seaboard18
01-24-2006, 05:51 AM
The Version 101.5 is available for download at the Rom10x Website.
hxxp://www.rom10x.com/forums/showthread.php?t=15222
Introduction
Cemu has grown through many years and many versions to be the emulator of choice for
many in the testing community. The ease of use coupled with the ability of running on
barebones systems with low processor speeds make it a great choice for anyone wanting
to setup an emulation system.
This document is meant as a user’s manual for the latest (at time of writing) version of
Cemu. This is not a How-To document that will walk you through the setup of a new
emulation system. The assumption being made is that at this time you have a functioning
emulation setup (or the knowledge and ability to deal with the hardware end of things on
your own).
This document is for distribution with Cemu for 101. If at any time you distribute (post,
email, handout, etc…) this version of Cemu please include this document with the
package.
Basic Setup
As with previous versions of Cemu program setup is done in the file Cemu.ini. In this
section the various options in the Cemu.ini file will be explained. A typical Cemu.ini file
will look similar to the text below:
#
# For comments any option use the symbol #
#
# port configuration
# stream : read from file stream.in, generate stream.out
# MinGW : COM1 for COM1, COM2 for COM2...
# Dos : 1 for COM1, 2 for COM2....
# Cygwin/Linux : /dev/ttyS0 for COM1, /dev/ttyS1 for COM2 .....
#
#port stream
#
port COM1
#port /dev/ttyS0
#port 1
#
# I/O Base Address
#address 2F8
#
# IRQ Number for your COM Port
#irq 3
#
# Baud Rate Available 9600,14400,19200,28800,38400,56000,57600,115200
baud 115200
#
# The name of your ROM file
#rombin rom10.bin
rombin rom101.bin
#
Cemu User’s Manual
Version 101.5
#dishbin Eeprom.bn10
#dishbin Eeprom.bn101
dishbin dish.bin
#
#
# Don't send ATR
noatr 1
#
# Tier ep3 file
#tierfile tiers.txt
#
# Output Data Types to file
savetierfile tiersout.txt
#
# Auto expire date/time values
# set expiry date values to current date/time + days
autoexpire 30
#
# BoxKey Hex - Must Be 16 HEX Digits
#boxkey 1234567887654321
#
# Cam ID Decimal - The number after S in sysinfo screen
#camid 0012345678
#
# Ird ID Decimal - The number after R in sysinfo screen
#irdid 0023456789
#
# Black out Hex - Must Be 24 HEX Digits
#blackout 0123456789abcdef98765432
#
# Choose the Daylight Saving
# 1 - For Daylight
# 0 - No Daylight
daylight 0
#
# Choose a good Time Zone work with Zip Code and DayLight
#
# alaska
# eastern
# central
# mountain
# pacific
# atlantic
# newfounland
# virgin
# honolulu
tz eastern
#
# Zip Decimal
# Choose a good zip code for your location (Need for a good TimeZone)
zip 88888
#
# For write to dishbin (default) NoSave 0
# No Write to dishbin NoSave 1
#nosave 1
#
# 1 for Debugging
Cemu User’s Manual
Version 101.5
#debugging 1
#
# streamlog <filename>
# if no filename is given, default is stream<year><month><day>.log
#streamlog
#
# emmlog <filename>
# if no filename is given, default is emm<year><month><day>.log
#emmlog
#
# Use this option for diplay different output information
# CMD IRD command, and other cmds logged
# CAM CAM item info
# SAVE not used yet
# MAP debug the map functions from libgmp
# ROM debug bytes placed in ROM
# NYI not Yet Implemented feature debug
# INPUT debug incoming byte strings
# OUTPUT debug outgoing byte strings
# COMM debug low level communication
# RUN output various info taken from a running bin (keys, etc)
# KEY output just key info
# EMM debug EMM's that have been decoded
# DEBUG turn on debug debug processing :)
# BIG_INT debug big_int
# IRQ debug IRQs
# ITEMS values within data items
# NONE turn ALL debugging off
# ALL turn on ALL debugging from above
# debug RUN KEY NYI EMM INPUT OUTPUT MAP ROM 6805
#debug RUN KEY MAP NYI INPUT OUTPUT ROM BIG_INT
#debug RUN KEY NYI EMM ROM
debug RUN KEY NYI
#debug INPUT OUTPUT MAP BIG_INT RUN CMD CAM ITEMS
#debug INPUT OUTPUT RUN COMM
#debug RUN
#debug NONE
#debug ALL
#
#Atr Baud Rate
#ATR Baud Rate Available 1200,2400,4800,9600
#atrbaud 9600
#AVR or mofified serial port
protocol avr
#protocol modserial
This is not the only way to set up a Cemu.ini file, much of the file can be removed so
long as the minimum required options are inserted.
port COM1
rombin rom101.bin
dishbin dish.bin
noatr 1
The above for instance would run a windows MinGW build using the specified bins
without Cemu sending the atr. If it is required that the atr be sent by Cemu then only the
Cemu User’s Manual
Version 101.5
first three lines would be needed. These are the minimum requirements for the Cemu.ini
file.
In order to run Cemu the values in the Cemu.ini file must be properly set so in the
following pages each section will be broken down and explained.
#
# For comments any option use the symbol #
#
These lines at the top of the file explain the use of # in the file. Just as the comment says,
if you would like Cemu to ignore a line in the Cemu.ini you must place # at the beginning
of the line. Alternatively the line to be ignored can simply be deleted. Typically lines are
commented (#) rather than deleted simply to ease transitions between different Cemu.ini
configurations.
