Want to learn to make fun flash!

I been reading the guide for a few days now trying to grasp how this all works but still finding it i hard for it to l sink in. I'm trying to fix an atmega card because i think its the easiest one to do as you don' t have to play around with the keyroll.

having looked at the 3.7 log am i right in thinking that to fix the timing issue cmd $00 is where the problem lies and is the only piece of code that need to change, Forgive me if i'm talking bollocks.

Is there a guide somewhere that shows you how to edit the asm code and how to use AVR studio 4.


3.7 log below.


21 C1 01 ; FE 1F (THIS GETS REPEATED) ..
12 E1 01 ; FE 0C ..

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 0C ; A0 CA 00 00 06 20 04 02 02 FF FF 03 66 ..... ......f
12 00 05 ; A0 01 01 90 00 27 .....'

21 C1 01 ; FE 1F (THEN IT TRIES AGAIN) ..
12 E1 01 ; FE 0C ..

21 C1 01 ; FE 1F (AND AGAIN) ..
12 E1 01 ; FE 0C ..

21 00 08 ; A0 CA 00 00 02 C0 00 06 87 .........
12 00 08 ; B0 04 08 03 00 00 90 00 35 ........5

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 08 ; A0 CA 00 00 02 12 00 06 55 ........U
12 40 08 ; 92 04 27 71 01 02 90 00 09 ..'q.....

21 40 08 ; A0 CA 00 00 02 14 00 06 13 .........
12 00 08 ; 94 04 0F 54 54 68 90 00 7D ...TTh..}

21 00 08 ; A0 CA 00 00 02 C0 00 06 87 .........
12 00 08 ; B0 04 08 03 00 00 90 00 35 ........5

21 20 20 ; A0 CA 00 00 37 03 35 5D 01 10 31 05 88 15 0F 38 ....7.5]..1....8
39 60 FC 8B 15 C9 DE 81 42 96 73 A0 55 2B C0 68 9`......B.s.U+.h
E4 .
12 90 00 ; 82 .

21 00 08 ; A0 CA 00 00 02 C0 00 06 87 .........
12 40 08 ; B0 04 08 00 00 06 90 00 70 ........p

21 40 09 ; A0 CA 00 00 03 13 01 03 19 09 ..........
12 00 1B ; 93 17 B1 01 01 11 08 61 DD 78 D6 20 9D AE 73 12 .......a.x. ..s.
08 97 0F C4 01 E9 2D CA 4E 90 00 C0 ......-.N...

21 20 20 ; A0 CA 00 00 4D 00 4B 5C 01 02 FC 06 B7 27 F7 97 ....M.K\.....'..
86 10 C8 22 10 4E AE FB 00 C6 DB FD 61 F2 01 3F ...".N......a..?
22 "
12 90 00 ; 82 .

21 60 20 ; DE E4 2C CA 90 EA 7A 11 83 DE BB E9 2C E1 C8 38 ..,...z.....,..8
8A 35 B8 CC 10 11 74 DE FD AF 7F C2 60 C7 C5 7F .5....t.....`...
0C .
12 80 00 ; 92 .

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 0C ; A0 CA 00 00 06 20 04 08 02 FF FF 03 6C ..... ......l
12 00 05 ; A0 01 02 90 00 24 .....$

21 40 0D ; A0 CA 00 00 07 21 05 08 03 FF FF 00 1E 30 .....!.......0
12 40 20 ; A1 1C 5D 01 10 98 96 D5 00 00 00 00 20 84 1F 93 ..]......... ...
39 9F 29 C3 00 01 01 2C 80 00 FF 00 FF 00 90 00 9.)....,........
00 .

21 00 0D ; A0 CA 00 00 07 21 05 08 03 FF FF 01 1E 71 .....!.......q
12 00 20 ; A1 1C 5D 01 10 98 98 E4 00 00 00 00 20 84 1F 93 ..]......... ...
39 9F 29 C3 01 2E 7F FF 80 00 FF 00 FF 00 90 00 9.).............
FC .

21 40 08 ; A0 CA 00 00 02 C0 00 06 C7 .........
12 40 08 ; B0 04 08 03 00 00 90 00 75 ........u

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 08 ; A0 CA 00 00 02 C0 00 06 87 .........
12 00 08 ; B0 04 08 03 00 00 90 00 35 ........5

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 08 ; A0 CA 00 00 02 12 00 06 55 ........U
12 40 08 ; 92 04 27 71 01 02 90 00 09 ..'q.....

