A4 CD 51 DF jsr ENSUREIRDINFO
52A7 25 02 bcs EMMCMDF7EXIT
52A9 BD 81 jsr byte_0_81
52AB
52AB EMMCMDF7EXIT:

meaning the equivalent jsr would be 51DF
or so it seems to me
 
Cool I will give it a try with a rom7 dump then. Have you guys tried it yet?
 
no - bear in mind it will probably need recoding as the rom 7 emm was different - so far I havent noticed both rom 7 emm's anywhere - same process will have to be gone through as coolguy did with rom 10 emm's to make code then it needs to be patched in etc

having a break before I start collating info lol - been at this a bit too long now lol
 
used the other files (same as on big maq) and worked :) wouldnt update first of all though but then i realised id edited the decrypt keys to 00 00 on the end lol !!

All working now :) many thanks :) no more nagging phone calls from the misses LOL !
 
cydine_ said:
Lack of space in the rom7.bin is a problem.

Any tips?
Click to expand...

I've noticed this...

Someone's beaten us to it though, there's now a working patch rom7 out there that does the job perfectly...
 
The current patch just overwrites some code that seems to deal with the backdoor password.
Obviously it would be neater to do it the way nozzer suggests.

Could you give an example of how to run code from the eeprom nozzer m8?
 
cydine_ said:
The current patch just overwrites some code that seems to deal with the backdoor password.
Obviously it would be neater to do it the way nozzer suggests.

Could you give an example of how to run code from the eeprom nozzer m8?
Click to expand...

You do it the same way you do any other read/write to an address...

& which patch are you referring to, the current OPOS patch overwrites the EMM (and nothing else)
 
hey guys.

i used titanium hack on my opos files, but it jsut given me a plain hex file. how do i use that? is there another step im meant to use or a program?

cheers

p.s. thanks for the new files guys, lol, but i wish i couldave made em myself!!! ;) , i will tho soon.........
 
You must log in or register to reply here.

Similar threads

S
help to understand log
Replies
1
Views
883
acebing
A
D
Xtrend ET8000 Mgcamd help
Replies
2
Views
1K
digi247
digi247
jammoboss
VU+ Duo Cant get MGcamd to work
Replies
3
Views
2K
jammoboss
jammoboss
H
Amiko Alien 2 - mgcamd setup
Replies
0
Views
2K
harcrid
H
W
Newcs and cccam question
Replies
0
Views
951
willegg
W
Back
Top