do Sonicview Sv-1000 still work? I see there are "no" posts for them. this guy I meet has one real cheap!

It will not work with iks/private servers that is why it is so cheap.

But like just about all older boxes, the code could be modified to do IKS. That box should have some old N2 files and they are easy to modify to support serial output of required strings in coolsat format and to get the returned CWs via serial port too. If you find a file that still lets you do the N2 radio signals on 97 degree bird, it can be pretty easy to test how the box's code saves CWs. Use serial port output to help you find were the code is to send strings out the port (you usually see some sort of output at 115.2Kbaud as a box boots up ). You might have to do a little work, but overall it only requires a 100 bytes or so of code to do IKS.

I might give it a try as I'm one of the few that still using a converted Nano2, which runs great some days and seams to freeze a whole lot on others. If it isn't any better than my Nano, I could always go back to my original plan an get an dreamlink HD T5

Well, in the past I took a look at the code in a "Charlie fix" file from 2008. It is NEC processor inside, so MIPS code and there are lots of MIPS tools around--gcc varient does compile C code. I have a note file on the file I looked at, so a few routines found inside. As I recall sv used a common checksum type on the files, so you should be able to un-pack the code mod and repack with checksum fixed. I happen to like MIPS code, so I would think it would be a good experimenters box, but to really know that would need a look at what chips are inside and how hard it is to mod hardware (if one has an interest in that stuff, I think hobby use of FTA boxes rather than stuff like single board gizmos like raspberry PI would be good way to use these cheap old boxes)

It looks to me that your mods would follow the work done for sv4k in :
http://www.satfix.net/showthread.php?140385-Machine-code-mods-to-sv4k-box

Baaically, dale used one of the game routine's space to get RAM dumps using the "send n bytes" routine. Then once a few spots with info required for rq-sssp were found, modded one of the old Nagra ecm routines to send out the required packets, and modded another routine (can't recall where) to receive the CWs and used one of the CW save routines to actually get the processor to decrypt the packets with them. You would have to do much the same. Your files have a zipped (PK type that 7-zip can do) mainsw section, so one of your first tasks would be to learn to pack and unpack. The checksum can be figured with Hexworkshop, or some other simple 32 bit byte-wise sum routine could be used (pretty easy to write a lcc-win32 routine to do that for you) with the aid of calculator to do the last XOR step.

Here are some notes on that old 2008 sv1k file:

SV1000_V0331P_Charlie&Beverly_Fixed 8/29/2008

Like the sv4k files this is NEC processor code. MIPSb type code.
SFBOOTLD installs at bfc00000 in flash
SFBOOT01 installs at bfc02000
SFMAINSW at bfc20000 but contents are un-packed to RAM at 80020000
"SFSATINF" 0xBFD90000
SFCHNINF 0xBFDA0000 ?0x3BE00 bytes?
key data @ 0xBFD60000

Search for "SV1000_P.bin", select from the "PK" just before that string to end of file and save the selected part of .bin as a .zip file and then use un-zip program to extract the contents.
01EC09 to 125AEe gives an extracted 25D6b0 sized file. That file should be loaded to IDA Pro at base addr of 0x80020000.

Same span of file as above simple sum is 089b9fd6 then XOR 19450815 = 11DE97C3 as seen at 0x1ebed (0xc bytes into SFMAINSW)

Disassemble @8002087C ?does a big chunk of the code at start of file?
But hit c at 80044008 to really kick off main code diassembly. This is just before an NEC copyright notice BTW.

Using the sv4k IDC with start addr changed to 80044494 gives more complete disassembly of the code.
note needed to manually kick off at 800F2F94 too--need to make that addiu search better!!

note settings for gp and sp registers:
ROM:80020034 la $sp, unk_80043058
ROM:8002003C la $gp, unk_8003CCD8

end of file @8027D6AF


80142190 # Zmodem init (2a 2a 18)
80143D3C # init zmodem xfer (0x18.....\r)
80141CE8 # send null terminated string out serial port
80141A9C # send byte out serial port
80141AE0 # 2nd send byte out serial port
80141D40 # send hex format byte to serial port
801423C4 # send 2a 18 to serial port using 2nd routine
8014410C # check the file extension
80144CC4 # do "dxmain.rom"
8015C9B0 # send "VX" serial message
8015CA30 # serial send "........-" file header and VX message

800DE95C # display msg on screen
801D631C # memset
801D6224 # memcpy
801D8310 # memcmp?--string compare
80145434 # test for file header like "SFMAINSW"
8015CE7C # "Software Downloading..." and flash update
8015E13C # read file from serial port
8015D8A4 # "Data Uploading..."
800BEB10 # do ui main
800BBD7C # install task
800BE02C # install ui
8009229C # install a task handler?
80162770 # save CWs? based on 0/1 even/odd
8015F6DC # NAGR_ProcessEcmData
8016383C # nagra2_ecm
80164B2C # NAGRA2ECM
8016AC60 # N2ECMNew
80167C50 # nagra2_newecm

