SPUNLOCK
12-29-2004, 11:36
we must help each other and i suggest i tell what experince i have with nec 3g
i had a e616 2 months ago and ipls flasher what i discovered after playing with them is that i could flash and after it added 4 new languges the flash itslef is encrypted so i used a usb monitor from hhd software and grabbed flash info then found first link in decrypted flash and loaded soft to flash fone and run winhex found string in ram of nec process and dumped memory then i serached starty string and found end string in hhd and saved files now i have 100 16 mb decryted flash file i run ida pro choose arm processor and after 3 - 4 hours of playing i found entry point for loader in side this was address to carry on with dissasembling but oready to get to this stage took 3 days in ida so i leave this info with you
p.s for 313 and 228 procedure is same but is more simple to rip decrytiuon algo from soft using ida i doubt anyone here has the skill but i dont have the time ... i challenege someone to make there own flasher if you can contact me for some developer software that allow you to access acpu and
TYPE=1 # Program Type : 0->FF(HEX)
NAME=ARM CODE # Program Name : (ASCII)
START_ADDRESS=40000 # Start Address : 0->FFFFFFFF(HEX)
END_ADDRESS=10FFFFF # End Address : 0->FFFFFFFF(HEX)
FILE= # Load File Name : (ASCII)
SEL_STS=0 # Load Program Select Flag : 0=NotSelect,1=Select (DEC)
PAD_DATA=FF # Padding Data : 1->FF(HEX)
WARNING=0 # Warning Message Display Flag : 0=NO,1=YES(DEC)
CHECKSUM=0000 # Check Sum : 0->FFFF(HEX)
ROM_CHECK_SEL_STS=0 # ROM_Check CPU Select Flag : 0=NotSelect,1=Select (DEC)
http://www.hhdsoftware.com/usbmon.html usb protocol anaylizer and logger
www.spunlock.com/ida4.50.rar ida pro cracked
www.spunlock.com/winhex10.45.rar winhex
anyone who wants a start point here it is :D :D
i had a e616 2 months ago and ipls flasher what i discovered after playing with them is that i could flash and after it added 4 new languges the flash itslef is encrypted so i used a usb monitor from hhd software and grabbed flash info then found first link in decrypted flash and loaded soft to flash fone and run winhex found string in ram of nec process and dumped memory then i serached starty string and found end string in hhd and saved files now i have 100 16 mb decryted flash file i run ida pro choose arm processor and after 3 - 4 hours of playing i found entry point for loader in side this was address to carry on with dissasembling but oready to get to this stage took 3 days in ida so i leave this info with you
p.s for 313 and 228 procedure is same but is more simple to rip decrytiuon algo from soft using ida i doubt anyone here has the skill but i dont have the time ... i challenege someone to make there own flasher if you can contact me for some developer software that allow you to access acpu and
TYPE=1 # Program Type : 0->FF(HEX)
NAME=ARM CODE # Program Name : (ASCII)
START_ADDRESS=40000 # Start Address : 0->FFFFFFFF(HEX)
END_ADDRESS=10FFFFF # End Address : 0->FFFFFFFF(HEX)
FILE= # Load File Name : (ASCII)
SEL_STS=0 # Load Program Select Flag : 0=NotSelect,1=Select (DEC)
PAD_DATA=FF # Padding Data : 1->FF(HEX)
WARNING=0 # Warning Message Display Flag : 0=NO,1=YES(DEC)
CHECKSUM=0000 # Check Sum : 0->FFFF(HEX)
ROM_CHECK_SEL_STS=0 # ROM_Check CPU Select Flag : 0=NotSelect,1=Select (DEC)
http://www.hhdsoftware.com/usbmon.html usb protocol anaylizer and logger
www.spunlock.com/ida4.50.rar ida pro cracked
www.spunlock.com/winhex10.45.rar winhex
anyone who wants a start point here it is :D :D