Pages

Thursday, November 3, 2011

Possible on NDS Card

You need two keys.

1. Pairing key which is stored in the eeprom
2. Hardware key which is stored in the Broadcom chip

Reading the firmware out of the flash will not help you.

This is the Pace Pace_TDS865NSDX dump(also Samsung.DSB-H670N)
I think it will be useful for someone.
link:
https://rapidshare.com/files/1354526336/dump.zip
-------------------------------------------------------------------
About paired keys.
We knows, that newcs supports nd$ paired cards with undocumented options:
********************************
****FA7288A59F8E70F6B803C58A****
(you can simply find *** values in attached dump to compare with yours dump )
(Latest Gbox.net also supports that paired cards.)
So how to get that keys?
It possible to get keys from memory dump.
_____________________________________________
How to get into box.........
open the box
and look for j514on pcb
there you have 4 pin connection via
this is 232 ttl
connect 232 ttl to this j514 it is 4 pins via there..(add....using any ttl to rs232 converter)
and have putty or serial conection sw
baudrate is 115200 8N1
you will see console booting up from box..
you have linux console now
---------------------------------------------------------------------------
how to extract the hwkeys and ekpariedkey...
you need the card and valid subscribtion for hd channels for this box
switch off the power box..
but before that switching off the box... tune in the HD chanell first
and turn on the power without SC
you get information insert smartcard in the reader.... OSD on tv
!!!!!!! don't do that.! (don't insert card yet)
you have connect 232 and have console now...
take break interrupt
the magic key to interrupt is CTTRL+4
and you are inside ..linux console
shell is busybox
go to /NDS/bin/
start /.mor_epg_zapviasat &
you will get now the same OSD message now.. "insert sc in the reader"
do that..
you got hd picture now
switch off the box on the front of box..
not power cable..
take dump from /dev/mem
with dd cmd dd if=/dev/mem of=/mnt/usb/somefile.bin
but you have to mount usb first
because too big file
about 268 mbyte
take this dump out and connect to your regular linux machine..
you have to search for some tags
but it is important to do the clean startup
because om RAM
after key extraction don't need to go inside box
dont do that.. if you want safe .. have all your files on the usbflash
--------------------------------------
final step
just look in memory for 30 00 00 01 tag or 30 00 01

and after what 16 byte is the first key

and the second one is 10 00 00 tag from memory
You got paired keys
-----------------------------
Posted by at

2 comments:

Anonymous said...

So where is this pins ?

September 28, 2019 at 10:22 AM
jaca said...

Hello, can you please refresh the link to the Samsung DSB-H670N

January 27, 2022 at 1:16 AM

Post a Comment

Subscribe to: Post Comments (Atom)