Thx for the information (in fact I couldn't see this, I don't have any ipod :)
But If someone has IPOd, is the string mNrSYM7240KUVQ5 "seems like" firmware id, or 0x19F5FADA 0xA2700 is more favorable to a possible displayed firmware id in diagnostic mode ? (i didn't find any correct picture on google..) By the way, I definitively missed something;: in section all section, if you look for more ahead: ROM:000CAC80 00 00 00 00 DCD 0 ROM:000CAC84 02 00 00 00 DCD 2 ROM:000CAC88 02 00 00 00 DCD 2 ROM:000CAC8C 40 00 00 00 DCD 0x40 ROM:000CAC90 00 00 00 00 DCD 0 ROM:000CAC94 80 4F 03 00 DCD 0x34F80 ROM:000CAC98 90 04 40 DD DCD 0xDD400490 ROM:000CAC9C 83 20 C0 2E DCD 0x2EC02083 ROM:000CACA0 93 A9 29 AC DCD 0xAC29A993 ROM:000CACA4 7F 7E 73 2F DCD 0x2F737E7F ROM:000CACA8 31 23 5A EB DCD 0xEB5A2331 ROM:000CACAC 9F C7 ED FC DCD 0xFCEDC79F ROM:000CACB0 90 04 40 DD DCD 0xDD400490 ROM:000CACB4 90 04 40 DD DCD 0xDD400490 ROM:000CACB8 90 04 40 DD DCD 0xDD400490 ROM:000CACBC 90 04 40 DD DCD 0xDD400490 ROM:000CACC0 90 04 40 DD DCD 0xDD400490 ROM:000CACC4 90 04 40 DD DCD 0xDD400490 ROM:000CACC8 90 04 40 DD DCD 0xDD400490 ROM:000CACCC 90 04 40 DD DCD 0xDD400490 ROM:000CACD0 90 04 40 DD DCD 0xDD400490 ROM:000CACD4 90 04 40 DD DCD 0xDD400490 ROM:000CACD8 90 04 40 DD DCD 0xDD400490 ROM:000CACDC 90 04 40 DD DCD 0xDD400490 ROM:000CACE0 90 04 40 DD DCD 0xDD400490 ROM:000CACE4 90 04 40 DD DCD 0xDD400490 ROM:000CACE8 90 04 40 DD DCD 0xDD400490 ROM:000CACEC 90 04 40 DD DCD 0xDD400490 ROM:000CACF0 90 04 40 DD DCD 0xDD400490 ROM:000CACF4 90 04 40 DD DCD 0xDD400490 ROM:000CACF8 90 04 40 DD DCD 0xDD400490 ROM:000CACFC 90 04 40 DD DCD 0xDD400490 ROM:000CAD00 90 04 40 DD DCD 0xDD400490 ROM:000CAD04 90 04 40 DD DCD 0xDD400490 ROM:000CAD08 90 04 40 DD DCD 0xDD400490 ROM:000CAD0C 90 04 40 DD DCD 0xDD400490 ROM:000CAD10 90 04 40 DD humm seems plenty of 0xDD400490 (XOR key ? :) and thus, for all 4 "sections" + serpilliere Raoul Guggenheim wrote: > That FwId and Regn reminded me of the ipod diagnostics mode. In the abou > screen you'll find there exactly those strings. I see progress has been > done :-D > > >> look at offset 0xFFE00 >> It seems we have an array of size 4 with following structure, sort of >> section headers: >> >> *name (reversed string) >> *0 >> *offset in dump >> *len in dump >> *0x8000000 >> *0 >> *0 >> *0x10005 >> *addresse in memory? >> >> >> Moreover on