kpitao
09-26-2008, 09:52 PM
Hi guys, need some help here. I'm trying to open a 10b with no success for the past 2 weeks using a blue nexus, tried almost every script I could find. Got tired and bought myself a powersync. I need to know the settings; pot, dip, etc. And also a good script would help too. Thanks
eric keri
09-26-2008, 10:46 PM
Did you try stubborn 289 script on the 10b with the blue nexus? I had the same problem. Stubborn289 script popped it open in 50 sces. use dip 4 and 5 down. at 215 ohm's.
I know you want the setting for the powersync. I don't know them. But have you popped anything open with the blue nexus before. If not the nexus might have bad chips.
If you want to try the blue nexus again and you dont have the stubborn 289 script PM. I can give it to you.
kpitao
09-26-2008, 10:54 PM
I will give a try. Thanks
eric keri
09-27-2008, 12:34 AM
'************************************************* *************************************
'* ____ __ _______ ____ *
'* / __ \___ / /_ ___ / / ___/___ _____/ __/ *
'* / /_/ / _ \/ __ \/ _ \/ /\__ \/ _ \/ ___/ /_ *
'* / _, _/ __/ /_/ / __/ /___/ / __/ / / __/ *
'* /_/ |_|\___/\____/\___/_//____/\___/_/ /_/ *
'* *
'* ____ _ __ __ __ __ *
'* / __ \____ ___ ____ (_) / / /___ / /___ _____/ /_____ _____ *
'* / / / / __ `__ \/ __ \/ / / / / __ \/ / __ \/ ___/ //_/ _ \/ ___/ *
'* / /_/ / / / / / / / / / / /_/ / / / / / /_/ / /__/ ,< / __/ / *
'* \____/_/ /_/ /_/_/ /_/_/\____/_/ /_/_/\____/\___/_/|_|\___/_/ *
'* PERIQUITO,MALCOM,HACKERDSS,CHANGOLEON,GIAKO *
'* FOR STREAM LOCKED ROM 102S REVISION 109+/247+ OR HIGHER. *
'* USES ONLY RSX1 WITH LOADER *
'* LOADER MUST USE MAX4619 OR ADG733 SWITCHES FOR RELIABLE UNLOCKING *
'* USE LOADER SWITCH 2 0R 3 *
'* HAPPY UNLOCKING AND GOOD LUCK!! *
'* !!!!!!WE USED A BLUE NEXUS 215 OHM DIPS 4+5 TOGETHER FOR STUBBORN 289!!!!!! *
'************************************************* *************************************
Option Explicit
Dim Shell
Set Shell = CreateObject("WScript.Shell")
Dim StartDate
Dim FileName
Dim OutFile
Dim BuffFlg
Dim bytes2
Dim GltParm
Dim ParLen
Dim ReslFlg
Dim LoopCntr
Dim RstFlg
Dim DlType
Dim Rs2Flg
Dim DlFlg
Dim bytes
Dim Uflg
Dim Acnt
Dim Mix
Dim VS1
Dim VT1
Dim DS1
Dim LP1
Dim LP2
Dim T1
Dim T2
Dim T3
Dim T4
Dim T5
Dim T6
Dim T7
Dim T8
Dim VG
Dim DD
Dim RT
Dim GT
LP1 = 1
BuffFlg = 0
LoopCntr = 0
GltParm = 176
ReslFlg = 0
Rs2Flg = 0
ParLen = 2
RstFlg = 1
DlType = 64
DlFlg = 0
Uflg = 0
VT1 = 1
DS1 = &h13d4
DD = &h13f8
GT= 9
RT = DS1 'Do not change any values above this line
'^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^
Sub Main()
call Setupunlocker()
If CheckChipVer <> 1 then
Sc.MsgBox("Flash Version RSX1 needed to run this script" & VbCr & "Flash your Loader with RSX1.hex")
Exit Sub
End if
' These, AND ONLY THESE :), are the variables you can change for rom 102 any revision up to 108/244
LP1 = 20 'Number of tries per delay FROM 20-100 in multiples of 20
VS1 = 10 'YOU CAN CHANGE THIS FROM 02-255 = semi-automatic VCC range - Loader dependent
Mix = .0625 'Glitch VCC resolution - attempts per VCC = 1/mix
'^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^
VG = VS1
sc.verbose = 0
Sc.Write("A0") ' turn led off
Clearoutputwindow
If ChkCard() = 0 then
Sc.MsgBox(" Unsupported Rom Version: Rom " & T1 & ", Rev " & T4 & " found." & VbCr & "This Script is for use with Rom 102, Rev 109/244 and higher")
exit sub
End If
If T7 = 1 then
Sc.MsgBox("Card not present or is unresponsive." & VBCr & " Unable to continue.")
