[cablecowboy]

Can someone help me understand this. i put the test bin on a rom 3 andflashed my t911 with newd6 and this is what i got. So can someone please explain what info i take from this and use in the unlock. i have read many posts and cant figure out what info to take and where to change the info in unlock. Thanks for your help.

Executing Script: C:\Documents and Settings\Owner\My Documents\My Documents\temp\For Both Rom-3 & 10.xvb
________________Setting up WinExplorer_________________

Sc.Read: Timeout Reading Data From Card - 4 Bytes Requested, 0 Bytes Read, Continuing Script

TX Data : 07 0E 03 10 01 03 9A 00
RX Data : 07 1B
RX Data : 0C FF 95 00 FF 91 81 71 64 47 00 44 4E 41 53 50
30 30 33 20 52 65 76 33 37
++++++++++++++++++++++++++++++++++++++++++++++++++ +--- Delay=10A5 Vcc=6E
++++++++++++++++++++++++++++++++++++++++++++++++++ ++--- Delay=10A6 Vcc=3A
+++++++++++++++++++++++++++++-++++---+-+++++---+-+----- Delay=10A7 Vcc=1C
+--++++--+-+++--++---+-+-++-++-+---+++---+--+--+++++--- Delay=10A8 Vcc=18
-+----+++--++---++-+--+++---+-+-++-+---++++-+---+-+---- Delay=10A9 Vcc=1C
++-+-+-++--+-+-+-+-+-+-+--+++-+-+--+-++----+++--+--+--- Delay=10AA Vcc=1C
+-+++---+-++--++-+--+-+++---++-+-+-++-+-+-+----+++-+--- Delay=10AB Vcc=1A
---+++-++--+--+-+--+++-+---++++-+--+-++----+++-+-+-+--- Delay=10AC Vcc=1A
+---+--+++-+---+++--+--++++-+--+--+++---+-++--++-+----- Delay=10AD Vcc=1C
++-+--++-++-+--+---+-+++--+-+-+++---+++-+-+-++---+----- Delay=10AE Vcc=1C
++-+-+-+---++-++--++---++++--+-++---++-+++--+--+-++---- Delay=10AF Vcc=1A
--+++--+--+++---+--+++-+--+-++-+---+++++----+++---+---- Delay=10B0 Vcc=1C
+-+++---+++---+-++-++--+-++--+-+-+-++--+++--+---++-+--- Delay=10B1 Vcc=1A
---++++--+-+++---+-+-+--++-+--+--+-+++---+++--++--+---- Delay=10B2 Vcc=1C
+-++--++-++--+-++---++-+-+++----++--+-++-++-+-+-+----- Delay=10B3 Vcc=1B
+--+-++--++-++-++--+-+-+---+-+-++--++-+--+-++--+-++---- Delay=10B4 Vcc=1B
-++--+-+++-+---++-++--+-+--+-+-+++---+-+-+-+++--++----- Delay=10B5 Vcc=1B
-+--++--++--++++--+-+---+++--+-++-+++---++--+-+-+-+---- Delay=10A2 Vcc=1B
++-----++++-+--+++-+--++-++----+-++-+--++--+-+-+++-+--- Delay=10A3 Vcc=19
+--+-+---+-++-++---++-+--+-+-+++---+++-+--+++----+-+--- Delay=10A4 Vcc=1B
+--+-+-++-+--+-+-+-+-+-+++---++-+-++--+-+-+-++--+-++--- Delay=10A5 Vcc=19
