Information on 240 / 241 Hack, Way to go Canadians.
C/P
The hack is available for sale very soon. Here is what happened. The hack was developed in Canada for the rom24X. However the rom241 and rom240 are the same card. The rom is 100% the same, the only difference is the eeprom. They got into the card by exploiting the cmd26/27 session key mechanism which is the same as cmd2a/2b in single tuners, by signing their own 27s using the boxkey. What was required was the boxkey, a dt08 on the card and some understanding of how to encrypt your own cmd27 based off those variables. Int21h is the one that hacked into the s0x,rom206 and rom240 using this technique. I heard he said he used a ground glitch to get into the rom24X. However according to some smart people the card can only be current glitched and ground glitching will not work. So all you coders out there, look into designing a loader that can control the current and you will find a way to fault the cam. Also do not start by attacking big cmds like cmd26/27. First attack a small cmd like an IFS and see if you can make it respond with bad LRC or bad len. When you do you wIlL have a repeatable ability to fault the cam. Then you can use it to attack bigger cmds. Never start with trying to put a bootloader into the ram, start with doing simple things to prove you can fault it. Int21h said he will release the rom code for everyone too, so just wait to look at areas to load ram but for now attack an IFS to prove the fault technique.
So the question is how do we current glitch a cam? We need to leave voltage at 5volts and only control current. God's gift wasn't women, it was nagra. no.1
from the card coder site.
The hack is available for sale very soon. Here is what happened. The hack was developed in Canada for the rom24X. However the rom241 and rom240 are the same card. The rom is 100% the same, the only difference is the eeprom. They got into the card by exploiting the cmd26/27 session key mechanism which is the same as cmd2a/2b in single tuners, by signing their own 27s using the boxkey. What was required was the boxkey, a dt08 on the card and some understanding of how to encrypt your own cmd27 based off those variables. Int21h is the one that hacked into the s0x,rom206 and rom240 using this technique. I heard he said he used a ground glitch to get into the rom24X. However according to some smart people the card can only be current glitched and ground glitching will not work. So all you coders out there, look into designing a loader that can control the current and you will find a way to fault the cam. Also do not start by attacking big cmds like cmd26/27. First attack a small cmd like an IFS and see if you can make it respond with bad LRC or bad len. When you do you wIlL have a repeatable ability to fault the cam. Then you can use it to attack bigger cmds. Never start with trying to put a bootloader into the ram, start with doing simple things to prove you can fault it. Int21h said he will release the rom code for everyone too, so just wait to look at areas to load ram but for now attack an IFS to prove the fault technique.
So the question is how do we current glitch a cam? We need to leave voltage at 5volts and only control current. God's gift wasn't women, it was nagra. no.1
from the card coder site.
.
Comment