OK, here's the best and latest information I've been able to gather as to what's going on with yesterday's hit:

Charlie sent two EMM's (Entitlement Management Messages) that tried to write to your CAM (card) - ALL public blockers blocked them, which is what Dish was hoping for. If the EMM's were NOT written, the stream added a new 0b PPV tier (out of range, so the stream would be sure to notice) to the CAM, which was immediately picked up by the stream. Result - an instant ECM (Entitlement Control Message, a.k.a. Electronic Counter Measure) resulting in Location ID 0000001, for nearly all receivers (for some reason, the 6000's seemed to have escaped the hit) - and the never-before-hit 7100/7200's went down for the count, right along with everything else. Charlie complicated things by making the EMM's invisible to stream loggers...

The talk about town is that this was one of the primary reasons for this hit....to knock out the 7100/7200.

CAMS (cards) were NOT damaged, other than the new Ob tier written to them. You can check, if you haven't reprogrammed your card yet...there is a new tier in place.

So, it was/is a PPV ECM of sorts...but caused by the presence of a blocker.

Now, the trick will be to devise a blocker that will ALLOW these, and similar, EMM's to transfer updates to your CAM, preventing a similar incident in the future.

For now, rewrite your card with the program you were running before, repair your receivers and pray the same thing doesn't hit the stream again. If it does, we're all going right back down...until a modded blocker is released.

There you have it... :)

Good post Chief. The only thing that has me wondering is ROM 2's. No blocker needed or used so this should have been alowwed to write, But ROM 2 blockerless were hit also....

Good point, Birdie....and a much-discussed subject around the net. We don't know why the 2's got hit - nor do we yet know why the 6000's DIDN'T get hit. Something in the ROM2 programming that kept those EMM's from being placed on them...

Makes solid sense Chief. My 4000 didn't get hit either. Do you think it was in the same category as the 6000?

I just thought of possibly what happend to my 2's. Since they have less room to add tiers and I had mine full, No room was left for another to be written, That could be the problem....

If I got you right chief , taking out the PPV channels won't be any helpful, so I should just fix my receivers, re-program my MC with whatever I had before and pray to god Charlie stops being an asshole again?

Ok..I will give it a try, I will leave one receiver with PPV and the other one without PPV let's see what happens...

Keep the hard work comrades !

Now that was a description even a rookie like me could sort of digest, thanks!
Just to make sure: the CAMS could not get permanently locked/destroyed?

My legit card was on the MC card at the time of attack, later I tried the card in the (already corrupted) IRD, with no luck.
Before I splurge in more hardware purchases to repair my 301-010 I'd like to make sure it will come back alive for the next round...

This is almost a cool hobby, if it wasn't that I currently subscribe to Top50 and only see Top1...

Keep up the good work!
m

OK, here's the best and latest information I've been able to gather as to what's going on with yesterday's hit:

Charlie sent two EMM's (Entitlement Management Messages) that tried to write to your CAM (card) - ALL public blockers blocked them, which is what Dish was hoping for. If the EMM's were NOT written, the stream added a new 0b PPV tier (out of range, so the stream would be sure to notice) to the CAM, which was immediately picked up by the stream. Result - an instant ECM (Entitlement Control Message, a.k.a. Electronic Counter Measure) resulting in Location ID 0000001, for nearly all receivers (for some reason, the 6000's seemed to have escaped the hit) - and the never-before-hit 7100/7200's went down for the count, right along with everything else. Charlie complicated things by making the EMM's invisible to stream loggers...

The talk about town is that this was one of the primary reasons for this hit....to knock out the 7100/7200.

CAMS (cards) were NOT damaged, other than the new Ob tier written to them. You can check, if you haven't reprogrammed your card yet...there is a new tier in place.

So, it was/is a PPV ECM of sorts...but caused by the presence of a blocker.

Now, the trick will be to devise a blocker that will ALLOW these, and similar, EMM's to transfer updates to your CAM, preventing a similar incident in the future.

For now, rewrite your card with the program you were running before, repair your receivers and pray the same thing doesn't hit the stream again. If it does, we're all going right back down...until a modded blocker is released.

There you have it... :)



My 501 Went down and erased recorded programming. How do I "repair: my receiver???

ECM repair is in the receiver discussion area, The sticky threads will give you the needed info.

K, Checked a "Hit" rom 2, Had 32 tiers of 40. Compared the bin images before and after and see no differences, In other words it did not write to card. Now another funny thing is today after reseting ird location 000001 this card is running fine again wide.

I did not reload that card either

Perhaps it was only sent for valid cam ID's? Do not know yet. I have no clue on my rom 2 cam I use, Just one I tinkered with until it worked, So may be a old non sub not targeted cam ...