---+++---+-+-++-+-+++-+----+++---+-+--+-++-+++--+-++--- Delay=10A6 Vcc=19
+-+--+-++-----+++--++--+-+-++--++-+-+--++-++---+-+++--- Delay=10A7 Vcc=19
--+-+-+-++---+-+-+-+++-----++++-+--+++-+---++-+--++---- Delay=10A8 Vcc=1B
+--+++-+-+-+-+-+---+---+++++--+-+--+-++--+-+-+-+++----- Delay=10A9 Vcc=1B
-+++-+-+--++---+++--++---+-+++-+-+--++-----+++---+++--- Delay=10AA Vcc=1B
+-+++-+----+-+--+++--+-+-+-+---++++-+-+-+--+--++-+-+--- Delay=10AB Vcc=1B
+--++--+--+++-+-+--++--++--+-+-++--+-++-++--++-+--++--- Delay=10AC Vcc=19
--+--+-++--+-+-+-++-+-+-++-+---+-+++-+---++--+-+-+-+--- Delay=10AD Vcc=1B
+--+++--++-+--+-++--+-+-++----+-+--+++-+-++-++--+--+--- Delay=10AE Vcc=1B
++--+--++-+---++++-----+++-+-+-+-+-+++-++--++----++---- Delay=10AF Vcc=1B
+--++-+-+--++----+-+++-+++--+-+---+++-+-+--+-+-+++----- Delay=10B0 Vcc=1B
++--+--++-++---+++--+--++-+-+--++--+++-+----++-++++---- Delay=10B1 Vcc=19
-++---+-+--+++--+--+-++-+--++--+-+-+++--+--+++-+-+----- Delay=10B2 Vcc=1B
+-+----+++--+-++-+-+-+-++--+---+++-+++--+--+++--+----- Delay=10B3 Vcc=1C
+--+++--+--++-+-++-+-+++---++--++---+-++---+++--+--+--- Delay=10B4 Vcc=1C
+-++--+-++-+--+-+++---+++--+---+++--+-+-+++----++++---- Delay=10B5 Vcc=1A
-+-+-+--+--+++-+-+-++--++--+++--+--++-+--+--++--+--+--- Delay=10A2 Vcc=1C
++--+--+++-++-+---+--+-++--++--+++--+--++++-+--++------ Delay=10A3 Vcc=1C
+-+-+-+++---++--+-++-++--+-+---++-+-++-+---++-+-+-+---- Delay=10A4 Vcc=1C
+-+-++-+-++----++++---++-+-++--+++--+-+-++-----+++-+--- Delay=10A5 Vcc=1A
+---++-+-+-+-+-+-+-+-++----+++-++---+-+-+-++---+-+++--- Delay=10A6 Vcc=1A
+-+--++--+-+-+-++-+-+--+-++--+-+--++--+-++--+-+++----- Delay=10A7 Vcc=1B
-+-++--++--+-+--+++-++-+--+-++----+++--+-+++-+--+--+--- Delay=10A8 Vcc=1B
-+--++-+--+-+++-++---+-+-++--+-++-+-+-+--++-++--++-+--- Delay=10A9 Vcc=19
-+-+--+--+--++++--+-+-++---+++--++-+-+-+---++--+-+-+--- Delay=10AA Vcc=1B
-+++-+---++-++-+-+--++-+-+--+--+-++----+++++---+++----- Delay=10AB Vcc=1B
+--++-++-+--+--++-+++-+----+-+++---+++---+-++--+++-+--- Delay=10AC Vcc=19
-+--++--++-++-+---+-+--+++--+--++++----+++---+-+++----- Delay=10AD Vcc=1B
--++++-++-+--+--+-+-+-+--+-+++---+-+-+++--++---+++----- Delay=10AE Vcc=1B
+-+--+-+++--+--++-+--+-++-+-+--+++-+-+---+++---++-++--- Delay=10AF Vcc=19
---+-+-++--++-+---++++-+--+-+--+--+++--++-+--++-+-+--- Delay=10B0 Vcc=1A

