Hello. I'm new to testing plastic, so I decide to play around with some SO1 rev 640 bev cards because I have many of those, but I only have a few 102's of a low rev. I didn't want to risk looping 1 of those learning how to do this so I am trying some of the different 10B scripts so that I can become fimliar with the program and commands. This is the message I got by using 1 of them. Does it mean it is unlocked ( see below C/P of my winexpol output window)?
Because that is it what it says. I tried reading it with N2edit so I could clean the code space and write a clean bin file to it but it says
ATR: 3F FF 95 00 FF 91 81 71 FF 47 00 44 4E 41 53 50 53 30 31 20 52 65 76 36 34 30 05
CAM Type: ROMS01 Rev640
CAM Not Supported


Any input would be very much apperciated. As I've read around the forum but am a little lost here.
C/P from my winexpol output window.

Searching....
RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- RSt01 +-+-+++++----RSt02---- Rsta1 ++++-----+++++++Rst04-VCC = 25 (~0.725490196078431 vdc)
Glitch Delay = 0001
Glitch type 09
===========================================
RX Data : 3F
3F-----------

TX Data : A1

===========================================
Glitch Success!!
ROM102_REV10B is NOW OPEN!!!!!!
VCC = 06 25 (~0.725490196078431 vdc)
Glitch Delay = 0458 0001
Glitch type 09
===========================================

Script C:\Documents and Settings\Owner\Desktop\Bill\card files\DarkHoods Picks, Scripts for 102's that Locked Up After Bad Writes Ect. Ect\Nex Rev 10B Unlock Rom 102\Nex_REV10B_unlock_Rom102.xvb Transmission Completed

LoL

why are u using a 102 script on the S0x cam hahaha.. keep it up and it will be in the l00p pile

Just because the hardware of the card can be glitched, doesn't mean you have any chance at all of opening it. The SOx cards wont do anything with the packets the script is sending, because they're ment to open a rom102. Set your SO card aside before it's junked; No rom102 script will open it.

I'm running it because I want to try to learn about the programs and commands used in unlocking cards. I don't care if I loop a SO1 card. I have many of those but I only have a few 102's. So before I started on the 102's rev 103-107 I wanted to get a handle on using all the different programs. I ran the 102 scripts because that is all I can find and everything I've read say that a SO card will work like a 102. So what did I have to lose?
I fully expected the card to loop and didn't care if it did. I'm testing , maybe not very well or intelligently but testing none the less. If I wanted free tv I'd just keep using my fta receivers. What I didn't expect was this message.
Glitch Success!!
ROM102_REV10B is NOW OPEN!!!!!!
VCC = 06 25 (~0.725490196078431 vdc)
Glitch Delay = 0458 0001
Glitch type 09
From what I read so far is that this means your card is unlocked. Confused the heck out of me. So I was hoping someone else had success opening 1 of these cards.:confused::confused:

I don't think it's really unlocked and if it is there is still nothing to use to read and write it.

Right, it's not unlocked. The card does have hardware vulnerabilities that the scripts are hitting, but they're not sending anything when they hit that can unlock these cards. The script is just fooled into thinking it did something.

Right, it's not unlocked. The card does have hardware vulnerabilities that the scripts are hitting, but they're not sending anything when they hit that can unlock these cards. The script is just fooled into thinking it did something.Thank you very much, this was the reply I was looking for. I suspected that was the case but seeing as I never unlock any type of card before I wasn't sure and figured I better ask before proceeding any further. I can still read the cards ROM and REV #'s so it couldn't of hurt it. I guess. :confused:
Thanks again. If nothing else I now have a better understanding how the different programs work now. Only way I know how to learn is to read then try to do it. Time to tackle a real 102 now I guess.

Ok still trying to learn this card stuff so I'm still playing with this card. So I tried to read the card in nargamaster. I got the reading EEProm message then EEProm read and dissassembling code message (or something like that). Then my program found a error and shut down. Same thing happened twice more. So I tried clean codespace. Seemed to work but when I went to read card it still was a SO card. So I tried all 3 revs of clean codespace. I did this using my nexus so after a while I looped the card. Tried reading it with 3 different programs as well as my ISO still got no ATR. So as it was looped already I decided to try running the unlocking program I got it open with in the first place. BAM, I got the glitch success message again and now I can read the card again but this time when I read the card in nargamaster I get ROM 301 rev 640 instead of SO1 rev 640 like I was getting before. Plus it will not read the EEProm any more. I get the card is locked?? message instead.
Anyway I thought I would post my test results in case it might help or give a hint to someone who knows what their doing, so they could unlock and write to a SO card.

If you can read the cards eeprom, you did something, if you can't you are wasting your time........

theres a fine line between:

Unlocked

intercept installed

dumpable

You may have unlocked the card to a 102's spec, but that don't mean its opened, has an intercept installed, or enables you to make an EEPROM dump.

If you figure out the other 2 steps inform us.. I think your script will need heavy modification first though.

as far as I know there is no safe spot on the SOx cards to write an intercept, and no intercept to write. There is so many checksums that if you were to successfully figure one out and write it, the second the card was powered down and back up it would blow the processor up due to invalid checksum.

Good luck

nice post guys,

S01 or SW02 cards are hackable and programmable, if you know how to tweak winexplorer scripts you can actuallly dump the cards eeprom, some sites say some of the S0's eeprom is located in the cards OTP area, which means when a card gets ECMed it is finished! that BS! so as far as getting a SW programmed, you must know a good underground site full of experienced coders or personally know a dealer who actually has the unlocker.....gcan

also the post above on what was specified on unlocking S0 using a 102 script, without the proper reader, there is no way in actually telling if your card is unlocked, winexplorer also thinks sometimes that a softlooped cam is unlocked, sometimes hapen when it sends packets to the card and the card returns an invalid response it may say it is open, same also goes with unkown provider cards locked as well................gcan