# port configuration
# stream : read from file stream.in, generate stream.out
# MinGW : COM1 for COM1, COM2 for COM2...
# Dos : 1 for COM1, 2 for COM2....
# Cygwin/Linux : /dev/ttyS0 for COM1, /dev/ttyS1 for COM2 .....
#
#port stream
#
port COM1
#port /dev/ttyS0
#port 1
#
# I/O Base Address
#address 2F8
#
# IRQ Number for your COM Port
#irq 3
#
# Baud Rate Available 9600,14400,19200,28800,38400,56000,57600,115200
baud 115200
This section is where you will setup the communications port that Cemu will be using.
The first 4 lines below port configuration are to remain commented. They are present in
the .ini to illustrate the options available. The setting to be used is dependent upon which
build of Cemu is being used.
The first option is to run a stream log file. When running a log it is often best to do so
from the command prompt so the window doesn’t close upon program termination.
To run the log setup as follows:
#
port stream
#
Keep in mind that all other lines that begin with “port” must be commented (#) out.
The next few options cover Windows, Dos, and Linux builds. Windows (MinGW) uses
the following syntax
Cemu User’s Manual
Version 101.5
#
port COM1
#
Replace 1 with the com port number being used if different. Note that COM is all
capitalized.
For a Dos build remove COM and just use the port number. For example:
#
port 1
#
would use com port 1 for a Dos build and
#
port /dev/ttyS0
#
would use com port 1 on a Linux or Windows Cygwin build.
The next section is for use only if your COM port configuration is different than what
default settings (baud is always used and is as a general rule 115200 unless your custom
com port settings tell you otherwise). The information for base address and irq # can be
altered and comment (#) removed to reconfigure the settings used if your COM port
settings are do not match those that are widely used as default. If you are changing these
values make sure that you have taken the values from your bios settings or windows
hardware settings before any changes are made.
# I/O Base Address
#address 2F8
#
# IRQ Number for your COM Port
#irq 3
#
#
# Baud Rate Available 9600,14400,19200,28800,38400,56000,57600,115200
baud 115200
The next section of the Cemu.ini file tells Cemu which files it will be using to emulate
the cam with.
# The name of your ROM file
#rombin rom10.bin
rombin rom101.bin
#
#dishbin Eeprom.bn10
#dishbin Eeprom.bn101
dishbin dish.bin
#
Replace the value after “rombin” with the name of your ROM file (this is the .bin file that
you do not edit and can be used by everyone since all cams of a given type have the same
code in the ROM. Replace the value after “dishbin” with the name of your EEPROM file
(this is the .bin file that you edit with your own tiers and personal IRD/CAM information.
It is not recommended that you distribute your dishbin file.
Cemu User’s Manual
Version 101.5
You’ll notice in this typical Cemu.ini the option for using rom10.bin has been left. The
reason for this is that the current version of Cemu will run either as a true 101 emulator or
run 10xto10 emulation using Penga’s method. If you choose to run 10xto10 emulation
keep in mind that all information in the bin must stay where it is, for this reason
Cemu does not patch any information from the .ini to the bin. When running
10xto10 emulation Cemu should detect the type of bin automatically and will not patch
info from the .ini. Rom3 and Rom11 emulation still functions as it has in previous
versions of Cemu however at the time of this release there is no suitable testing solution
for these Roms and therefore no updates have been made in Cemu for these Roms.
Next you have the option of sending or not sending the ATR string. In general with the
new flashes available for the both 8515 and 2313 chips the ATR is handled by the chip’s
flash so you will need to disable the send by Cemu. This is done as shown in the typical
.ini
# Don't send ATR
noatr 1
#
If you desire an ATR to be sent simply edit the above by replacing “1” with “0”.
Next in the Cemu.ini file you will find information for tier handling. As with previous
versions of Cemu (as modified by steeledan) Cemu can use a tierfile to patch tiers into
your EEPROM file eliminating the need for programs such as NagraEdit for this task.
Many have not realized this in the past but Cemu can also add any other datatype to the
bin from the tierfile. This means that for supported commands Cemu is compatible with
NagraEdit patch files. In addition Cemu can read all datatypes from the EEPROM and
write them to a text file and automatically adjust all expiration dates in the EEPROM.
# Tier ep3 file
tierfile tiers.txt
#
# Output Data Types to file
savetierfile tiersout.txt
#
# Auto expire date/time values
# set expiry date values to current date/time + days
autoexpire 30
The above example would read datatypes from the file tiers.txt and write them to the
EEPROM. Upon properly exiting the Cemu tiers from the running EEPROM would be
saved to tiersout.txt. Finally, at startup Cemu would adjust the expiration dates of all
datatypes in the running EEPROM to the current date +30 days (this is for 101
EEPROMs only).
The next section of the .ini file allows the user to change the “personal” information in
the EEPROM. This information includes IRD #, CAM ID, and Boxkeys. It should be
noted that with new security being used this information is “married” to other values in
the dishbin file. The option to use this section is available but it is best at this time to
have this information in the EEPROM file and not patch it from the Cemu.ini file. These
Cemu User’s Manual
Version 101.5
lines, therefore, should remain commented (#). Also, as has already been noted, for
rom10xto10 bins these values are not patched to the bin.
