home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
WINMX Assorted Textfiles
/
Ebooks.tar
/
Text - Tech - Hacking - DSS Buyers FAQ (TXT).zip
/
DSS Buyer's FAQ.txt
Wrap
Text File
|
1999-04-02
|
51KB
|
691 lines
DSS Buyer's FAQDSS TEST CARDS BUYER’S FAQ
Version 1.0
May 15th, 1998
Compiled by TJ, with help from many people.
READ THIS FIRST: If you are in the United States, it is illegal to use or be in
possession of any devices that will assist you in the decryption of any
satellite signals without authorizations. The penalty, if caught can be $10,000
or more for a single test card plus jail time. DirecTV currently does not have
any licenses to charge for their American programming outside the United States.
But since their satellite signal covers most of the North American continent,
countries like Canada, Mexico, or the Atlantic islands, can also receive the DSS
broadcast signal. DirecTV does not have the legal jurisdiction to prosecute
test card users outside the United States, for now. However, these countries
might still have laws prohibiting uses of similar devices. You should always
operate within the laws of your country and local government. If you can
legally subscribe to DTV, don’t...get Dish Network instead. :) HAHAHAHA!
Information is meant to be shared, this text file may be freely distributed
electronically as long as the distributor agrees on the following conditions:
There will be no fees charged for distributing this file, this file will not be
modified in any way and this file must be distributed in it’s entire and
complete form. The only thing I ask in return is that you make sure you have
the latest revision of this FAQ, as DSS hacks keep changing, any outdated
information form an older version of this file will just add to the confusion
among the users. This file is Copyrighted 1998(C) by T.J. of TCUP, and yes, we
checked with our lawyers, this copyright claim is valid! This text will remain
the property of TJ and all other usage of this file requires written permission
from the author.
The latest version of this text is available at The DSS Test Card Users Page or
call it TCUP for short.
Our web site’s current URL is at http://angelfire.com/ca/dsscards
You can always get our latest URL by sending an email to
whereisthesite@yahoo.com, just send any email to the address and you’ll get an
auto-respond email telling you the latest location of our web site.
The purpose of this FAQ is to inform the first time test card buyer with some
basic knowledge of the technical terms in DSS test cards, and to give you some
background information on the various hacks for the DSS access card. It will
also help you avoid some common problems with dishonest dealers or bad hacks.
Our FAQ is not intended to teach you how to "do-it-yourself". We are not
experts in this area. This FAQ is NOT intended to replace Agent_89’s DSS Test
FAQ (last known revision: v1.17, April 8, 1997) which has much more details on
the technical side of hacking on the old F series cards. Agent_89, if you are
still around, drop us a line, we would like to hear from you.
First, let’s be honest, the term "testcard" is a euphemism to describe any cards
that will get you free TV, either legal or not. It's not for testing anything,
most DSS receivers have built-in testing menus and do not need these cards to do
basic diagnostics or repair work. There is no such thing as a free lunch, most
test cards have cost the users more money due to all the ECM problems than it
would have cost for a legitimate subscription. There is also no such thing as a
perfect test card, DirecTV is capable of shutting down any test cards or making
them useless with a new card swap. Before you purchase any of these devices, you
should ask yourself if you can afford to loose your entire investment, and are
you prepare to loose it. Then ask yourself if you can put up with all the
waiting and downtime when you have to send it in for repair. Waiting for repair
from dealers can last anywhere from 2 weeks to eternity. I have gotten
countless emails from people that regretted spending over $2000 in the last 12
months buying test cards. The said if they knew how quickly the cards get shut
down or become obsolete, they would have chosen another method of getting DSS
programming. While there are qualified and reliable dealers out there, they are
far outnumbered by the dishonest dealers with the flashy web sites. They will
deceive you with unsubstantiated claims and entice you with the word "free".
These dealers will not only convince you to part with your hard earn money, they
will continue to squeeze more money out of you each time your card goes down
after an ECM. The dishonest dealers will charge to a high price to repair cards
under their "free" guarantee program.
OK, now that you have read the warnings, and still decides to throw away your
money, here’s the rest of the FAQ. Please take the time to read the basic
information on a DSS system before you jump to the hack description area.
THE DSS BROADCASTING SYSTEM
DirecTV’s digital broadcast systems consist of 3 satellites orbiting above the
earth’s equator at 101 degrees West. Their 3 satellites transmit in high
powered Ku-Band: DBS-1 has a total of 16 transponders. DBS-2 and DBS-3 has 8
transponders each. With these 32 transponders, DirecTV, USSB, and a few private
networks broadcast their signals over most of the North American continent. Any
owner of a satellite system with the DSS logo is capable of receiving and
viewing their broadcast if they subscribe to DirecTV or USSB’s programming
services. In the mainland United States, most systems can pick up their signal
clearly with the standard 18 inch dish. If you are further away, like in
Canada, you can pick up the signal at a lower strength, or can substitute the 18
inch dish with a larger dish to boost the signal strength. The 3 Satellites
creates a large one-way communication network with the 4 millions DSS systems in
North America. Only owners of the DTV/USSB DSS systems can receive the signals
from the satellites, a typical home system is not capable of transmitting
information back up to the satellites. In order for DirecTV to track your Pay
Per View (PPV) usage, you must hook up a phone line to the back of your
receiver, this is the only way you can send information about your receiver or
access card to DirecTV. DirecTV’s uplink station is located in Castle Rock,
Colorado. This is where they gather broadcasts from all the program providers
like HBO, CNN, etc. and process their video before sending them up to the 3
satellites. DirecTV owns the 3 satellites, and leases 5 transponders to USSB.
