FireFoX
DZSatien Accro
- Inscrit
- 6/4/07
- Messages
- 601
peut etre qu'il faut adapter le 5030 ou passer par peut etre un rojo ou v5
perso pas de v9 donc je peut dire ce que sa vaut a vous de voir.
OPTION EXPLICIT
Dim FileName
Dim Dump
Dim OutFile
Const FileFilter = "Binary File (*.bin)|*.bin;|BIN Files (*.bin)|*.bin"
CALL setupunlocker()
Dim BootStrapCmd17
Dim BSCLen
Dim BSCRSP
Dim BSACK
Dim StartDate
Dim CmdToGlitch
Dim CTGLen
Dim CTGRSP
Dim CS
Dim Bytes
Dim BytesRead
Dim Bytes1
Dim Bytes2
Dim DelayStart
Dim DelayLimit
Dim VCCStart
Dim VCCLimit
Dim GlitchType
Dim GlitchMax
Dim GlitchMin
Dim Delay
Dim VCC
Dim Dot
Dim ATRrsp
Dim loopctr
Dim AddrHiStart
Dim AddrHiEnd
Dim RomAddr
Dim PageSet
Dim RandVCC
Dim RandDelay
Dim RandGlitch
Dim MsgPrompt
Dim MenuChoice
Dim cRet
Dim Longitud
Dim A
Sub Main()
Do
MsgPrompt="Seca3Nagra2 Dumper V9 Version de Pruebas v9.01"
MenuChoice=Sc.ButtonBox(M sgPrompt,vbDefaultButton1 +vbQuestion,"Seca3Nagra2 Dumper V9" & " Version : Beta" & " - Menu : ","Dump $3000","Dump $8000","Dump $A000","Ram","Exit")
Select Case MenuChoice
Case 1: Eep1()
Case 2: Eep2()
Case 3: Eep3()
Case 4: RAM()
End Select
Loop Until MenuChoice=5
Exit Sub
End Sub
Sub Eep1()
Dump=&h800
BootStrapCmd17 = "C1 40 01 00 67 04 65 41 01 82 00 98 9D 9D 9D 9D BC B5 71 80 CD 7E C5 30 00 00 52 01 AD 2A 3C 8C 26 F2 3C 8B 26 EE 3C 87 A6 80 B7 8B 20 E4 B7 52 A6 F0 4A 26 FD B6 52 81 AD 0C 4A AD F1 26 FB BC 86 9B A6 55 20 F2 B7 52 4F AD E7 AE 0A 43 11 00 AD DC 20 00 10 00 AD D6 98 25 04 11 00 20 04 10 00 20 00 AD C9 48 5A 26 F0 10 00 81 C4"
CmdToGlitch = "9D9D9D9D9D9D9D9D9D9D9D9D 9D9D9D9D9D0090BC"
A=0
Call SubMain()
End Sub
Sub Eep2()
Dump=&h2000
BootStrapCmd17 = "C1 40 01 00 67 04 65 41 01 82 00 98 9D 9D 9D 9D BC B5 71 80 CD 7E C5 80 00 00 52 01 AD 2A 3C 8C 26 F2 3C 8B 26 EE 3C 87 A6 80 B7 8B 20 E4 B7 52 A6 F0 4A 26 FD B6 52 81 AD 0C 4A AD F1 26 FB BC 86 9B A6 55 20 F2 B7 52 4F AD E7 AE 0A 43 11 00 AD DC 20 00 10 00 AD D6 98 25 04 11 00 20 04 10 00 20 00 AD C9 48 5A 26 F0 10 00 81 74"
CmdToGlitch = "9D9D9D9D9D9D9D9D9D9D9D9D 9D9D9D9D9D0090BC"
A=0
Call SubMain()
End Sub
Sub Eep3()
Dump=&h1C00
BootStrapCmd17 = "C1 40 01 00 67 04 65 41 01 82 00 98 9D 9D 9D 9D BC B5 71 80 CD 7E C5 A0 00 00 52 01 AD 2A 3C 8C 26 F2 3C 8B 26 EE 3C 87 A6 80 B7 8B 20 E4 B7 52 A6 F0 4A 26 FD B6 52 81 AD 0C 4A AD F1 26 FB BC 86 9B A6 55 20 F2 B7 52 4F AD E7 AE 0A 43 11 00 AD DC 20 00 10 00 AD D6 98 25 04 11 00 20 04 10 00 20 00 AD C9 48 5A 26 F0 10 00 81 54"
CmdToGlitch = "9D9D9D9D9D9D9D9D9D9D9D9D 9D9D9D9D9D0090BC"
A=0
Call SubMain()
End Sub
Sub RAM()
Dump=&h0FE0
BootStrapCmd17 = "C1 40 01 00 67 04 65 41 01 82 00 98 9D 9D 9D 9D BC B5 71 80 CD 7E C5 00 20 00 52 01 AD 2A 3C 8C 26 F2 3C 8B 26 EE 3C 87 A6 80 B7 8B 20 E4 B7 52 A6 F0 4A 26 FD B6 52 81 AD 0C 4A AD F1 26 FB BC 86 9B A6 55 20 F2 B7 52 4F AD E7 AE 0A 43 11 00 AD DC 20 00 10 00 AD D6 98 25 04 11 00 20 04 10 00 20 00 AD C9 48 5A 26 F0 10 00 81 D4"
CmdToGlitch = "9D9D9D9D9D9D9D9D9D9D9D9D 9D9D9D9D9D0090BC"
A=0
Call SubMain()
End Sub
Sub SubMain()
clearoutputwindow
Sc.Verbose = False
loopctr = 0
if CheckChipVer <> 1 then
Sc.MsgBox("Necesitas la version del ND15 para ejecutar este script" & VbCr & "Flashea el Atmel con NewD15.hex")
Exit Sub
End if
DelayStart = &h441
DelayLimit = &h9fa
VCCStart = &h05
VCCLimit = &h01
GlitchMax = 7
GlitchMin = 7
Sc.Verbose = 1 'Turn echo on - False = turns it off
if A=0 then
Call GetFileName()
end if
'--------------------------------------------------------------------------------------
BSCRSP = 8 'Expected Response = 12 00 04 84 00 90 00 02
'Length = 8 bytes
BSACK = &H55 'Boot Strap running Acknowledge byte
'************************ ************************* *************************
CTGRSP = &h01 'Length in bytes of expected response
'************************ ************************* *************************
CTGLen = GetPacketLen(CmdToGlitch)
If (CTGLen And 1) = 1 Then
Sc.MsgBox("Bad CmdToGlitch packet")
Exit Sub
End If
CTGLen = CTGLen / 2
Sc.Write("70 0A 70" & BootStrapCmd17 & "00")
Sc.Read(2)
Sc.Write("F0")
Sc.Read(1)
Longitud=Sc.GetByte(0)
Sc.Read(Longitud)
Sc.Verbose=false
GlitchType = GlitchMax