I didn't look at the 7200 yet, Rom 10 with BirdA23 blocker. It just gets 101 on every channel but shows them all correctly in guide. PVR part plays back recorded programs fine still

I still have not seen anything to help me rationalize the following ... all involving single-TSOP vid-modded DP301.013s:
1. All my MC implementations were hit ... Okay ... that's consistent.
2. I had two ALMOST identical YvousEmu (ROM3) emulation implementations ... same ini files, etc. With YvousEmu standard practice is to use the ini file to select viewing packages, locals, etc. and then use the DISH381.BIN file to specify PPV and Events. One implementation had the default naked (no PPV, no Events) DISH381.BIN ... and this sailed throudh the ECMs without a hitch ... and it is still running. The second implementation had the DISH381.BIN file modified with (only) PPV and Events tiers. This was hit ... Bamm.

Now ... I don't know how YvousEmu mirrors CAM functions, memory , etc., but there is certainly no card to which a $0B datatype is written. Note ... the ONLY substantive difference between the two emulations was the ECM'd one had PPV and Event tiers specified and the other did not ... Qrash

****************************************

The core problem here is Charlies sneak attack on the data loggers. It left many of the pro Joe's without enough info to break it down. I'm just glad that my 7100 is back up and running. If that was Charlies goal, as I immediately assumed it was, sorry Charlie. It worked, but not good enough to keep us out of business. The problem with the theory that the main goal was to take out the 71/7200's is that the updates are still in the stream, otherwise the junkyard fix wouldn't work. Maybe just like me, Charlie didn't know you could even do the junkyard fix with a 71/7200. If Charlie was seriously interested in killing the 71/7200's wouldn't he pull the stream update? There's no doubt that the bulk of the receivers lacking a jtag port are permanently down now though, and I think that was the main focus. Also, how many legit subbed rom2's are still out there? This may be part of the rom2 phase out as well. Just some more food for thought.

The core problem here is Charlies sneak attack on the data loggers. It left many of the pro Joe's without enough info to break it down. I'm just glad that my 7100 is back up and running. If that was Charlies goal, as I immediately assumed it was, sorry Charlie. It worked, but not good enough to keep us out of business. The problem with the theory that the main goal was to take out the 71/7200's is that the updates are still in the stream, otherwise the junkyard fix wouldn't work. Maybe just like me, Charlie didn't know you could even do the junkyard fix with a 71/7200. If Charlie was seriously interested in killing the 71/7200's wouldn't he pull the stream update? There's no doubt that the bulk of the receivers lacking a jtag port are permanently down now though, and I think that was the main focus. Also, how many legit subbed rom2's are still out there? This may be part of the rom2 phase out as well. Just some more food for thought.

Speaking of the devil ...JT ....according to the guru's @ id and KC ....Charlie's pulling 7x00 updates out of the stream right now ....Hope these 7x00's are not going down the path of them grey boxes...

That would leave me to believe that the EMM was looking for something that should have been written to the card, but didn't/couldn't find it, so ECM!!
Bingo... :)

A lot is yet to be learned...such as the ROM2 deal. Blockerless 2's got axed...some with PPV's got hit, others without didn't....some without PPV's DID get hit....
The blockers (or lack thereof) play a pivotal role in this whole equation...and when we figure out just what that is, maybe we'll be on our way to a solution.

....guess I shouldn't have brought the issue up. ...

People without PPVs got hit?

They did indeed, 00...I saw many such reports here and there. I also saw reports of people who stayed up AFTER they removed the PPV strings...however, it's tough to tell if this had a direct effect. No one knows exactly when Charlie pulled the EMM's out...since we weren't able to log the damn things. So as a result, folks may have stayed up simply because there was nothing to knock them out...

Your theory as to the invalid PPV tier seems to be correct. This bogus tier is using out of range eventID's...an instant ECM trigger...
It might also explain why I've heard reports of folks running Married-Sub MC's and MC's with yellow cards staying up. A legitimate subscription might reject this invasive tier...whereas a hacked card (or a camless MC setup) would allow it. Food for thought...

What we need to do is establish a consistent pattern . There's still a bunch of inconsistency to it all...

The problem with this theory is:

ROM2s with no blocker were hit = the blocker theory is shot
My "blocker" protected cards' receivers were hit (it is not blocking ANYTHING by the way it is a spoofer not a blocker) = the blocker theory is shot
Receivers with Magic Cards and Atmegas were hit = the blocker theory is shot

Receivers with cards with no PPV string were hit = PPV theory is shot

Receivers with cards with leagl sub CAM IDs where hit = CAM ID theory is shot

Receivers with cards with different PPV spending limit were hit = that theory is shot

The fact is NOBODY knows what the fuck they targeted as just before the ECM came down they sent this new opcode 52 down which crashed the loggers and they did not run the ECM ever since.

If I had to theorize I'd look into the other normal tiers like Top 150 and such that everyone will have on their cards. I wish someone would be able to read a sub ROM 3 or 10 and see what the tiers are like and compare them with tiers the RTM programs make. I suspect a nice target would be found there.

mili

Sorry for this double post but i see a lot of discussion on rom2 here so I post mine on here, again, okay?
************************************
ROM Type?: ROM2
PPV String and what were they?:
0101220167BF010008991877193E0200017EFF800001679100 017E3300001877023C
0101220094D4020008991877193E0200017EFF800000ABE000 00B79800001877023C
Blocker Type?: NONE
Receiver Model?: 3000
Softlock Present?: NONE
Spending Limits on the PPV: ( I don't know)
**********************************
As you can see, one of the PPV string was out of range but I was lazy to fix it. Anyhow, the reciever wasn't hit (could it be that nobody was watching TV at the time?). But I am glad It wasn't hit otherwise the 3000 would become a doorstop. Took all the PPV out yesterday and running fine so far.

