VOOM DSR550 OTA-Enable Hack Thread

Status
Not open for further replies.

rkrenicki

SatelliteGuys Pro
Original poster
Mar 11, 2005
976
0
VOOM DSR550 OTA-Enable Hack Discussion Thread

Ok, instead of threadjacking the other OTA thread, and to get more eyes on this one, I am moving my posts into this thread.

This is only about modifying a DSR550 IRD to do 8VSB/ATSC reception. No theft of service discussions at all. If anyone has any useful information, please post here.

This thread may become rather technical, so if you have questions, feel free to ask, and I, or another participant, will try to explain the details.

I am going to put my 4 brand new, sealed in box Voom branded Motorola DSR550 IRDs on the chopping block to get this going for everyone, and hopefully, find an easy way to get this out to the masses.
 
spahoose said:
P.S. If possible, check your software version, Voom button, help, info, NEP #, it has to be at least 600 or you won't be able to scan for locals with those boxes, maybe your father has a way of updating the software on them if they are not up to date.

Well, The unit itself has a DiskOnChip, meaning that there is a legitimate filesystem, that can be read by another computer. My guess is that this unit runs on VxWorks or some other similar *nix based OS (since it has a boot time, and the fact that it uses Broadcom and Xylinx processors) I have been pouring over the board looking for some test points to gain access to the DOC, and once that happens, its hacking time.

If worst comes to worst, then the chip'll be coming out, and onto a DOC board for ease of access ;)

I dont see where it would a huge problem just tricking the box into activated mode, its simply a file or setting somewhere in the box saying "Activated = YES/NO", now if that switch is digitally signed or not, is a whole nother story.

As for the smart-card, I have never messed with NDS cards before, only GemPlus authentication cards for networks (they keyboard I am using has a ISO reader/writer for that purpose) Since the reciever will not be used for decryption anymore, I think that wont be too much of a obsticle either.

Since I have 4 boxes, I dont feel too bad about killing one or two in this process. I will shoot an email off to my father right now, see if he can get me in touch with someone at Motorola BCS that may have more information for me.
 
rtt2 said:
I don't know if Voom ever moved to the NDS smart card. They planned on doing so eventually I know. They originally started out with the the Digicipher II encription. That is built into the chipset.

Someone might beable to tell you if the NDS Smartcard is functional or just passing through.


It may just be there for authentication, simply for the number, in which case it wont really matter. I just need to get to that DOC before I can really say for sure.

Unfortunately, I did not bring the reciever with me to work today, so I wont be able to work on it. In the meantime, I guess I will do some reading up on the DOC, and its interface methods.

It would be nice to find some technical documenation on the IRD.. I am thinking that will be my first goal

There may also be some sort of JTAG interface or something similar to it, like an I2C or LPC bus. There are a few header ports near the DOC chip, that may be used for this purpose.

I think I may make a new thread for this discussion, since this is 10 pages into someone elses thread, and I dont want to threadjack.
 
spahoose said:
Smart cards moved to NDS a couple of months ago Remember when you started getting Access Card error messages and some of your Voom channels started telling you to call to upgrade? Bingo. That was the move. Channels were being re-encrypted to NDS.


Since this will not be used to decode satellite signals, I think this is a non-issue.

I will keep it in mind however..

On a side note, I didnt know that Digicipher 2 was cracked... I would assume that is why they moved to NDS to get around some TOS problem, or was it "In The Clear" DC2?
 
They moved away from Digicipher II because Voom wanted to eventually go to other vendors of set tops. Digicipher was used to launch service quickly.

Having the ability to chose encription systems allows a vendor to change encryption vendors and negotiate better deals by not being locked into one vendor.

Also Cablevision uses NDS for its cable tv system and probably negotiated a good deal to use it in the satellite as well.
 
Why this thread is in News and Development? :eek:
News? Development?
It should not be here. Maybe some hacking sites will adopt it.

If V* will allow OTA after going off then I will say "Thank, you very much for the gift of free OTA HDTV tuner".
If not so I will move on to another provider and say "Thank you for my 9 months HDTV haven" :)
 
This is Development, in its most basic form ;) It started as a discussion in the "Voom should enable it" which they did, for boxes that have already been authorized. Now that the Voom system can no longer authorize boxes, a way to circumvent this will have to be found. Especially for those who accidently "de-authorize" their box.

I am not trying to steal service (nor would I ever want to), just trying to simply allow the device to do what it is supposed to do.

I am making my efforts public so that those people who wish to help, or who can benefit from this information, have the chance to do so.

If there is an alternate subgroup that this should go in, I am open to suggestions. I figured since the discussion started in this group, I would continue it here.

I may end up moving this to my personal website... but I would much rather keep it on these forums, as there are hundreds of people who would be able to help.
 
For those people who buy boxes that are new-in-box (like mine) or for previously authorized boxes that become "de-authorized", this will become important.

I believe I will have to get my hands on a authorized box as well, so I have a point of reference.
 
Though this is mostly beyond my level - I work more on than in (I mean I understand some of the principals and all but not the specifics) it is fun to read. I have leased equipment I may or may not get to keep, but I still think what you are doing is cool and I am sure many will appreciate it down the road if you stumble across an answer (I am sure there is one in there somewhere).

Thanks for the effort and the updates.
 
You will need to talk about this someplace else. While you are not steeling you are trying to reverse engineer the unit which is against the terms of service with VOOM.

I appreciate what your trying to do, but this is not the place for it. I don't want to lose my house because Motorola gets mad at me for letting people reverse engineer their box. :)

Thanks
 
ultatryon said:
For those people who buy boxes that are new-in-box (like mine)
Just to add to what Scott said, boxes that are new-in-box are most likely stollen. Please keep this in mind before your buy a VOOM box on EBay!
 
Status
Not open for further replies.

Will Receiver Still Get OTA?

I've just received this email from Voom...

Users Who Are Viewing This Thread (Total: 0, Members: 0, Guests: 0)

Who Read This Thread (Total Members: 1)

Latest posts