Exit Sub
End If
sc.verbose = 0
Sc.Write("06 0E 03 01 03 9A 00") 'reset card
sc.read(02)
bytes = sc.getbyte(1)
sc.read(bytes)
sc.delay(18)
Sc.write("2A 6023 210020A0CA00001A041801018600AA9D9D9D9D9D9D9D9D9DAE 69CC7A9BBE000000000088 0E108500")
Sc.Read(2)
bytes = sc.getbyte(1)
If bytes > 5 then
sc.read(bytes)
bytes = sc.getbyte(0)
bytes2 = sc.getbyte(3)
If bytes = 18 and bytes2 = 132 then
Sc.MsgBox("Revision 105/241 or higher code not active on the card." & VbCr & " Card may be open or revision masked." & VBCr & " Unable to continue.")
exit sub
End if
End If
StartDate = Now()
Print "Initial Parameters = Delay:" & HexString(RT, 4) & " VCC:" & HexString(VG, 2) & " Glitch Type:" & HexString(GltParm, 2) & "/" & HexString(GT, 2)& vbcr & vbcr
Do
'sc.verbose = 1
Sc.Write(HexString(GltParm, 2) & HexString(VG, ParLen))
Acnt = 0
If RstFlg = 1 then
Do
Sc.Write("06 0E 03 01 03 9A 00") 'reset card
Sc.Read(02)
Bytes = Sc.Getbyte(1)
If Bytes > 25 then
Sc.Read(27)
RstFlg = 0
Exit Do
End if
Acnt = Acnt + 1
If Acnt > 5 then
Sc.MsgBox(" Check Loader Settings. Invalid or no atr. Card SE TE CHINGO.")
exit sub
End If
Loop
'Sc.verbose = 1
Sc.write("09 6004 21C1018869 84 00")
Sc.Read(2)
bytes = sc.getbyte(1)
sc.read(bytes)
Sc.Write("14 600C 214009A0CA0000032201010E2D 0E15 5005 00")
sc.read(2)
Bytes = Sc.Getbyte(1)
Sc.Read(Bytes)
Bytes = Sc.Getbyte(3)
If Bytes <> &hA2 And Bytes <> &h6F Then
Sc.MsgBox(" Improper Cmd22 response. Unable to continue.")
Exit Sub
End If
Sc.Delay(0)
End If
If RstFlg = 0 then
'sc.verbose = 1 'debug the packets
Sc.Write("37 702C 8D00A7A000000000000000000000AA000505007AC400807180 9CA64BB76B1864CD7C1631768008AE55CC7A9B3C" & HexString(DlType,2) & HexString(RT,4) & HexString(GT,2) & "0E20 85 00")
Sc.read(2)
bytes = sc.getbyte(1)
If bytes > 5 then
sc.read(bytes)
bytes = sc.getbyte(0)
bytes2 = sc.getbyte(3)
If bytes = &hD8 and bytes2 = &h55 then
Sc.verbose = 1
UFlg = 1
End If
If bytes = &hD8 and bytes2 = &h6F then
Print "-"
VG = VG - mix
RstFlg = 0
Rs2Flg = 0
Else
Print HexString(GT,2) & "+" & HexString(bytes2,2)
RstFlg = 1
Rs2Flg = Rs2Flg + 1
VG = VG + mix
End If
Else
PRINT HexString(GT, 2) & "Rst" & HexString(VG, 2)
RstFlg = 1
Rs2Flg = Rs2Flg + 1
VG = VG + mix
End if
If Uflg = 1 then
Print " !!!!!!!" & VBCr
Sc.Write("A1")
Shell.Run "%comspec% /c echo " & Chr(07) & Chr(07) & Chr(07) & Chr(07) & Chr(07), 0, True
Sc.delay(500)
print
print "******* Good response received! *********"& VbCr
PRINT " " & HEXSTRING(bytes2,2) & VbCr
Sc.Print "===========================================" & VbCr
print " " & HexString(bytes2, 2) & " was hit at: Delay:" & HexString(RT, 4) & " VCC:" & HexString(VG, 2) & " GlitchType:" & HexString(GltParm, 2) & "/" & HexString(GT, 2) &VBCr
print " Elapsed: " & TimeDiff(StartDate,Now())& vbcr
Print " VCC Resolution: " & mix & vbcr
Print " Delay Range: " & HexString(DS1, 4) & " to " & HexString(DD, 4) & VBCr
print
PRINT "********************************" & VBCR
PRINT "* REV 10B+/289+ CAM NOW OPEN!! *" & VBCR
PRINT "* BAJADO DE *" & VBCR
PRINT "* WWW.ATMEGAMEX.COM (http://www.ATMEGAMEX.COM) :-) *" & VBCR
PRINT "********************************" & VBCR
exit sub
End If
If VG < VT1 then
VG = VS1
End If
LP2 = LP2 + 1
If LP2 > LP1 / mix then '
ClearOutputWindow
RT = RT + 1
IF RT = &h1421 Then
RT = &h1436