[Cid6.7]

Personally I think that test.bin is a waist of time..
Just use any of the rom3 unlock scripts & be sure its running correctly & it will pop..

[cablecowboy]

thanks cid, i have popped 4 of 6 rom 3 but this one wont pop and i looped the other one.

[cablecowboy]

This is what i get when i read the one that wont pop.
In nagra. Any ideas cid.
Opening of COM1 was successful
ATR String: 3F FF 95 00 FF 91 81 71 64 47 00 44 4E 41 53 50
30 30 33 20 52 65 76 33 38 33 F5
ROM Revision: 003
EEPROM Revision: Rev383
Logging into card
Checking for BackDoor
BackDoor appears to be closed, aborting
Error reading image from card
Closing of COM1 was successful
Error detected, One Step Clean incomplete

[Cid6.7]

One night before you head to bed
set the delaystart to 0000 & limit to 15000..
It might just pop it over night..
How long have you let it run for in the past...
Also the one you looped can be fixed

The 07 1B is a good sign, you are supposed to let the test bin run until you get 2 results, one will say glitched past OC bug and some settings. the other will give you a shorter report of success. Record those results somewhere and supposedly use them to put into the actual unloopin part of the program.

[cablecowboy]

thanks cid and thanks cimba i will give that a try. and let you know. I have let it run for 8hrs once and 15 hours a second time.

What programs have you tried ? Like Cid said, skip the analyzer for now. Open the Penga rom3unlock.xvb and run the unlooper using default settings, let it run overnight. Also you can try TopGun, option 1. to start anyway.

[Cid6.7]

Stick the looped one in the freezer overnight then take it out & imediatly stick it in the glitcher
Worked on mine but then I forgot to read it in nagra 2 & I looped it again..lmao

[cablecowboy]

ive try powersyncunlockallver 2a,2b i havent tried ver3 yet. i heard you have to manually set that programm and thats out of my league untill i read up on it. ill take cimbas advice and try and find pengas and topgun in the downloads.

thanks for the help guys!

TopGun is also very similiar or the same as Smart Toy's Modded Rom 3 & 10 unlockers.

[cablecowboy]

hey cimba i ran pengas rom3unlock.xvb over night and this is what happened

o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6 Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6F--- try to hit 0C bug at 10A7
o00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo0 0o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00--- try to hit 0C bug at 10A2
o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6 Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6F--- try to hit 0C bug at 10A3
o00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo0 0o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00--- try to hit 0C bug at 10A4
o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6 Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6F--- try to hit 0C bug at 10A5
o00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo0 0o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00--- try to hit 0C bug at 10A6
o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6 Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6F--- try to hit 0C bug at 10A7
o00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo0 0o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00--- try to hit 0C bug at 10A2
o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6 Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6F--- try to hit 0C bug at 10A3
o00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo0 0o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00--- try to hit 0C bug at 10A4
o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6 Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6F--- try to hit 0C bug at 10A5
o00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo0 0o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00--- try to hit 0C bug at 10A6
o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6 Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6F--- try to hit 0C bug at 10A7
o00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo0 0o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00--- try to hit 0C bug at 10A2
o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6 Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6F--- try to hit 0C bug at 10A3
o00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo0 0o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00--- try to hit 0C bug at 10A4
o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6 Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6F--- try to hit 0C bug at 10A5
o00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo0 0o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00--- try to hit 0C bug at 10A6
o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o

Sc.Read: Timeout Reading Data From Card - 2 Bytes Requested, 0 Bytes Read, Continuing Script
00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo00o6Fo

Sc.Read: Timeout Reading Data From Card - 2 Bytes Requested, 0 Bytes Read, Continuing Script

Script Error on Line 244
Sc.GetByte: Requested Byte Exceeds Last Read Request

this is just the end of the script. I tried it twice and got another script error.
I will run top gun option 1 all day while im at work. Am I doing it right i have the loader flashed with newd6 and i left the looper on its default settings like you said.

Thanks for your help!

[Cid6.7]

cablecoboy is that card streamlocked 383..?
If it is it will never pop with those winexp setting's...You need to set it to the loader 2 settings for unlocking..
For the LOOPED card do as he said with topgun..

[cablecowboy]

oh ok cid. I'll change the settings. Cimba told me to use the default settings. I'm pretty sure it is streamed locked because it came from a cancelled sub. Hey cid are you in canada, if your looking for a project or three i have a rom 10 rev a23 that wont pop and rhe looped rom3 and this rom3 rev 383 that wont pop. Ill gladly send them your way if your interested.because i give up. I tried the freezer thing and it didnt work for the looped rom 3 but then again i used the default settings on it.

If your bored pm me with your address and ill send them to you.