disk we have (raw offset+ len):: >> diagflsh raw offset + diagflsh len >> 0xB5C40+ 0x14E40 = CAA80 >> >> and CAA80 is near flshdisk raw offset (0xCAC80) with seems to confirm >> sort of section header descriptors >> >> addresses in memory may be interesting: >> 0x810C848 >> 0x80F7808 >> 0x80F5008 >> >> because they seem to reflect len on disk: >> 0x810C848-0x80F7808 = 0x15040 and diagflsh may be 0x14E40 bytes on disk >> 0x80F7808-0x80F5008 = 0x2800 and logoflsh may be 0x2600 on disk >> >> and for example on PE header, there is file alignment , and memory >> alignment which may be different from one to another. (this is just to >> compare) >> >> >> >> ROM:000FFE00 68 73 6C 66 DCD >> 0x666C7368 ; flshdisk >> ROM:000FFE04 6B 73 69 64 DCD 0x6469736B >> ROM:000FFE08 00 00 00 00 DCD 0 >> ROM:000FFE0C 80 AC 0C 00 DCD 0xCAC80 >> ROM:000FFE10 80 4F 03 00 DCD 0x34F80 >> ROM:000FFE14 00 00 00 08 DCD 0x8000000 >> ROM:000FFE18 00 00 00 00 DCD 0 >> ROM:000FFE1C 00 00 00 00 DCD 0 >> ROM:000FFE20 05 00 01 00 DCD 0x10005 >> ROM:000FFE24 48 C8 10 08 DCD 0x810C848 >> >> ROM:000FFE28 68 73 6C 66 DCD >> 0x666C7368 ; diagflsh >> ROM:000FFE2C 67 61 69 64 DCD 0x64696167 >> ROM:000FFE30 00 00 00 00 DCD 0 >> ROM:000FFE34 40 5C 0B 00 DCD 0xB5C40 >> ROM:000FFE38 40 4E 01 00 DCD 0x14E40 >> ROM:000FFE3C 00 00 00 08 DCD 0x8000000 >> ROM:000FFE40 00 00 00 00 DCD 0 >> ROM:000FFE44 00 00 00 00 DCD 0 >> ROM:000FFE48 05 00 01 00 DCD 0x10005 >> ROM:000FFE4C 08 78 0F 08 DCD 0x80F7808 >> >> ROM:000FFE50 68 73 6C 66 DCD >> 0x666C7368 ; logoflsh >> ROM:000FFE54 6F 67 6F 6C DCD 0x6C6F676F >> ROM:000FFE58 00 00 00 00 DCD 0 >> ROM:000FFE5C 40 34 0B 00 DCD 0xB3440 >> ROM:000FFE60 00 26 00 00 DCD 0x2600 >> ROM:000FFE64 00 00 00 08 DCD 0x8000000 >> ROM:000FFE68 00 00 00 00 DCD 0 >> ROM:000FFE6C 00 00 00 00 DCD 0 >> ROM:000FFE70 05 00 01 00 DCD 0x10005 >> ROM:000FFE74 08 50 0F 08 DCD 0x80F5008 >> >> ROM:000FFE78 00 00 00 00 DCD >> 0 ; logo >> ROM:000FFE7C 6F 67 6F 6C DCD 0x6C6F676F >> ROM:000FFE80 00 00 00 00 DCD 0 >> ROM:000FFE84 80 5B 05 00 DCD 0x55B80 >> ROM:000FFE88 00 26 00 00 DCD 0x2600 >> ROM:000FFE8C 00 00 00 08 DCD 0x8000000 >> ROM:000FFE90 00 00 00 00 DCD 0 >> ROM:000FFE94 00 00 00 00 DCD 0 >> ROM:000FFE98 05 00 01 00 DCD 0x10005 >> ROM:000FFE9C FF FF FF FF DCD 0xFFFFFFFF >> >> >> >> Next, when we look at each raw offset : >> >> 0xCAC80 (flshdisk) >> ROM:000CAC80 00 00 00 