MediaBox Communicator v.2.1

Dumping of MPEG sections via RS232 added. 
Dev_MCOM serves this on receiver side. I haven't any info about this device except one i got from disassembled pioneer's firmware.
So a lot of thins is still unknown :-| Some arguments of MCOM related functions may be manually corrected in MediaCom.INI file (read comments within this file for details).

Operation.
Press Load PID button. On popped-up dialog (Table Load options) enter the PID which you want to log and ajust hard filter value and mask( if necessary. In some cases you may fill all mask fields by 00 so the filter will be disabled and each section coming with this PID will be uploaded to host).
Don't forget to set a proper time-out, e.g. seca provis send EMM very rarely (about one packet per hour), while viac EMMs are arriving quite often.
Check the checkbox Continuos load and then OK button. At last, choose the file where data would be dumped.

Note, log file length is limited by 100kB max. However, you may abort dumping anytime by pressing of Stop button.
Some mpeg sections may be missed due to high intensivity of stream, i was tested the Load PID on viasat and TPS transponders for logging of EMM stream.
About 3-5% of EMMs was missed on TPS and 0% on viasat. 
You may play with MCOM parameters (within ini file) and hard filter value/mask to optimize the performance and arrived/missed ratio.

Warning !!! No sanity check is made during dumping process. ALL incoming data are stored in the log file. 
In some cases MHW may report about receive/transmit/memory errors and error messages will be written into log file as well as PID data.

Known bug: stopping of dump doesn't cause an immediate abort of transmittion. MCOM device continues to send data to host until all previously received data will be sent out.
So after pressing of Stop you see a garbage in trace window. Don't care :) Probably it may be fixed in both MHW and MediaCom in future, i haven't a time for it now...

Greate thanks Ldnlp for his work with firmware, help and good advices :)
  
 
   


MediaBox Communicator v.2.0

Additional features enabling reading of MPEG-tables added.

Additional buttons assignment and function description:   
---------------------------------------------------
 Load PSI (Program Specific Information) - enables downloading of 
Program Assotiation table (PAT) from the current transponder
, also extracts the list of programs numbers (Service ID) 
and PIDs of Program Map Tables (PMT) of corresponding programs.

For instance:
Quering Program Assotiation Table...

========= Parsing new section ==============
  Section saved as: PAT_0005_00.bin
Section #1 of 1 total.
   Network PID 0x0010.
   Program number (Service_ID) 0x0C62, PID 0x0C62.
   Program number (Service_ID) 0x0C6C, PID 0x0C6C.
   Program number (Service_ID) 0x0C1C, PID 0x0C1C.
   Program number (Service_ID) 0x0C26, PID 0x0C26.
   Program number (Service_ID) 0x0C30, PID 0x0C30.
   Program number (Service_ID) 0x0C3A, PID 0x0C3A.
   Program number (Service_ID) 0x0C58, PID 0x0C58.
 
    Then a Service Description Table (SDT) is loaded:
    
Quering Service Description Table...

========= Parsing new section ==============
  Section saved as: SDT_0005_00.bin
Section #1 of 1 total.
Service ID: 0C62
   Service Type: digital television service
   Service Provider: Viasat
   Service Name: Reality TV
   CA System ID: 0x0500
   CA System ID: 0x090F
Service ID: 0C6C
   Service Type: digital television service
   Service Provider: Viasat
..........................................
Service ID: 0C58
   Service Type: digital television service
   Service Provider: Viasat
   Service Name: VH1
   CA System ID: 0x0500
   CA System ID: 0x090F
     
Then, in case at least one of services is scrambled, 
a Conditional Access Table (CAT) is loaded:

Quering Conditional Access Table...

========= Parsing new section ==============
  Section saved as: CAT_FFFF_00.bin
Section #1 of 1 total.
   CA System ID: 0x0500
        EMM PID: 0x03EB
        Service Operator ID: 0x010C30
        Service Operator ID: 0x010C40
   CA System ID: 0x090F
        EMM PID: 0x00C0

-----------------------------------------------------

Load PMT - upon pressing this button a window pops up enabling to choose 
for which program a PMT should be loaded (it's necessary to load PSI prior to this), 
and the loaded PMT is afterwards analysed according to descriptors:

Quering Program Map Table...

