using newd11 flash and rom reader script...
Executing Script: C:\Documents and Settings\chris deilkes\Desktop\rom 101 straight\romreader101\romreader\Romreader.xvb
TX Data : 08 0E 03 10 01 01 03 9A 00
RX Data : 07 00

===========================================
************ INITIAL PARAMETERS ***********
===========================================
StartDate: 11/30/2005 3:57:15 PM
Provider: 00
VCCStart: 60 VCCEnd: 11
DelayStart: 0280 DelayLimit: 2B8
TryLimit: 1
===========================================



02A1 12121212121212121212121212121212121212121212121212 12121212121212121212121212121212121212121212121212 121212121212121212121212121212121212XXXXXXFFXXXXXX FFFFFFFFFF 00:29:29
02A2 12121212121212121212121212121212121212121212121212 12121212121212121212121212121212121212121212121212 121212121212121212121212121212121212121212FFFFFFFF FFFFFFFFFF 00:29:40
02A3 12121212121212121212121212121212121212121212121212 12121212121212121212121212121212121212121212121212 1212121212121212121212121212121212121212FFFFFFFFFF FFFFFFFFFF 00:29:52
02A4 12121212121212121212121212121212121212121212121212 12121212121212121212121212121212121212121212121212 121212121212121212121212121212121212XXXXXXFFFFFFFF FFFFFFFFFF 00:30:05
02A5 12121212121212121212121212121212121212121212121212 12121212121212121212121212121212121212121212121212 121212121212121212121212121212121212FF121212FFFFFF FFFFFFFFFF 00:30:16
02A6 12121212121212121212121212121212121212121212121212 12121212121212121212121212121212121212121212121212 121212121212121212121212121212121212FF1212FF12FFFF AA
===========================================
********* SUCCESSFUL GLITCH DATA **********
===========================================
Delay: 02A6 VCC: 15
VCCStart: 60 VCCEnd: 11
DelayStart: 0280 DelayLimit: 2B8
TryLimit: 1
Elapsed: 00:30:28
===========================================


ok 1 card unlocked and dumped, I modded my mik 3 and have unlocked many r3 and r10 I have 1 r10 @a24 that i've tryed to unlock but to no avail... and i am trying some of my many other r101 but no other luck so far ....any suggestions out there? need to know what to use to write to r101http://forums.dsstester.com/vbb/images/smilies/beer2.gif http://forums.dsstester.com/vbb/images/smilies/beer2.gif have been unable to duplicate the unlocking of 101 have tryed changing the high and low but also not sure what resion these are at just got them in...also got a sw-02 card in the pile ......got the unlock to work but when you read the saved eeprom its 0 other r101 dump i have is 8kb

any pics of your modded mik iii (is it the green pc board one?) I modded mine and double and triple checked the connections and still I get nothing, any help greatly appreciated.
JIM

I have a mik 3 and have done 2 rom 101s. I had luck by changing the vcc's in the script to 46 high and 44 low the let it run a while. Their is a rom 101 unlocker in the download sections that goes through the vccs and gives you the high and low vcc. I then plugged those into the winex rom101 script. Mine were 46 and 44 yours may be different but the idea is to narrow the range.

I hope this helps.


Joe

modded mine as per adhoc's readme just got done modding a t911 clone and have had good results with both as i understand it you must change 2 chips on the board to access the r102 ive had no luck with the 102s as of yet using d13 flash and noones script also tryed the rom reader script to no avail...sorry i have no pics but use a multimeter and check all of your trace cuts and every connection...... anybody having any luck with r102s consistantly?

What chips did you hear need changing on the board? I have a Mik3 maybe that explains why I can't get in a rom 102 but rom 3,10,101 not a problem.

Joe

Be careful manually adjusting the VCC range by chaning the values in winexplorer script.

I killed a Rom 101 with VCC upper set at 60, as shown in the above printout of Winexplorer.

:(

Zaboo Try this with the rom 102 and your MLK3 I have the rev C board and its black. I did not need to change any chips or anything!! I was having nothing but problems with 102 cards too. Rom 101 poped right away!! But when I saw a post Here and this guy had great success with it. So I tryed it and poped one in 10 min And in a half Hr 2 poped good luck post back!! Just copy and paste this in to Winexplore where the script would go don't change anything see if it work for ya!!