DirecTV Inc. is a unit of Hughes Electronics Corp., Hughes Electronics Corp. is
owned by General Motor. News Datacom Ltd., owned by Rupert Murdock, is the
company that is contracted by DirecTV to maintain the security of their
satellite signal. News Datacom designs and owns the access card that is in your
receiver. They are also responsible for creating ECMs (Electronic Counter
Measures) to shut down any unauthorized devices that access their satellite
signal.
The 3 satellites communicate with your receiver and access card via the
datastream. The datastream is a constant stream of digital data packets that is
sent down from the satellites, somewhat similar to the Internet data
communication method where each packet has an assigned address to the intended
recipient, so DirecTV can address your card or receiver individually, but can
also send out commands with global or group addresses to reprogram multiple
cards at the same time. The serial number from your card plus the serial number
from your receiver forms a unique ID. Under normal operation , your receiver
will filter out any packets that does not have your unique ID, and will only
pass commands to your card if the packets have the right address.
THE ACCESS CARDS
The plastic access card in your DSS receiver is commonly refer to as a H series
card, or P2. It’s serial number should be at 0000 4000 0000 or higher, the
range of serial numbers have been reported to be over 0012 0000 0000. Older
series such as the E, F and G cards or the P1’s have been phased out by DirecTV
and is no longer fully functional on DSS systems. Those cards will have a
serial number of 0000 3999 9999 or lower. The latest H cards have the letter "c"
printed on them, it means that a minimum of 18 update codes are preprogrammed on
them. Cards that were already in use received the 18 update codes via DirecTV’s
satellite transmission. Five new additional updates codes are being sent to
regular subscribed cards, so a total of 23 updates should have been written to
your H card if it is used under a normal subscription. The term "virgin" is
used to describe a new plastic access card that has not been inserted into the
receiver yet. When a card is inserted into the receiver, it "marries" that
particular receiver by storing the receiver’s unique ID number on the H’s
EEPROM. Once a card is married to a receiver, it will not function normally
when inserted into a receiver with a different ID number. Cards can be wiped
clean or reset back to virgin with the right software. An "expired" card is a
card that once had an active subscription but has been canceled. An expired
card will show only the 3 preview channels (100, 267, 999)
The H access card consist of a Seimens 8501 microprocessor, several forms of
memory: ROM, RAM, and EEPROM, an ASIC, and a few minor electronic components.
The ASIC or Application Specific Integrated Circuit is a co-processor that helps
the main CPU process the decryption algorithm at a much faster rate than the
older F series card, thus making all older F cards/hacks/emulators useless for
the video decryption of the satellite signal. The ASIC is the main reason why
there is no full hardware emulator out there for the H right now. It is very
difficult and expensive to manufacture a replacement ASIC at small quantities,
and to utilize or "enslave" the existing ASIC in a H card puts the card at a
risk of getting damaged by an ECM. The EEPROM (Electronic Erasable Programmable
Read Only Memory) stores the most important information about your card and the
decryption algorithms, it is also the only part of the card that can be changed,
other than the temporary RAM area. The ROM (Read Only Memory) stores your
card's serial number, which is not changeable. This is why there is no true
clones for the H access card. The DSS access card communicates with your
receiver via protocols that complies to the ISO 7816 standards for smartcard
communications.
Electronic Counter Measures or ECMs can be defined as any changes in the
datastream in an attempt to disable unauthorized devices from decrypting the
satellite transmission. This can be in the form of changing the speed or the
format of the packets, withhold crucial packets that the hacks need to function,
adding new commands or software in the packets to change the operations of the H
access cards, or other creative methods that we have not seen yet. You cannot
avoid the ECMs, most ECMs are permanent changes on the datastream. If you pull
your card out of the receiver, it will delay your card form getting hit, but as
soon as your put your card back in the receiver, it will be affected. The only
benefit for pulling your card out is to avoid permanent damages to card until
you contact your dealer for further instructions or update your card with new
software to make it compatible with the ECM before it is exposed to the
datastream. But repeated pulling and re-inserting your card in your receiver
increases the chances of it being damaged by wear and tear. Your receiver
continues to receive the datastream even when the power button is off. It still
reads the datastream and writes to your card. So the only way to avoid the
datastream is to unplug the power cord or disconnect the coax cable from the
back of the receiver. ECM can come in a thousand different ways, no "blockers"
can anticipate what future ECMs will come or when they will come, so it is not
100% effective. Blockers are mostly useful on past ECMs, where it is intended
to block known packets that will be harmful to your card, but people who make
blockers can never anticipate all future ECMs. ECMs are usually launched on days
when DirecTV feels it will "frustrate" a large number of test card users.
