if i spi

XC chip, auth and block SPI command.
Locked
FANTASYCABLEGUYREADY
Junior Member
Posts: 94
Joined: Mon Apr 10, 2006 5:13 pm
Location: BOSTON

if i spi

Post by FANTASYCABLEGUYREADY »

if i load spi cammand on a dct not subbed but gets some decent channels
if they deauth the xc chip would i be able to bring her back?thanks for the help.
patsfan
Junior Member
Posts: 673
Joined: Thu Jul 21, 2005 4:02 pm

Post by patsfan »

you would need to capture the auth commands when the box gets activated and replay that to the box. since you said the box isn't subbed you wouldn't have this. also the auth.bin that the spi caputes is specific to each box so you can't use one from another box. faking the id won't make it work either.
FANTASYCABLEGUYREADY
Junior Member
Posts: 94
Joined: Mon Apr 10, 2006 5:13 pm
Location: BOSTON

Post by FANTASYCABLEGUYREADY »

im sure you can tell im a noob,but i would think there is alot of the same code in the auth cammands which would make me think unit address and specific tiers are the only difference .maybe 20% of all the auth code is different,which i would think with the great success the few of you guys have had must be close to full compromise.thanks for the knowlegde.abac is my savior?
acidbaby
Junior Member
Posts: 15
Joined: Fri Jul 14, 2006 7:19 am

Post by acidbaby »

is there a good guide or eplaination of loging and saving the spi command
do u use both the bdm cable and the serial cable? or just the serial cable connected to log?
does the spilog firmware need to be on the box when loging?

any step by step guide?
any videos of this?
ive searched and read here and im still lost
patsfan
Junior Member
Posts: 673
Joined: Thu Jul 21, 2005 4:02 pm

Post by patsfan »

you only need the serial cable connected to log data, and you need to load the spi firmware first to do it. there is some info on the main page under DCT2000. http://www.usbjtag.com/
acidbaby
Junior Member
Posts: 15
Joined: Fri Jul 14, 2006 7:19 am

Post by acidbaby »

what about playing back the auth command?
it dont seem to take?
do u need spilogg on firmware to do the palyback?
i see commands being sent in spi commander
fw is 793 on box and i see all regular stuff but others still show not auth
also the guide angd gui seem to disapear and box restarts after a while guide is back and box is updated with 796 fw
tried to play auth on that bit also not auth
what to do to get the chans auth again?

box had the acab fw on it last year or so then one day black screen and i couldnt do anything with it
revived box with original nvram and code
now box in state b4 i got it authed
now trying to playback and it dosnt seem to work?

any help apreciated
usbbdm
Junior Member
Posts: 8962
Joined: Mon Jul 18, 2005 9:33 pm

Post by usbbdm »

The purpose for SPI play is for study, if you fake the UID you do not need to play the auth command.

The SPI command can only be played on the same box CC send to. Play to the box with different UID will get rejected by XC chip.

If you log the SPI command during the auth process, if then latter the CC deauth the box, you can play the auth command the same channel will shown before deauth.
techno
Junior Member
Posts: 36
Joined: Wed Mar 05, 2008 10:12 pm
Location: Washington

Post by techno »

So if you change the UID and play back a command that was sent to the original unit with that UID why wont the new unit accept the command?

Told you I'm new on here.

Techno
usbbdm
Junior Member
Posts: 8962
Joined: Mon Jul 18, 2005 9:33 pm

Post by usbbdm »

techno wrote:So if you change the UID and play back a command that was sent to the original unit with that UID why wont the new unit accept the command?

Told you I'm new on here.

Techno
The auth command has a checksum that matches the info in the XC chip. If you just fake the UID, the command will not be accepted for the XC chip which has different UID (not faked )
tester5
Junior Member
Posts: 21
Joined: Wed Jul 27, 2005 9:16 pm
Location: NewYork&Chicago
Contact:

Post by tester5 »

the GI might be hard coded on the xc chip together with the way the chip works. then uid is installed at finish line....or all together who knows...

at least a part of gi number it is used 100% because 2 boxes E11 get different response.. so there is some other identification in the xc....permanent programmed
krunkcraig
Junior Member
Posts: 164
Joined: Sun May 06, 2007 10:24 am
Location: Everythings bigger in Texas

Post by krunkcraig »

Why can't we all work together and make a data chart with spi checksums (like usb did in the past) and also have people send their UID, and numbers from xc chip.....From there we can work backwards to find a solution. There cannot be more than 100 different xc chip types. That way we could find exactly what part of UID, and GI is encoded. What do you guys think?
techno
Junior Member
Posts: 36
Joined: Wed Mar 05, 2008 10:12 pm
Location: Washington

Post by techno »

I thought the GI was only used for inventory control and KMS lookup.

What if i was to change UID then send a cold boot?
tester5
Junior Member
Posts: 21
Joined: Wed Jul 27, 2005 9:16 pm
Location: NewYork&Chicago
Contact:

Post by tester5 »

anything a dispacher can do has been done :D only ppv got enabled nothing else...
cablehackernoob
Junior Member
Posts: 116
Joined: Sat Dec 20, 2008 2:21 pm

Post by cablehackernoob »

krunkcraig wrote:Why can't we all work together and make a data chart with spi checksums (like usb did in the past) and also have people send their UID, and numbers from xc chip.....From there we can work backwards to find a solution. There cannot be more than 100 different xc chip types. That way we could find exactly what part of UID, and GI is encoded. What do you guys think?
This seems line an excellent idea.
UserName
Junior Member
Posts: 268
Joined: Sat Jun 07, 2008 2:56 pm

Post by UserName »

krunkcraig wrote:Why can't we all work together and make a data chart with spi checksums (like usb did in the past) and also have people send their UID, and numbers from xc chip.....From there we can work backwards to find a solution. There cannot be more than 100 different xc chip types. That way we could find exactly what part of UID, and GI is encoded. What do you guys think?

billion combination. each xc is made same programmed with a specific key together with box maybe gi# then chip is burned so cannot be read or programmed anymore in that part..then in the ram the uid in programmed in since 10# is uid combined with digichiper2 technology and maybe the gi that will rooool for long time. unless you have that build in key that comes with each xc chip./
checksum is irrelevant if cant find out that hard part first.
do not believe what i say 10% its true :confused:
Locked

Who is online

Users browsing this forum: No registered users and 5 guests