'================================================= ==
'================================================= ==
'User selectable options
'================================================= ==
'================================================= ==
DelayStart = &h325 'h385 is standard, try 375, 350 has been known to hit too.
DelayLimit = &h375 'h385 is standard, try 395
GlitchMax = 9 '7 is standard - 7, 8, or 9
GlitchMin = 7 '7 is standard - 6, or 7
trys = 100 '100 is standard
mix = 1.2 '0.5 is standard - try 0.1 to 1.2 use for +-+-+-+- mix
'************************************************* *************************
'************************************************* *************************
'******* This Section is FOR ADVANCE USERS ONLY **********
'************************************************* *************************
'************************************************* *************************
'This Packet can be changed however you like and the script will generate
'the correct loader packet. Do not include the Checksum byte at the end.
'Cmd 04 without checksum byte - Check will be calculated and inserted
'Loads the RAM dumper code to EMM buffer
'
'Dumper and serial code curtesy of Lynard - Thank you
'
'-------------------------------------------------------------------------------
'NO1'S BOOTSTRAP
'------------------------------------------------
' ROM/EEPROM DUMPER!!!
' all in one
' add $8219:17 63 A1 CA 26 03 CC 60 EC CC 7D 99
' $317F write our bug in table 60DB 8219
BootStrapCmd04 = "21 00 6D A0 CA 00 00 67 04 65 01 01 86 00 AA 9D 9D 9D 9D 9D 9D 9D 9D A6 4B B7 6B 18 64 CD 7C 16 82 19 BE 0C A6 4B B7 6B 18 64 CD 7C 16 31 7F A5 04 CC 7A 99 60 DB 82 19 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D BC 80 17 63 A1 CA 26 03 CC 60 EC CC 7D 99 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D 9D BC 80 02"
'--------------------------------------------------------------------------------------
BSCRSP = 8 'Expected Response = 12 00 04 84 00 90 00 02
'Length = 8 bytes
BSACK = &H80 'Boot Strap running Acknowledge byte
'************************************************* *************************
'************************************************* *************************
'************************************************* *************************
'This Packet can be changed however you like and the script will generate
'the correct loader packet.
'The acutal packet that we're going to glitch without Checksum
CmdToGlitch = "21 00 08 A0 CA 00 00 02 15 00 86"
CTGRSP = 6 'Length in bytes of expected response WERE LOOKING FOR 6F
'Expected Response = 12 40 02 6F 00 3F
'************************************************* *************************
'************************************************* *************************
'************************************************* *************************
BSCLen = GetPacketLen(BootStrapCmd04)
if (BSCLen AND 1) = 1 then
Sc.MsgBox("Bad BootStrapCmd04 packet")
sc.print BSCLen
Exit Sub
End if
BSCLen = BSCLen / 2
BSCLen = BSCLen + 1 'add Checksum byte to packet length
CTGLen = GetPacketLen(CmdToGlitch)
if (CTGLen AND 1) = 1 then
Sc.MsgBox("Bad CmdToGlitch packet")
Exit Sub
End if
CTGLen = CTGLen / 2
CTGLen = CTGLen + 1 'add Checksum byte to packet length
CS=DoCheckSum (BootStrapCmd04) 'Calculates BootStrapCmd04 Checksum
BootStrapCmd04 = BootStrapCmd04 + CS 'add checksum to packet
CS=DoCheckSum (CmdToGlitch) 'Calculates packet Checksum
CmdToGlitch = CmdToGlitch + CS 'add checksum to packet
GlitchType = GlitchMax