00 DCD 0 >> ROM:000CAC84 02 00 00 00 DCD 2 >> ROM:000CAC88 02 00 00 00 DCD 2 >> ROM:000CAC8C 40 00 00 00 DCD 0x40 >> ROM:000CAC90 00 00 00 00 DCD 0 >> ROM:000CAC94 80 4F 03 00 DCD 0x34F80 >> ROM:000CAC98 90 04 40 DD DCD 0xDD400490 >> ROM:000CAC9C 83 20 C0 2E DCD 0x2EC02083 >> >> at 0xB5C40 (diagflsh) >> ROM:000B5C40 00 00 00 00 DCD 0 >> ROM:000B5C44 02 00 00 00 DCD 2 >> ROM:000B5C48 02 00 00 00 DCD 2 >> ROM:000B5C4C 40 00 00 00 DCD 0x40 >> ROM:000B5C50 00 00 00 00 DCD 0 >> ROM:000B5C54 40 4E 01 00 DCD 0x14E40 >> ROM:000B5C58 90 04 40 DD DCD 0xDD400490 >> ROM:000B5C5C 9E 90 A9 F5 DCD 0xF5A9909E >> >> 000B3440 : (logoflsh) >> ROM:000B3440 00 00 00 00 DCD 0 >> ROM:000B3444 02 00 00 00 DCD 2 >> ROM:000B3448 02 00 00 00 DCD 2 >> ROM:000B344C 40 00 00 00 DCD 0x40 >> ROM:000B3450 00 00 00 00 DCD 0 >> ROM:000B3454 00 26 00 00 DCD 0x2600 >> ROM:000B3458 90 04 40 DD DCD 0xDD400490 >> ROM:000B345C 66 75 E2 35 DCD 0x35E27566 >> >> >> at 00055B80 (logo) >> ROM:00055B80 00 00 00 00 DCD 0 >> ROM:00055B84 02 00 00 00 DCD 2 >> ROM:00055B88 02 00 00 00 DCD 2 >> ROM:00055B8C 40 00 00 00 DCD 0x40 >> ROM:00055B90 00 00 00 00 DCD 0 >> ROM:00055B94 00 26 00 00 DCD 0x2600 >> ROM:00055B98 90 04 40 DD DCD 0xDD400490 >> ROM:00055B9C 66 75 E2 35 DCD 0x35E27566 >> >> >> we can see the LEN is repeated ; >> the section logo & logoflsh (0x2600 both) are the same >> So if stream cipher with same key, xor of both sould result in xor >> unciphered versions. (erf :) >> >> >> >> Another interesting offset: 0x4000 >> at 00004000 4 bytes stand for SCfg (config?) >> at 00004018 strange string mNrSYM7240KUVQ5 >> at 0000402C 4 bytes stand for Fwid (firmware id?) >> at 00004040 4 bytes for Hwid (hardware id?) >> at 0000407C 4 b: Regn (region??) >> at 00004090 ?? DrmV (DRM version, kikoolol . ) >> >> >> ROM:00004000 67 DCB 0x67 ; g >> ROM:00004001 66 DCB 0x66 ; f >> ROM:00004002 43 DCB 0x43 ; C >> ROM:00004003 53 DCB 0x53 ; S >> ROM:00004004 A4 00 00 00 DCD 0xA4 >> ROM:00004008 00 20 00 00 DCD 0x2000 >> ROM:0000400C 01 00 01 00 DCD 0x10001 >> ROM:00004010 00 00 00 00 DCD 0 >> ROM:00004014 07 00 00 00 DCD 7 >> ROM:00004018 6D DCB 0x6D ; m >> ROM:00004019 4E DCB 0x4E ; N >> ROM:0000401A 72 DCB 0x72 ; r >> ROM:0000401B 53 DCB 0x53 ; S >> ROM:0000401C 59 DCB 0x59 ; Y >> ROM:0000401D 4D DCB 0x4D ; M >> ROM:0000401E 37 DCB 0x37 ; 7 >> ROM:0000401F 32 DCB 0x32 ; 2 >> ROM:00004020 34 