My rom10 is "CD 82 3D" At 50E3. I change it just like what you said,but it still can't work. Please help.
btw:My rom10 worked fine until yesterday.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed.
Change Call (CD2020) at #90E3 routine to #9AE3 (CD9AE3)
put this code at #9AE3
C6009FA1AB246BC600AAA1FF2418C600B4A1FF2424C600A1A1 002430C600ADA100243CCC009BA6FFC100
AB26E1AE03E6A1E7AA5A2AF9CC009CA6FFC100B526D5AE03E6 A1E7B45A2AF9CC009CA600C100A226C9AE03
E6B9E7A15A2AF9CC009CA600C100AE26BDAE03E6B9E7AD5A2A F9CC009CA6A0C100AF26E1AE03E6ABE7B95
A2AF9AE03E6AFE7AB5A2AF9AE03E6B9E7AF5A2AF9CC009A
use ultraedit 32
there is a $4000 offset
so 90E3 is 50E3
and 9AE3 is 5AE3
My rom10 is "CD 82 3D" At 50E3. I change it just like what you said,but it still can't work. Please help.
btw:My rom10 worked fine until yesterday.
@jmp
can you please explain what the opcodes are supposed to be doing? Will it be able to decode both Key 00 and Key01 of the new Dream ECM?
Before:Originally Posted by jmp
000050e0h CC 90 E3 CD 82 3D CC 9A E3 CD 82 23 81 43 53 42
after:
000050e0h CC 90 E3 CD 82 3D CD 9A E3 CD 82 23 81 43 53 42
or
000050e0h CC 90 E3 CD 9A E3 CD 9A E3 CD 82 23 81 43 53 42
But it doesn't work.
It works when I replace the NagraKey.txt with another one.I just don't wonder why it could work fine so long with such a 'wrong' file.
Great job ,thank you for your help.
jmp, we need the answer for the question of boy23_
boy23
yes both keys and also contains all updates for the past year.
if you want to see the code use emmstudio3 dissasembler
if you want to see the emms use snitch, save log file, rename .log to .txt
open with emmstudio3 if you have the rest of the keys.ini to read them
@jmp.. thanx bro.. your works on prviding the rom10 file is a big help to us..
Originally Posted by jmp
THE RIGHT CODE
00005ae0 : ff ff ff b6 a0 b7 4e b6 a1 b7 4f ae 03 92 e6 4f
00005af0 : 88 92 e6 4e 92 e7 4f 84 92 e7 4e 5a 2a ef cc 00
00005b : 9a ff
Please do your home work
@gzsamlee yes you are right this will never work......
Blackrose what do you know, this has been tried, tested and updated for one year, I would not publish it otherwise. DORK !
Figure out for yourself next time ......................
how can i edit to make right NagraKey.txt fileOriginally Posted by gzsamlee
I will put it a different way for the people who want to learn
Test 9F for AB
JSR New method C6 00 9F A1 AB 24 6B........or
continue testing other methods used
other methods used
C600AAA1FF2418C600B4A1FF2424C600A1A1002430C600ADA1 00243CCC009BA6FFC100AB26E1AE03E6A1 E7AA5A2AF9CC009CA6FFC100B526D5AE03E6A1E7B45A2AF9CC 009CA600C100A226C9AE03E6B9E7A15A2AF9CC009CA600C100 AE26BDAE03E6B9E7AD5A2AF9CC009C
New method
Test A0 for AF
Ok or return
copy 4 bytes from AB to B9
Copy 4 Bytes from AF To AB
Copy 4 bytes from B9 to AF
Goto 9A
A6 AF C1 00 A0 26 8E AE 03 E6 AB E7 B9 5A 2A F9 AE 03 E6 AF E7 AB 5A 2A F9 AE 03 E6 B9 E7 AF 5A 2A F9 CC 00 9A
DISASSEMBLY OF CODE:
------------------------------
9AE3: C6 00 9F lda $9F ; Load in A
9AE6: A1 AB cmp #$AB ; Compare with A
9AE8: 24 6B bcc $9B55 ; Branch if C=0
9AEA: C6 00 AA lda $AA ; Load in A
9AED: A1 FF cmp #$FF ; Compare with A
9AEF: 24 18 bcc $9B09 ; Branch if C=0
9AF1: C6 00 B4 lda $B4 ; Load in A
9AF4: A1 FF cmp #$FF ; Compare with A
9AF6: 24 24 bcc $9B1C ; Branch if C=0
9AF8: C6 00 A1 lda $A1 ; Load in A
9AFB: A1 00 cmp #$00 ; Compare with A
9AFD: 24 30 bcc $9B2F ; Branch if C=0
9AFF: C6 00 AD lda $AD ; Load in A
9B02: A1 00 cmp #$00 ; Compare with A
9B04: 24 3C bcc $9B42 ; Branch if C=0
9B06: CC 00 9B jmp $9B ; Jump
9B09: A6 FF lda #$FF ; Load in A
9B0B: C1 00 AB cmp $AB ; Compare with A
9B0E: 26 E1 bne $9AF1 ; Branch if <>
9B10: AE 03 ldx #$03 ; Load in X
9B12: E6 A1 lda $A1, X ; Load in A
9B14: E7 AA sta $AA, X ; Store A in...
