I had no luck on the Japanese site with my serial number. It seems it redirects me to a page saying I already had it installed, as I have a later serial number. I tried the old Ebay trick, but the old link is down, so no go on getting the firmware for me. If someone could PM me an old serial number or the original firmware, it would be much appreciated. In the meantime, here's my contribution. I used Wiesel's 2 decoding program as a start. I was having a lot of difficulty modifying the software to do anything more, so I cleaned it up. This new decoder uses a single table instead of the 2 XOR's. It also doesn't decode the tail, and prints info on the different sections of the decoded firmware. You can use it to encrypt, decrypt, or just print info from either a decrypted or encrypted firmware. I'm including the code so you guys can use it as a template. If you make any changes, please post them into the forum. Using my software, I started looking at the different sections, and I've made some conclusions. Feel free to comment or disagree. Whatever the Checksum/CRC we are having that is failing is probably not in the footer section of the ROM, or at least not in the footer sections we understand yet. Its an array of structures that seem to point to different offsets in the file, and includes an unknown value. Earlier posts theorized that this was a checksum/CRC of some sort, and that may still be true, but its not the one we are failing on. The first firmware that was posted only changed the version number, and that version number is outside any of the sections described in the footer that we understand so far. Most likely, the checksum/CRC that we are failing on is in the footer (or at least at the end of the file somewhere). The bytes before the version # are all 0xFF, which means its somewhere after the version #. It would most likely be in the footer then, because you can't have the checksum/CRC value somewhere where the checksum is actually checking, because you would never be able to generate the value. So either there's a second check for the version number, or there's a second version number somewhere (or a third option, which is that 1.0.1.1 is not a valid version for some other reason). Thoughts?