First, what is noRSA mod and when you need it?Current N2 testing is based on "prior knowledge" of some key encryption data that is residing in IRD firmware and matches with data in testing device (ATMEGA in our case). This data is partially based on IRD#, Box Keys and CAM# of the card.The latest development in this area led to "hard coding" this data in the ATMEGA, therefore minimum changes are needed to the IRD FLASH. This also allows IRD to be able to safely take firmware updates without having to re-FLASH changes.
Next, it is important to understand that if IRD was already "patched" with UNIVERSAL scripts, used before, it will be impossible to make noRSA mod on them, unless you force IRD to take update. Update will undo these changes and make FLASH be "ready" for noRSA mod application.
While noRSA mod essentially changes the IRD#, BK and CRC, it is important to understand that some IRD models (like DP301.013 and all DVR5xx) use different identification method (referred to as SK, which stands for Session Keys) and therefore need these numbers "relocated" in a certain manner.
Therefore it is much easier to use noRSAmod.fs script to do it for you instead of trying to do these things manually.
I assume you have JTAF cable and working jKeys.
1. Necessary utilities:Flash EditFE script "noRSAmod.fs"Place .fs file into FE directory.If have to do do Step 5B, get HEX Editor.
2. VERY IMPORTANT!!!Get stream-updated IRD to the latest F/W version.
3. Backup FLASH and EEPROM
4. Check if your FLASH is corrupt or badly backed-up.To do it, just open this file with FE in "Beginners" mode.If no problem - skip to Step 6.
5. If there are CRC problems, this may be result of bad JTAGging. Try it several times before resorting to the following 2 ways of fixing:A. If you have ANY previous version backup - check with FE. If CRC error - use "Advanced" mode and fix it by copying "proper" CRC. DO NOT have to fix IRD#/BK CRC.Program it back into IRD and go back to step 2.B. Get FLASH (TSOP) image from the Forum Bank. Try to find one the same 3 first letters in Build Config.Generate "virgin EEPROM" from this file in FE. Using HEX EDitor, copy first 48 bytes from the "virgin" over your own EEPROM image and program result into IRD.IMPORTANT!!! Do not use "virgin" to program IRD. It will create severe problem in DP301 and later.Test if IRD works, if not - go to Step 2. Else skip Step 6.
6. Open FLASH image with FE. Select correct "No SK" or "others" script from the drop-down and apply.Program result into IRD. No need to change EEPROM!
7. Program your testing card
8. !!! VERY IMPORTANT !!!Enjoy life. Watching TV is stealing a lot of it from you.
After you updated the firmware and follow the steps below, you should be fine getting TV. Better use Buffered Jtag
Alternate method
- stream your ird for update firmware, your 3100 will be P2472.
- back up your both tsops.
- open you back up tsops by FlashEdit 2111beta9,
- change the ird# 011C746Cbox key : 8C A6 A8 8C FD E2 E2 63
- make sure check the crc, if red click fix crc, then will change green back.
- save the mod tsops
- in the same screen(flashedit), save vergin eeprom, i.e. click the script to find save vergin eeprom.fs, screan pop out asking you to enter the build conf. which you can find a sticker inside the ird showing the build conf number.
- open wallV2first erase flash 2 and then program your saved mod tsop u23second erase flash 1 and then program your saved mod tsop u22
- take your ird to power on for 3 minutes then fed in the sat cable
- now program your atmega by satVia all_in_1_Final with the update keys9. watching TV
No comments:
Post a Comment