# BoxKey Hex - Must Be 16 HEX Digits
#boxkey 1234567887654321
#
# Cam ID Decimal - The number after S in sysinfo screen
#camid 0012345678
#
# Ird ID Decimal - The number after R in sysinfo screen
#irdid 0023456789
#
# Black out Hex - Must Be 24 HEX Digits
#blackout 0123456789abcdef98765432
The personal information that follows can be patched from the Cemu.ini file to the
EEPROM safely.
# Choose the Daylight Saving
# 1 - For Daylight
# 0 - No Daylight
daylight 0
#
# Choose a good Time Zone work with Zip Code and DayLight
#
# alaska
# eastern
# central
# mountain
# pacific
# atlantic
# newfounland
# virgin
# honolulu
tz eastern
#
# Zip Decimal
# Choose a good zip code for your location (Need for a good TimeZone)
zip 88888
The above section should be self explanatory, use the appropriate option for daylight
savings time, choose a valid time zone, and enter your zip code in decimal. Alternatively
this information may already be in the EEPROM file. If so then comment (#) the three
lines that are not currently.
#
# For write to dishbin (default) NoSave 0
# No Write to dishbin NoSave 1
#nosave 1
#
This section tells Cemu whether or not to save information from the running bin to the
file stored on disk. The save will take place only upon properly exiting the program. The
default setting is to save information. The configuration above will save. If the comment
(#) is removed from in front of “nosave 1” then upon exiting the program no information
Cemu User’s Manual
Version 101.5
will be saved to the bin on disk. If you are running a ramdrive setup be aware that no
information will be saved to the bin in your zip file.
# 1 for Debugging
#debugging 1
When you remove the comment in this section (in front of “debugging 1”) you activate
Cemu’s internal debugger. This is a powerful debugging tool and will be explained more
in depth in the advanced setup section.
The next section can be used to turn on Cemu logging features.
# streamlog <filename>
# if no filename is given, default is stream<year><month><day>.log
#streamlog
#
# emmlog <filename>
# if no filename is given, default is emm<year><month><day>.log
#emmlog
#
Streamlog will allow you to log all ird to cam and cam to ird communications. Emmlog
will allow you to log all decrypted emms. The default names will provide you with a
nice filing system for your files. At midnight the log will automatically be written to a
new file with year, month, and date in the file name. The date in the log file name is
taken from the system clock, so if the date on your clock is or the time is wrong then your
files will not be named properly. Also, if you specify a name for the streamlog or
emmlog files as something other than the default then the date will not be appended and
only one log file (of each type) will be created.
#
# Use this option for diplay different output information
# CMD IRD command, and other cmds logged
# CAM CAM item info
# SAVE not used yet
# MAP debug the map functions from libgmp
# ROM debug bytes placed in ROM
# NYI not Yet Implemented feature debug
# INPUT debug incoming byte strings
# OUTPUT debug outgoing byte strings
# COMM debug low level communication
# RUN output various info taken from a running bin (keys, etc)
# KEY output just key info
# EMM debug EMM's that have been decoded
# DEBUG turn on debug debug processing :)
# BIG_INT debug big_int
# IRQ debug IRQs
# ITEMS values within data items
# NONE turn ALL debugging off
# ALL turn on ALL debugging from above
# debug RUN KEY NYI EMM INPUT OUTPUT MAP ROM 6805
#debug RUN KEY MAP NYI INPUT OUTPUT ROM BIG_INT
#debug RUN KEY NYI EMM ROM
debug RUN KEY NYI
#debug INPUT OUTPUT MAP BIG_INT RUN CMD CAM ITEMS
Cemu User’s Manual
Version 101.5
#debug INPUT OUTPUT RUN COMM
#debug RUN
#debug NONE
#debug ALL
The first portion of this section is an explanation of what the different debug flags do.
Since they each have a good description with them there is no need to go further with
that. Below the flag descriptions (the lines that start “#debug”) there are several options.
These are just for convenience and most users will find “debug RUN” will provide
adequate screen output. Certainly any options can be grouped together to provide the
desired screen output. Also, if you run Cemu from a command line you can redirect all
screen output to a file using a command structure such as C:\cemu.exe >output.txt
The last section of the .ini contains the following lines.
#
#Atr Baud Rate
#ATR Baud Rate Available 1200,2400,4800,9600
#atrbaud 9600
#AVR or mofified serial port
protocol avr
#protocol modserial
The only section of this that you might consider changing is the protocol. At this time a
modserial has not been tested however the code is still in the program so if you’re feeling
froggy go ahead and try it out.
NEW FEATURES
Those of you that have used Cemu in the past will find quite a few new features added to
this version. While some features have been added with the intentions of making use
easier, some have been added to help with advanced testing. First we will look at
features added for ease of use.
A feature has been added to determine whether or not Cemu sends an ATR to the ird.
Through the course of testing it was found that the ATR being sent by Cemu was causing
bad communications between the ird and computer. In the flashes currently available for
the atmel 8515 and the atmel 2313 the ATR string is sent by the chip and therefore
doesn’t need to be sent by the computer. Since Cemu has always sent the ATR string in
the past and because new flashes may become available, the noatr feature was added.
Another handy new feature is the addition of the tiersout file. The tiers out file will write
all data types in your bin to a patch file. This patch file can be edited and used to write
data types back to your bin. The format of this file is much like what you might expect to
see from a tier creator with the note-able exception that all data types are included in the
file. That means all keys, boxkeys, ird info, cam id info, etc. will be included in the file.
Here is a couple example lines from a tiers out file.
