I suggest to substitute tUpdMgr task with code wich saves dumpsee attached files. I'm absolutelly sure it will work.
ROM:00806A18 LDR R0, =aTupdmgrROM:00806A1C LDR R1, [R11,#var_14]ROM:00806A20 MOV R2, #0ROM:00806A24 LDR R3, =updater_807214ROM:00806A28 BL CreateTask_95BEF8
the "SaveXxxxToFile" names are from strings in the code - or are guessed ?
I do have "updater_807214", and I think they are the same. Is that what you have for tUpdMgr?
I suggest to substitute tUpdMgr task with code wich saves dumpsee attached files. I'm absolutelly sure it will work.after patching flasher encrypt it and pack into fir file
Quote from: mx3 on 08 / June / 2008, 04:49:28see attached files. I'm absolutelly sure it will work.I have one more annoying question about this because I'm a bit nervous...My packer-encrypter-checksummer program, mkfir, creates a small dummy firmware payload (2k RET instructions). mkfir works fine with the led dumpers I've tried.Is there any chance that this modified flasher could try to write my dummy payload to ROM?If so I'll use the real payload just to be safe
see attached files. I'm absolutelly sure it will work.
I guess because tUpdMgr has been replaced it won't be possible for the flasher to write to the ROM, I but don't know the code as well as you seem to.
I suggested to use my method of packing with real payload
Still dont know how to extract the references to function/data like the table from address 0099B6A to 0099B8B which contains a list of subroutine adresses. see this sub section
Started by flarn2006
General Discussion and Assistance
Started by Etilord
Started by netsky1
DSLR Hack development
Started by imagecatcher
Creative Uses of CHDK
Started by acseven
Forum related topics (including issues)