Historically, ECMs are sent right before a popular or expensive PPV event, or on
Thursday nights, when the TV audience is at it’s highest. Other past ECMs were
launched before popular family holidays or on just regular weeknights when
people least expected them. In other words, it can hit at anytime with no
warning. Results of ECM can range from your card simply resetting back to
expired status showing only the 3 preview channels, to the more serious looped
condition, or commonly referred to as 99. The H access cards has many "fuse"
bytes. During an ECM, DTV can send out hash code checks in the datastream to
"test" the cards, a legitimate card will respond correctly and continues to run,
a card with modified codes might respond differently, and writes to the fuse
bytes, or "blows" the fuse, which will put the card’s microprocessor in a tight
permanent loop. A looped card will not respond to any commands from the
receiver or a card programmer, usually returning just a series of 99 99 99 99’s
or FF FF FF FF’s. This is where the user gets the dreaded "Please Insert a Valid
Access Card" message on their TV screens. Only a handful of people is capable of
unlooping H cards right now, and the cost for such service is high, unless the
service is included as part of your purchase of your test card. A regular H
access card replacement from DirecTV is about $125, slightly lower if you buy
them from a test card dealer ($75 to $120). Unlooping a card can cost as much
as $75, and the success rate is not 100%. If your access card gets looped, it’s
going to cost you money. So do everything you can to avoid getting your cards
looped! There is currently no public information on unlooping H access cards,
most of the Net’s information on unlooping cards is for the old F series cards
and is not usable on the H cards.
THE HACKS
All currently working hacks can be put in 2 categories: Plastic Software and
Hardware Wedges
THE PLASTIC SOFTWARE HACKS
A plastic software hack uses software to modify the programming codes on a
regular H plastic card, making it operate differently than what DirecTV
intended. Software hacks such as the 3M, 4M, Blazer, T3, Activator, CL5005, and
others, are changing the bytes in the EEPROM of the H to get video on your
receiver. There are 2 methods of software hacks. The safest method, used by
Activator, Blazer1, CL5005, CBA, Volcano and others add normal tiers to your
cards. A tier is a set of codes that is embedded in the datastream packets sent
by DirecTV that authorizes your access card to decrypt the channels. You can
also send these packets to your card with a ISO-7816 compatible card programmer
via your PC's serial port. It simulates the method that DirecTV uses to grant
authorizations to a legitimately subscribed card. In theory, this method will
result with the least damage to your access card in the event of an ECM.
However, DirecTV can easily send a reset command or a rehit to all cards via
their serial numbers, resetting any cards that’s not in their subscriber’s list
back to the 3 preview channels, wiping out any unauthorized tiers. A normal
tier consists of an expiration date, so even if you keep your card out of the
receiver to avoid being shut down, it will still expire on it’s own. Normal
tiers will have an expiration date less than 2 months. If DirecTV really wants
to get dirty, they can send out 99 commands also, but it’s difficult (not
impossible) to do without affecting some legitimate user. Normal tiers in the
hacks will only authorize your cards for the regular channels, the PPV channels
requires additional tiers that change often. It is difficult to get PPV tiers on
a timely basis, so you are forced to use the PPV purchase on your card to view
the PPV channels. A normal access card has a limit of 25 PPV events, once the 25
PPV is used, you are either stuck with a card that can’t buy anymore PPVs, or
need to have PPV cleaned, either by a card programmer or by sending it back to
dealer.
Currently, there is no PPV cleaning software available to the general public
that will work on updated cards without changing the 23 update codes
The second method of software hacks, consider to be more aggressive, changes
some crucial operation codes on the EEPROM, making the card perform very
differently than a subscribed card. Software such as 3M, 4M, Blazer 2, Blazer 3,
T3, etc. alters the card to show all channels, including the PPVs, and in doing
so, their codes occupies a larger area of the EEPROM. EEPROM code changes is
easier to be detected and exploited for an ECM. These cards have a higher
chance of being put a in loop, or 99, from an ECM. The term "3M" is derived
from the 3 Musketeer movies’ phase "One for all and all for one" It is
reference to an old videocrypt hack that turns on all channels from a
subscription to only one channel. The term "3M" is now use loosely that
describe any hacks that gets all channels, including the PPVs without making a
user use the "buy" option on the remote control. Modern DSS 3M hacks does not
require the user to subscribe to any channels at all. The company that makes
Scotch tapes and Post-It notes has nothing to do with the 3M hacks, so DO NOT go
to 3M's web site asking for test cards!
Out of these 2 methods of software hacks, they are available in 2 different
ways. The commercial software (3M,4M,Activator,Blazers,Predator,T3) are tightly
controlled by the original authors, and are not released to the public. They
usually require you to send in your regular access card and dealer will
reprograms it with their software, average turn around time is 1 to 3 weeks.