Delay = DelayStart
VCC = VCCStart
Sc.Print "Searching...." & VbCr
Dot = 0
StartDate = Now() 'Dot progress counter if Sc.Verbose = False
Do
Do
Sc.Write("A2")
Sc.Write("B0" & HexString(VCC, 2)) 'set glitch VCC
Sc.Write("08 10 0E 06 01 01 03 8F 00") 'reset card
Sc.Read(02)
ATRrsp = Sc.Getbyte(1)
if ATRrsp = &h10 then 'check card reset ok
Sc.Read(ATRrsp)
Exit Do
else
print VbCr & "NO ATR Rcv'd, trying 2nd ATR...." & VbCr
sc.delay(100)
Sc.Write("B0" & HexString(VCC, 2)) 'set glitch VCC
Sc.Write("08 10 0E 06 01 01 03 8F 00") 'reset card
Sc.Read(02)
ATRrsp = Sc.Getbyte(1)
if ATRrsp = &h10 then 'check card reset ok
Sc.Read(ATRrsp)
Exit Do
else
print VbCr & "NO 2nd ATR Rcv'd, exiting script...." & VbCr
exit sub
end if
End if
loop
'Sc.Write("02" & HexString(Delay, 4))
Sc.Write("02 15 00") 'set Tx/Rx to 32 cycles per bit
Sc.Read(02)
Sc.Write("126004C14000000 8A0CA000002120006500300")
Sc.Read(2)
cRet = Sc.Getbyte(1)
Sc.Read(cRet)
Sc.Write("A1")
if A=0 then
Sc.Write(HexString((CTGLe n + 10), 2) & "13 60" & HexString((CTGLen - 1), 2) & CmdToGlitch & "20" & HexString(Delay, 4) & HexString(GlitchType, 2) & "50" & HexString((CTGRSP - 1), 2) & "00")
'Sc.Write("12 10 0E 06 60 04" & CmdToGlitch &" 20" & HexString(Delay, 4) & " 09 0E 06 9f 00")
else
end if
Sc.Read(2)
BytesRead = Sc.Getbyte(1)
if BytesRead > 0 then
sc.verbose = true
Bytes = Sc.Read(BytesRead)
sc.verbose = false
Bytes1 = Sc.getbyte(0)
Sc.Print "VCC = "& HexString(VCC, 2) & " :: (" & TimeDiff(StartDate,Now()) & ") :: " & VbCr
Sc.Print "Retardo en el Glitch = "& HexString(Delay, 4) & VbCr
'Sc.Print "Tipo de glitch " & HexString(GlitchType, 2) & VbCr
Sc.Print "======================== ===================" & VbCr
if BytesRead > 1 then
Bytes2 = Sc.getbyte(1)
end if
'If bytes1 = &H55 or bytes1 = &HAA then
If bytes1 = &H55 or bytes1 = &H01 or bytes1 = &H52 or bytes1 = &H03 or bytes1 = &H04 or bytes1 = &H05 or bytes1 = &H06 or bytes1 = &H07 or bytes1 = &H08 or bytes1 = &H59 or bytes1 = &H0A or bytes1 = &H0B or bytes1 = &H0C or bytes1 = &H0D or bytes1 = &H0E or bytes1 = &H0F_
or bytes1 = &H10 or bytes1 = &H11 or bytes1 = &H12 or bytes1 = &H13 or bytes1 = &H14 or bytes1 = &H15 or bytes1 = &H16 or bytes1 = &H17 or bytes1 = &H18 or bytes1 = &H59 or bytes1 = &H1A or bytes1 = &H1B or bytes1 = &H1C or bytes1 = &H1D or bytes1 = &H1E or bytes1 = &H1F_
or bytes1 = &H55 or bytes1 = &H21 or bytes1 = &H22 or bytes1 = &H23 or bytes1 = &H55 or bytes1 = &H25 or bytes1 = &H26 or bytes1 = &H27 or bytes1 = &H28 or bytes1 = &H29 or bytes1 = &H2A or bytes1 = &H3B or bytes1 = &H2C or bytes1 = &H2D or bytes1 = &H2E or bytes1 = &H2F_
or bytes1 = &H30 or bytes1 = &H31 or bytes1 = &H32 or bytes1 = &H33 or bytes1 = &H34 or bytes1 = &H35 or bytes1 = &H36 or bytes1 = &H37 or bytes1 = &H38 or bytes1 = &H39 or bytes1 = &H3A or bytes1 = &H4B or bytes1 = &H3C or bytes1 = &H3D or bytes1 = &H3E or bytes1 = &H3F_
or bytes1 = &H40 or bytes1 = &H41 or bytes1 = &H42 or bytes1 = &H43 or bytes1 = &H44 or bytes1 = &H45 or bytes1 = &H46 or bytes1 = &H47 or bytes1 = &H48 or bytes1 = &H49 or bytes1 = &H4A or bytes1 = &H5B or bytes1 = &H4C or bytes1 = &H4D or bytes1 = &H4E or bytes1 = &H4F_
or bytes1 = &H50 or bytes1 = &H51 or bytes1 = &H52 or bytes1 = &H53 or bytes1 = &H54 or bytes1 = &H55 or bytes1 = &H56 or bytes1 = &H57 or bytes1 = &H58 or bytes1 = &H59 or bytes1 = &H5A or bytes1 = &H5B or bytes1 = &H5C or bytes1 = &H5D or bytes1 = &H5E or bytes1 = &H5F_
or bytes1 = &H60 or bytes1 = &H61 or bytes1 = &H62 or bytes1 = &H63 or bytes1 = &H64 or bytes1 = &H65 or bytes1 = &H66 or bytes1 = &H67 or bytes1 = &H68 or bytes1 = &H69 or bytes1 = &H6A or bytes1 = &H6B or bytes1 = &H6C or bytes1 = &H6D or bytes1 = &H6E or bytes1 = &H6F_
or bytes1 = &H70 or bytes1 = &H71 or bytes1 = &H72 or bytes1 = &H73 or bytes1 = &H74 or bytes1 = &H75 or bytes1 = &H76 or bytes1 = &H77 or bytes1 = &H78 or bytes1 = &H79 or bytes1 = &H7A or bytes1 = &H7B or bytes1 = &H7C or bytes1 = &H7D or bytes1 = &H7E or bytes1 = &H7F_
or bytes1 = &H50 or bytes1 = &H81 or bytes1 = &H82 or bytes1 = &H83 or bytes1 = &H84 or bytes1 = &H85 or bytes1 = &H86 or bytes1 = &H87 or bytes1 = &H88 or bytes1 = &H89 or bytes1 = &H8A or bytes1 = &H8B or bytes1 = &H8C or bytes1 = &H8D or bytes1 = &H8E or bytes1 = &H8F_
