What's an Emulator/Data Logger?

A. It is a dual purpose device. In emulation mode, the device is used to physically isolate an ISO7816 smartcard from direct input such as a transmitted datastream while creating an image of the coded area of the card (EEPROM) in a computer's memory to interact with the data input source. In this mode, the device acts like a firewall in that it protects the actual smartcard from being inadvertently altered, corrupted or damaged by accidental or deliberate code input. In data logger mode, the device can be used to study the smartcard's reaction to input for developmental and debugging purposes. An emulator/data logger system consists of several components.
Those components are:

- Emulator/Data Logger interface board. This is a piece of hardware which is either plugged into your IRD's (receiver's) card slot (most common) or internally hardwired to your IRD's card slot in lieu of plugging your H card directly into the IRD as you normally would. This piece of hardware is presently known by several different names including Season's Passive board, Smartcard Development board and may be called many other names before the current demand for them stabilizes.

- A dedicated PC that is at least a 486 50MHz machine or better equipped with two serial (com) ports and a floppy drive. A keyboard and/or monitor for the PC is optional. Some faster IRDs (32bit variety) seem to require more CPU horsepower than the stated minimum but, as yet, there is no hard and fast rule to apply in this regard. If you have one of the faster IRDs, I personally would recommend a minimum of a "classic" 75 Mhz Pentium (P1). It is also important (though not absolutely necessary) to have com ports equipped with 16550 UARTS though this usually isn't a problem as most later model 486 machines came equipped with such UARTs as standard equipment. Check to be sure nonetheless.

- A standard ISO7816 smartcard programmer with an AC power source such as a wall wart adapter or a PS/2 style keyboard connector power connector OR a flash-upgradeable unlooper with the WT+ code flashed on its Atmel chip.

- The necessary cables, connectors and connector adapters to connect the programmer and the emulator board to the PC. The cables can be standard 4 conductor telephone line, CAT5 patch cable or standard rs232 serial cable. Reported operational cable lengths will probably vary according to the quality of the cable used, but 50 ft. seems to be the limit where complete reliability can be expected.

- A functional H card. Does not have to have a valid bin file on it.

- A valid (non-blacklisted) bin file. Does not have to be on the H card.

- An IRD that is known to work with emulators. Thus far, the only universally emulator-incompatible IRD known is the Hughes B1 series. However, some emulators have reportedly not been able to work with Hughes B2 series IRDs and RCA222 series IRDs.

- The latest version of the SLE44 emulator software. by PGM. (thanks PGM!)

Q. How long have emulators been around?

A. Since the days of the old F card.
In fact, emulators were the only working hacks in the waning days of the F card. With the deployment of the dynamic code writing abilities in the recent update package, the chances look better than even that history will repeat itself and emulators will be the only working H card hacks left standing when the P2 datastream bites the dust.

Q. How does an emulator work?

A. It physically isolates the H card from the datastream.
It accomplishes this by loading a faux card into the PC's memory in much the same way as scripts create a faux card in the non-code areas of an H card to fool the IRD into thinking that a valid card is plugged in. Instead of the IRD looking to the H card for the faux card though, the emulator board channels the IRD's probes to the PC instead where it sees the faux card in the PC's memory.

Q. Okay, so why do I need an H card at all if the emulator software creates a faux card and the hardware can force the IRD to use it?

A. Because the H card's signal processor (ASIC) cannot be emulated.
The ASIC (application specific integrated circuit) must be used to process the video signal. The SLE44 software enslaves the actual signal processing portion of the real H card for video decryption while using the faux EEPROM portion of the H card in the PC's memory for validation type probes and datastream alterations. A good analogy would be to imagine the phony town the folks of Rock Ridge created in the movie "Blazing Saddles." While Hedley Lamarr and the bad guys were tearing the phony town (faux EEPROM) apart, the homes and businesses (ASIC) of the good people of Rock Ridge were safely left intact and business was conducted as usual. Notice that I emphasized the word decryption! That's because the video encryption method used by DTV is a tough nut to crack! This is why it is now virtually impossible to emulate the H card entirely and why (at least for the present) it is absolutely necessary to have an actual working H card for emulator systems.

Q. Why do I still need a valid (non-blacklisted) bin file when you say that a valid bin doesn't have to be on the H card itself?

A. Because the actual H card only has to be functional but the faux H card in memory must be valid.
Since the IRD can only send validation probes to the faux H card in memory, it doesn't matter whether or not the bin file on the actual H card is valid or not. The IRD cannot check whether it has a valid bin file on it. On the other hand, since the IRD can see the faux card in memory, it can check to see if it is a blacklisted bin or not.