The freeware or shareware (Volcano, CL5000, CL5005, Explorer, Merlin, Pegasus)
is available for download on the internet, usually via IRC. You then use these
freeware to program your H access card with a ISO-7816 card programmer. Popular
card programmer includes Paul Maxwell King’s MK12 and Haku’s HAKU-3. Average
price of a card programmer will cost about $100 USD pre-built, or you can build
it yourself if you have the technical expertise and tools with electronic parts
for about half the price. The main thing to remember is that a card programmer
is only as useful as the software that you can get your hands on. Without the
right software, a card programmer can not add any codes to your access cards.
Up to date tiers and programming scripts are not always available on the
internet.
Here’s a few things to keep in mind when using the freeware. Some of these
software came from unknown sources, so it’s not fully known what the software
will do to your cards, or what kind of long term effect it will have on your
card’s stability. It can leave your card wide open to an ECM attack. It can
also be a Trojan horse release by somebody that wants to damage your card.
There is usually no support from the original authors. Some freeware are formal
commercial software that’s been released on the internet because the author
feels it has lost it’s commercial value or is expected to be shut down soon by
an ECM. Keep in mind that there’s no control of naming a program, so if you
hear a freeware with the same name as a commercial product, don’t get too
excited. It is most likely not the same software codes that are being use on
the commercial products. It could just be a disgruntle group of hackers
renaming some dangerous codes to undermine the name of a competing product.
The shareware such as CL5005, Merlin, and Pegasus are a step up from the
freeware files. They are supported by the original authors, if you can find
them. They have more regular updates and is slightly easier to use. Regardless
of which software you choose, you can still damage your card if you don’t know
what you’re doing. Because freeware and shareware can easily be downloaded by
DirecTV and News Datacom, an ECM can be created to target these software at a
much quicker time frame than the normal development time for the commercial
products. It was the freeware and shareware’s wide spread use that finally
forced DirecTV to start a card swap in the fall of 1996. The card swap was
completed by June 1997, and made all hacks for the F series useless overnight.
THE HARDWARE WEDGE HACKS
The Hardware wedge cards surfaced in the fall of 97, about 3 months after the
first 3Ms were released. Initially, it resembled the old battery card of the F
series, and gave people a false sense of reliability. Unlike the old battery
card, which emulates the entire F series access card via a Dallas
microprocessor, the modern wedge card does not fully emulate the processor in
the H plastic card. A modern hardware wedge card is a circuit board that is
inserted into the card slot of your receiver, it has a piggyback slot that
sticks out of the receiver and requires a H access card to be inserted to form
the complete hack. It operates by capturing packets in the datastream, makes
any necessary changes to it, then passes it to your H to decrypt the video. The
January 15th ECM have demonstrated that DirecTV can still put your H card in a
loop even if it is isolated or protected by a wedge.
The Combo card was the first wedge to be released by the hackers. It’s
programming was stored in an EEPROM chip. The DDT came out about a month after
it, it was about 25% less in price than the COMBO but was not capable of
generating the entire authorization packets by itself, so it required the users
to subscribe to DirecTV or USSB with a small programming package. It takes
authorized packets from the subscriptions and modifies it to grant access to the
non-subscribed channels. The DDT’s code was dumped by one of their competitions
and the file got circulated on the internet. Soon, everybody was making DDT
knock-offs, calling them DDT II, DDT III, DDT Next Generation, etc. The
original DDT group disappeared after the Jan 15th ECM due to a lack of knowledge
to repair the cards correctly. Most customers were abandoned when their DDTs
and knock-offs died after less than 2 months of usage. Some customers got less
than 1 week of use on their DDT before it died. The DATS came out about a month
after the DDT. It had some obvious advantages over the DDT. It can generate
the full authorizations packets without a subscription. It had a built-in
blocker function to filter out any harmful packets that were previously
detected. It was compatible with both subscribed and virgin cards. It also
uses a less expensive Atmel microprocessor instead of the DDT’s Dallas chip. The
card’s street price was about half of the DDT. According to the DATS group, the
Atmel chip company betrayed them when the company decided to join in on the hack
business, they dumped the DATS’s codes and sold it to other hackers. This
allowed many dealers to come out with various knock-off models selling at below
the $200 street price, but without full understanding of how the card worked.
Shortly after, tens of thousands of knock-off DATS flooded the market under
various names: BOSS, Blue Baron, Blackjack, Bandit, Anonymous card, Wildcard,
Red Devil, and many others. The only authorized reproduction of the DATS was the
Red Baron, which received support from the original group. On January 15th, DTV
launched a large ECM that wrote 17 new update codes to the H access card, 1
important one is the 09 command that closed the 09 "hole" that all wedges were
using to add tiers to the H. The Combo and DDT cards stopped working, some DATS
survived if it had their blocker running. Soon, all wedges were only working if
it was using a non-updated H card with the blocker running to prevent the
updates from closing up the hole on the H. A conversion chip later came out
that converted a DDT into an unauthorized DATS knock-off. On March 27th, DTV
launched another ECM, this time with 5 new update codes, plus the original 17
codes were sent via another command that the wedges were not capable of
blocking. All currently working wedges use some kind of modified H card where
it is programmed with the 23 updates but has the 09 hole reopened to allow the
wedge to program the plastic cards. This hack method put the H at risk of being
looped. The genuine DATS are the only ones we know of that doesn’t use this
technique.
