How to use "Through Pic Programming" to program the Eeprom on a PIC/wafer-card

by 2old4this



Quick step-by-step reference
1) use h/w device like JDM + IC-Prog to write Loader/Boot/Main file xxx.HEX to 16F84 PIC
2) use h/w device Phoenix + IC-Prog to write eeprom file yyy.BIN to 24c16 EEPROM
3) use h/w device JDM + IC-Prog to write PIC pgm file zzz.HEX to 16F84 PIC

* Windows PC with COM port & cable (e.g. COM1 port and the same serial RS232 cable used to connect your PC to a modem)
* Wafer card. Several formats are useable. See below. Typically a "goldwafer" is needed.
* Programmer device which can operate in "JDM" mode for programming loose DIL chips (PIC and/or EEPROM).
* Programmer device which can operate in Phoenix/Smartmouse mode for programming embedded EEPROM chips
- if using a card with dismountable chips, no Phoenix/Smartmouse device is required.
- these Ludi & Phoenix programmers can be 2 separate devices or a single "combi" device.
* PIC programming software to operate the JDM device
* Phoenix/Smartmouse software to operate any Phoenix/Smartmouse programming device you need.


More details on suitable cards
Basically there are three main types.

(1) Wafer cards
These are the traditional plastic credit-card type. They contain chips which are etched into the layer sandwiched between the plastic, and so are invisible.
They follow international (ISO 7816) standards, and their pin layouts are well documented in official literature. The word "wafer" itself arises from the fact that they are wafer thin.

There are various kinds of such cards.

"wafer" (i.e. the simple term, as opposed to, say, goldwafer) usually refers to a card containing just one chip. They used to be in service for decrypting D2MAC analogue channels, and were known as MultiMacI (MM1) cards.

"Goldwafer" is a card that contains 2 chips: one PIC and one EEPROM. They first became popular as auto-updating D2MAC analogue pirate cards, and were known as MultiMacII (MM2) cards. The name arose because most of these class of wafer cards are gold coloured. But not all. Some are white, for example. In fact it doesn't matter what colour they are so long as they contain the right chips. But beware: many (most) of the white wafers are actually single-chip wafers, and that is not sufficient.
The PIC is type 16F84. Some older D2MAC wafer cards have a 16C84. This is NOT ok, since it contains insufficient RAM memory to hold the files that will be loaded.
The EEPROM is a 24C16. Some variations are ok. For example, the 24LC16 where the "L" indicates "low power consumption".

"Triple-wafer" cards contain 2 PICs and one EEPROM.
"Quad" cards contain 2 PICs and 2 EEPROMs.
The 2 PICs are configured as "slave" and "master". Schematics for such cards exist on the internet, some are now also being sold ready-made, and the special master/slave versions of the files to be loaded are also now widely available.

"Fun-cards" are also now available, which not only have a different internal configuration, but also use a different chipset (eg an Amtel AT90S8515 with a 24c65 EEPROM)

(2) SMD cards - Surface Mount Devices.
These are the same dimensions and layout as a plastic wafer card, but they contain visible surface-mounted chips (i.e. chips whose pins are soldered onto the surface of the card rather than through holes. The chips are very low profile, so this card - like the wafers - fits into a CAM slot with the flap (if any) closed. Some SMD cards are badly soldered and can give problems.

(3) PCBs - Printed Circuit Board cards, or Print-cards (or PIC-cards)
These are normal circuit boards shaped to fit into the CAM slot and etched with tracks which match the internally etched tracks of a wafer. They usually hold sockets soldered onto the PCB, into which dismoutable chips are pushed. The disadvantage of PCBs is that the size of socket+chips means they do not slide completely out of sight into the CAM slot. They have to be made longer than a normal card, with the sockets/chips at the end so that they stick out of the CAM. This means that any flap over the CAM can not be closed (a minor inconvenience).
They have two significant advantages though. First, the chips can be removed - and so can be programmed separately on a JDM device. This contrasts with the normal wafers, where the EEPROM chip can only indirectly be programmed using a technique known as "through-PIC". More of that later.
Second, they can be made from standard electronic parts by the hobbyist. Schematics/layouts are downloadable at many internet sites and the chips needed are standard PICs and EEPROMs, available from normal electronics suppliers.
Oh, and they are a bit cheaper too.

More details on programmers
Most but not all programming devices work through the serial port using a standard serial cable. Some (typically the more expensive models) work through the parallel printer port, using a bespoke cable. The required power-supply is typically 9v or 12v DC, delivering 300mA.

In order to program plastic cards, both the Ludi and Phoenix devices should be equipped with a smartcard reader (i.e. a slot into which the wafer can be slid in order to program it). Not all such devices have this as standard.
If you are intending only to work with PCB cards (with dismountable chips) then a Ludi without card-reader will be all you need - assuming it has one or more sockets suitable for inserting loose EEPROMs and PICs.

If you are working with plastic cards, you MUST have a Phoenix/Smartmouse device, since that is the only device which can program the embedded EEPROM. It will also have to operate at the lower speed of 3.57MHz. The higher speed of 6.00MHz is ok for modern MOSCs but can damage wafer cards. Not all such devices have a 3.57MHz oscillator - some only have a 6.00 MHz. But a 6.00MHz programmer can be turned into a 3.57MHz programmer simply by swapping the oscillator crystal - no other modifications are required.
Note: a device in JDM mode does not use the crystal.