or bytes1 = &H50 or bytes1 = &H91 or bytes1 = &H92 or bytes1 = &H93 or bytes1 = &H94 or bytes1 = &H95 or bytes1 = &H96 or bytes1 = &H97 or bytes1 = &H98 or bytes1 = &H59 or bytes1 = &H5A or bytes1 = &H9B or bytes1 = &H9C or bytes1 = &H9D or bytes1 = &H9E or bytes1 = &H9F_
or bytes1 = &HA0 or bytes1 = &HA1 or bytes1 = &HA2 or bytes1 = &HA3 or bytes1 = &HA4 or bytes1 = &HA5 or bytes1 = &HA6 or bytes1 = &HA7 or bytes1 = &HA8 or bytes1 = &HA9 or bytes1 = &HAA or bytes1 = &HAB or bytes1 = &HAC or bytes1 = &HAD or bytes1 = &HAE or bytes1 = &HAF_
or bytes1 = &HB0 or bytes1 = &HB1 or bytes1 = &HB2 or bytes1 = &HB3 or bytes1 = &HB4 or bytes1 = &HB5 or bytes1 = &HB6 or bytes1 = &H57 or bytes1 = &HB8 or bytes1 = &HB9 or bytes1 = &HBA or bytes1 = &HBB or bytes1 = &HBC or bytes1 = &HBD or bytes1 = &HBE or bytes1 = &HBF_
or bytes1 = &H50 or bytes1 = &HC1 or bytes1 = &HC2 or bytes1 = &HC3 or bytes1 = &HC4 or bytes1 = &HC5 or bytes1 = &HC6 or bytes1 = &HC7 or bytes1 = &HC8 or bytes1 = &HC9 or bytes1 = &HCA or bytes1 = &HCB or bytes1 = &HCC or bytes1 = &HCD or bytes1 = &HCE or bytes1 = &HCF_
or bytes1 = &H50 or bytes1 = &HD1 or bytes1 = &HD2 or bytes1 = &HD3 or bytes1 = &HD4 or bytes1 = &HD5 or bytes1 = &HD6 or bytes1 = &HD7 or bytes1 = &HD8 or bytes1 = &HD9 or bytes1 = &HDA or bytes1 = &HDB or bytes1 = &HDC or bytes1 = &HDD or bytes1 = &HDE or bytes1 = &HDF_
or bytes1 = &HE0 or bytes1 = &HE1 or bytes1 = &HE2 or bytes1 = &HE3 or bytes1 = &HE4 or bytes1 = &HE5 or bytes1 = &HE6 or bytes1 = &HE7 or bytes1 = &HE8 or bytes1 = &HE9 or bytes1 = &HEA or bytes1 = &HEB or bytes1 = &HEC or bytes1 = &HED or bytes1 = &HEE or bytes1 = &HEF_
or bytes1 = &HF0 or bytes1 = &HF1 or bytes1 = &HF2 or bytes1 = &HF3 or bytes1 = &HF4 or bytes1 = &HF5 or bytes1 = &HF6 or bytes1 = &HF7 or bytes1 = &HF8 or bytes1 = &HF9 or bytes1 = &HFA or bytes1 = &HFB or bytes1 = &HFC or bytes1 = &HFD or bytes1 = &HFE or bytes1 = &H5F then
sc.verbose = true
Sc.Write("A1")
Call SaveEEprom()
Sc.Print VbCr
Sc.Print "======================== ===================" & VbCr
sc.print "Tiempo Total: " & TimeDiff(StartDate,Now()) & VbCr
Sc.Print "55 recibido!!" & VbCr
Sc.Print "Tarjeta dumpeada con éxito!!" & VbCr
Sc.Print "VCC = "& HexString(VCC, 2) & " (~" & ((5/255) * VCC) &" vdc)" & VbCr
Sc.Print "Retardo en el Glitch = "& HexString(Delay, 4) & VbCr
Sc.Print "Tipo de Glitch " & HexString(GlitchType, 2) & VbCr
Sc.Print "======================== ===================" & VbCr
Exit Sub
end if
else
print VbCr & "No se recibieron bytes....continuando...." & VbCr
End if
VCC = VCC - 1
GlitchType = GlitchType - 1
if VCC = VCCLimit then
VCC = VCCStart
Delay = Delay + .3
end if
if Delay > DelayLimit then
Delay = DelayStart
end if
if GlitchType < GlitchMin then
GlitchType = GlitchMax
end if
loopctr = loopctr +1
if loopctr = 100 then
clearoutputwindow
loopctr = 0
end if
loop
End Sub
Function GetPacketLen (Packet)
Dim Length
Dim Temp
Dim PK
Dim i
PK = ""
Length = Len(Packet) 'get packet length with spaces
for i = 1 to Length
Temp = Mid(Packet, i, 1)
if Temp <> " " then 'remove all spaces in packet
PK = PK + Temp
End if
next
GetPacketLen = Len(PK) 'return packet length without spaces
End Function
Function DoCheckSum (Packet)
Dim Temp
Dim Length
Dim PK
Dim CheckSum
Dim i
PK=""
Length = Len(Packet) 'get packet length with spaces
for i = 1 to Length
Temp = Mid(Packet, i, 1)
if Temp <> " " then 'remove all spaces in packet
PK = PK + Temp
End if
next
Length = Len(PK) 'get packet length without spaces
CheckSum = 0
for i = 0 to Length
i=i+1 'Simulate Step 2 in VB scripting
Temp = Mid(PK, i, 2)
CheckSum = CheckSum XOR Hex2Dec(Temp) 'Calc Checksum
next
DoCheckSum = HexString(CheckSum, 2) 'convert checksum to a hex strimg and return it to caller
End Function
Function Hex2Dec(HexNumber)
' This function takes 1 argument, a string containing a hex value of any digit length
' and returns the decimal equivalent
Dim DecimalValue
Dim DigitCount
Dim Digit
Dim HexDigit
HexNumber = Replace(UCase(HexNumber), " ", "")
DigitCount = Len(HexNumber)