21 40 08 ; A0 CA 00 00 02 14 00 06 13 .........
12 00 08 ; 94 04 0F 54 54 68 90 00 7D ...TTh..}

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 08 ; A0 CA 00 00 02 C0 00 06 87 .........
12 00 08 ; B0 04 08 03 00 00 90 00 35 ........5

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 08 ; A0 CA 00 00 02 12 00 06 55 ........U
12 40 08 ; 92 04 27 71 01 02 90 00 09 ..'q.....

21 40 08 ; A0 CA 00 00 02 14 00 06 13 .........
12 00 08 ; 94 04 0F 54 54 68 90 00 7D ...TTh..}

21 00 08 ; A0 CA 00 00 02 C1 00 04 84 .........
12 40 06 ; B1 02 CF FF 90 00 47 ......G

21 40 08 ; A0 CA 00 00 02 C0 00 06 C7 .........
12 00 08 ; B0 04 08 00 00 00 90 00 36 ........6

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 08 ; A0 CA 00 00 02 C0 00 06 87 .........
12 00 08 ; B0 04 08 03 00 00 90 00 35 ........5

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 20 20 ; A0 CA 00 00 37 03 35 5D 01 10 31 05 C3 D7 4E 63 ....7.5]..1...Nc
1E 2C F5 B0 31 1C 07 6B C1 3A 01 B0 6D 0A DF CB .,..1..k.:..m...
04 .
12 90 00 ; 82 .

21 00 08 ; A0 CA 00 00 02 C0 00 06 87 .........
12 40 08 ; B0 04 08 00 00 06 90 00 70 ........p

21 40 09 ; A0 CA 00 00 03 13 01 03 19 09 ..........
12 00 1B ; 93 17 B1 01 01 11 08 A5 D0 ED D1 39 35 FB 63 12 ...........95.c.
08 97 0F C4 01 E9 2D CA 4E 90 00 6F ......-.N..o

21 00 0C ; A0 CA 00 00 06 20 04 06 02 FF FF 03 62 ..... ......b
12 40 05 ; A0 01 02 90 00 64 .....d

21 40 0D ; A0 CA 00 00 07 21 05 06 03 FF FF 00 29 09 .....!......).
12 00 2B ; A1 27 5C 00 00 27 71 01 02 FF FF FF FF FF FF FF .'\..'q.........
FF FF FF 00 FF FF 00 00 FF FF 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 90 00 26 ...........&

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 20 20 ; A0 CA 00 00 4D 00 4B 5C 01 62 7E 54 CC A8 42 59 ....M.K\.b~T..BY
09 C0 37 F5 90 0A 25 F6 62 9E E3 2B F9 1F F8 B8 ..7...%.b..+....
F7 .
12 90 00 ; 82 .

21 60 20 ; 7E 4E F3 10 9F B6 B2 54 AD DE 0F F0 39 33 F1 14 ~N.....T....93..
9D 99 B2 44 FD E9 6C 93 8A 1C 51 28 C3 69 BC F5 ...D..l...Q(.i..
0B .
12 80 00 ; 92 .

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 08 ; A0 CA 00 00 02 C0 00 06 87 .........
12 00 08 ; B0 04 08 03 00 00 90 00 35 ........5

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 08 ; A0 CA 00 00 02 12 00 06 55 ........U
12 40 08 ; 92 04 27 71 01 02 90 00 09 ..'q.....

21 40 08 ; A0 CA 00 00 02 14 00 06 13 .........
12 00 08 ; 94 04 0F 54 54 68 90 00 7D ...TTh..}

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 08 ; A0 CA 00 00 02 C0 00 06 87 .........
12 00 08 ; B0 04 08 03 00 00 90 00 35 ........5

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 08 ; A0 CA 00 00 02 12 00 06 55 ........U
12 40 08 ; 92 04 27 71 01 02 90 00 09 ..'q.....

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 00 08 ; A0 CA 00 00 02 C0 00 06 87 .........
12 00 08 ; B0 04 08 03 00 00 90 00 35 ........5

21 C1 01 ; FE 1F ..
12 E1 01 ; FE 0C ..

21 C1 01 ; FE 1F (GIVES UP) ..
12 E1 01 ; FE 0C
 
tlogic said:
Has everyone given up??????
Click to expand...