Delay = DelayStart
VCC = VCCStart
Sc.Print "Let the 102 Glitching begin...." & VbCr
Dot = 0 'Dot progress counter if Sc.Verbose = False
Do
Do
sc.delay(5)
Sc.Write("A2")
Sc.Write("B0" & HexString(VCC, 2)) 'set glitch VCC
sc.delay(10)
Sc.Write("06 10 01 03 50 1A 00") 'reset card
Sc.Read(02)
ATRrsp = Sc.Getbyte(1)
if ATRrsp = &h1B then 'check card reset ok
Sc.Read(ATRrsp)
Exit Do
else
print VbCr & "NO ATR Rcv'd, trying 2nd ATR..."
sc.delay(100)
Sc.Write("B0" & HexString(VCC, 2)) 'set glitch VCC
sc.delay(30)
Sc.Write("08 10 01 01 01 03 50 1A 00") 'reset card
Sc.Read(02)
ATRrsp = Sc.Getbyte(1)
if ATRrsp = &h1B then 'check card reset ok
Sc.Read(ATRrsp)
Exit Do
else
print VbCr & "NO 2nd ATR Rcv'd, continue reset, back to first atr" & VbCr
'exit Do
sc.delay(100)
Sc.Write("04 01 01 01 00") 'reset card
end if
End if
loop
Sc.Write("02 15 00") 'set Tx/Rx to 32 cycles per bit
Sc.Read(02)
sc.delay(5)
'Send dirty EMM (Cmd04) with our ram dump code
Sc.Write(HexString((BSCLen + 5), 2) & "60" & HexString((BSCLen - 1), 2) & BootStrapCmd04 & "50" & HexString((BSCRSP - 1), 2) & "00")
Sc.Read(2)
Bytes = Sc.Getbyte(1)
if Bytes > 0 then
Bytes = Sc.Read(Bytes)
Bytes1 = Sc.Getbyte(0)
Bytes2 = Sc.Getbyte(5)
'--------check response to make sure = 12 00 04 97 00 90 00 11--------
if Bytes1 = &h12 and Bytes2 = &h90 then
sc.verbose = false
else
print VbCr & "Bad CMD04 response......" & VbCr
exit sub
end if
else
print VbCr & "Bad CMD04 response....." & VbCr
exit sub
End if
sc.delay(20)
'loader glitch packet
Sc.Write(HexString((CTGLen + 10), 2) & "15 60" & HexString((CTGLen - 1), 2) & CmdToGlitch & "20" & HexString(Delay, 4) & HexString(GlitchType, 2) & "50" & HexString((CTGRSP - 1), 2) & "00")
Sc.Read(2)
Bytes = Sc.Getbyte(1)
if Bytes > 4 then
Bytes = Sc.Read(Bytes)
Bytes1 = Sc.Getbyte(3)
Bytes2 = Sc.Getbyte(0)
'--------check response to SEE IF = 6F 00--------
if Bytes1 = &h6F then
sc.verbose = true
Sc.Write("A1")
Sc.Print VbCr
Sc.Print "===========================================" & VbCr
Sc.Print "Glitch Success!! A0FF-INTERCEPT IS ON" & VbCr
Sc.Print "BootLoader 6F 00 RSP Received!!" & VbCr
Sc.Print "VCC = "& HexString(VCC, 2) & " (~" & ((5/255) * VCC) &" vdc)" & VbCr
Sc.Print "Glitch Delay = "& HexString(Delay, 4) & VbCr
Sc.Print "Glitch type " & HexString(GlitchType, 2) & VbCr
Sc.Print "===========================================" & VbCr
Exit Sub
end if
if Bytes2 <> &h12 then
Vcc = Vcc + .25
print "+"
end if
else 'if bytes >4
print "NoRsp+"
VCC = VCC + .75
End if 'if bytes >4
VCC = VCC - mix
print "-"
GlitchType = GlitchType - 1
if VCC < VCCLimit then
VCC = &h40
print " hit VCCLimit, back up to &h40 vcc "
end if
if GlitchType < GlitchMin then
GlitchType = Glitchmax
end if
loopctr = loopctr +1
if loopctr > trys then
clearoutputwindow
loopctr = 0
Delay = Delay + 1
if Delay > DelayLimit then
Delay = DelayStart
end if
Sc.Print "Let the 102 Glitching continue...." & VbCr
Sc.Print " LETS TRY NEW DELAY " & VbCr
Sc.Print "Glitch Delay = "& HexString(Delay, 4) & VbCr
Sc.Print "VCC = "& HexString(VCC, 2) & VbCr
Sc.Print " " & VbCr
end if
loop
End Sub
Function GetPacketLen (Packet)
Dim Length
Dim Temp
Dim PK
Dim i
PK = ""
Length = Len(Packet) 'get packet length with spaces
for i = 1 to Length
Temp = Mid(Packet, i, 1)
if Temp <> " " then 'remove all spaces in packet
PK = PK + Temp
End if
next
GetPacketLen = Len(PK) 'return packet length without spaces
End Function
Function DoCheckSum (Packet)
Dim Temp
Dim Length
Dim PK
Dim CheckSum
Dim i
PK=""
Length = Len(Packet) 'get packet length with spaces