EVALUATING THE DEALERS
So after reading all this and you still decide to get a test card, here are some
ways to find a reliable dealer. Ask around, and then ask some more, and then
ask some more again. The main problem we have observed from "victims" of bad
hacks/dealers is that the users were too lazy to do the research and dealer
comparisons. If you have friends that owns test cards, ask them about their
dealers, but don’t jump at the first name or phone number they throw at you. We
get a lot of emails from our site’s visitors telling us they found their dealer
through a friend, and now they are both screwed because the dealer disappeared.
Coming across a name just means you can then start the evaluation process to
judge the dealer’s performance. Compare him with other contacts that you will
come across. Other ways to find dealers is via the search engines on the
Internet, but dishonest dealers are also listed on the search engines. We find
the best method to find dealers is join the IRC satellite chat channels and ask
other live on-line test card users about them, because it’s difficult for a
dishonest dealer to hide their reputation when there are 200 critics or former
customers online. Also, don’t believe everything you hear about the dealers,
some dealers paid their employees or pretend to be a customer to suggest their
services to new unsuspecting victims. If you come across the exact same
comments over and over again, like "he’s the best, very honest", chances are it
was pre-scripted. If somebody gives you a recommendation, ask them to back it
up. Ask him why he recommended the dealer. Ask him to cite specific cases of how
the dealer provided service. Ask them how he has dealt with the dealer. If you
are just getting vague response, then don’t take that recommendation too
seriously. After you have gathered a couple dozen of names and URLS, then you
can start the evaluation process. Don’t be lazy and base your purchasing
decision on only 1 or 2 factors. Any hasty decision will cost you in the long
run. Here are some of the WRONG things people use to base their dealer’s
decision on. These are actual cases that were reported to us via email by our
web site’s visitors. "I picked my dealer because..."
...he was the first one listed on the search engines
...he said he’s been in business for over 10 years
...he said his cards won’t get ECM and he offered me a guarantee
...he was the only one I can find that takes credit cards
...he lives in my town
...he had a "@"sign in front of his nickname on an IRC channel
...his web site looks really cool with the animated graphics
...everybody said they heard of him
...his purchase price was the lowest
...his purchase price was the highest, and he must offered the best service.
...he has a scams page listing dishonest dealers
...he said there is only 1 fix and it is available only from him
...his cards have real cool names
All these sentences were followed by "I got screwed by him after an ECM, now
it’s going to cost me more money to get my card fix". Anybody can make his site
come up first on the search engines if he spends enough time and money. A
dishonest dealer can continue to operate for over 10 years if there’s a constant
supply of new customers to scam from, just as a Vampire bat can live for 10
years if there’s a new supply of blood every night. I know, it’s not fair to
compare vampires to bad dealers, at least the vampires stop biting after they
suck you dry. Every test cards CAN and WILL get ECM, a guarantee is worthless if
he can’t or won’t honor it. Even if he puts it in writing, you’ll just have a
piece of paper to remind you how gullible you were. One dishonest dealer uses
small fine prints to state that his guarantee is on his software, not the
plastic card. This guarantee has little value since the software is intangible
and it doesn't cost him to re-copy it on your card, but you wind up paying a
hundred dollars for a new plastic card every time after an ECM because his weak
software got your card 99. You wind up taking all the risk and paying for that
risk. Dishonest people takes credit cards too, that’s why there is such a thing
called credit card fraud on the Internet. If you think your credit card company
will help you with an easy refund from a bad dealer, you're in for a bad
surprise. Some real despicable dealer will post your real name, address, phone
and credit card numbers on the internet for everyone to use if you try to
reverse your charges. Some even threaten to report you to the authorities since
they have written proof that you purchased an illegal card. One dishonest
dealer even blackmailed his customers by making various charges on his
customer’s credit card after the initial purchase, threatening to turn them in
to the FBI if they protested the charges to their credit card companies. So
think long and hard before you give out your credit card number, because it
might wind up costing even more than sending a blank money order to other
dealers. Geographic location is not the best way to judge a dealer’s honesty.
It will be more convenient to return cards for repair after and ECM, but that’s
only if your local dealer can get access to the fix quickly, otherwise, you’ll
just wait as long as everybody else. Stop by your local police station or jail
to remind yourself that dishonest people lives in your town too. Just because a
person has a "@" in front of his nickname in the IRC channels doesn’t mean he’s
any better or worse than the people without the OPs status. A flashy web site
means the dealer is very talented at writing HTML codes or can afford somebody
to write them, it doesn’t reflect his services to his customers. A dealer that
is well known doesn’t mean he’s a honest dealer, most people know their
neighborhood crack dealer, but not many would sent him their hard earn money.