End If
LP2 = 0
print
print "" &vbcr
print "Ram Intercept Installed. Trying to Open the 102.... Delay:" & HexString(RT, 4) & " VCC:" & HexString(VG, 2) & " Glitch Type:" & HexString(GltParm, 2) & "/" & HexString(GT, 2) & VBCr & vbcr
sc.print "Elapsed = " & TimeDiff(StartDate,Now())& vbcr & vbcr
If RT > DD then
RT = DS1 - 1
GltParm = GltParm + 5
If GltParm > 186 Then
GltParm = 176
End If
If GltParm = 181 Then
If ReslFlg = 0 Then
ReslFlg = 1
LP1 = LP1 * 2
VS1 = VS1 * 2
VT1 = VT1 * 2
ParLen = 4
End If
End If
If GltParm <> 181 Then
If ReslFlg = 1 Then
ReslFlg = 0
LP1 = LP1 / 2
VS1 = VS1 / 2
VT1 = VT1 / 2
ParLen = 2
End If
End If
End If
End If
If VS1 >= 254 then
exit sub
End If
If DlType = &h40 Then
DlType = &h20
Else
DlType = &h40
End If
If VG =< 1 then
VG = VS1
End if
End If
If Rs2Flg >= 3 Then
Rs2Flg = 0
VG = VS1
If VT1 > 10 Then VT1 = 10
End If
If VG < VT1 Then
VG=VS1
End If
If VG + mix <=0 Then
VG = VS1
VT1=VT1+1
END If
Loop
End Sub
Function HexString(Number,Length)
Dim RetVal
Dim CurLen
RetVal=Hex(Number)
CurLen=Len(RetVal)
If CurLen<Length Then
RetVal=String(Length-CurLen,"0") & RetVal
End If
HexString=RetVal
End Function
Function CheckChipVer()
CheckChipVer = 1
sc.write("90")
delay(80)
If sc.read(4) <> 4 then
CheckChipVer = 0
Exit Function
End if
If getbyte(0) <> &H52 then CheckChipVer = 0
If getbyte(1) <> &H53 then CheckChipVer = 0
If getbyte(2) <> &H58 then CheckChipVer = 0
If getbyte(3) <> &H31 then CheckChipVer = 0
End Function
Function TimeDiff (StartTime, EndTime)
Dim Hours, Minutes, Seconds
Seconds = DateDiff("s", StartTime, EndTime)
If Seconds > 90000 Then Seconds = 90000
If Seconds < 0 Then Seconds = 0
Minutes = Seconds / 60
Minutes = Fix(Minutes)
Seconds = Seconds - (Minutes * 60)
Hours = Minutes / 60
Hours = Fix(Hours)
Minutes = Minutes - (Hours * 60)
Seconds = CStr(Seconds)
Minutes = CStr(Minutes)
Hours = CStr(Hours)
If Len(Seconds) = 1 Then Seconds = "0" + Seconds
If Len(Minutes) = 1 Then Minutes = "0" + Minutes
If Len(Hours) = 1 Then Hours = "0" + Hours
TimeDiff = Hours & ":" & Minutes & ":" & Seconds
End Function
Function ChkCard()
sc.verbose = 0
ChkCard = 1
Print ""
Print " Checking Card's Eeprom Revision ......." & VBCr
sc.delay(100)
ClearOutputWindow
Sc.Write("06 0E 03 01 03 9A 00") 'reset card
sc.read(02)
bytes = sc.getbyte(1)
If bytes < 27 then
T7 = 1
ClearOutputWindow
Exit Function
End If
sc.read(bytes)
sc.delay(16)
T1 = chr(sc.getbyte(16))
T2 = chr(sc.getbyte(17))
T3 = chr(sc.getbyte(18))
T4 = chr(sc.getbyte(23))
T5 = chr(sc.getbyte(24))
T6 = chr(sc.getbyte(25))
T1 = T1+T2+T3
T4 = T4+T5+T6
If asc(T4) = 0 then
T4 = "000"
End If
Print " Rom " & T1 & ", Rev " & T4 & " found." & VBCR
print
Sc.delay(100)
T8 = mid(T4, 3,1)
Select Case T8
Case "A"
T8 = 10
Case "B"
T8 = 11
Case "C"
T8 = 12
Case "D"
T8 = 13
Case "E"
T8 = 14
Case "F"
T8 = 15
End Select
If left(T4, 2) = 24 then
If T8 < 7 then
ChkCard = 0
exit function
End If
End If
If left(T4, 2) = 10 then
If T8 < 9 then
ChkCard = 0
exit function
End If
End If
If T1 <> "102" then
ChkCard = 0
exit function
End If
End Function
Function setupunlocker()
Wx.BaudRate = 115200
Wx.ResetBaudRate = 115200
Wx.Parity = 0 ' 0 = None, 1 = Odd, 2 = Even, 3 = Mark, 4 = Space
Wx.StopBits = 0 ' 0 = 1 stop bit, 1 = 1.5 stop bits, 2 = 2 stop bits