!removeall 09 02 05 07 08 06 0A 01
!add 06 1A 0000000101000009181096109C855E532473057562CBDCFF72 9A
!add 06 22 000000010000000110183A4798AE5378A9A86377A327E48E53 33E7C19B82F8046012
!add 07 27 13487F78010111000106141E862D0BE000660F79234E611349 000062363800000A800090FF00FF
!add 07 27 13487F7801011100000A141E862D08FC00660F79234E611349 000062363800000A0A8290FF00FF
Cemu User’s Manual
Version 101.5
Obviously this is not an entire tiersout file but it is only meant as an example of the
format. Note that the length marker is 1 byte shorter than what it is in the bin (a channel
tier in the bin begins 0728 not 0727), keep this in mind if you try to use this file with
other programs. This feature makes editing tiers and applying them to your bin fairly
easy.
Finally in the ease of use category is the !ppv command for the tiers input file. Like
previous versions of Cemu tiers can be patched from a file to the bin. The new part about
this is that two commands have been added that allow ppv strings to be easily added.
Two new commands for the tier file:
!cleanppv
- this removes all PPV tiers
!ppv <provider> <low id> <high id> <expire days>
- this adds a PPV tier
- provider is in hex, all other values are in decimal
- if low id and high id are both not specified, then low id will be 1 and high will be maximum value
- if only a low id is specified then a single id will be used (high id will equal low)
- if no expire days are specified, the default is 2 days
- purchase date will always be yesterday
- price will always be $3.99
usage examples:
!ppv 0101 12345
- open event 12345 for 2 days
!ppv 0101 12345 23456
- open 12345 to 23456 for 2 days
!ppv 0101 23456 34567 30
- open 23456 to 34567 for 30 days
Another nice new feature and one that it will be handy to become familiar with is the
newly implemented keyboard commands. That’s right, for this version of Cemu
keyboard support has finally been added. This means that while the program is running
you can easily toggle many options and perform tasks. These commands can be
displayed while Cemu is running by pressing h.
Debug flag toggles
(A)ll (Stopping this also takes some time, be patient)
(b)ig ints (displays big number calculation results)
c(a)m
(c)ommands (breakdown of ird commands)
(C)OM (display serial communication)
(d)ebug
(e)mm (shows decrypted emms)
(i)nput (displays ird command strings)
IR(Q) (shows IRQ functions)
i(t)ems (shows data items as they are communicated)
Cemu User’s Manual
Version 101.5
(k)ey (not implemented in this version)
(m)ap (shows map functions as used)
(n)ot yet impl (shows features not yet implemented)
(o)utput (displays cam response strings)
(r)om
r(u)n (displays various info from running bin)
The following are files toggles:
CTRL-W: write EEPROM
CTRL-T: write data items (tiers) to tiersout file
CTRL-L: toggle stream log
CTRL-E: toggle EMM log
Other supported commands:
(h)elp (displays command options)
(s)tatus (displays the status of all flags)
(v)ersion (displays the current program version)
CTRL-C or <ESC> to exit
The keyboard functions are only checked during idle time so if Cemu enters a tight loop
then response may be delayed and Ctrl-C may need to be used to exit.
Advanced Setup
Running from a stream log
In order to do this be aware that the stream log must contain information sent from the ird
as well as the responses from the cam. Your stream log will need to be placed in the same
folder as Cemu and the name stream.in must be used for the file. Using this option will
create a file called stream.out which will contain the ird command and the cam response
(from the original file), as well as the Cemu response. After successfully running the log
file Cemu will screen output a count of the number of matching responses and the
number of responses that do not match.
Debugging
Cemu’s internal debugging feature can be used for a number of tasks. When debugging
is enabled Cemu will start up and await your input at a prompt (#). By hitting enter at the
prompt you will see the usage expected.
Usage: b/d/e/g/s/q/r/w
The list that follows shows each command, the usage expected and the task it performs.
g – (runs Cemu… g for go)
w – (write EEPROM)
b – (breakpoint commands)
Usage: bp x/bc x/bl
bp <addr> - (set breakpoint)
bc <addr> - (clear breakpoint)
Cemu User’s Manual
Version 101.5
bl – (list breakpoints)
d – (dump next 0x100 bytes)
d <addr> - dump 0x100 bytes of memory starting at <addr>
d <addr 1> <addr 2> - dump memory from <addr 1> to <addr 2>
if no high addr given then 0x100 is used
e – (edit)
e <addr> <byte> [byte] ... - modify memory starting at <addr> with <byte> ...
r - display regs
r <reg> <val> - change value of <reg> to <val>
s – step
s <steps> step through <steps> steps
if no steps are given then default is 1 step
q - quit
Tierfile Commands
as mentioned, the tierfiles are actually NagraEdit patch files. Supported commands and
information on usage (courtesy of NagraEdit help file) is as follows:
!add
Add a data type with the data passed.
Syntax:
Add <DataType> <Size> <Data...>
Example:
!Add 02 04 01 00 80 00
Adds a type $02 data type with the data $01 $00 $80 $00.
!cleanppv
Remove all $07 ppv data types.
Syntax:
!CleanPPV
!defrag
This feature will move all free space blocks to the end of the data space and move all data types
to the beginning of the data space. This feature will not add, remove or modify any of the data
types.