Q. Can I still use a valid cloned bin from another card with an emulator or must I have a bin from my own legit subbed H card?

A. You can still use cloned valid bins.

Q. My card was hit by the "Black Sunday" ECM. Can I still use it in an emulator?

A. YES. There are actually now 2 ways to do so!
The way I would recommend is to use a flash-upgradeable unlooper flashed with the module of your choice from the WTBSBOOT01P.ZIP file in an emulator system. The other way would be to purchase a bootloader board and use it in a standard programmer in an emulator system. Actually, there *is* a third way to use a Black Sunday card to watch TV, but in my personal opinion, you'd be a fool to use it! You could just use a bootloader board in a standard programmer to clean and program the card and apply a subbed bin or script to it. However, since bootloader boards offer absolutely NO protection from ECMs whatsoever, you're setting yourself up for a fall by using this method!

Q. Did "Black Sunday" affect emulators at all?

A. Yes, but only slightly.
Emulator users found themselves experiencing periodic blackouts lasting for about a second and occurring every 1/2 hour or so. While this seems trivial, it is, nevertheless, annoying and it is especially problematic if one is videotaping a program they wish to preserve. However, this problem was quickly remedied by either using the original bin file from a legitimately subscribed card or making a few manual edits to the .cor file to make it more closely resemble a normally subscribed card. The release of SLE version 3.0 also addresses the blackout problems. Some people report absolutely no blackouts since using the aforementioned methods of dealing with them. My personal experience has been that I now only experience one or two momentary blackouts a day but I have not upgraded to SLE 3.0 yet either.

Q. Do HU cards work with emulators?

A. No!... at least not yet.

Q. This all sounds pretty complex to me. I just barely learned how to use a programmer. Won't setting up an emulator be something too difficult for novices like me?

A. For the internal hardwired version of emulation, probably. But if you can follow directions carefully and by the numbers, the "Emulator Setup Guide" on this site should get you up and running without any problems.

Q. Is there any list I can refer to that will confirm whether or not my IRD will work with an emulator?

A. There's no official list, but here is a listing I've compiled from postings in alt.dss.hack.

NOTE! Please don't e-mail me asking if any particular emulator will work with any particular receiver or if a particular receiver not listed will work with emulation! I only have direct experience with the Hughes D2, RCA523, RCA503, RCA505 and the Sony A50 and S10's emulator boards... period! IRD NOTES
HUGHES B2 nearly impossible to use with any emulator - some success alledged with external 5 volt power to emulator - SLE version 3 *may* help
HUGHES B4 insert emu board after emu ATR string appears
HUGHES D1
HUGHES D2
HUGHES D4 insert emu board after emu ATR string appears
HUGHES D45
HUGHES E1
HUGHES E11
HUGHES E25
MEMOREX MSD5000
OPTIMUS 6A7
PANASONIC TU-IRD10 Syntech emu w/no mods
RCA DRD102RW remove 5th cap, cycle power to restart
remove & reinsert emu to restart
RCA DRD112NW
RCA DRD212RD
RCA DRD2122RD remove 5th cap
RCA DRD222RD remove 5th cap - 486/66 reported to be too slow
confirmed w/P75
RCA DRD223RD
RCA DRD302
RCA DRD303
RCA DRD403RA
RCA DRD4120
RCA DRD420RE remove 5th cap
RCA DRD480RE
RCA DRD502
RCA DS503RB remove 5th cap
RCA DRD505RB remove 5th cap
RCA DRD515RB
RCA DRD523RB remove 5th cap
RCA DS5230RB
SONY A1
SONY A3 486/66 too slow
SONY A4
SONY A50 remove 5th cap, insert emu after ATR string
SONY A55
SONY B1
SONY B2 remove 5th cap - may have to cut LED resistors
SONY B3 remove 5th cap
SONY B50
UNIDEN 100

Q. Can I use a hard drive to load the emulator software instead of loading it from a floppy?

A. Yes, but there's no advantage to doing so.
In fact, as the hard drive consumes power, it's actually a disadvantage to use one in an emulator setup, especially one that is constantly left running.

Q. Is there any reason why I should or shouldn't leave my emulator running all the time?

A. It's strictly a matter of personal preference and your individual situation.
I personally would have a problem leaving an emulator running all the time because wall wart type power supplies used by most programmers are notorious for being fire starters. However, if you locate your emulator in such a manner that the wall wart is plugged into a metal power strip and the computer and power strip are located on a metal shelf, you can eliminate the hazard because even if the wall wart goes into a meltdown, there will be nothing flammable close to it to catch fire.