[Cid6.7]

Give fearlss-1 a PM..
He's in Canada

[cablecowboy]

thanks ill do that.

What I meant was use the default VCC and delay settings in the unlooper program, not the default winex settings. I thought that was clear when I said
"Open the Penga rom3unlock.xvb and run the unlooper using default settings, let it run overnight". Guess I could have spelled it out better.

[cablecowboy]

my mistake sorry cimba. I'm new to glitching and I flat out misunderstood you. I thought you meant click on unlooper in winexplorer configure parameters and use the default settings. Call me stupid I deserve it. Live and learn. That would explain why my card is still locked. thanks for your help cimba and cid, I will send the rest of my cards out to someone.

Nobody is calling you stupid, I need to be clearer and due to my illness and death in the family I am a little(well alot) cranky and impatient. Your doing fine man and it is definitely a learning curve involving lots of silly questions/mistakes; I know because I invented alot of them. Don't give up, it's a hobby and it can be challenging.
If you set up your modded loader with the special WinEx settings and save as Loader 2 then run the appropriate program for your rom(3 or 10) then you should be ok to pop a streamlocked card, even in TopGun which has option 1 as a setting for those rom 3 cards that are streamlocked.
If you search around you will find a # of proggies(let me know if you need help) for both rom situations. Sorry for jumping on ya earlier, heh, us Canucks gotta stick together EH . lol

I have flashed my T911 used a rom 3 unlooper scropt trying to unloop rom 3 Rev 383 set dip to 2&5 to on no luck trying to unloop says no atr detected but when i open nagra edit there the card is so is there a problem with my T911?

same as other responses says backdoor locked any help would be great thanks

When you read the card in Nagra it gives you an ATR ? What did you flash the modded loader with ? Do you have your WinEx 5.0 settings reset to the recommended ones for modded loaders and saved as Loader 2 ? Have you read the how-to guide for modded loaders in Dishnet Card programming forum ?

[cablecowboy]

lol cimba, no hard feelings here. Sorry to hear about your personal problems and hopefully things will get better for you.

cant pop card left it ruuning all night using glitch 3 script all I am getting is 06f06f blah blah
can some one help
I did flash my nexus 911 with newd6 befor running script
please help

You're close, but I'm not familiar with the Nexus and its settings. What program exactly are you running and what VCC, delay settings are you using ? Try other programs as well but it sounds like you just need to adjust your VCC's or your pot(if it has one)

Sub Main()
DelayStart = &h10A4
DelayLimit = &h10A5
VCCStart = &h23 'YOU CAN CHANGE THIS FROM 20 TO 50-SET TO TEST BIN
VCCLimit = &h1A 'YOU CAN CHANGE THIS FROM 1A TO 30-SET TO TEST BIN
GlitchType = &h06
TryCnt = 1
TryLimit = 2
Delay = DelayStart
VCC = VCCStart

' turn led off
sc.verbose=TRUE
Sc.Write("A0")
Sc.Delay(500)
' card is in turn led on
Sc.Write("A1")

' get atr
sc.verbose=TRUE
Sc.Write("07 0e 03 10 01 03 9a 00") 'reset card
Sc.Read(02)
Bytes = Sc.Getbyte(1)
if Bytes > 25 then
Sc.Read(25)
end if
sc.verbose=false

Do

if GlitchType < &h40 then
GlitchType = GlitchType + 1
end if
if GlitchType = &h08 then GlitchType = &h04 end if
VCC = VCC - 1.0
if VCC < VCCLimit then
VCC = VCCStart
END IF
RT = RT + 1
if rt > &H33 then
rt = &H33
END IF
'GlitchType = &h06



Sc.Write("B0" & HexString(VCC, 2))

Sc.Write("0E 10 0e 03 01 02"& HexString(GlitchType, 2) & HexString(Delay, 4) & "03 23 9B 80 02 00")
Sc.Read(02)