========= Parsing new section ==============
  Section saved as: PMT_0C6C_00.bin
Section #1 of 1 total.
Service ID: 0x0C6C
PCR PID: 0x0C6D
Elementary stream:
 ES type 02: ITU-T Rec. H.262 | ISO/IEC 13818-2 Video
 ES PID: 0x0C6D
 ES info, length 0x0017
  09: CA descriptor, length 0x0F
   CA System ID: 0x0500
        ECM PID: 0x0C75
        Service Operator ID: 0x010C30
  09: CA descriptor, length 0x04
   CA System ID: 0x090F
        ECM PID: 0x0C74
Elementary stream:
 ES type 04: ISO/IEC 13818-3 Audio
 ES PID: 0x0C6E
 ES info, length 0x001D
  0A: ISO_639_language_descriptor, length 0x04
    ISO_639_language_code: swe
..........................................
Elementary stream:
 ES type 06: Teletext / Subtittles
.......................................... 
    Teletext_type: Teletext subtitle page
    Teletext_magazine_number: 6
    Teletext_page_number: 0x92
    ISO_639_language_code: eng
    Teletext_type: Teletext subtitle page
    Teletext_magazine_number: 6
    Teletext_page_number: 0x94
    ISO_639_language_code: swe
    Teletext_type: initial Teletext page
    Teletext_magazine_number: 1
    Teletext_page_number: 0x00
    
------------------------------------------------------- 

Load PID -  enables to download ANY MPEG-table (including ECM & EMM) according to its
PID and additional attributes.
A pop up window allows to choose a set of criteria to load the table.
   
   The description of window "Table Load options" fields: 
   
   Mandatory Options:
   PID - denotes a PID according to which it's necessary to choose MPEG packets
(e.g, ECM PID).
   Table ID - the 1st byte of the table being loaded (e.g., 80/81 for ECM). 
   Table Name - the name you wish to save the table under (3 symbols minimum)
   
   Filter Options, Common Filter Values : (for advanced users, acquainted 
with ISO/IEC 13818 and EN 300 468 specifications).
   Here you'll have to choose additional criteria of packets filtration. 
Filter Options sets a corresponding filter mask, 
Common Filter Values sets a corresponding filter value.
   Service/Bouquet/Network/Etc ID - 3rd and 4th bytes of the table being loaded.
   Version number - 5th bit (1..5) from 5th byte.
   Current/Next indicator - lower nibble (bit) of 5th byte
   Section number - the button Load PID will enable to download ONLY ONE section,
as some tables may consist of several sections, 
To download other sections please set up this option and provide the section's
number you want to download.
   
   Hard Filter Ajustment: for some non-standard tables (e.g. ECM/EMM) 
you will have to provide a filter's value and mask manually.
   For instance, we wish to obtain SECA Shared addressed EMM. 
The filtration will have to be done using bytes 0,3,4,5,6,7,8,9
   The beginning of such  will be as follows:
    0  1  2  3  4  5  6  7  8  9
   84 00 55 00 25 00 00 20 10 81 36 E0 96 01 71 B7 E7 93 E8 AC D3 6F 7E B5 4A
   
   0 - table_id
   1..2 - table length
   3..4 - service provider id
   5..8 - PPUA
   
   Let's deal now with several variants of mask (1 in the corresponding mask bit denotes 
that we will be receiving only the packets, in which this bit coincides with 
the corresponding "filter value" bit; if 0 then filter value can be ignored)
         byte #  0  1  2  3  4  5  6  7  8  9
   filter value 84       00 25 00 00 20 00 00
   filter mask1 FF       FF FF 00 00 00 00 00
   filter mask2 FF       00 00 FF FF FF 00 00
   filter mask3 FF       00 00 00 00 00 00 00
   
   If we set filter mask1 we'll be receiving from the corresponding EMM PID 
only the packets dedicated for provider 0025.
   If we set filter mask2, we'll be receiving from the corresponding EMM PID 
only the packets addressed to Shared Address 00 00 20
   If we set filter filter mask3, we'll be receiving from the corresponding EMM PID
ALL PACKETS from table_id==84.
   
   Load Time-Out - denotes table waiting time in seconds, max. 0x2000 secs. 
After this time is up a Load Time-Out Error will be generated, 
in case if no data corresponding the filter were received from the PID.
   	(in "Continuous Load" mode this value is ignored, you can stop the download 
by pressing the button Stop).
   
   Max. Length - table maximum length (highest possible value 4096 (0x1000). 
The table length (12 bits) will really be taken from the bytes of table's header.  
   
   Continuous load - this mode is experimental as yet. Allows to continuously download data 
from the chosen PID according to the provided filter.
   	This option IS NO GOOD to download EMMs from a PID, because 
the EMM flow speed rate is considerably higher than that of sending data through 
RS232 to host.
   	Yet, provided that you've narrowed the datastream with the corresponding filter and mask, 
it's possible to save the incoming data into binary file.
  

*NOTE. All downloaded sections will be saved into binary file in the current catalogue 
(file name - check this in log, e.g. "Section saved as: PMT_0C6C_00.bin"). 
============================================================================
English translation done by YARO
15.02.2004, 23:07
============================================================================	


MediaBox Communicator

1. How to install.
 Unzip your archive and copy VCL50.bpl, VCLX50.bpl into the system directory (for instance, WINDOWS\SYSTEM32 
or WINDOWS\SYSTEM).