For Digit = 1 To DigitCount
HexDigit = Mid(HexNumber, Digit, 1)
If Asc(HexDigit) < 58 Then
DecimalValue = HexDigit * 16 ^ (DigitCount - Digit)
Else
DecimalValue = (Asc(HexDigit) - 55) * 16 ^ (DigitCount - Digit)
End If
Hex2Dec = Hex2Dec + DecimalValue
Next
End Function
Function HexString(Number,Length)
' This function takes 2 arguments, a number and a length. It converts the decimal
' number given by the first argument to a Hexidecimal string with its length
' equal to the number of digits given by the second argument
Dim RetVal
Dim CurLen
RetVal=Hex(Number)
CurLen=Len(RetVal)
If CurLen<Length Then
RetVal=String(Length-CurLen,"0") & RetVal
End If
HexString=RetVal
End Function
Function CheckChipVer()
CheckChipVer = 1
sc.write("90")
sc.delay(80)
if sc.read(4) <> 4 then
CheckChipVer = 0
Exit Function
End if
if getbyte(0) <> &H4E then CheckChipVer = 0
if getbyte(1) <> &H44 then CheckChipVer = 0
if getbyte(2) <> &H31 then CheckChipVer = 0
if getbyte(3) <> &H33 then CheckChipVer = 0
End Function
Function TimeDiff (StartTime, EndTime)
Dim Hours, Minutes, Seconds
Seconds = DateDiff("s", StartTime, EndTime)
If Seconds > 90000 Then Seconds = 90000
If Seconds < 0 Then Seconds = 0
Minutes = Seconds / 60
Minutes = Fix(Minutes)
Seconds = Seconds - (Minutes * 60)
Hours = Minutes / 60
Hours = Fix(Hours)
Minutes = Minutes - (Hours * 60)
Seconds = CStr(Seconds)
Minutes = CStr(Minutes)
Hours = CStr(Hours)
If Len(Seconds) = 1 Then Seconds = "0" + Seconds
If Len(Minutes) = 1 Then Minutes = "0" + Minutes
If Len(Hours) = 1 Then Hours = "0" + Hours
TimeDiff = Hours & ":" & Minutes & ":" & Seconds
End Function
Function setupunlocker()
sc.print "________________Sett ing up WinExplorer______________ ___" & VbCr
Wx.BaudRate = 115200
Wx.ResetBaudRate = 115200
Wx.Parity = 0 ' 0 = None, 1 = Odd, 2 = Even, 3 = Mark, 4 = Space
Wx.StopBits = 0 ' 0 = 1 stop bit, 1 = 1.5 stop bits, 2 = 2 stop bits
Wx.DTRControl = 0 ' Initial state of DTR 0 = off, 1 = on
Wx.RTSControl = 1 ' Initial state of RTS 0 = off, 1 = on
Wx.ResetDelay = 100 ' In microseconds
Wx.ByteDelay = 10 ' In microseconds
Wx.RxByteTimeout = 500 ' In milliseconds
Wx.ResetMode = 2 ' 0 = No Resets, 1 = ISO Reset (Expect a ATR), 2 = Device Reset (No ATR)
Wx.ResetLine = 1 ' 0 = Toggle RTS for Reset, 1 = Toggle DTR for Reset
Wx.ByteConvention = 1 ' 0 = Inverse, 1 = Direct
Wx.FlushEchoByte = 0 ' 0 = no flush, 1 = flush - A Phoenix interface will echo each byte transmitted.
Wx.FlushBeforeWrite = 1 ' 0 = no flush, 1 = flush - Flush the receive buffer before each write to strip off Null bytes.
Wx.IgnoreTimeouts = 1 ' 0 = Abort script on a receive timeout, 1 = Ignore all receive timeouts
Wx.ResetAfterTimeout = 0 ' 0 = Don't reset after a timeout, 1 = do a reset after a timeout - Not used if "IgnoreTimeouts=0"
Wx.LogTransactions = 0 ' 0 = Don't log transactions, 1 = log transactions
Wx.DisplayUSW = 0 ' Display USW after script complete 0 = no, 1 = yes
Wx.DisplayFuse = 0 ' Display Fuse after script complete 0 = no, 1 = yes
End function
Sub SaveEEprom()
Dim ThisByte
Dim Address
Dim RetValue
Dim ByteCnt
Dim totalcount
Dim insidecount
Dim RcvdBytes
totalcount = 0 'need to read in 4 groups of 0x20 to get all from current run
sc.verbose = true
Sc.Write("06 0E 50 0F" & HexString(Dump, 4) & "00") '** use No1's new RCV routine
Sc.Delay(Dump)
Sc.Read(Dump)
Do
RcvdBytes = Sc.Getbyte(totalcount)
call Fs.FilePutc(OutFile, RcvdBytes)
Call Sc.ProgressBox ("Dumping V9", totalcount, Dump, "FINALIZADO!!")
totalcount = totalcount +1
loop until totalcount = Dump
Fs.FileClose(OutFile)
end sub
Sub GetFileName()
FileName = Fs.FileSaveDialog(FileFil ter, "Por favor, selecciona un nombre para el archivo", "V9_0_1.bin")
If FileName <> "" Then
OutFile = Fs.FileCreate(FileName)
end if
end sub
Sub FlashLED(LEDCommand)
' This subroutine flashes the LED until the script is aborted
Do
Sc.Verbose = False ' Turn off verbose mode
Sc.Write(LEDCommand) ' Turn on the LED
Sc.Delay(500) ' Wait 500ms
Sc.Write("A0") ' Turn off the LED
Sc.Delay(500) ' Wait 500ms
Loop ' Loop until the script is stopped
End Sub 'FlashLED()
perso pas de v9 donc je peut dire ce que sa vaut a vous de voir.