One dealer was very well known and liked by many IRC users, that was because he
told the best jokes on the channel. A clown is not what you need when your cards
go down after an ECM. Free jokes won’t get your TV back. If you do come across
people that claims to know him, inquire more information about that dealer, ask
probing and detail questions. If a dealer has loyal customers because of his
good service, they won’t mind spending the time to tell you about him. If they
don’t want to spent that time, then they probably don’t have enough respect for
that dealer. Do not equate a dealer’s popularity with his honesty. Don’t be
tempted by a low initial purchase price, it is not the total cost of a test
card, make sure you find out how much it will cost you to repair a card after
each ECM, count the shipping charges also, because all cards will get hit sooner
or later, and they will get hit more than once. To find out the real cost to fix
a card, don’t ask a dealer, because what he tells you in an email and what he
actually charges can be very different amounts. Instead, look at his web page
or old news section to see if he posted any prices to fix cards from the last
ECM. If he’s charging $100 plus shipping to fix cards to his existing
customers, you can probably expect to pay the same amount when your card goes
down in the future. You can expect to pay this price more than once because
there will be more than 1 ECM coming. A dealer that charges the highest prices
doesn’t mean he offers the best service, or he is selling "The Best" cards. It
could just mean he is more greedy than the others and is preying on lazy
customers that didn’t do enough comparative shopping. A dishonorable thief will
betray his own mother, so he should have no problems betraying his enemies. So
just because he list a bunch of competition in his scams page doesn’t mean he’s
any better than the people on that page. There are a few legitimate sites out
there that do a good job listing real scams, you can easily distinguish them
because they are just information sites and does not have anything to sell, so
their motives for listing these scams are most likely to warn their readers.
How many times have you heard the old line, "You can’t get this anywhere else,
so you must buy it from me today"? It’s impossible to keep a hack secret in
this business, so if 1 dealer has it, it’s certain that somebody else will have
it too. Hackers will hack each other’s work when they are desperate enough.
Sometimes the second hack might be even better, but most of the time, it's worse
since they don't have the full understanding of the original product. Never buy
a card base on the name, no matter how "cool" it sounds, there is just no valid
reason to make such a decision. Also, don’t be too impressed by a hack that
bears a suffix like version 10 or Model III, it doesn’t mean it’s any better
than the previous models, it just means all previous models have failed. If the
hack was that great to begin with, there wouldn’t have been a need for a sequel!
All the points that I just mentioned is to remind you not to base your
decision lightly, it does not necessarily mean a dealer is bad if he fits some
of the profiles above, he still could be a good dealer, good dealers takes
credit cards too, and they might have flashy web sites. You should evaluate a
dealer on many factors, like his treatments to his existing customers.
EVALUATING THE HACKS
Here are some things to remember about all hacks that changes the access card’s
EEPROM codes. They will all die, it's just a matter of time before DTV gets
around to writing an ECM for them. DTV is capable of killing all plastics, with
or without a blocker. Average run time for any hacks is 3 to 4 months before it
goes down with an ECM. DTV targets card in the order that they are released. So
if you buy the latest hack, chances are it will survive a few ECMs while earlier
hacks gets 99d, until it's your card's turn to get hit. There is no such thing
as a "Best" hack. The main thing to look for in any hack is the SUPPORT from
the dealer or group, all cards will die, but it's the dealer that will help you
get it back up after an ECM. So when you read all the products on the web sites
with their claim of superiority, ignore them. You should be evaluating a
dealer’s performance instead. Look at their pass ECM record and see what kind
of responses did the dealers offer to their customers after an ECM. Look at
their news section on their web sites and ask around in IRC to find out how long
it really took them to return cards back to their customers and were the cards
repaired properly? Find out how much they charge for the repair and consider
any shipping charges that you might incur in the event of an ECM. Now multiply
this 3 to 12 times to figure out the total operation cost of your test card
after it’s been purchased. Your REAL cost is the total operation cost plus your
initial purchase price, plus your time and energy that you will spent dealing
with the ECMs and waiting for instructions from your dealers. Now compare that
to a normal legitimate subscription package for 1 year plus a realistic number
of PPVs that you will watch. Then ask yourself which option is the smarter
choice. The best time to evaluate a dealer is after an ECM, when the truth
will come out on how he treats his customers. Any dealer that ask their
customers to "Do not email us for the next 3 weeks, all emails will be trashed"
is not the type that you want to buy from. While there is a huge logistic
problems handling 2000 return cards from their customers after an ECM, they
should be prepare to answer 2000 emails if they were capable of taking money
from 2000 people in the first place! Even if a customer is asking a question
that is already answered on the web page, the dealer should still respond to all
emails when their time permits. I got an email from one small dealer that has
a time stamp of 3:45 A.M. because he stayed up that late to reply to his
customers emails even after a long day of processing cards. Another thing you
can make your own judgment on is some dealer will tell you that they are under
staff to handle all the phone calls or emails, so don't contact them, and yet on
the same web page, they are asking new customers to "Place your order now, our
operators are standing by". This tells you where the dealer's loyalty lies,
you're only important to them until they have your money, then it's "No fix yet,
stop calling!" Not all dealers are bad, there are many out there breaking
their backs to return cards to their customers as quickly as they can. Some are
driving cards across the border to avoid getting seized by US Custom. Some
dealers are giving freeware substitutes to their customers to ease the long wait
of over a month for the commercial cards to get reprogrammed. You should be
understanding to your dealer since sometimes it's out of their control on the
fix process, but you should also be smart enough to take your business elsewhere
if your dealer is not making an effort to repair your card. If all this sounds
like it’s too much work or hassle to buy a hack, then you’re getting the point.