Bytes = Sc.Getbyte(1)
BYTES = 0
SENDOVERFLOW()
PRINT HEXSTRING(bytes,2)
BYTES = 0
if Bytes > 10 then
Bytes = Sc.Read(9)
Bytes = Sc.Getbyte(0)
PRINT HEXSTRING(bytes,2)
if Bytes = &H0A then
print
Sc.Print "===========================================" & VbCr
Sc.Print "VCC = "& HexString(VCC, 2)
SC.PRINT "-" & HexString(GlitchType, 2) & HexString(Delay, 4)
Sc.Print " GLITCHED past 01 BUG" & VbCr
PRINT HEXSTRING(SC.GETBYTE(0),2) & HEXSTRING(SC.GETBYTE(1),2) & HEXSTRING(SC.GETBYTE(2),2)& HEXSTRING(SC.GETBYTE(3),2)& VbCr
Sc.Print "===========================================" & VbCr
End if
if Bytes = &H0B then
print
Sc.Print "===========================================" & VbCr
Sc.Print "VCC = "& HexString(VCC, 2)
SC.PRINT "-" & HexString(GlitchType, 2) & HexString(Delay, 4)
Sc.Print " GLITCHED past 0A BUG" & VbCr
PRINT HEXSTRING(SC.GETBYTE(0),2) & HEXSTRING(SC.GETBYTE(1),2) & HEXSTRING(SC.GETBYTE(2),2)& HEXSTRING(SC.GETBYTE(3),2)& VbCr
Sc.Print "===========================================" & VbCr
End if
if Bytes = &H3F then
print
Sc.Print "===========================================" & VbCr
Sc.Print "VCC = "& HexString(VCC, 2)
SC.PRINT "-" & HexString(GlitchType, 2) & HexString(Delay, 4)
Sc.Print " GLITCHED past 0C BUG" & VbCr
PRINT HEXSTRING(SC.GETBYTE(0),2) & HEXSTRING(SC.GETBYTE(1),2) & HEXSTRING(SC.GETBYTE(2),2)& HEXSTRING(SC.GETBYTE(3),2)& VbCr
Sc.Print "===========================================" & VbCr
End if


bytes = 0
if Bytes > 0 then
Bytes = Sc.Read(Bytes)
END IF

if Bytes > 3 then
Bytes = Sc.Getbyte(1)
br2(1)= sc.getbyte(2)
else
Bytes = 0
End if
if Bytes = &H77 then

br2(2)= sc.getbyte(3)
br2(3)= sc.getbyte(4)
Sc.Print VbCr
Sc.Print "===========================================" & VbCr
Sc.Print "Success on Glitch Try #" & TryCnt2 & VbCr
Sc.Print "VCC = "& HexString(VCC, 2) & " (~" & ((5/255) * VCC) &" vdc)" & VbCr
Sc.Print "Glitch Delay = " & HexString(RT, 4) & VbCr
Sc.Print "Glitch type " & HexString(GlitchType, 2) & VbCr
Sc.Print "READ 20-23 OF bug glitch " & HexString(br2(1), 2) & HexString(br2(2), 2) & HexString(br2(3), 2)& VbCr

if GlitchType < &h08 then
Sc.Print "Glitched on high clock phase" & VbCr
else
Sc.Print "Glitched on low clock phase" & VbCr
end if
Sc.Print "===========================================" & VbCr
end if
end if
if opencam = 1 then
'TURN LED OFF
print
print"========================= "& VbCr
print"= CAM IS OPEN NOW !!!!! = "& VbCr
print"========================= "& VbCr
Sc.Write("A0")
Exit Sub
end if

TryCnt2 = TryCnt2 + 1
if trycnt2 > 30 then
IF DELAYSTART > &H10A6 THEN ' 10A6 OR 10B4
DELAYSTART=&H10A1 '10A1
END IF
DelayStart = DelayStart + 1
DelayLimit = DELAYSTART + 1
DELAY=DELAYSTART
TRYCNT2 = 0
PRINT "--- try to hit 0C bug at " & HexString(DELAYSTART, 4) & VbCr
END IF
LOOP