OPTION EXPLICIT
Dim FileName
Dim Dump
Dim OutFile
Const FileFilter = "Binary File (*.bin)|*.bin;|BIN Files (*.bin)|*.bin"
CALL setupunlocker()
Dim BootStrapCmd17
Dim BSCLen
Dim BSCRSP
Dim BSACK
Dim StartDate
Dim CmdToGlitch
Dim CTGLen
Dim CTGRSP
Dim CS
Dim Bytes
Dim BytesRead
Dim Bytes1
Dim Bytes2
Dim DelayStart
Dim DelayLimit
Dim VCCStart
Dim VCCLimit
Dim GlitchType
Dim GlitchMax
Dim GlitchMin
Dim Delay
Dim VCC
Dim Dot
Dim ATRrsp
Dim loopctr
Dim AddrHiStart
Dim AddrHiEnd
Dim RomAddr
Dim PageSet
Dim RandVCC
Dim RandDelay
Dim RandGlitch
Dim MsgPrompt
Dim MenuChoice
Dim cRet
Dim Longitud
Dim A
Sub Main()
Do
MsgPrompt="Seca3Nagra2 Dumper V9 Version de Pruebas v9.01"
MenuChoice=Sc.ButtonBox(M sgPrompt,vbDefaultButton1 +vbQuestion,"Seca3Nagra2 Dumper V9" & " Version : Beta" & " - Menu : ","Dump $3000","Dump $8000","Dump $A000","Ram","Exit")
Select Case MenuChoice
Case 1: Eep1()
Case 2: Eep2()
Case 3: Eep3()
Case 4: RAM()
End Select
Loop Until MenuChoice=5
Exit Sub
End Sub
Sub Eep1()
Dump=&h800
BootStrapCmd17 = "C1 40 01 00 67 04 65 41 01 82 00 98 9D 9D 9D 9D BC B5 71 80 CD 7E C5 30 00 00 52 01 AD 2A 3C 8C 26 F2 3C 8B 26 EE 3C 87 A6 80 B7 8B 20 E4 B7 52 A6 F0 4A 26 FD B6 52 81 AD 0C 4A AD F1 26 FB BC 86 9B A6 55 20 F2 B7 52 4F AD E7 AE 0A 43 11 00 AD DC 20 00 10 00 AD D6 98 25 04 11 00 20 04 10 00 20 00 AD C9 48 5A 26 F0 10 00 81 C4"
CmdToGlitch = "9D9D9D9D9D9D9D9D9D9D9D9D 9D9D9D9D9D0090BC"
A=0
Call SubMain()
End Sub
Sub Eep2()
Dump=&h2000
BootStrapCmd17 = "C1 40 01 00 67 04 65 41 01 82 00 98 9D 9D 9D 9D BC B5 71 80 CD 7E C5 80 00 00 52 01 AD 2A 3C 8C 26 F2 3C 8B 26 EE 3C 87 A6 80 B7 8B 20 E4 B7 52 A6 F0 4A 26 FD B6 52 81 AD 0C 4A AD F1 26 FB BC 86 9B A6 55 20 F2 B7 52 4F AD E7 AE 0A 43 11 00 AD DC 20 00 10 00 AD D6 98 25 04 11 00 20 04 10 00 20 00 AD C9 48 5A 26 F0 10 00 81 74"
CmdToGlitch = "9D9D9D9D9D9D9D9D9D9D9D9D 9D9D9D9D9D0090BC"
A=0
Call SubMain()
End Sub
Sub Eep3()
Dump=&h1C00
BootStrapCmd17 = "C1 40 01 00 67 04 65 41 01 82 00 98 9D 9D 9D 9D BC B5 71 80 CD 7E C5 A0 00 00 52 01 AD 2A 3C 8C 26 F2 3C 8B 26 EE 3C 87 A6 80 B7 8B 20 E4 B7 52 A6 F0 4A 26 FD B6 52 81 AD 0C 4A AD F1 26 FB BC 86 9B A6 55 20 F2 B7 52 4F AD E7 AE 0A 43 11 00 AD DC 20 00 10 00 AD D6 98 25 04 11 00 20 04 10 00 20 00 AD C9 48 5A 26 F0 10 00 81 54"
CmdToGlitch = "9D9D9D9D9D9D9D9D9D9D9D9D 9D9D9D9D9D0090BC"
A=0
Call SubMain()
End Sub
Sub RAM()
Dump=&h0FE0
BootStrapCmd17 = "C1 40 01 00 67 04 65 41 01 82 00 98 9D 9D 9D 9D BC B5 71 80 CD 7E C5 00 20 00 52 01 AD 2A 3C 8C 26 F2 3C 8B 26 EE 3C 87 A6 80 B7 8B 20 E4 B7 52 A6 F0 4A 26 FD B6 52 81 AD 0C 4A AD F1 26 FB BC 86 9B A6 55 20 F2 B7 52 4F AD E7 AE 0A 43 11 00 AD DC 20 00 10 00 AD D6 98 25 04 11 00 20 04 10 00 20 00 AD C9 48 5A 26 F0 10 00 81 D4"
CmdToGlitch = "9D9D9D9D9D9D9D9D9D9D9D9D 9D9D9D9D9D0090BC"
A=0
Call SubMain()
End Sub
Sub SubMain()
clearoutputwindow
Sc.Verbose = False
loopctr = 0
if CheckChipVer <> 1 then
Sc.MsgBox("Necesitas la version del ND15 para ejecutar este script" & VbCr & "Flashea el Atmel con NewD15.hex")
Exit Sub
End if
DelayStart = &h441
DelayLimit = &h9fa
VCCStart = &h05
VCCLimit = &h01
GlitchMax = 7
GlitchMin = 7
Sc.Verbose = 1 'Turn echo on - False = turns it off
if A=0 then
Call GetFileName()
end if
'--------------------------------------------------------------------------------------
BSCRSP = 8 'Expected Response = 12 00 04 84 00 90 00 02
'Length = 8 bytes
BSACK = &H55 'Boot Strap running Acknowledge byte
'************************ ************************* *************************
CTGRSP = &h01 'Length in bytes of expected response
'************************ ************************* *************************
CTGLen = GetPacketLen(CmdToGlitch)
If (CTGLen And 1) = 1 Then
Sc.MsgBox("Bad CmdToGlitch packet")
Exit Sub
End If
CTGLen = CTGLen / 2
Sc.Write("70 0A 70" & BootStrapCmd17 & "00")
Sc.Read(2)
Sc.Write("F0")
Sc.Read(1)
Longitud=Sc.GetByte(0)
Sc.Read(Longitud)
Sc.Verbose=false
GlitchType = GlitchMax
Delay = DelayStart
VCC = VCCStart
Sc.Print "Searching...." & VbCr
Dot = 0
StartDate = Now() 'Dot progress counter if Sc.Verbose = False
Do