800BC490 # read sw version stuff in flash--bfc02010, bfd90010

800BC598 # S2010F test
80145A80 # header checksum--uses 0x19450815
80145ED8 # mainsw transfer
80145914 # sw update callback?
800BAF44 # delay?
80188BBC # flash block erase?
800D0CAC # 0xbfd80000
800B435C # enter PIN code OSD
800DC688 # OSD "Channel is locked"

?possible PIN codes? 0x7530 (30000), 0xEA60 (60000), 0x11170 (70000), 0x13880 (80000), 0x15F90, 0x15F91
main PIN? 0x8C2 (2242)--yep, see it in lots of places
in ui main:
ROM:800BEE60 li $t9, 0x8C2

800E132C # OSD "turn off after" "min"
800D75F8 # OSD "AUDIO" "STEREO"
801292D4 # OSD "MOVE" RESIZE ZOOM"

801D83FC # strcmp?
8017FC08 # year/mo/day?
8016CE68 # RSAmod load for EMMs?
8016F428 # idea/RSA steps
80163DA4 # ?autoroll?
80182170 # "sc_cass_process" EMM handling?
80181D58 # "sc_cass_process" ECM handling?
8010F6A0 # OSD "Stand-by mode AutoRoll"
8010DFD0 # OSD "Auto Dolby Select" "No Template Loaded !"
8010B944 # OSD "TV Type" "AV Settings"
800C83F8 # something to do with chinf? 0x3BE00 bytes
800CF03C # copy chinf from flash
800E07CC # Edit CHINFO and save
8015DAF0 # set up sat and ch info for send to PC?
8015DCDC # send sat and ch info?
80188D2C # erase bfda0000 area
80074D34 # low level serial port routine. note B2001000 register use
8007485C # Read? low level serial port routine. note B2001000 register use
80076A9C # send n bytes out serial port?
(handle?port?, buffer/location ,n) port usually = 1
800769BC # read n bytes from serial port w/timeout
(port#, buffer, n, timeout)
8015CE0C # serial port task handler--installed as "ui_beep"?
------------------------------------------
IR custom code 7d 37 (125 55) NEC1--Hum lirc and other sv-1000 jp1 file shows 00 FF
801B0550 # "PIN_HISR" task
801B0584 # "REM_CBT" task
801B22E0 # "RTC_CBT"
801AF8F4 # "GPIO_CBQ"
8019E260 # "GRP_RGA"
800740B0 # install Uart RX/TX
80076C88 # "VENCDRVA"
8009C9F8 # "TunerTask" install
800B3F80 # CC on/off OSD
800BB1B4 # "APP_SEM"
800BB284 # "APP_Q"
800F0B74 # part of un-zip?
801261D4 # something about volume /view
8012B5D4 # something about volume and multipicture
80128B28 # multipicture OSD

8010CAD8 # Version info OSD
80174A38 # select dump of card
801D6F24 # sprintf

ROM:8006E420--?part of remote look up table?

8008544C # get a waiting AMES?
80085AC0 # get waiting HISR
800EA9F0 # part of EPG OSD?--has CC ON/OFF step
800C79C8 # box init: move CH data from flash to RAM and test for proper header
800BE6A8 # get button pressed code?
800AB8FC # delete/save OSD
800D93DC # edit sat OSD
800A4BE4 # put a menu OSD on screen w/ title
800D8BB4 # fav sat OSD
800DAAC4 # another sat OSD
800DF094 # select lang OSD
800E22D8 # previous ch OSD
800E3D90 # EPG reminder OSD
800E5C1C # channel list edit
800FDBC8 # another ch edit OSD--includes the FTA/CAS menu
801120EC # dish settings OSD
80117398 # transponder edit
8011E568 # sort OSD
801201DC # channel guide OSD
801464CC # data transfer OSD

8014BF34 # dish settings/blind scanning OSD
80151934 # event timer/sleep/mode OSD
801523E8 # another channel list OSD?
8015ADA0 # Catagory OSD
80105A60 # FTA/CAS OSD
800FABD0 # OSD includes FTA/CAS--not called?
8011A188 # send cmd by index
800D13B0 # menu system
80131920 # Tetris game
8012EDA8 # Hexa game
8012F360 # "Sokoban" game
80105DB8 # "User Settings"
800F2F94 # dish setting TAB OSD
800DCAE8 # "Factory Reset"
800A064C # put on-screen menu title string
800B0A88 # put a string at a "line" on the screen
800A99B8 # Debug message?
800BDFD8 # get user response code
8012ED34 # game over message


If you have some specific questions about the way to do this, you can ask, but I have an ongoing project of my own that is taking most of my time, so I'm not going to walk you through it.