9B16: 5A decx ; x--
9B17: 2A F9 bpl $9B12 ; Branch if >0
9B19: CC 00 9C jmp $9C ; Jump
9B1C: A6 FF lda #$FF ; Load in A
9B1E: C1 00 B5 cmp $B5 ; Compare with A
9B21: 26 D5 bne $9AF8 ; Branch if <>
9B23: AE 03 ldx #$03 ; Load in X
9B25: E6 A1 lda $A1, X ; Load in A
9B27: E7 B4 sta $B4, X ; Store A in...
9B29: 5A decx ; x--
9B2A: 2A F9 bpl $9B25 ; Branch if >0
9B2C: CC 00 9C jmp $9C ; Jump
9B2F: A6 00 lda #$00 ; Load in A
9B31: C1 00 A2 cmp $A2 ; Compare with A
9B34: 26 C9 bne $9AFF ; Branch if <>
9B36: AE 03 ldx #$03 ; Load in X
9B38: E6 B9 lda $B9, X ; Load in A
9B3A: E7 A1 sta $A1, X ; Store A in...
9B3C: 5A decx ; x--
9B3D: 2A F9 bpl $9B38 ; Branch if >0
9B3F: CC 00 9C jmp $9C ; Jump
9B42: A6 00 lda #$00 ; Load in A
9B44: C1 00 AE cmp $AE ; Compare with A
9B47: 26 BD bne $9B06 ; Branch if <>
9B49: AE 03 ldx #$03 ; Load in X
9B4B: E6 B9 lda $B9, X ; Load in A
9B4D: E7 AD sta $AD, X ; Store A in...
9B4F: 5A decx ; x--
9B50: 2A F9 bpl $9B4B ; Branch if >0
9B52: CC 00 9C jmp $9C ; Jump
9B55: A6 AF lda #$AF ; Load in A
9B57: C1 00 A0 cmp $A0 ; Compare with A
9B5A: 26 8E bne $9AEA ; Branch if <>
9B5C: AE 03 ldx #$03 ; Load in X
9B5E: E6 AB lda $AB, X ; Load in A
9B60: E7 B9 sta $B9, X ; Store A in...
9B62: 5A decx ; x--
9B63: 2A F9 bpl $9B5E ; Branch if >0
9B65: AE 03 ldx #$03 ; Load in X
9B67: E6 AF lda $AF, X ; Load in A
9B69: E7 AB sta $AB, X ; Store A in...
9B6B: 5A decx ; x--
9B6C: 2A F9 bpl $9B67 ; Branch if >0
9B6E: AE 03 ldx #$03 ; Load in X
9B70: E6 B9 lda $B9, X ; Load in A
9B72: E7 AF sta $AF, X ; Store A in...
9B74: 5A decx ; x--
9B75: 2A F9 bpl $9B70 ; Branch if >0
9B77: CC 00 9A jmp $9A ; Jump
I notice other people are now copying my idea (including hammerred) of modifying the rom10 call to sysrom $2020 to use the unused space (FF's) at $9AE3 for coding alternatives to the mapcalls.
The other ways may be fancy but mine do work and will even when they go back to using old methods like they have done before.
Fuckin Expert my arse wasnt even his code !
I post my rom10.bin here where i get respect !
http://forum.china-tvro.com/viewthre...age%3D1&page=1
With all respect jmp,
but
what you said an old file "this has been tried, tested and updated for one year"
this file change already 4 times......
and not always in the right direction
CD 20 20 is on 50E6 and not on 50E3 as you said "next 3 bytes"
this subroutine is used already more than a year so you posted the old data........
there fore I said please do you home work well, or you was to tired by programming or copying and pasting.......
Keep up the good work!
There are currently 1 users browsing this thread. (0 members and 1 guests)