Do
Sc.Write("A2")
Sc.Write("B0" & HexString(VCC, 2)) 'set glitch VCC
Sc.Write("08 10 0E 06 01 01 03 8F 00") 'reset card
Sc.Read(02)
ATRrsp = Sc.Getbyte(1)
if ATRrsp = &h10 then 'check card reset ok
Sc.Read(ATRrsp)
Exit Do
else
print VbCr & "NO ATR Rcv'd, trying 2nd ATR...." & VbCr
sc.delay(100)
Sc.Write("B0" & HexString(VCC, 2)) 'set glitch VCC
Sc.Write("08 10 0E 06 01 01 03 8F 00") 'reset card
Sc.Read(02)
ATRrsp = Sc.Getbyte(1)
if ATRrsp = &h10 then 'check card reset ok
Sc.Read(ATRrsp)
Exit Do
else
print VbCr & "NO 2nd ATR Rcv'd, exiting script...." & VbCr
exit sub
end if
End if
loop
'Sc.Write("02" & HexString(Delay, 4))
Sc.Write("02 15 00") 'set Tx/Rx to 32 cycles per bit
Sc.Read(02)
Sc.Write("126004C14000000 8A0CA000002120006500300")
Sc.Read(2)
cRet = Sc.Getbyte(1)
Sc.Read(cRet)
Sc.Write("A1")
if A=0 then
Sc.Write(HexString((CTGLe n + 10), 2) & "13 60" & HexString((CTGLen - 1), 2) & CmdToGlitch & "20" & HexString(Delay, 4) & HexString(GlitchType, 2) & "50" & HexString((CTGRSP - 1), 2) & "00")
'Sc.Write("12 10 0E 06 60 04" & CmdToGlitch &" 20" & HexString(Delay, 4) & " 09 0E 06 9f 00")
else
end if
Sc.Read(2)
BytesRead = Sc.Getbyte(1)
if BytesRead > 0 then
sc.verbose = true
Bytes = Sc.Read(BytesRead)
sc.verbose = false
Bytes1 = Sc.getbyte(0)
Sc.Print "VCC = "& HexString(VCC, 2) & " :: (" & TimeDiff(StartDate,Now()) & ") :: " & VbCr
Sc.Print "Retardo en el Glitch = "& HexString(Delay, 4) & VbCr
'Sc.Print "Tipo de glitch " & HexString(GlitchType, 2) & VbCr
Sc.Print "======================== ===================" & VbCr
if BytesRead > 1 then
Bytes2 = Sc.getbyte(1)
end if
'If bytes1 = &H55 or bytes1 = &HAA then
If bytes1 = &H55 or bytes1 = &H01 or bytes1 = &H52 or bytes1 = &H03 or bytes1 = &H04 or bytes1 = &H05 or bytes1 = &H06 or bytes1 = &H07 or bytes1 = &H08 or bytes1 = &H59 or bytes1 = &H0A or bytes1 = &H0B or bytes1 = &H0C or bytes1 = &H0D or bytes1 = &H0E or bytes1 = &H0F_
or bytes1 = &H10 or bytes1 = &H11 or bytes1 = &H12 or bytes1 = &H13 or bytes1 = &H14 or bytes1 = &H15 or bytes1 = &H16 or bytes1 = &H17 or bytes1 = &H18 or bytes1 = &H59 or bytes1 = &H1A or bytes1 = &H1B or bytes1 = &H1C or bytes1 = &H1D or bytes1 = &H1E or bytes1 = &H1F_
or bytes1 = &H55 or bytes1 = &H21 or bytes1 = &H22 or bytes1 = &H23 or bytes1 = &H55 or bytes1 = &H25 or bytes1 = &H26 or bytes1 = &H27 or bytes1 = &H28 or bytes1 = &H29 or bytes1 = &H2A or bytes1 = &H3B or bytes1 = &H2C or bytes1 = &H2D or bytes1 = &H2E or bytes1 = &H2F_
or bytes1 = &H30 or bytes1 = &H31 or bytes1 = &H32 or bytes1 = &H33 or bytes1 = &H34 or bytes1 = &H35 or bytes1 = &H36 or bytes1 = &H37 or bytes1 = &H38 or bytes1 = &H39 or bytes1 = &H3A or bytes1 = &H4B or bytes1 = &H3C or bytes1 = &H3D or bytes1 = &H3E or bytes1 = &H3F_
or bytes1 = &H40 or bytes1 = &H41 or bytes1 = &H42 or bytes1 = &H43 or bytes1 = &H44 or bytes1 = &H45 or bytes1 = &H46 or bytes1 = &H47 or bytes1 = &H48 or bytes1 = &H49 or bytes1 = &H4A or bytes1 = &H5B or bytes1 = &H4C or bytes1 = &H4D or bytes1 = &H4E or bytes1 = &H4F_
or bytes1 = &H50 or bytes1 = &H51 or bytes1 = &H52 or bytes1 = &H53 or bytes1 = &H54 or bytes1 = &H55 or bytes1 = &H56 or bytes1 = &H57 or bytes1 = &H58 or bytes1 = &H59 or bytes1 = &H5A or bytes1 = &H5B or bytes1 = &H5C or bytes1 = &H5D or bytes1 = &H5E or bytes1 = &H5F_
or bytes1 = &H60 or bytes1 = &H61 or bytes1 = &H62 or bytes1 = &H63 or bytes1 = &H64 or bytes1 = &H65 or bytes1 = &H66 or bytes1 = &H67 or bytes1 = &H68 or bytes1 = &H69 or bytes1 = &H6A or bytes1 = &H6B or bytes1 = &H6C or bytes1 = &H6D or bytes1 = &H6E or bytes1 = &H6F_
or bytes1 = &H70 or bytes1 = &H71 or bytes1 = &H72 or bytes1 = &H73 or bytes1 = &H74 or bytes1 = &H75 or bytes1 = &H76 or bytes1 = &H77 or bytes1 = &H78 or bytes1 = &H79 or bytes1 = &H7A or bytes1 = &H7B or bytes1 = &H7C or bytes1 = &H7D or bytes1 = &H7E or bytes1 = &H7F_
or bytes1 = &H50 or bytes1 = &H81 or bytes1 = &H82 or bytes1 = &H83 or bytes1 = &H84 or bytes1 = &H85 or bytes1 = &H86 or bytes1 = &H87 or bytes1 = &H88 or bytes1 = &H89 or bytes1 = &H8A or bytes1 = &H8B or bytes1 = &H8C or bytes1 = &H8D or bytes1 = &H8E or bytes1 = &H8F_