Syntax:
!Defrag
!removeall
Cemu User’s Manual
Version 101.5
Cemu User’s Manual
Version 101.5
Remove all data types specified, more than one can be specified at a time
Syntax:
!RemoveAll <DataType(s)>
Example:
!RemoveAll 08 0B
Remove all 08 and 0B data types on the card.
hxxp://www.rom10x.com/forums/showthread.php?t=15222
Introduction
Cemu has grown through many years and many versions to be the emulator of choice for
many in the testing community. The ease of use coupled with the ability of running on
barebones systems with low processor speeds make it a great choice for anyone wanting
to setup an emulation system.
This document is meant as a user’s manual for the latest (at time of writing) version of
Cemu. This is not a How-To document that will walk you through the setup of a new
emulation system. The assumption being made is that at this time you have a functioning
emulation setup (or the knowledge and ability to deal with the hardware end of things on
your own).
This document is for distribution with Cemu for 101. If at any time you distribute (post,
email, handout, etc…) this version of Cemu please include this document with the
package.
Basic Setup
As with previous versions of Cemu program setup is done in the file Cemu.ini. In this
section the various options in the Cemu.ini file will be explained. A typical Cemu.ini file
will look similar to the text below:
#
# For comments any option use the symbol #
#
# port configuration
# stream : read from file stream.in, generate stream.out
# MinGW : COM1 for COM1, COM2 for COM2...
# Dos : 1 for COM1, 2 for COM2....
# Cygwin/Linux : /dev/ttyS0 for COM1, /dev/ttyS1 for COM2 .....
#
#port stream
#
port COM1
#port /dev/ttyS0
#port 1
#
# I/O Base Address
#address 2F8
#
# IRQ Number for your COM Port
#irq 3
#
# Baud Rate Available 9600,14400,19200,28800,38400,56000,57600,115200
baud 115200
#
# The name of your ROM file
#rombin rom10.bin
rombin rom101.bin
#
Cemu User’s Manual
Version 101.5
#dishbin Eeprom.bn10
#dishbin Eeprom.bn101
dishbin dish.bin
#
#
# Don't send ATR
noatr 1
#
# Tier ep3 file
#tierfile tiers.txt
#
# Output Data Types to file
savetierfile tiersout.txt
#
# Auto expire date/time values
# set expiry date values to current date/time + days
autoexpire 30
#
# BoxKey Hex - Must Be 16 HEX Digits
#boxkey 1234567887654321
#
# Cam ID Decimal - The number after S in sysinfo screen
#camid 0012345678
#
# Ird ID Decimal - The number after R in sysinfo screen
#irdid 0023456789
#
# Black out Hex - Must Be 24 HEX Digits
#blackout 0123456789abcdef98765432
#
# Choose the Daylight Saving
# 1 - For Daylight
# 0 - No Daylight
daylight 0
#
# Choose a good Time Zone work with Zip Code and DayLight
#
# alaska
# eastern
# central
# mountain
# pacific
# atlantic
# newfounland
# virgin
# honolulu
tz eastern
#
# Zip Decimal
# Choose a good zip code for your location (Need for a good TimeZone)
zip 88888
#
# For write to dishbin (default) NoSave 0
# No Write to dishbin NoSave 1
#nosave 1
#
# 1 for Debugging
Cemu User’s Manual
Version 101.5
#debugging 1
#
# streamlog <filename>
# if no filename is given, default is stream<year><month><day>.log
#streamlog
#
# emmlog <filename>
# if no filename is given, default is emm<year><month><day>.log
#emmlog
#
# Use this option for diplay different output information
# CMD IRD command, and other cmds logged
# CAM CAM item info
# SAVE not used yet
# MAP debug the map functions from libgmp
# ROM debug bytes placed in ROM
# NYI not Yet Implemented feature debug
# INPUT debug incoming byte strings
# OUTPUT debug outgoing byte strings
# COMM debug low level communication
# RUN output various info taken from a running bin (keys, etc)
# KEY output just key info
# EMM debug EMM's that have been decoded
# DEBUG turn on debug debug processing :)
# BIG_INT debug big_int
# IRQ debug IRQs
# ITEMS values within data items
# NONE turn ALL debugging off
# ALL turn on ALL debugging from above
# debug RUN KEY NYI EMM INPUT OUTPUT MAP ROM 6805
#debug RUN KEY MAP NYI INPUT OUTPUT ROM BIG_INT
#debug RUN KEY NYI EMM ROM
debug RUN KEY NYI
#debug INPUT OUTPUT MAP BIG_INT RUN CMD CAM ITEMS
#debug INPUT OUTPUT RUN COMM
#debug RUN
#debug NONE
#debug ALL
#
#Atr Baud Rate
#ATR Baud Rate Available 1200,2400,4800,9600
#atrbaud 9600
#AVR or mofified serial port
protocol avr
#protocol modserial
This is not the only way to set up a Cemu.ini file, much of the file can be removed so
long as the minimum required options are inserted.
port COM1
rombin rom101.bin
dishbin dish.bin
noatr 1
The above for instance would run a windows MinGW build using the specified bins
without Cemu sending the atr. If it is required that the atr be sent by Cemu then only the
Cemu User’s Manual
Version 101.5
first three lines would be needed. These are the minimum requirements for the Cemu.ini
file.
In order to run Cemu the values in the Cemu.ini file must be properly set so in the
following pages each section will be broken down and explained.
#
# For comments any option use the symbol #
#
These lines at the top of the file explain the use of # in the file. Just as the comment says,
if you would like Cemu to ignore a line in the Cemu.ini you must place # at the beginning
of the line. Alternatively the line to be ignored can simply be deleted. Typically lines are
commented (#) rather than deleted simply to ease transitions between different Cemu.ini
configurations.