Q. Can I use my emulator computer to do other things while it is running the emulator?

A. People have reported successfully emulating on faster Pentium 3 class machines within Windows 2000 and Windows NT. Your mileage may vary...

Q. Are some emulators better than others? If so, why?

A. So far, from a functional standpoint, no particular emulator has proven superior to others.
From an aesthetic and/or structural point of view, however, a few emulators differ the rest of the current crop.

One vendor sells a two-piece emulator that has a contact section which is the same size as a regular H card and a smaller component section that can be placed out of sight. Because of its construction, it is actually possible to close the doors on most IRD models that have a door that covers the card slot. Aesthetics aside, this particular emulator is also practical where an IRD is located in a place where the front of it can easily be bumped against or is within reach of an inquisitive child's hands. Conventional emulators stick out a full 4 inches from the front of the IRD which makes them very vulnerable to accidental damage. This particular emulator eliminates that hazard.

Another vendor sells an emulator that has a serial connector which connects the cable at a right angle to the card slot. While this doesn't totally eliminate the aforementioned hazards, it cuts the distance the emulator sticks out from the IRD literally in half so it definitely reduces the possibility of accidental damage.

Last, but certainly not least, there's the do-it-yourself internally mounted Zapulator. If you're somewhat adept at soldering and minor electrical modifications, there are schematics and parts lists readily available to build an emulator interface that you mount inside your IRD entirely. The advantages are obvious in that you can conceal your emulator setup entirely from visitors you might not want to share your "hobby" with. Not only is the emulator interface completely hidden, you can also run the cable out of the back of the IRD to your emulation computer so it too remains out of view.

Q. Why do some IRDs require removal of the 5th capacitor on some emulator boards?

A. Because some receivers are more sensitive to momentary current draws than others. The capacitors used on some emulators take a miniscule amount of time to charge to their capacity, but even that small time period is enough of a delay to make some receivers behave as though no card is inserted and they shut down.

Q. Do all emulators have a 5th capacitor?

A. No. In fact, virtually no emulator I know of that is currently being sold has the 5th capacitor.
Only older emulator boards have the 5 capacitor configuration.

Q. Will an emulator work in one of the new "PLUS" type receivers that's been hit with the "752" firmware upgrade?

A. No.

Q. Will I still be able to use my card in my IRD after I set it up in an emulator?

A. Only after you restore the card to its normal functional status using either the "/v" switch with sle44e_p.exe or the AuxCard 1.5.xjs script in WinExplorer.
However, since Black Sunday, it has become clear that once an H card has been hacked, it is almost certain doom for such a card placed back into the datastream!

Q. I have tried every which way to unAUX my card using the "/v" command line switch with the SLE software and I can't get the card unAUXed! What am I doing wrong?

A. The only way I have ever successfully received the elusive "card is now virginised" message with the SLE software was when I used my fully set up emulator computer to do the job.
By that, I mean that I had the programmer and emulator still hooked up to my emulator computer and from the DOS prompt, I entered the command line "sle44e_p /a /v". When I attempted to "virginise" the card using the exact same command line on my personal computer with just the programmer hooked up to com2, it would not work. Instead, SLE acted as though it had not found the AUX card. When I tried just using "sle44e_p /v" I'd get "no core" messages. No matter what variations of the command line I tried on my personal machine and no matter what com port I used, SLE would not "virginise" my AUXed card! Although I've not seen any documentation to support this, it appears to me that SLE will only "virginise" a card on a fully set up emulator system and I am therefore led to believe that SLE looks for an emulator and programmer to be at their default locations (com 1 and com 2 respectively) before it will even attempt to "virginise" an AUXed card. I do not believe that the "/pa#" and "/pe#" will work with the "/v" option and it also appears that the "/a" switch is absolutely necessary to the "virginise" process as well. If that were not bad news enough, the one time I did manage to get SLE to report that it had "virginised" a card, when I subsequently tried to read that card with BasicH, I got a "timeout from 2A" message which meant that the "virginise" process wound up looping the card! Fortunately, my WT2 clone unlooper and WildThing 3.0 managed to unloop the card with no problem (took several minutes though). This was in version 2.3 of the software. I don't know if the "/v" option in version 3.0 behaves any better because I haven't tried it. I do not view this as much of an issue though, as it is very unlikely that you'll ever have a need to unAUX a card except to upgrade to newer versions of the SLE software and since unloopers are almost an absolute necessity to this hobby nowadays, most of you will have one to unAUX your cards with.

Please send any information about additions, corrections or omissions to this FAQ which you deem necessary or just plain helpful to
kayo@megsinet.net