Wx.DTRControl = 0 ' Initial state of DTR 0 = off, 1 = on
Wx.RTSControl = 1 ' Initial state of RTS 0 = off, 1 = on
Wx.ResetDelay = 100 ' In microseconds
Wx.ByteDelay = 10 ' In microseconds
Wx.RxByteTimeout = 3000 ' In milliseconds
Wx.ResetMode = 2 ' 0 = No Resets, 1 = ISO Reset (Expect a ATR), 2 = Device Reset (No ATR)
Wx.ResetLine = 1 ' 0 = Toggle RTS for Reset, 1 = Toggle DTR for Reset
Wx.ByteConvention = 1 ' 0 = Inverse, 1 = Direct
Wx.FlushEchoByte = 0 ' 0 = no flush, 1 = flush - A Phoenix interface will echo each byte transmitted.
Wx.FlushBeforeWrite = 1 ' 0 = no flush, 1 = flush - Flush the receive buffer before each write to strip off Null bytes.
Wx.IgnoreTimeouts = 1 ' 0 = Abort script on a receive timeout, 1 = Ignore all receive timeouts
Wx.ResetAfterTimeout = 0 ' 0 = Don't reset after a timeout, 1 = do a reset after a timeout - Not used if "IgnoreTimeouts=0"
Wx.LogTransactions = 0 ' 0 = Don't log transactions, 1 = log transactions
Wx.DisplayUSW = 0 ' Display USW after script complete 0 = no, 1 = yes
Wx.DisplayFuse = 0 ' Display Fuse after script complete 0 = no, 1 = yes
End function
sirdrinks
09-27-2008, 12:44 AM
Check out this thread, I had all the pros behind me and managed to pop a stubborn one...Thanks again guys!
http://www.dssftp.com/forum/showthread.php?t=79035
kpitao
09-27-2008, 03:36 AM
Thanks sirdrinks !!! Followed instructions on the thread......................
whooo!! whooo!!!
pop two 10bs now!!!!!!!!!!! powersync 9v/300ma @ 220 ohms........... dip 1 only
again DIP 1 only, first card I looped with dips 1 & 7.............
RomMaster 1a
Parameters-> Delay:00B6 VCC:1C Glitch Type:B0/07 Timeout Factor:04
Elapsed: 00:20:45
.................................................. ...................
.................................................. ...................
.................................................. ...................
.................................................. ...................
.................................................. ...................
................................... !!!!!!!
******* Good response received! *********
55
===========================================
55 was hit at: Delay:00B6 VCC:0021 GlitchType:B0/07
Timeout Factor:03
Elapsed: 00:22:17
VCC Resolution: 0.0625
Delay Range: 00AE to 00CE
********************************
* Rom102, Rev10B CAM OPEN! *
* PROCEED AS NORMAL *
* GOOD LUCK! :-) *
********************************
__________________________________________________ _____________________________________
Parameters-> Delay:00C4 VCC:18 Glitch Type:B0/07 Timeout Factor:04
Elapsed: 00:56:44
.................................................. ...................
.................................................. ...................
.................................................. ...................
........................................ !!!!!!!
******* Good response received! *********
55
===========================================
55 was hit at: Delay:00C4 VCC:0025 GlitchType:B0/07
Timeout Factor:04
Elapsed: 00:57:46
VCC Resolution: 0.0625
Delay Range: 00AE to 00CE
********************************
* Rom102, Rev10B CAM OPEN! *
* PROCEED AS NORMAL *
* GOOD LUCK! :-) *
********************************
vBulletin® v3.8.4, Copyright ©2000-2009, Jelsoft Enterprises Ltd.