There is NO receiver ID # information on the
Serial EEPROM OR the TSOP Flash.
It appears as though the ID# does not exist on the
the smart chip(ST19AF08) either. After swap out of chips from identical receivers - there was no change in reported ID number.

Where else could the data be stored? If anyone has some ideas/thoughts, I'd love to hear them.

So I guess this effort has died?

Quote:

Originally Posted by BossMonkey

The subscription is stored on the flash. That's why that cloning hack works.
Key Changes are where Im running into trouble I do belive But I could be wrong.

Ok... provide some proof of your theory. If two flash dumps from two identical xm radio's are compared, where are the differences found?

Quote:

Originally Posted by BossMonkey

To be honest I dont know I havent tried dumping the flash. But with ability to clone one unit from another that just seems to be the logical choice to me. Dish dose it that way & that experience is what Im drawing my assumption from. Am I wrong? I know you put more thinking into this than I have. And like you Im only trying to find a way in...

P.S They might have put it in Ram on the Cpu or in the added on Static RAM not the best way to get things done. I read in the datasheet that they can mask memory Or you maybe dumping something other than rom Is that possable?

RAM is temporary storage... The CPU has no data storage capability...
Subscription is stored in ST19AF08. Keep reading as most other information found about XM hacking is bogus & doesn't work.
Getting into the ST19AF08 is beyond my capability right now. Perhaps the answer is through firmware modification?

Quote:

Originally Posted by BossMonkey

One thing is for sure I think you & I can find away to do this. This is not out of the realm of possibility. And I can also see using what we learn put to practical use in charlies world...

My flash dumps were taken directly from the chip using an eeprom programmer - no jtag was used. That method is a waste of time and will more than likely cause the average electronics tinkerer to destroy both an xm receiver & a dish receiver. Not recommended. XM has almost no similarities with dish other than being a satellite receiver.
Different stream encryption routines + different smart card processor(CAP)
Keep thinking - I'm open to suggestions & will try them if you can come up with a valid idea.

Quote:

Originally Posted by BossMonkey

Lets also get this out in the open I read they use the method as dish to decrypt keys is that verifiable? Or do they use the dtv side tiers & experatition dates?

Can you provide a link to that reference? My best guess is their subscription level structure is completely different than either dish or dtv. I have not been able to read the ST19AF08 so I couldn't tell you for sure.
Keep in mind that this chip was approved for financial transactions as such, it is probably one of the most secure chips available. Getting into the ST19AF08 family would leave a gap far and wide that could effect the financial market if ported to a credit card/debit card. I don't know for sure if they actually use this smart card for financial purposes or not. Either way, who would be liable if a comprimise was released? I sure as hell wouldn't want it to be me.

Quote:

Originally Posted by BossMonkey

Yes I can provide a link its old info but one of many links I have found on the subject

http://www.river-lemon.org/xm.htm

I remember that one... all they're posting here is secondhand information that wasn't verified. The flash cannot hold the subscription. You can discard this link as bogus.