Unless you are willing to commit some time and money in researching your
purchase, you will probably be more happier just getting a legitimate
subscription or stick with your cable service. If all the hack choices doesn’t
appeal to you or impress you, there is always the option of waiting for a better
hack to come out. But don’t hold your breath, because that wait can be long.
There is wisdom in subscribing until a better hack comes along. If you are
outside the US, the gray market dealers can help you get a "paying" subscription
using a valid US address for your monthly billing.
ADDITIONAL ADVICE FROM RICKSON:
If you are in market of buying a DSS test card please be on alert of scammers
who are out there to take your money, not only once but again and again. There
are dealers out there who are giving 1 year "free guarantee" when the time comes
to honor it they will charge you dearly by saying this and that. Some dealers
will give you false hope by saying to use a credit card and credit card company
would back you up in case of any screw ups, It is true in some instances but
most of the time the scammers will have it delayed over 30 days and you are back
to square 1 , Credit card company will not back you up for any purchase after 30
days and you have to take it to small claims court which is not a good idea for
lots of people. There are some dealers who will make you sign a waiver of "no
refunds" before they charge on your card and send you product, This should be
obvious to you that if there is going to be a problem you will not get your
money back anyway. Please don’t be discourage by all this, There are lots of
good dealers out there who will go an extra mile to help their customers all you
have to do is find one of those guys. Don’t be fooled by fancy web pages,
guarantees and BS , do your home work and get lots of information from Chat
lines like MIRC and you will do fine.
Here are a few things to keep in mind when you come across a new web site on the
Internet. There are many web sites out there that have been abandoned by their
operators, either because they retired, got arrested, decided to move on to
other things, etc. Unsuspecting people are sending money to P.O. Boxes or
Addresses that no longer exist. They wind up waiting forever for a product that
will never come. Many sites are paid for 1 year to 2 years in advance, some are
on free servers like Geocities, Tripod, FortuneCity, Angelfire, FreeYellow, etc.
These sites can be online forever if they continue to get hits. Just because a
site's counter shows 200 new hits a day doesn't mean it is still in business, it
can mean 200 people is loosing their money. My suggestion is to always send an
email and a regular postal letter to the people you're planning to buy from,
asking them to confirm that they are still in business and have working products
in stock, and also get the latest prices. Don't send in your money order until
they respond back to your first letters. This is also a good way to gauge how
fast they responds to their customer's needs. Another good sign that a site is
outdated or abandon is if they mention the Battery cards, Emulators, L-Cards,
T-Cards, I-SYS, and other F series hacks as if they are still working, which
they are not.
Below is a list of common questions and answers that many hack buyers have asked
us on our site:
How do I know if my receiver is compatible with a particular hack.
All software hacks are compatible with all brands of receivers. Some hardware
wedges, like the DDT might not be compatible with a few newer 3rd generations
receivers from Sony and RCA. The compatibility problem is usually caused by the
software codes, not the actual board design, so as software gets updated,
compatibility gets better. You should always ask your dealer to confirm his hack
is compatible with your particular model before you place a purchase. Be sure to
give him your exact brand and model number at the back of the receiver. If he
doesn't know and tells you to purchase a card to find out, ask him to agree to
take card back and give a full refund if it is not compatible. Do not be shy and
ask for the agreement in writing.
What other problems can I expect with a hardware hack?
Most hardware hacks will work just as well as the software hacks. Main thing to
keep in mind is because the board extends 4 to 6 inches out of the slot to
accommodate the card socket for the plastic access card, make sure you have the
space clearance in front of your receiver, especially if it is in an enclosed
cabinet. Some wedges have the card socket straight out, while others have the
socket at a 90 degree angle, so if you are using a wedge with a side socket,
make sure the H card will not get in the way of operational buttons or infra red
sensors on your receiver.
I paid over $600 for a battery card during the F series run time, is there any
thing I can use this card for?
