Rockbox Development > New Ports

Creative Zen Vision:M

<< < (26/136) > >>

iSE:
yeah, I think jhulst is awaiting an adapter for the test player he has

Febs:
Folks, a reminder:  please DO NOT post in this thread merely to ask about updates.  Post in this thread ONLY if you are participating in discussion directly related to development of Rockbox for this platform.

mcuelenaere:
Hi,

as some of you may know, there's a lot of discussion about the ZVM and firmware hacking on epiZENter.net

In short, I'll make up a list of what we've found out and/or think which is correct:

* The firmware(nk.bin) has it's own structure: it starts with a CIFF block, and then it's divided into several other blocks (ending in a NULL block)
* One of the blocks seems to be obfuscated/encrypted(the third one, if I recall correctly)
* The last block (the NULL block) is 20 chars long, and contains a hash/checksum. It's no common used one, cause MD4, MD5, SHA1 don't match it. (20 chars should mean 160-bit)
* A list of names is: FBOOT, FRESC, HCreative_S.TTF, HCreative_T.TTF, HDeviceInfo.xml, Hdevicon.ico, Hdevlogo.png, Hjukebox2.jrs, Hjukebox.grs, Hsplash.jbm.
* All files/blocks starting with a "H" should get written directly to the ZVM's HDD partition.
* The partition type could be minifs or CFS(Creative File System)
* The ZVM's OS could be OaSis
* I've made a program which 'hacks' the upgrading process of the jukebox updater being able to upload custom firmwares, but because the checksum isn't cracked, it's useless.
* The *.jrs, *.jbm (and maybe *.grs) files are also divided into blocks, but as it is a newer version than reported on Nomadness, for the moment they aren't readable.
* The jukebox.grs structure may been deciphered, can't confirm it at the moment. (see http://epizenter.net/e107_plugins/forum/forum_viewtopic.php?69697.75)
* The *.jrs structure is deciphered: http://epizenter.net/e107_plugins/forum/forum_viewtopic.php?69697.135
* Some xtra links: http://libnjb.cvs.sourceforge.net/libnjb/libnjb/HACKING?revision=HEAD
* A C program from libnjb, being able to extract nk.bin from the updater program. (I haven't compiled it though) fwupgrade.c
* Maybe some other stuff I missed out... Check the epizenter.net thread for more...
* Just an idea: if the checksum checking is done on the PC side, it could be interesting of monitoring the USB data transfer (and commands) of a successful upgrade, and then fake another one with your hacked firmware.
Oh, and one more thing: I strongly believe that messing around with MTP leads to nothing: the firmware will never allow you to view it's partition data. (The only possible thing you could achieve, is uploading a new firmware)

kkffiirr:
i like the idea about monitoring the usb activity, but it sounds so easy, why no one ever tested it?
i am thinking about monitoring it myself and posting the data here....

mcuelenaere:

--- Quote from: kkffiirr on April 04, 2007, 01:36:08 PM ---i like the idea about monitoring the usb activity, but it sounds so easy, why no one ever tested it?
i am thinking about monitoring it myself and posting the data here....

--- End quote ---

Actually, I did it myself before. I came up with a 90MB(or bigger) file and because my PC hasn't got much RAM and I didn't found any decent program to read it, I didn't do anything with it.
I think it's just some commands, then the raw nk.bin file, then again some commands and it's done.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version