or bytes1 = &H50 or bytes1 = &H91 or bytes1 = &H92 or bytes1 = &H93 or bytes1 = &H94 or bytes1 = &H95 or bytes1 = &H96 or bytes1 = &H97 or bytes1 = &H98 or bytes1 = &H59 or bytes1 = &H5A or bytes1 = &H9B or bytes1 = &H9C or bytes1 = &H9D or bytes1 = &H9E or bytes1 = &H9F_
or bytes1 = &HA0 or bytes1 = &HA1 or bytes1 = &HA2 or bytes1 = &HA3 or bytes1 = &HA4 or bytes1 = &HA5 or bytes1 = &HA6 or bytes1 = &HA7 or bytes1 = &HA8 or bytes1 = &HA9 or bytes1 = &HAA or bytes1 = &HAB or bytes1 = &HAC or bytes1 = &HAD or bytes1 = &HAE or bytes1 = &HAF_
or bytes1 = &HB0 or bytes1 = &HB1 or bytes1 = &HB2 or bytes1 = &HB3 or bytes1 = &HB4 or bytes1 = &HB5 or bytes1 = &HB6 or bytes1 = &H57 or bytes1 = &HB8 or bytes1 = &HB9 or bytes1 = &HBA or bytes1 = &HBB or bytes1 = &HBC or bytes1 = &HBD or bytes1 = &HBE or bytes1 = &HBF_
or bytes1 = &H50 or bytes1 = &HC1 or bytes1 = &HC2 or bytes1 = &HC3 or bytes1 = &HC4 or bytes1 = &HC5 or bytes1 = &HC6 or bytes1 = &HC7 or bytes1 = &HC8 or bytes1 = &HC9 or bytes1 = &HCA or bytes1 = &HCB or bytes1 = &HCC or bytes1 = &HCD or bytes1 = &HCE or bytes1 = &HCF_
or bytes1 = &H50 or bytes1 = &HD1 or bytes1 = &HD2 or bytes1 = &HD3 or bytes1 = &HD4 or bytes1 = &HD5 or bytes1 = &HD6 or bytes1 = &HD7 or bytes1 = &HD8 or bytes1 = &HD9 or bytes1 = &HDA or bytes1 = &HDB or bytes1 = &HDC or bytes1 = &HDD or bytes1 = &HDE or bytes1 = &HDF_
or bytes1 = &HE0 or bytes1 = &HE1 or bytes1 = &HE2 or bytes1 = &HE3 or bytes1 = &HE4 or bytes1 = &HE5 or bytes1 = &HE6 or bytes1 = &HE7 or bytes1 = &HE8 or bytes1 = &HE9 or bytes1 = &HEA or bytes1 = &HEB or bytes1 = &HEC or bytes1 = &HED or bytes1 = &HEE or bytes1 = &HEF_
or bytes1 = &HF0 or bytes1 = &HF1 or bytes1 = &HF2 or bytes1 = &HF3 or bytes1 = &HF4 or bytes1 = &HF5 or bytes1 = &HF6 or bytes1 = &HF7 or bytes1 = &HF8 or bytes1 = &HF9 or bytes1 = &HFA or bytes1 = &HFB or bytes1 = &HFC or bytes1 = &HFD or bytes1 = &HFE or bytes1 = &H5F then
sc.verbose = true
Sc.Write("A1")
Call SaveEEprom()
Sc.Print VbCr
Sc.Print "======================== ===================" & VbCr
sc.print "Tiempo Total: " & TimeDiff(StartDate,Now()) & VbCr
Sc.Print "55 recibido!!" & VbCr
Sc.Print "Tarjeta dumpeada con éxito!!" & VbCr
Sc.Print "VCC = "& HexString(VCC, 2) & " (~" & ((5/255) * VCC) &" vdc)" & VbCr
Sc.Print "Retardo en el Glitch = "& HexString(Delay, 4) & VbCr
Sc.Print "Tipo de Glitch " & HexString(GlitchType, 2) & VbCr
Sc.Print "======================== ===================" & VbCr
Exit Sub
end if
else
print VbCr & "No se recibieron bytes....continuando...." & VbCr
End if
VCC = VCC - 1
GlitchType = GlitchType - 1
if VCC = VCCLimit then
VCC = VCCStart
Delay = Delay + .3
end if
if Delay > DelayLimit then
Delay = DelayStart
end if
if GlitchType < GlitchMin then
GlitchType = GlitchMax
end if
loopctr = loopctr +1
if loopctr = 100 then
clearoutputwindow
loopctr = 0
end if
loop
End Sub
Function GetPacketLen (Packet)
Dim Length
Dim Temp
Dim PK
Dim i
PK = ""
Length = Len(Packet) 'get packet length with spaces
for i = 1 to Length
Temp = Mid(Packet, i, 1)
if Temp <> " " then 'remove all spaces in packet
PK = PK + Temp
End if
next
GetPacketLen = Len(PK) 'return packet length without spaces
End Function
Function DoCheckSum (Packet)
Dim Temp
Dim Length
Dim PK
Dim CheckSum
Dim i
PK=""
Length = Len(Packet) 'get packet length with spaces
for i = 1 to Length
Temp = Mid(Packet, i, 1)
if Temp <> " " then 'remove all spaces in packet
PK = PK + Temp
End if
next
Length = Len(PK) 'get packet length without spaces
CheckSum = 0
for i = 0 to Length
i=i+1 'Simulate Step 2 in VB scripting
Temp = Mid(PK, i, 2)
CheckSum = CheckSum XOR Hex2Dec(Temp) 'Calc Checksum
next
DoCheckSum = HexString(CheckSum, 2) 'convert checksum to a hex strimg and return it to caller
End Function
Function Hex2Dec(HexNumber)
' This function takes 1 argument, a string containing a hex value of any digit length
' and returns the decimal equivalent
Dim DecimalValue
Dim DigitCount
Dim Digit
Dim HexDigit
HexNumber = Replace(UCase(HexNumber), " ", "")
DigitCount = Len(HexNumber)