# port configuration
# stream : read from file stream.in, generate stream.out
# MinGW : COM1 for COM1, COM2 for COM2...
# Dos : 1 for COM1, 2 for COM2....
# Cygwin/Linux : /dev/ttyS0 for COM1, /dev/ttyS1 for COM2 .....
#
#port stream
#
port COM1
#port /dev/ttyS0
#port 1
#
# I/O Base Address
#address 2F8
#
# IRQ Number for your COM Port
#irq 3
#
# Baud Rate Available 9600,14400,19200,28800,38400,56000,57600,115200
baud 115200
This section is where you will setup the communications port that Cemu will be using.
The first 4 lines below port configuration are to remain commented. They are present in
the .ini to illustrate the options available. The setting to be used is dependent upon which
build of Cemu is being used.
The first option is to run a stream log file. When running a log it is often best to do so
from the command prompt so the window doesn’t close upon program termination.
To run the log setup as follows:
#
port stream
#
Keep in mind that all other lines that begin with “port” must be commented (#) out.
The next few options cover Windows, Dos, and Linux builds. Windows (MinGW) uses
the following syntax
Cemu User’s Manual
Version 101.5
#
port COM1
#
Replace 1 with the com port number being used if different. Note that COM is all
capitalized.
For a Dos build remove COM and just use the port number. For example:
#
port 1
#
would use com port 1 for a Dos build and
#
port /dev/ttyS0
#
would use com port 1 on a Linux or Windows Cygwin build.
The next section is for use only if your COM port configuration is different than what
default settings (baud is always used and is as a general rule 115200 unless your custom
com port settings tell you otherwise). The information for base address and irq # can be
altered and comment (#) removed to reconfigure the settings used if your COM port
settings are do not match those that are widely used as default. If you are changing these
values make sure that you have taken the values from your bios settings or windows
hardware settings before any changes are made.
# I/O Base Address
#address 2F8
#
# IRQ Number for your COM Port
#irq 3
#
#
# Baud Rate Available 9600,14400,19200,28800,38400,56000,57600,115200
baud 115200
The next section of the Cemu.ini file tells Cemu which files it will be using to emulate
the cam with.
# The name of your ROM file
#rombin rom10.bin
rombin rom101.bin
#
#dishbin Eeprom.bn10
#dishbin Eeprom.bn101
dishbin dish.bin
#
Replace the value after “rombin” with the name of your ROM file (this is the .bin file that
you do not edit and can be used by everyone since all cams of a given type have the same
code in the ROM. Replace the value after “dishbin” with the name of your EEPROM file
(this is the .bin file that you edit with your own tiers and personal IRD/CAM information.
It is not recommended that you distribute your dishbin file.
Cemu User’s Manual
Version 101.5
You’ll notice in this typical Cemu.ini the option for using rom10.bin has been left. The
reason for this is that the current version of Cemu will run either as a true 101 emulator or
run 10xto10 emulation using Penga’s method. If you choose to run 10xto10 emulation
keep in mind that all information in the bin must stay where it is, for this reason
Cemu does not patch any information from the .ini to the bin. When running
10xto10 emulation Cemu should detect the type of bin automatically and will not patch
info from the .ini. Rom3 and Rom11 emulation still functions as it has in previous
versions of Cemu however at the time of this release there is no suitable testing solution
for these Roms and therefore no updates have been made in Cemu for these Roms.
Next you have the option of sending or not sending the ATR string. In general with the
new flashes available for the both 8515 and 2313 chips the ATR is handled by the chip’s
flash so you will need to disable the send by Cemu. This is done as shown in the typical
.ini
# Don't send ATR
noatr 1
#
If you desire an ATR to be sent simply edit the above by replacing “1” with “0”.
Next in the Cemu.ini file you will find information for tier handling. As with previous
versions of Cemu (as modified by steeledan) Cemu can use a tierfile to patch tiers into
your EEPROM file eliminating the need for programs such as NagraEdit for this task.
Many have not realized this in the past but Cemu can also add any other datatype to the
bin from the tierfile. This means that for supported commands Cemu is compatible with
NagraEdit patch files. In addition Cemu can read all datatypes from the EEPROM and
write them to a text file and automatically adjust all expiration dates in the EEPROM.
# Tier ep3 file
tierfile tiers.txt
#
# Output Data Types to file
savetierfile tiersout.txt
#
# Auto expire date/time values
# set expiry date values to current date/time + days
autoexpire 30
The above example would read datatypes from the file tiers.txt and write them to the
EEPROM. Upon properly exiting the Cemu tiers from the running EEPROM would be
saved to tiersout.txt. Finally, at startup Cemu would adjust the expiration dates of all
datatypes in the running EEPROM to the current date +30 days (this is for 101
EEPROMs only).
The next section of the .ini file allows the user to change the “personal” information in
the EEPROM. This information includes IRD #, CAM ID, and Boxkeys. It should be
noted that with new security being used this information is “married” to other values in
the dishbin file. The option to use this section is available but it is best at this time to
have this information in the EEPROM file and not patch it from the Cemu.ini file. These
Cemu User’s Manual
Version 101.5
lines, therefore, should remain commented (#). Also, as has already been noted, for
rom10xto10 bins these values are not patched to the bin.