for i = 1 to Length
Temp = Mid(Packet, i, 1)
if Temp <> " " then 'remove all spaces in packet
PK = PK + Temp
End if
next
Length = Len(PK) 'get packet length without spaces
CheckSum = 0
for i = 0 to Length
i=i+1 'Simulate Step 2 in VB scripting
Temp = Mid(PK, i, 2)
CheckSum = CheckSum XOR Hex2Dec(Temp) 'Calc Checksum
next
DoCheckSum = HexString(CheckSum, 2) 'convert checksum to a hex strimg and return it to caller
End Function
Function Hex2Dec(HexNumber)
' This function takes 1 argument, a string containing a hex value of any digit length
' and returns the decimal equivalent
Dim DecimalValue
Dim DigitCount
Dim Digit
Dim HexDigit
HexNumber = Replace(UCase(HexNumber), " ", "")
DigitCount = Len(HexNumber)
For Digit = 1 To DigitCount
HexDigit = Mid(HexNumber, Digit, 1)
If Asc(HexDigit) < 58 Then
DecimalValue = HexDigit * 16 ^ (DigitCount - Digit)
Else
DecimalValue = (Asc(HexDigit) - 55) * 16 ^ (DigitCount - Digit)
End If
Hex2Dec = Hex2Dec + DecimalValue
Next
End Function
Function HexString(Number,Length)
' This function takes 2 arguments, a number and a length. It converts the decimal
' number given by the first argument to a Hexidecimal string with its length
' equal to the number of digits given by the second argument
Dim RetVal
Dim CurLen
RetVal=Hex(Number)
CurLen=Len(RetVal)
If CurLen<Length Then
RetVal=String(Length-CurLen,"0") & RetVal
End If
HexString=RetVal
End Function
Function CheckChipVer()
CheckChipVer = 1
sc.write("90")
delay(80)
if sc.read(4) <> 4 then
CheckChipVer = 0
Exit Function
End if
if getbyte(0) <> &H4E then CheckChipVer = 0
if getbyte(1) <> &H44 then CheckChipVer = 0
if getbyte(2) <> &H31 then CheckChipVer = 0
if getbyte(3) <> &H33 then CheckChipVer = 0
End Function
Function setupunlocker()
sc.print "________________Setting up WinExplorer_________________" & VbCr
Wx.BaudRate = 115200
Wx.ResetBaudRate = 115200
Wx.Parity = 0 ' 0 = None, 1 = Odd, 2 = Even, 3 = Mark, 4 = Space
Wx.StopBits = 0 ' 0 = 1 stop bit, 1 = 1.5 stop bits, 2 = 2 stop bits
Wx.DTRControl = 0 ' Initial state of DTR 0 = off, 1 = on
Wx.RTSControl = 1 ' Initial state of RTS 0 = off, 1 = on
Wx.ResetDelay = 100 ' In microseconds
Wx.ByteDelay = 10 ' In microseconds
Wx.RxByteTimeout = 500 ' In milliseconds
Wx.ResetMode = 2 ' 0 = No Resets, 1 = ISO Reset (Expect a ATR), 2 = Device Reset (No ATR)
Wx.ResetLine = 1 ' 0 = Toggle RTS for Reset, 1 = Toggle DTR for Reset
Wx.ByteConvention = 1 ' 0 = Inverse, 1 = Direct
Wx.FlushEchoByte = 0 ' 0 = no flush, 1 = flush - A Phoenix interface will echo each byte transmitted.
Wx.FlushBeforeWrite = 1 ' 0 = no flush, 1 = flush - Flush the receive buffer before each write to strip off Null bytes.
Wx.IgnoreTimeouts = 1 ' 0 = Abort script on a receive timeout, 1 = Ignore all receive timeouts
Wx.ResetAfterTimeout = 0 ' 0 = Don't reset after a timeout, 1 = do a reset after a timeout - Not used if "IgnoreTimeouts=0"
Wx.LogTransactions = 0 ' 0 = Don't log transactions, 1 = log transactions
Wx.DisplayUSW = 0 ' Display USW after script complete 0 = no, 1 = yes
Wx.DisplayFuse = 0 ' Display Fuse after script complete 0 = no, 1 = yes
End function

There is no need to change the chips on the mik111. Adjust the pot to get a good mix then play with the script. The settings that worked for me where, Start=h320,limit=h350, nothing else changed.

thanks but i fgured it out, got all my plastic unlocked and watching a 102 on a 3900 , got my mik 3 setup for r10's and 101 and my t911 setup for 102s thanks to all that helped