DCB 0x34 ; 4 >> ROM:00004021 30 DCB 0x30 ; 0 >> ROM:00004022 4B DCB 0x4B ; K >> ROM:00004023 55 DCB 0x55 ; U >> ROM:00004024 56 DCB 0x56 ; V >> ROM:00004025 51 DCB 0x51 ; Q >> ROM:00004026 35 DCB 0x35 ; 5 >> ROM:00004027 00 DCB 0 >> ROM:00004028 00 00 00 00 DCD 0 >> ROM:0000402C 64 DCB 0x64 ; d >> ROM:0000402D 49 DCB 0x49 ; I >> ROM:0000402E 77 DCB 0x77 ; w >> ROM:0000402F 46 DCB 0x46 ; F >> ROM:00004030 00 00 00 01 DCD 0x1000000 >> ROM:00004034 DA FA F5 19 DCD 0x19F5FADA >> ROM:00004038 00 27 0A 00 DCD 0xA2700 >> ROM:0000403C 00 00 00 00 DCD 0 >> ROM:00004040 64 DCB 0x64 ; d >> ROM:00004041 49 DCB 0x49 ; I >> ROM:00004042 77 DCB 0x77 ; w >> ROM:00004043 48 DCB 0x48 ; H >> ROM:00004044 FF FF FF FF DCD 0xFFFFFFFF >> ROM:00004048 FF FF FF FF DCD 0xFFFFFFFF >> ROM:0000404C FF FF FF FF DCD 0xFFFFFFFF >> ROM:00004050 FF FF FF FF DCD 0xFFFFFFFF >> ROM:00004054 72 DCB 0x72 ; r >> ROM:00004055 56 DCB 0x56 ; V >> ROM:00004056 77 DCB 0x77 ; w >> ROM:00004057 48 DCB 0x48 ; H >> ROM:00004058 00 00 00 00 DCD 0 >> ROM:0000405C 09 00 10 00 DCD 0x100009 >> ROM:00004060 00 00 00 00 DCD 0 >> ROM:00004064 00 00 00 00 DCD 0 >> ROM:00004068 23 DCB 0x23 ; # >> ROM:00004069 64 DCB 0x64 ; d >> ROM:0000406A 6F DCB 0x6F ; o >> ROM:0000406B 4D DCB 0x4D ; M >> ROM:0000406C 4D DCB 0x4D ; M >> ROM:0000406D 41 DCB 0x41 ; A >> ROM:0000406E 34 DCB 0x34 ; 4 >> ROM:0000406F 37 DCB 0x37 ; 7 >> ROM:00004070 37 DCB 0x37 ; 7 >> ROM:00004071 00 DCB 0 >> ROM:00004072 00 DCB 0 >> ROM:00004073 00 DCB 0 >> ROM:00004074 00 00 00 00 DCD 0 >> ROM:00004078 00 00 00 00 DCD 0 >> ROM:0000407C 6E DCB 0x6E ; n >> ROM:0000407D 67 DCB 0x67 ; g >> ROM:0000407E 65 DCB 0x65 ; e >> ROM:0000407F 52 DCB 0x52 ; R >> ROM:00004080 01 00 02 00 DCD 0x20001 >> ROM:00004084 02 00 02 00 DCD 0x20002 >> ROM:00004088 00 00 00 00 DCD 0 >> ROM:0000408C 00 00 00 00 DCD 0 >> ROM:00004090 56 DCB 0x56 ; V >> ROM:00004091 6D DCB 0x6D ; m >> ROM:00004092 72 DCB 0x72 ; r >> ROM:00004093 44 DCB 0x44 ; D >> ROM:00004094 00 00 00 00 DCD 0 >> ROM:00004098 06 00 00 00 DCD 6 >> ROM:0000409C 00 00 00 00 DCD 0 >> ROM:000040A0 00 00 00 00 DCD 0 >> >> >> >> + >> serpilliere >> >> >> >> _______________________________________________ >> Linux4nano-dev mailing list >> [email protected] >> https://mail.gna.org/listinfo/linux4nano-dev >> http://www.linux4nano.org >> > > > > _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