# BoxKey Hex - Must Be 16 HEX Digits
#boxkey 1234567887654321
#
# Cam ID Decimal - The number after S in sysinfo screen
#camid 0012345678
#
# Ird ID Decimal - The number after R in sysinfo screen
#irdid 0023456789
#
# Black out Hex - Must Be 24 HEX Digits
#blackout 0123456789abcdef98765432
The personal information that follows can be patched from the Cemu.ini file to the
EEPROM safely.
# Choose the Daylight Saving
# 1 - For Daylight
# 0 - No Daylight
daylight 0
#
# Choose a good Time Zone work with Zip Code and DayLight
#
# alaska
# eastern
# central
# mountain
# pacific
# atlantic
# newfounland
# virgin
# honolulu
tz eastern
#
# Zip Decimal
# Choose a good zip code for your location (Need for a good TimeZone)
zip 88888
The above section should be self explanatory, use the appropriate option for daylight
savings time, choose a valid time zone, and enter your zip code in decimal. Alternatively
this information may already be in the EEPROM file. If so then comment (#) the three
lines that are not currently.
#
# For write to dishbin (default) NoSave 0
# No Write to dishbin NoSave 1
#nosave 1
#
This section tells Cemu whether or not to save information from the running bin to the
file stored on disk. The save will take place only upon properly exiting the program. The
default setting is to save information. The configuration above will save. If the comment
(#) is removed from in front of “nosave 1” then upon exiting the program no information
Cemu User’s Manual
Version 101.5
will be saved to the bin on disk. If you are running a ramdrive setup be aware that no
information will be saved to the bin in your zip file.
# 1 for Debugging
#debugging 1
When you remove the comment in this section (in front of “debugging 1”) you activate
Cemu’s internal debugger. This is a powerful debugging tool and will be explained more
in depth in the advanced setup section.
The next section can be used to turn on Cemu logging features.
# streamlog <filename>
# if no filename is given, default is stream<year><month><day>.log
#streamlog
#
# emmlog <filename>
# if no filename is given, default is emm<year><month><day>.log
#emmlog
#
Streamlog will allow you to log all ird to cam and cam to ird communications. Emmlog
will allow you to log all decrypted emms. The default names will provide you with a
nice filing system for your files. At midnight the log will automatically be written to a
new file with year, month, and date in the file name. The date in the log file name is
taken from the system clock, so if the date on your clock is or the time is wrong then your
files will not be named properly. Also, if you specify a name for the streamlog or
emmlog files as something other than the default then the date will not be appended and
only one log file (of each type) will be created.
#
# Use this option for diplay different output information
# CMD IRD command, and other cmds logged
# CAM CAM item info
# SAVE not used yet
# MAP debug the map functions from libgmp
# ROM debug bytes placed in ROM
# NYI not Yet Implemented feature debug
# INPUT debug incoming byte strings
# OUTPUT debug outgoing byte strings
# COMM debug low level communication
# RUN output various info taken from a running bin (keys, etc)
# KEY output just key info
# EMM debug EMM's that have been decoded
# DEBUG turn on debug debug processing :)
# BIG_INT debug big_int
# IRQ debug IRQs
# ITEMS values within data items
# NONE turn ALL debugging off
# ALL turn on ALL debugging from above
# debug RUN KEY NYI EMM INPUT OUTPUT MAP ROM 6805
#debug RUN KEY MAP NYI INPUT OUTPUT ROM BIG_INT
#debug RUN KEY NYI EMM ROM
debug RUN KEY NYI
#debug INPUT OUTPUT MAP BIG_INT RUN CMD CAM ITEMS
Cemu User’s Manual
Version 101.5
#debug INPUT OUTPUT RUN COMM
#debug RUN
#debug NONE
#debug ALL
The first portion of this section is an explanation of what the different debug flags do.
Since they each have a good description with them there is no need to go further with
that. Below the flag descriptions (the lines that start “#debug”) there are several options.
These are just for convenience and most users will find “debug RUN” will provide
adequate screen output. Certainly any options can be grouped together to provide the
desired screen output. Also, if you run Cemu from a command line you can redirect all
screen output to a file using a command structure such as C:\cemu.exe >output.txt
The last section of the .ini contains the following lines.
#
#Atr Baud Rate
#ATR Baud Rate Available 1200,2400,4800,9600
#atrbaud 9600
#AVR or mofified serial port
protocol avr
#protocol modserial
The only section of this that you might consider changing is the protocol. At this time a
modserial has not been tested however the code is still in the program so if you’re feeling
froggy go ahead and try it out.
NEW FEATURES
Those of you that have used Cemu in the past will find quite a few new features added to
this version. While some features have been added with the intentions of making use
easier, some have been added to help with advanced testing. First we will look at
features added for ease of use.
A feature has been added to determine whether or not Cemu sends an ATR to the ird.
Through the course of testing it was found that the ATR being sent by Cemu was causing
bad communications between the ird and computer. In the flashes currently available for
the atmel 8515 and the atmel 2313 the ATR string is sent by the chip and therefore
doesn’t need to be sent by the computer. Since Cemu has always sent the ATR string in
the past and because new flashes may become available, the noatr feature was added.
Another handy new feature is the addition of the tiersout file. The tiers out file will write
all data types in your bin to a patch file. This patch file can be edited and used to write
data types back to your bin. The format of this file is much like what you might expect to
see from a tier creator with the note-able exception that all data types are included in the
file. That means all keys, boxkeys, ird info, cam id info, etc. will be included in the file.
Here is a couple example lines from a tiers out file.