End Sub

Function HexString(Number,Length)
' This function takes 2 arguments, a number and a length. It converts the decimal
' number given by the first argument to a Hexidecimal string with its length
' equal to the number of digits given by the second argument
Dim RetVal
Dim CurLen
RetVal=Hex(Number)
CurLen=Len(RetVal)
If CurLen<Length Then
RetVal=String(Length-CurLen,"0") & RetVal
End If
HexString=RetVal
End Function

Sub SENDOVERFLOW()

PRINT "o"
'SC.DELAY(100)

Sc.Write("470E051503FFFF00BC0000000000000000000000 0000")
Sc.Write("00000000000000000000000000000000")
Sc.Write("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00")
Sc.Write("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00")

Sc.Read(2)

Sc.Write("46 0E 05 03 FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00")
Sc.Write("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00")
Sc.Write("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00")
Sc.Write("00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00")
Sc.Read(2)

Sc.Write("460E0503FF0000000000000030313233E0518137 41")
Sc.Write("42434445464748010100000000FF0000")
Sc.Write("000000CD0000C39B9CAE71A696B74EA6")
Sc.Write("05CD7801CC73810000000000000000000200")
Sc.Read(2)

Sc.Write("0D 0E 05 03 C7 60 00 60 00 60 00 60 AA 00")
Sc.Read(2)


Sc.Write("2F 03 0E 05 E8 21 00 25 A0 20 00 00 20 8F AB C2 64 44 9A FE 70 1D E7 62 FA B1 4C 31 06 00 11 22 33 44 55 66 77 88 99 AA BB CC DD EE FF DE 85 00")
Sc.Read (2)
Bytes = Sc.Getbyte(1)
if Bytes > 4 then
Bytes = Sc.Read(4)
Bytes = Sc.Getbyte(3)
if bytes = &h63 then
OPENCAM = 1
end if
end if

END SUB
pot i dont know if2.2 or i just turn little after complete Couter clock turn

Go to this link, try this program I posted in post #8 on the page. Also do you have a digital meter to read your pot ? Adjust your Vcc start and limit up or down.
Read the how to guide in the sticky by Crazy1, good info.

http://www.dssftp.com/forum/showthread.php?t=32931

Sorry but I have to go for a while. Found this,
"Well that clears a few things up for me. Ok now I get it about the D9 flash and analyze. See before I was looking for it to ask me to analyze like it does when it is flashed with
D6-1. Anyway I did that got a ceiling and a floor setting with the D9 flash. I did write it down, .

vcc ceiling=27
vcc floor=1F

Ok I flashed to the D6-1 and went back to powerunlock and did like you said.

Delay Start &h10A4
Delay Limit &h10A5
VCC Start &h27
VCC Limit &h1F

I was getting o6Fo6Fo6F. I let it run, then about 10 minutes I got this"

o6Fo6Fo6Fo6Fo6Fo6Fo6Fo6Fo6Fo6Fo6Fo00o63
=========================
= CAM IS OPEN NOW !!!!! =
=========================

what are you trying to say
is that I have reflash nexus with D6 and D9
???

Executing Script: C:\Documents and Settings\Asif\Desktop\New Folder (2)\rom3unlocker-glitcher2 rev383 penga69 unlocker\unlockrom3.XVB
TX Data : A0
TX Data : A1
TX Data : 07 0E 03 10 01 03 9A 00
RX Data :

Script Error on Line 76
Sc.Read: Timeout Reading Data From Card - 2 Bytes Requested, 0 Bytes Read
thats what i get now
what should i do now

i got ceeling and floor in vcc analize and i putted in glitch 3 script and ran it
and now its giving me this error
TX Data : B0 25
TX Data : 07 0E 02 10 01 03 9A 00
RX Data : 07 1B
RX Data : 3F FF 95 00 FF 91 81 71 64 47 00 44 4E 41 53 50
30 30 33 20 52 65 76 33 38 33 F5
TX Data : 15 0E 10 15 C5 21 00 02 A0 28 AB 80 02 50 00 2C
03 20 00 80 8A 00
RX Data : 0E 01
RX Data : 12

Script Error on Line 76
Sc.GetByte: Requested Byte Exceeds Last Read Request

whats next