Latest FTA News. Its all here..

 

Bronze Member
Username: Sdgodfrey8

Post Number: 38
Registered: Jul-05
Cut/Paste

For those in denial, the code below does one simple thing: it writes 94h to location $8B7E. This causes the stack return to point to $94xx instead of $8Bxx when the function returns. They have sent this code via the latest revision and are sending it down in EMM packets too! They want to be sure every card gets the update. Now, when the stack returns to $94xx, glitching is not possible for a variety of technical reasons that only a coder understands. The cam is shut tight. End of story. So all subbed cards now have the new routine and can't be glitched - at least not with the old methods. Those using the latest blocker code can glitch in because you e3m just ignores the stack point stuff. However, once all the subbed cards are updated, all they have to do is check if the card is locked or unlocked. Unlocked cards will call a MAP function that disables part of the MAPRom. Locked cards will function normally. That doesn't leave us much choice, does it? Either we let them lock our cards OR we risk losing the MAPRom functionality. If you let them lock your card, then you will eventually lose your tiers and will be watching a black screen. Since you can't glitch back in, that black screen will be around for a while. If they kill your MAPRom, well, black screen once again.
In layman's terms, the code update means this: Charlie is saying:
"sheep, sheep, where are you going?" Testers say: "to the slaughterhouse, bah, bah."
Guys, you are all being set up by Charlie and unknowingly being led to the slaughterhouse. When having a real update on your card is enforced pull your ROM102 cards while you have a chance. An "Aux" type solution will probably surface once the big kill comes down. At that time, there will be a severe SHORTAGE of ROM102 cards.
----------------------------------------------
Rev 109 code
----------------------------------------------
93E3: A694 lda #94 ; Load in A
93E5: AC push dsr ; push dsr on stack
93E6: 7180 ldp #80 ; Load into paging register
93E8: C18B7E cmpa 8B7E ; cmp ram with a
93EB: 2712 jreq $93FF ; Jump if Z = 1 (equal)
93ED: CD5700 call 5700
93F0: 8B lda dsr ; Load dsr in a
93F1: 7E swap(x) ; Swap nibbles
93F2: BE6B ldx 006B
93F4: 89 pushx ; Push x onto the Stack
93F5: AE96 ldx #96 ; Load in X
93F7: BF6B stx 006B ; ***** x in...
93F9: CD6DC9 call 6DC9
93FC: 85 popx ; Pop x from the Stack
93FD: BF6B stx 006B ; ***** x in...
93FF: AF pop dsr ; pop dsr from stack
9400: 81 rts ; Return from subroutine
--------------------------------------------
Don't let the FTA makers pull the wool over your eyes. Don't believe them when they say the fix is taking so long because "we have to read through 155 pages of prime number theory, AES ciphering" or "the new bin required is so massive the coder is exhausted" or my personal favourite "Mr. Viewsat will be putting 1 Canadian and 1 Korean in the same room with a electron laserscope". Complete and utter kaka. The reason FTA, At****, Armulator, ROM101, ROM10/11 and everything else (except ROM102) is down is because of these two lines of code:
936E: lda #$57
9370: jsrp #$00, $A822
Thats it! Those buggers are causing all this chaos. That code is assembly. Assembly works by calling and executing various instructions.
The instruction at line 936E: lda #$57 means "load register a with the value 57". The instruction at 9370: jsrp #$00, $A822 means "okay, jump-to-routine MAP function that was loaded in register a, namely 57". So basically, those two lines of code execute something called MAP 57. The problem is, WE DON'T KNOW WHAT MAP 57 is. That is why Mr. Viewsat and the other FTA makers are sweating right about now. You see, without knowledge of MAP 57 their gravy train will run away soon. For those that say "well, the FTA people will figure it out, don't worry". Start worrying.
Think of MAP 57 as a kind of black box. There is an input to the black box and an output. The idea is to try and figure out what this black box does. For example, if we input 2 and the output is 4, if when we input 3 the ouput is 6, if when we input 4 the output is 8, then we may reasonably deduce that this black box just multiplies the input by 2. That was easy. The real MAP 57 takes 128 bytes of input, another 16 bytes of input and magically produces a 128 byte output.
Here is an example:
INPUT
11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11
22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22
33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33
44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44
55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55
66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66
77 77 77 77 77 77 77 77 77 77 77 77 77 77 77 77
88 88 88 88 88 88 88 88 88 88 88 88 88 88 88 88
SECONDARY INPUT
AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA
OUTPUT
34 FD 23 BD 67 55 32 DD 12 11 AE A1 43 78 E1 F0
21 56 78 32 A2 B4 67 88 99 DE 11 12 57 89 FA AE
56 23 BB C1 23 BA F2 E5 E5 A1 90 29 07 5A 9B 2C
88 45 33 D1 00 00 00 00 00 00 00 00 00 00 00 00
9E 21 8A B1 4C 31 28 98 5A B2 C1 1D 28 56 23 F3
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
15 C1 22 8D F4 4A 87 59 00 AA D2 C1 04 31 21 07
67 21 BA A8 93 24 B1 FF D2 31 20 02 9D 3F 0D 4A
Does anyone see the pattern? How did we go from the input to the output? If you input different numbers you will get a different output. So how does this MAP 57 black box work? Anyone? Not as easy as multiplication by two. Not so easy to figure out, eh? I assure you, Mr. Viewsat can put 1 Canadian and 1 Korean in a room together with a laserscope and the problem doesn't change one bit. That folks is the story behind MAP call 57 and why FTA no longer works. Now you have the facts and you will know when the FTA makers are bluffing you with delayed bin excuses, emu re-write excuses, and the big prime number won't come out of my#####excuse.
Well, there you have it. Just the facts. Plain and simple.
 