Popular JDMs (also referred to as a "Hi/Lo programmer") are the DL20 & JDM (Jens Dyekjær Madsen).


More details on programming software
These programs offer features for programming, reading, and erasing the chips. The HEX or BIN file is read from the pc-media (eg hard-disk) into a buffer, and from there piped across the COM-port/cable to the programming device and into the chip. Most programs use checksums to verify what they are writing.
There are a vast range of utilities available, some Ludi-only, some Phoenix-only, some combined. Some have additional handy features such as HEX disassemblers.
Some programming devices come with their own dedicated software.
Note: whatever Phoenix/Smartmouse software you use, it should support the 3.57MHz speed - and not all do!

Where to buy and what they cost.
Wafer-cards, SMD-cards, PCB-cards are available in many satellite shops throughout Europe, and through many internet retailers. It is perfectly legal to sell such cards and/or chips in the raw, blank state, since they have multiple purposes. Only when the software is loaded, turning it into (say) a pirate satellite card, would its sale or use become illegal.
Price typically GBP 15 each. You really shouldn't pay more. If you are asked for more, you are being ripped-off.

PCB cards can be built by the electronics hobbyist. Schematics/layouts are downloadable at many internet sites and the chips needed are standard PICs and EEPROMs, available from normal electronics suppliers. If you make such a card yourself, expect to pay less than GBP 10 for the parts.
Fun-cards can be made (schematics again are available on the Internet) or purchased ready-made. Trio- and Quad-cards are mainly DIY items at the moment.

Programmers can also be purchased in kit or ready-built format. ready-built ones are still being sold by satellite shops, though some less openly than before the 28th/May/2000 European anti-piracy legislation came into force. There are many retailers selling them online though.
Costs range from about GBP 30 for the cheapest combi (VP-2) up to hundreds of pounds for professional-quality PIC programmers alone. The higher costs usually are indicative of a wider range of supported chips, as well as a better tolerance of the many differences across PCs of COM-port, processor-speed, etc. But if the sole purpose is to program 16f84 and 24c16 chips then the cheapest should suffice.


Overview of process
The goal is to get a key file into the EEPROM, and a software file (including key-decryption algorithms) into the PIC.
The software file is usually a hexadecimal (xxx.HEX) file.
The key file is usually a binary (xxx.BIN) file.
A loader (or "boot") file may also be needed in order to pass the key file through the PIC and into the EEPROM. The loader will typically be a HEX file.
Some programming utilities will demand that the file for the EEPROM is indeed a BIN file, and the others are HEX. But if the downloaded files are not in those formats, don't worry: there are utilities available for converting from one to the other.
There are also wafer software files available which allow the keys to be loaded using new pseudo-nano-commands in CRD format as familiar to people who have played with MOSCs. But we will ignore those here.

The loader/hex file
When working with non-removable chips (i.e. SMD cards, or plastic wafers), there is a problem to be overcome: how to gain access to the EEPROM, since it sits "behind" the PIC. The solution is to use "Through-PIC" technique. This means loading a special file onto the PIC whose sole purpose is to pass the key/bin file through to the EEPROM. This loader (or boot) file exists in many different versions, with names like LOADER.HEX, MAIN.HEX, 16F84.HEX and so on. Often the wafer-software files are packaged with a loader. But don't think you have to use the loader which comes with the particular package. Once you've found a loader which is reliable for you, save it and reuse it for all future through-PIC programming.
When the EEPROM has been successfully programmed, the loader has fulfilled its purpose and can be overwritten with the program/hex which you really wanted on the PIC in the first place.

The key/bin file
The key file contains some data which mimic a MOSC (Manufacturer's Original Smart Card). For example, an ATR, a country-code, a hex-serial number, an ascii-serial.

The program/hex file
This mimics an official card to a degree, but also offers more functionality.
Many different versions exist and they are constantly being tweaked, to create new versions. More often than not they are matched in some subtle way to the associated key/bin file. So best advice is to use the hex/bin pair as a pair - don't mix and match.

There are so many variations of card, software, programming device, PC, CAMs and receivers, that it is inevitable that problems arise. Sometimes problems are due to faulty hardware, or mismatched hardware. Sometimes bugs in the software, or the firmware of the CAM. When problems do arise, it can be difficult to find out the cause.
Here are a few known problems.

* Some programming devices (such as the VP-2) can not work with laptops. This may be due to the com-port settings, or to power-management of the COM-port. Always switch off any power-management utilities you have running, and ensure that the COM port you are using is powered-up.

* Some programming devices (such as the VP-2) can not work reliably (or at all) with fast computers - which can be anything from a Pentium 90 upwards. Such problems may originate with bad timing pulses generated within the programming software, so that some software will work, others not. Now where have you got that old 286 stored?

* Not all combinations of programming software and programming device are compatible. There are lots of different PIC and EEPROM programming utilities to try out though, so when you find one that works, keep it.

* Often small variations in voltage or timing pulses might cause read/write errors, and verify-failures. The solution will usually be simply to start the operation again (perhaps after re-inserting the chip, or cleaning the card's contacts, or switching the programmer off/on).

* Some wafer software is not compatible with some receivers. Search out specific wafer files for your receiver if they exist.

* Some loaders/boot-hex files work well, some don't. When you have found one that works for you, keep it and always use it in preference to any that is supplied with the other bin/hex wafer files.