Ice scraper...sorry, old joke. As of now, only useful thing people have used
the old bats for is to get audio on their receivers. The audio is not encrypted
in the satellite signal, some receiver will broadcast the audio without checking
for permission from the access card, so you can actually listen to the sounds on
all channels, not just the music channels in the 500s. This features is
dependent on your receiver brand, we have confirmed that Sony, Hughes, and
Hitachi models get all audio if used with a bat card that is programmed with an
older main08x file. Sometimes, the engineer channels in the 800s will broadcast
PPVs for testing purposes without any encryption, so you can view those
broadcast with an old bat card, but this is rare and on non regular times
schedules. We did find 1 dealer that will convert your old bat to a wedge card
by adding a card socket and new software, but the cost was higher than the price
of a completely new Wedge that's design for the H.
What about the battery card programmer that plugs into the back of my PC's
parallel port, can I use it to program any of these new wedges?
Most modern wedge hacks are a combination of hardware codes on the board and
software on the plastic. We have not found any dealers that is releasing ECM
fixes to his customers for self programming, due to a lack of security on the
new codes and a fear of the competition getting hold of it, so for now, card
programmers are not being utilized by the wedge dealers. Also, most wedge boards
that uses a Atmel chip for the main processor is not self programmable. In the
last few ECMs, dealers required their customers to send both the wedge and
plastic in to have it reprogram. The only person we found that utilizes the old
parallel port programmer is 99King with his card condom blocker. His new codes
are posted at his web site, but the file will only work on his own blocker
boards, it will NOT work on any other wedges or bat cards.
I have a plastic card programmer that plugs into the serial port of my PC, this
was purchased for the old F series access cards, are they compatible with the H
series cards?
Yes, any card programmer that is ISO-7816 compatible will work with the H series
cards, this includes the Haku-2, Haku-3, MK10, MK11, MK12, and many others.
I have a PC emulator board that I used during the old F series, can I upgrade it
to work with the H series.
No, because there is no working H emulator board for the PC. The F series
emulator is not compatible with the H series because it lacks an ASIC on the
board, which is needed to help decrypt the H datastream. If and when a emulator
board comes out for the PC, most likely, it will be a new board design and the
developers will not waste their effort coming out with an upgrade path for your
old board. The cost of manufacturing a new board will be far less than the cost
of labor to convert your old board. Just like the bat card, you can probably
still use the emulator as a digital radio if you have the right brand of
receivers.
What about all the rumors that I heard about my old bat or emulator can be
converted to use as a Dish Network hack?
That's just it, they are RUMORS. Until you see it with your own eyes, or a
dealer or group makes an official announcement in writing, it's just wishful
thinking.
Is there anything that I can recycle or reuse form my old F hacks?
If you have a F hardware card that uses a socketed Dallas microprocessor, you
can pop it out and reuse it on some new boards. This situation depends on your
dealer. If you have any left over F series access cards, some dealers will give
you about $5 each for them. They are using the old F cards to upgrade to H
series from DirecTV. You can also do that yourself, but DirecTV will charge you
a lot more than their authorized dealers. On some F emulator boards, you might
be able to use it to log the datastream if it is used with the right software.
I am NOT an expert on the DSS systems. Just an average users. If you feel
there are any inaccuracies on this FAQ, please email me and give me the
corrections. I will welcome all suggestions or additions to this FAQ, so if you
feel you have something that will be useful to other test card users, you can
submit it via email at dsscards@yahoo.com or visit our web site at
http://angelfire.com/ca/dsscards
Future versions of this FAQ will or might include:
More buyer's advice (how to read the fine prints)
Test Card Reviews (If they get reliable enough)
A detailed index for this FAQ (if it gets long enough)
Some useful URLs for DSS informational web sites
Specific things you can do with your particular model of receiver, such as
hidden menus, data ports, etc.
...and anything else you can suggest.
This FAQ was not a one person project. Many people have contributed their time
and knowledge to this. I want to thank everyone that helped, especially the
visitors of the TCUP web site. It is from your unfortunate mistakes that others
will learn :) Thanks to all the experts who gave up their time to proof read
this FAQ. You provided many valuable feedbacks and suggestions. Thanks also to
the people that setup and maintain the SZ/NET IRC network, it is you that
provided us a safe place to gather and discuss our test cards and experiences.
IRC provides a democracy to this community, everyone can have a voice. Thanks
especially to Acidflash, the GOD of SZ/NET because he would have killed me if I
didn't mention his name. :) but thanks to all the channel OPs, you guys keep
the chaos in order.
LEGAL DISCLAIMER: BLAH BLAH BLAH BLAH DON’T BREAK THE LAW! BLAH BLAH BLAH BLAH
BLAH DON’T BE STUPID BLAH BLAH BLAH BLAH USE AT YOUR OWN RISK BLAH BLAH BLAH
BLAH BLAH BLAH BLAH BLAH BLAH BLAH BLAH BLAH VIVA GORDITAS! BLAH BLAH BLAH.
COPYRIGHT(C)1998 BLAH BLAH.
The latest version of this FAQ can be downloaded at the TCUP website
Currently at http://angelfire.com/ca/dsscards
Send email to whereisthesite@yahoo.com to get the lastest website address.
[ Main | News | ECM Report | FAQs | IRC | Freeware | Movie Reviews | Consumer
Advisor | Scam Watch | Links | Email ]