!removeall 09 02 05 07 08 06 0A 01
!add 06 1A 0000000101000009181096109C855E532473057562CBDCFF72 9A
!add 06 22 000000010000000110183A4798AE5378A9A86377A327E48E53 33E7C19B82F8046012
!add 07 27 13487F78010111000106141E862D0BE000660F79234E611349 000062363800000A800090FF00FF
!add 07 27 13487F7801011100000A141E862D08FC00660F79234E611349 000062363800000A0A8290FF00FF
Cemu User’s Manual
Version 101.5
Obviously this is not an entire tiersout file but it is only meant as an example of the
format. Note that the length marker is 1 byte shorter than what it is in the bin (a channel
tier in the bin begins 0728 not 0727), keep this in mind if you try to use this file with
other programs. This feature makes editing tiers and applying them to your bin fairly
easy.
Finally in the ease of use category is the !ppv command for the tiers input file. Like
previous versions of Cemu tiers can be patched from a file to the bin. The new part about
this is that two commands have been added that allow ppv strings to be easily added.
Two new commands for the tier file:
!cleanppv
- this removes all PPV tiers
!ppv <provider> <low id> <high id> <expire days>
- this adds a PPV tier
- provider is in hex, all other values are in decimal
- if low id and high id are both not specified, then low id will be 1 and high will be maximum value
- if only a low id is specified then a single id will be used (high id will equal low)
- if no expire days are specified, the default is 2 days
- purchase date will always be yesterday
- price will always be $3.99
usage examples:
!ppv 0101 12345
- open event 12345 for 2 days
!ppv 0101 12345 23456
- open 12345 to 23456 for 2 days
!ppv 0101 23456 34567 30
- open 23456 to 34567 for 30 days
Another nice new feature and one that it will be handy to become familiar with is the
newly implemented keyboard commands. That’s right, for this version of Cemu
keyboard support has finally been added. This means that while the program is running
you can easily toggle many options and perform tasks. These commands can be
displayed while Cemu is running by pressing h.
Debug flag toggles
(A)ll (Stopping this also takes some time, be patient)
(b)ig ints (displays big number calculation results)
c(a)m
(c)ommands (breakdown of ird commands)
(C)OM (display serial communication)
(d)ebug
(e)mm (shows decrypted emms)
(i)nput (displays ird command strings)
IR(Q) (shows IRQ functions)
i(t)ems (shows data items as they are communicated)
Cemu User’s Manual
Version 101.5
(k)ey (not implemented in this version)
(m)ap (shows map functions as used)
(n)ot yet impl (shows features not yet implemented)
(o)utput (displays cam response strings)
(r)om
r(u)n (displays various info from running bin)
The following are files toggles:
CTRL-W: write EEPROM
CTRL-T: write data items (tiers) to tiersout file
CTRL-L: toggle stream log
CTRL-E: toggle EMM log
Other supported commands:
(h)elp (displays command options)
(s)tatus (displays the status of all flags)
(v)ersion (displays the current program version)
CTRL-C or <ESC> to exit
The keyboard functions are only checked during idle time so if Cemu enters a tight loop
then response may be delayed and Ctrl-C may need to be used to exit.
Advanced Setup
Running from a stream log
In order to do this be aware that the stream log must contain information sent from the ird
as well as the responses from the cam. Your stream log will need to be placed in the same
folder as Cemu and the name stream.in must be used for the file. Using this option will
create a file called stream.out which will contain the ird command and the cam response
(from the original file), as well as the Cemu response. After successfully running the log
file Cemu will screen output a count of the number of matching responses and the
number of responses that do not match.
Debugging
Cemu’s internal debugging feature can be used for a number of tasks. When debugging
is enabled Cemu will start up and await your input at a prompt (#). By hitting enter at the
prompt you will see the usage expected.
Usage: b/d/e/g/s/q/r/w
The list that follows shows each command, the usage expected and the task it performs.
g – (runs Cemu… g for go)
w – (write EEPROM)
b – (breakpoint commands)
Usage: bp x/bc x/bl
bp <addr> - (set breakpoint)
bc <addr> - (clear breakpoint)
Cemu User’s Manual
Version 101.5
bl – (list breakpoints)
d – (dump next 0x100 bytes)
d <addr> - dump 0x100 bytes of memory starting at <addr>
d <addr 1> <addr 2> - dump memory from <addr 1> to <addr 2>
if no high addr given then 0x100 is used
e – (edit)
e <addr> <byte> [byte] ... - modify memory starting at <addr> with <byte> ...
r - display regs
r <reg> <val> - change value of <reg> to <val>
s – step
s <steps> step through <steps> steps
if no steps are given then default is 1 step
q - quit
Tierfile Commands
as mentioned, the tierfiles are actually NagraEdit patch files. Supported commands and
information on usage (courtesy of NagraEdit help file) is as follows:
!add
Add a data type with the data passed.
Syntax:
Add <DataType> <Size> <Data...>
Example:
!Add 02 04 01 00 80 00
Adds a type $02 data type with the data $01 $00 $80 $00.
!cleanppv
Remove all $07 ppv data types.
Syntax:
!CleanPPV
!defrag
This feature will move all free space blocks to the end of the data space and move all data types
to the beginning of the data space. This feature will not add, remove or modify any of the data
types.
Syntax:
!Defrag
!removeall
Cemu User’s Manual
Version 101.5
Cemu User’s Manual
Version 101.5
Remove all data types specified, more than one can be specified at a time
Syntax:
!RemoveAll <DataType(s)>
Example:
!RemoveAll 08 0B
Remove all 08 and 0B data types on the card.