Please post the exact tier patch you had on that ROM2.
Strange thing.
My phone rang while I was watching TV a friend called and said he got hit on a 301. I was watching a PPV station on my 501 and nothing was wrong with mine. Five minutes later mine were hit too.

mili

I am not a techie...but I know my 501 got blasted, but why did it wipe out programs I had recorded on my PVR hard drive? Also, is there a way to repair my 501? Or is it now junk??

Are you talking to me Mili? If you want, I could send you the ROM2 image that I used (I didn't save the image just before I removed the PPV string). Just let me know where to send it. I am off to bed now. Night all.

Yes FreshMan just read the card, ZIP the dump and attach it here.

mili

Here's some things to think about while everyone is stabbing in the dark. Did anyone ever think about card marks? Seems many cards opened or attempted to be dumped in a locked state are marked, can't charlie see this ??? Sure, do you think there was only one target??? Hell no that would be too easy. But as for the blockers I think there was a hit for some of them too... This in my opinion no doubt was a compounded ECM targeting at least 2 things if not more.........

No. Magic Cards are not marked nor are Atmegas. THINK before you post.

mili

Hmmmm the part about "if" the ecm was really ever present has me thinking I might vote "B" - . Other than that not a bad theory.

B :)
As stated before many valid CAM IDs were hit. People do NOT spread valid CAM IDs on the Net as there is no need for that ( you can generate any with sCAMmer)

mili

If you let it run long enough you can pick valid ones still.

mili

It looks definitely like a hit and run ECM. Was hit yesterday with my 301.013 during the day. Late evening reset IRD and using same identical file on my ATMEGA as before, I am running since then without hit. I also have PPVs.
Looks like there is nothing in the stream anymore.

TJH

I agree with the hit and run, Restreamed all the irds and all running fine without touching cards at all.

I have a feeling we are dealing with two or more issues on this one to create confusion as to what caused this.
Mili, Out of your list of possible causes I would add receivers themselves, I have seen specific irds targeted in the past although it never ended up with a 153 nag, They just act like the boxkeys are incorrect with black screen on most channels. I learned about that one the hard way by uploading a tsop to the bank here without editing it first a long time ago and in a few weeks that ird was blacklisted. Had to edit it to a dif ird number.

I think the 71/7200's hit could be in the V1.24 update that came on 7/15/04. My 7200 has not had any blackout problems for 2 years. Now in the last week it was 5 second blackouts about once an hour. HMMM!!

What few coders are talking are still saying what I said at the top of this thread.
Which doesn't necessarily mean doo-diddley shit :p
And the mystery continues.....

Well the easy way to hit testers, just like DTV use to do. Change some info on the card like a tier or something and then check if it is there. Of course this would be tested before hand to try and make sure SUB's don't go down.

Also all he would have to do is look at the current tier program tier list and find any common tier that is not a valid tier and target it. Only tester cards would have that tier.

So for now the task is to get the loggers updated to log the cammand 52 and the rest of the data then we will find out what the target is.

i just restreamed my tsop and didn't even touch the card and i'm running again wide open ever since 7/20 at like midnight.

How do you restream your TSOP?
Is this for the 7200???

This is all great but do we have a true fix for the 71/7200 recievers???

OK, here's the best and latest information I've been able to gather as to what's going on with yesterday's hit:

Charlie sent two EMM's (Entitlement Management Messages) that tried to write to your CAM (card) - ALL public blockers blocked them, which is what Dish was hoping for. If the EMM's were NOT written, the stream added a new 0b PPV tier (out of range, so the stream would be sure to notice) to the CAM, which was immediately picked up by the stream. Result - an instant ECM (Entitlement Control Message, a.k.a. Electronic Counter Measure) resulting in Location ID 0000001

Must of pulled at the right time? In the steam with three tiers, pulled card to update ppv tiers, notice 4 tiers, called the local guru god of dish, the guru god told me not to worry - it may of been a bad write...

Cheif you said "immediately picked up by the stream" referring to the added tier. What is the odds of pulling at that time? lol Makes up for Charlie killing MY rom3! That I might add, took a full month to replace...

I have to admit, this sure is fun, and a eye opener. Crash coarse in dish, by dtv oldie...

Here's my ROM2 image on 3000 which didn't get hit. I've edited out personal information but everything else is exactly the same.

We have found the EMMS that were sent (thank you Chief and the dude who sent it)
Please find my new sticky on the subject. As soon as we figure what it did (the new opcode is not understood yet) I will update that thread.
This one has ran its course so I removed it as a sticky.

mili