Silver Member
Username: Bazuka2020

Post Number: 156
Registered: Oct-05
If rookies can figure out such complicated things I am sure the experts can figure it out how to find solution for that. remember when Niagara 2 came every one thrown those boxes and now they are regretting. cards still working. Solutiojn will be there its a matter of time
 

Bronze Member
Username: Hero

Post Number: 15
Registered: Jun-06
Never mind, "solution will be there its a matter of time" If it was only a matter of time, DAVE would have been cracked.

Chuck and Bev did card swaps for more than just fartz and giggles... they did it with the sole objective of putting an end to decrypting their smart card alogrithms.

Read "The Art of Assembly". If coders knew the firmware of the card (i.e. many logical gate structures in the chip itself), the software/bins (binary files) to alter the electronic paths within the card via these gates) could be easily changed with ever stream change/Electronic counter measure (ECM). It is the very changing of these many, many simple logical gates (AND /OR /NOR /etc.)that locks us out as the post above shows.

Without exact combination like a key (i.e. INPUT/OUTPUT illustration above) game over.

We may safely conclude without bias one way or the other it is over. I wish it wasn't the case but if there was a fix they would have found it by now do you not think.

NDS and Dave were finger pointing/suiing each other in court over who sprung the leak a few years ago. Well this time, to alleviate such costs and accusations, NDS did not furnish the fix (firmware gate structure)to Dave. NDS only gave Dave a little machine to check the new cards with, and we have no fix to date. Only NDS has the fix for Dave and giving it out would run directly contrary in justifying their existance. Think it will be any easier to get the fix from maker of yellow card, no offense or pun intended?

I have long advocated the ONLY way to find a fix is to spend enormous energies by many extraordinarily qualified professionals (who wouldn't even remotely consider doing it) using a multi multi million dollar lab, to decifer/reverse engineer the firmware layers through xray or other means revealing the entire gate structure of the chip itself...

Some one even posted an poor resolution x-ray of a chip once... I laughed. They had the right idea but it is exponentially more difficult than it seems or sounds, as the chip maker you can be sure took great lengths to ensure it would be extraordinarily difficult even with all these enormous resources to decifer.

Is a fix impossible to find given this technical ambiguity, technically not, no, but it is so highly unlikely it may as well be.

sorry to be bear of bad news... but this is the way it is.

Rabbit ears and hammer fix everything now...

in short, game over
 

Bronze Member
Username: King_khan

Above the ground, belo...

Post Number: 11
Registered: Jul-06
where does it say that the new bin will be relased. references please. thanks

khan
 

Bronze Member
Username: King_khan

Above the ground, belo...

Post Number: 12
Registered: Jul-06
*editing my last post*

where does it say that the new bin will be released on wednesday!? reference

khan
 

Bronze Member
Username: Hero

Post Number: 16
Registered: Jun-06
Another way, random testing... burning cards...

My kid bought a used x-box, tried to decifer last 2 months of an account requiring password from PO.
You may say I am full of excriment but guess what, after an hour he found it by total fluke.

For the same advice unlooping as simply unlocking a locked card, I leave you with the same advice, does one have enough cards to burn and an infinite amount of time to fluke finding this exact key as an alternative method to fix... no one does not

I fear it would take infinitely more cards than they manufactured and many lifetimes of many people trying before the final key would be fluked.

The new chips also have many more gates than previous chips and all they have to do is simply do a swap again even if this one key was found... so pardon this useless post in possible (not likely) ways to get in the card itself as I omitted random testing...

any other great ideas like using such an electronically sensitive device so as not to trigger any gates but only find patterns or something with complex software that draws out the chip's blueprint or something? =)

Tech heads walk on water given direction but are lousy at coming up with ideas by nature...
 

Bronze Member
Username: Hero

Post Number: 17
Registered: Jun-06
heh, tricky devil, you got us there... nothing said about Wednesday...

but you did say "Solutiojn will be there its a matter of time"

As far as I can see this is what we are debating,
what does Wednesday have to do with the weather? anyways?
 

Bronze Member
Username: Sfermin

Post Number: 38
Registered: Jun-06
Well as U all can see, WAR has broken out bewteen the Pansat and Viewsat camps...and I believe this probably stems back to the last ECM when viewsat come out first...I'm starting to wonder and possibly believe that Viewsat DID jump the gun and ALL were suppose to be released at the same time and thats why Blacklist had a fix so quick and the REAL coders (who are NOT from either camp...but TRUE old time coders who are usually doing plastic etc ...like no1b4me) who cracked the last ECM are allegedly pissed at Viewsat now and refusing to help...maybe theres's some truth to all of that!

TDG is making promises in his sly way..and the Pansat camp knows its BS and still pissed about the last EARLY release by Viewsat...starting to think that No FTA camps or coders are close yet and they desperately need the help of the REAL coders who are still fuming about the last ECM, and have little respect for ANY of the FTA camps or coders...IMO, both camps are very similiar in many ways and FTA is BIG BUSINESS, so either will say and do anything to make a buck!......TDG has had a bad reputation for years now and burnt alot of bridges and obviously just goes where the money is (yeah he use to be tight with Pansat, Mr Kim, and BL) and Blacklist surely hasn't produced very good improved bins since N2 was hacked by the Europeans last year...I beleive this ECM will be resolved but not until some serious help from the OTHER REAL coders become ACTIVE players in this, which they are not too happy about..especially when they don't even like FTA..
« Previous Thread Next Thread »



Main Forums

Today's Posts

Forum Help

Follow Us