No, Im just us stuck as you if not more, ive read up on how the code works on avr, Then i had probs running avr, so ive open ida, But nothing looks the same

Ive been reading about old keyrolls in the hope i can answer nozzers questions on prev page
nozzer said:
Now, from what i've described above, can somebody move forward and describe how serial Input is detected and captured ?
Click to expand...

As i keep hearing we need to understand key roll system first.?
 
Im a bit stuck is wrll m8, trying to figure out how to yse aver studio but cant get my head around it, is there a easier option such as using note pad to make changes to the flash.
 
hi chaps !

I just popped over to look at the question being framed by nozzer and see if maybe there was a simple reason why it was causing confusion.

I think you might be better off forgetting keyrolls ect for a time, i think the way this is being put across is from the aspect of starting from scratch yet building a conoceptual understanding based on pulling the code apart.

first off one of the thing that make serial comms different from parallel ect is the way data is transmitted. 1 single bit at a time rather than bytes or words.
If things are sent 1 bit at a time as they are in iso comms and rs232 then each bit is received loaded then the next bit is received and loaded until you get a full word - then you can store the word to ram. and get the next.

There are 2 forms of serial comms that can be utilised. Asychronous and synchronous, 1 meaning use of a common clock and one meaning on the fly. The later often utilizes start and stop bits.

I realise this doesn't give you much to go on BUT it does actually help point your googling i think. Without knowing how data is exchanged on a basic level in a serial form you wouldn't even be able to start looking at a keyroll ect becuase you couldn't get the card firmware to understand the host device and visa versa. It's very much the same in glitchers.

here's a for example of how stuff can mess up;

a while ago i was trying to make a flash to run at 18mhz, the comms are serial and so they have to be timed correctly. After a while pulling the original code apart i thought i had it all worked out. I was wrong lol, what i was getting back was supposed to be an ATR but it didn't make any sense. After studying it for ten minutes i realised all the bits were shifted left so the bytes were all wrong. Of course i'd spent that much time on it by then i was able to see the flaw and fix it straight away.


So get googling serial comms protocols and have a look at iso smartcard protocols as well, should give you a good step in the right direction. Especially since there is source code for the funcards knocking about over the net.
 
hnj said:
Just thought i would give it a go, any ideas of the type of files i need to make one.

any1 point me into the right direction of how to learn to make one. any tuts etc.

Good to learn so i thought i should

thanks alot
hnj
Click to expand...

This any good ?
h**p://www6.zippyshare.com/d/828834361c/1258280367/82883436.zip
 
i have been reading, reading then reading over it again as not somethink you can just browse over and expect to do sadly.
then MW2 came out so this took a bit of a back burner with me.

from what i have read so far, I think it's this part of the source code that needs to be changed

Send_Reply:
mov LEN, r18 ; LEN
mov PCB, r16 ; PCB

ldi r25, 128
rcall Delay

mov r16, NAD
sts rNAD, r16
mov r16, LEN
sts rLEN, r16
clr r18

rjmp Err_Respond


more like the method needs to be changed so that the rcall happens sooner than its currently doing. If i was on 3.7 would be easier to mess with test etc, as im still on 3.6.

im messing with this part at the moment

Send_Reply:
mov LEN, r18 ; LEN
mov PCB, r16 ; PCB

ldi r25, 8
rcall Delay
 
I am on 3.6 i did all my testing using XNCS as you can send commands etc to card to test. I found just doing a reset card command would show all of the errors in the comms tab.

Just remember guys the logs only give an symptoms of what is wrong. You can go down the wrong route like i did (I rewrote the whole recieve data routine as i thought that where the problem was based on the logs and it made no difference) the logs show what is sent to the card (not what the card recieved)

If we assume that the command response part of the code works OK (as it did in the past). It can only be the card is getting the wrong data and sending an invalid response or no response based on the faulty data. What would make the card recieve the wrong data ?
 
Me as well, I can't take out time to go through the coding, so I'm available to help on testing mate. PM me when you need me
 
After reading hbc's post earlier I read around elsewhere and found this but still can't workout if this is anything to do with the problem.
* CLK

The actual frequency, delivered by the interface device on CLK, is designated either by fi the initial frequency during the answer to reset, or by fs the subsequent frequency during subsequent transmission.

Duty cycle for asynchronous operations shall be between 45% and 55% of the period during stable operation. Care shall be taken when switching frequencies (from fi to fs) to ensure that no pulse is shorter than 45% of the shorter period.


Edit:
After reading more and looking at the difference between the working rst code and the non working code is the problem around the fact that the funcards stack is being loaded and not cleared therefore the stb can't send info due to the "floating posotive" method of comunicating. if either stb or card is at zero that is seen.