For Digit = 1 To DigitCount
HexDigit = Mid(HexNumber, Digit, 1)
If Asc(HexDigit) < 58 Then
DecimalValue = HexDigit * 16 ^ (DigitCount - Digit)
Else
DecimalValue = (Asc(HexDigit) - 55) * 16 ^ (DigitCount - Digit)
End If
Hex2Dec = Hex2Dec + DecimalValue
Next
End Function
Function HexString(Number,Length)
' This function takes 2 arguments, a number and a length. It converts the decimal
' number given by the first argument to a Hexidecimal string with its length
' equal to the number of digits given by the second argument
Dim RetVal
Dim CurLen
RetVal=Hex(Number)
CurLen=Len(RetVal)
If CurLen<Length Then
RetVal=String(Length-CurLen,"0") & RetVal
End If
HexString=RetVal
End Function
Function CheckChipVer()
CheckChipVer = 1
sc.write("90")
sc.delay(80)
if sc.read(4) <> 4 then
CheckChipVer = 0
Exit Function
End if
if getbyte(0) <> &H4E then CheckChipVer = 0
if getbyte(1) <> &H44 then CheckChipVer = 0
if getbyte(2) <> &H31 then CheckChipVer = 0
if getbyte(3) <> &H33 then CheckChipVer = 0
End Function
Function TimeDiff (StartTime, EndTime)
Dim Hours, Minutes, Seconds
Seconds = DateDiff("s", StartTime, EndTime)
If Seconds > 90000 Then Seconds = 90000
If Seconds < 0 Then Seconds = 0
Minutes = Seconds / 60
Minutes = Fix(Minutes)
Seconds = Seconds - (Minutes * 60)
Hours = Minutes / 60
Hours = Fix(Hours)
Minutes = Minutes - (Hours * 60)
Seconds = CStr(Seconds)
Minutes = CStr(Minutes)
Hours = CStr(Hours)
If Len(Seconds) = 1 Then Seconds = "0" + Seconds
If Len(Minutes) = 1 Then Minutes = "0" + Minutes
If Len(Hours) = 1 Then Hours = "0" + Hours
TimeDiff = Hours & ":" & Minutes & ":" & Seconds
End Function
Function setupunlocker()
sc.print "________________Sett ing up WinExplorer______________ ___" & VbCr
Wx.BaudRate = 115200
Wx.ResetBaudRate = 115200
Wx.Parity = 0 ' 0 = None, 1 = Odd, 2 = Even, 3 = Mark, 4 = Space
Wx.StopBits = 0 ' 0 = 1 stop bit, 1 = 1.5 stop bits, 2 = 2 stop bits
Wx.DTRControl = 0 ' Initial state of DTR 0 = off, 1 = on
Wx.RTSControl = 1 ' Initial state of RTS 0 = off, 1 = on
Wx.ResetDelay = 100 ' In microseconds
Wx.ByteDelay = 10 ' In microseconds
Wx.RxByteTimeout = 500 ' In milliseconds
Wx.ResetMode = 2 ' 0 = No Resets, 1 = ISO Reset (Expect a ATR), 2 = Device Reset (No ATR)
Wx.ResetLine = 1 ' 0 = Toggle RTS for Reset, 1 = Toggle DTR for Reset
Wx.ByteConvention = 1 ' 0 = Inverse, 1 = Direct
Wx.FlushEchoByte = 0 ' 0 = no flush, 1 = flush - A Phoenix interface will echo each byte transmitted.
Wx.FlushBeforeWrite = 1 ' 0 = no flush, 1 = flush - Flush the receive buffer before each write to strip off Null bytes.
Wx.IgnoreTimeouts = 1 ' 0 = Abort script on a receive timeout, 1 = Ignore all receive timeouts
Wx.ResetAfterTimeout = 0 ' 0 = Don't reset after a timeout, 1 = do a reset after a timeout - Not used if "IgnoreTimeouts=0"
Wx.LogTransactions = 0 ' 0 = Don't log transactions, 1 = log transactions
Wx.DisplayUSW = 0 ' Display USW after script complete 0 = no, 1 = yes
Wx.DisplayFuse = 0 ' Display Fuse after script complete 0 = no, 1 = yes
End function
Sub SaveEEprom()
Dim ThisByte
Dim Address
Dim RetValue
Dim ByteCnt
Dim totalcount
Dim insidecount
Dim RcvdBytes
totalcount = 0 'need to read in 4 groups of 0x20 to get all from current run
sc.verbose = true
Sc.Write("06 0E 50 0F" & HexString(Dump, 4) & "00") '** use No1's new RCV routine
Sc.Delay(Dump)
Sc.Read(Dump)
Do
RcvdBytes = Sc.Getbyte(totalcount)
call Fs.FilePutc(OutFile, RcvdBytes)
Call Sc.ProgressBox ("Dumping V9", totalcount, Dump, "FINALIZADO!!")
totalcount = totalcount +1
loop until totalcount = Dump
Fs.FileClose(OutFile)
end sub
Sub GetFileName()
FileName = Fs.FileSaveDialog(FileFil ter, "Por favor, selecciona un nombre para el archivo", "V9_0_1.bin")
If FileName <> "" Then
OutFile = Fs.FileCreate(FileName)
end if
end sub
Sub FlashLED(LEDCommand)
' This subroutine flashes the LED until the script is aborted
Do
Sc.Verbose = False ' Turn off verbose mode
Sc.Write(LEDCommand) ' Turn on the LED
Sc.Delay(500) ' Wait 500ms
Sc.Write("A0") ' Turn off the LED
Sc.Delay(500) ' Wait 500ms
Loop ' Loop until the script is stopped
End Sub 'FlashLED()