2. What's the program for.

The program is designated for data exchange using modified Canal+ MediaHighWay 
receivers through RS232 (serial) port. 
(For the time being the program's full compatibility is ensured only with PI712 firmware version)

This is what program enables you:
   - dump download (I was able to download 1 Byte in about 100 seconds); this feature is useful 
to read and save dumps of RAM, firmware and channel settings without having a JTAG-interface 
on receiver's main board; 
   - channel settings (TCS, TPT, TSR, EMU, etc.) upload;
   - smartcard emulation through COM-port.
   
3. Buttons function and usage of the program.

COM port number - computer's port number connected to a receiver.

Baud Rate - communication port speed. To normally work with PI712 firmware version it's necessary 
to set 115200 baud rate speed.

Open - opens/closes computer's -port. Once the port is opened you will have access
for tracking data from the receiver (Write_Trace function is available). 
The feature can be used to log incoming / instructions and saving them onto your computer.

DUMP - a dialogue will pop-up upon pressing this button. You will have to provide 
the address you want to start reading data from, and sure thing data length. 
       Both parameters should be provided in HEX (e.g., length: 1Byte = 400, 
64Bytes = 10 000, 2Bytes = 20 0000). 
       It doesn't matter whether you enter your data in small/capital letters and with/without
spaces or you don't. Please mind though, that maximum length of both fields should not exceed 12 symbols
including spaes. For instance, address "7f e0 00 00 " will be interpreted correctly.
       After you press  in this dialogue, another one will pop-up. Here you'll have 
to enter the name under which the read data will be stored on your computer.
       ATTENTION!!! Be sure to enter your receiver into COMM-mode BEFORE pressing OK button: 
just go to Service Menu - +/B/7/4/Serial ON).

ECM -  allows to decrypt all incoming from the receiver s and sends decrypted Control Words
back to the receiver. This function will definitely work slower than built-in U, still it may be useful 
for relatively slow receivers, e.g. Pioneer-1330, while working with resource capacious 
encryption systems (like NAGRAVISION).

Upon pressing the button a dialogue prompting to open the file will pop-up. You will have 
to choose any file containing EMU section (those can be found on any upload). The keys and 
providers' idents will be extracted from this file, and allow to decrypt all ECMs incoming from 
your receiver.
       ATTENTION!!! Be sure to enter your receiver into COMM-mode BEFORE pressing EMU button. 
Go to Service Menu - +/B/7/4/Serial ON), or enter the receiver into "DW from Host ON" mode
(Service Menu - +/B/7/5).

SETTINGS - this option allows to load new settings (channels lists, transponders, symbolrates, 
and EMU-keys). Loading of new settings is performed correctly, thus no EEPROM erasure or its update 
is needed. You do not have to erase or update your EEPROM.
All loaded settings begin to work right after they have been loaded. Do not forget to quit 
the previous menu.

       Having pressed the SETTINGS button you'll see a pop-up dialogue prompting to open the file. 
Please choose a setting file you want to load. 
       Once you have chosen the file, a dialogue prompting to choose folders to load will pop-up. 
Mark one or several folders you want to load into your receiver
       (I would STRONGLY advise on simultaneous TCS, TPT,TSR and EMU loadind to avoid
any discrepancies between the existing channels settings and the new ones you have just loaded).
ATTENTION!!! Be sure to enter your receiver into settings Load Mode: Menu/4/D - Waiting for START. 
       New settings loading runs rather fast. Check out the below following log of 
TCS, TPT, TSR and EMU loading:
====================
Start send of TSR (18.01.2004 20:48:27)
Last packet sent.
entree dans init_proctab
sortie de init_proctab
Xmit terminated.
 (18.01.2004 20:48:29)
Start send of EMU (18.01.2004 20:48:29)
Last packet sent.
entree dans init_proctab
sortie de init_proctab
Xmit terminated.
 (18.01.2004 20:48:32)
Start send of TPT (18.01.2004 20:48:32)
Last packet sent.
entree dans init_proctab
sortie de init_proctab
Xmit terminated.
 (18.01.2004 20:48:35)
Start send of TCS (18.01.2004 20:48:35)
Last packet sent.
entree dans init_proctab
sortie de init_proctab
Xmit terminated.
 (18.01.2004 20:49:01)
=======================
       All in all it took 34 seconds to load the shown sections ;)    

Stop - breaks the current operation and sends out a corresponding message to the receiver.

	Upon closing the program all events are saved in MediaCom.log file.


4. Known bugs.

So far only ONE possible bug could have been noticed - overflow of RS232 receiver buffer during DUMP operation.
Most likely it may be happen on slow PC, especial in background mode. 
Unfortunately there isn't any flow control now but i will work about in case some bugs will be reported.
          

Please send bug reports at Dynamit's board:
http://www.bbk.net.cn/user/dynamitforum/

With best regards,
deemonru          
=================================
English translation done by YARO.
19.01.2004