Could anyone say if I'm on the right line with this.
 
Last edited:
grooster said:
After reading hbc's post earlier I read around elsewhere and found this but still can't workout if this is anything to do with the problem.
* CLK

The actual frequency, delivered by the interface device on CLK, is designated either by fi the initial frequency during the answer to reset, or by fs the subsequent frequency during subsequent transmission.

Duty cycle for asynchronous operations shall be between 45% and 55% of the period during stable operation. Care shall be taken when switching frequencies (from fi to fs) to ensure that no pulse is shorter than 45% of the shorter period.


Edit:
After reading more and looking at the difference between the working rst code and the non working code is the problem around the fact that the funcards stack is being loaded and not cleared therefore the stb can't send info due to the "floating posotive" method of comunicating. if either stb or card is at zero that is seen.

Could anyone say if I'm on the right line with this.
Click to expand...



your kind of right! what u have to think about is how the card recieves info and sends it, also the same from the box. so box sends something the card has to reply, then go low so the box can send more info and back to card again. remeber the box has good control over its send/recieve data but the card has to be programmed by us to work in the same way as a mosc/tit etc would. think cycles, that will help a great deal in this, as u know its timing!

MB
 
perfer this way, as then I don't have to rely on others. Im enjoying the learning process with this all and over the past view weeks have took alot on board.

Few questions

have been reading and read, on some other forums as well, that there is more than one way to skin a cat when it comes to fixing the issue. Some are using different method but getting the same result. that is how it has became confusing as you hear different things and then get lost.

how i am seeing it so far ( took from another forum but puts it more clearly than i would with my brain like cheese today)

3.7 is a lot tighter on the command responses from the card (it will reset the card if incorrect or corrupt responses are recieved)

We have a timing issue with the fun/atmega cards which make them fail but MOSC/TIT/OPUS cards still work.

After start up the data is sent to the card following the ISO 7816 std which im sure has been stated means that the serial data is available on the input pin for 32 clock (or instruction) cycles. The data line is held high when no data is being sent, a start bit (data line pulled low) is sent before each byte of data and there is a wait or guard time between each byte of data sent.

MOSC/TIT/OPUS card use a UART to handle the serial data comms to/from the IRD (Which means the software can ignore the handling of the comms data as the UART will tell the card it has data to be recieved)

The fun/atmega don't have a UART to recieve the data so have to try to emulate that function is software. (It uses a timer to interrupt the main software at regular intervals to check for a start bit/data)

So if the values used by the timer or the code used to check for the data use to little or to many clock cycles maybe we miss the start bit and start reading the data in the wrong place or not at all.


with that I am thinkin that this code is wrong

RX_IRD: sbis IO_PIN, IO_PIN_IRD ; wait for RX to go high = line idle
rjmp RX_IRD

As the start bit should be low instead, so would be this so that the start bit is detected

RX_IRD:sbis IO_PORT, IO_PIN_IRD


any info would be helpful, while my brain has a rest for a while
 
cg010169 said:
3.7 is a lot tighter on the command responses from the card (it will reset the card if incorrect or corrupt responses are recieved)
Click to expand...

It would appear then that there is a bit timing error which was always there, logically if this worked prior to this update then you have to assume some kind of phase discrepency in the i/o routines. If the request was previosly resent when there was a failure with out cardwide reset then stands to reason eventually the comms would work. Thus this card was working on 3.6 then not on 3.7!

I assume card operations are structured around this area so the card is doing something useful between bit times? Would explain simply enough why there have been a few ways of getting it working!!

What with whats in this thread and stuff i read in other places this has got to be an easy fix :)

BTW i have deduced this from the post above and some other posts out there, i still no nothing about funcards at all
 
Last edited:
You must log in or register to reply here.

Similar threads

O
    • Like
Notts Forest expected to learn outcome of FFP
Replies
2
Views
445
Oggiman
O
spud1966
Jasrati AI Ebook Maker [for PC, Mac, Android, & iOS]
Replies
0
Views
244
spud1966
spud1966
G
Receiver choice advice
2 3 4
Replies
62
Views
2K
riscatto
R
spud1966
    • Like
AweEraser [for PC & Mac]
Replies
0
Views
331
spud1966
spud1966
spud1966
    • Like
WonderFox Video to GIF [for PC]
Replies
1
Views
558
Kryton
Kryton
Back
Top