Rockbox Development > New Ports
Creative Zen Vision:M
Transience:
Perhaps I'm not understanding this correctly, but isn't the code that checksums the new firmware file already on the player? Changing the part of the firmware that dictates what happens when the checksums don't match in the firmware being transfered won't help any.
If there's a way to run .bin files (an ARM emulator perhaps?) that might allow the firmware to be debugged, but without knowing the checksum algorithm, the only option is to access the firmware data on the ZVM, and modify it that way.
Do I understand this right, or am I just saying stupid things?
mcuelenaere:
--- Quote from: Transience on July 11, 2007, 02:25:46 AM ---Perhaps I'm not understanding this correctly, but isn't the code that checksums the new firmware file already on the player?
--- End quote ---
Yes
--- Quote ---Changing the part of the firmware that dictates what happens when the checksums don't match in the firmware being transfered won't help any.
--- End quote ---
Well, actually it would help. But there are a few problems. : ) At first, we have to know which code this is. And then we have to upload the code back to the ZVM; which atm is only possible by directly editing the HDD.
--- Quote ---If there's a way to run .bin files (an ARM emulator perhaps?) that might allow the firmware to be debugged, but without knowing the checksum algorithm, the only option is to access the firmware data on the ZVM, and modify it that way.
--- End quote ---
I don't really understand this sentence ; ) If we could get the firmware debugged (and disassembled), we would know (in ARM assembler) the checksum algorithm.
"... and modify it that way." => which way are you talking about? ; )
--- Quote ---Do I understand this right, or am I just saying stupid things?
--- End quote ---
I think you understand it right : )
iSE:
I've been able to get the ARM code for the nk.bin using EMU8086 emultator, but the firmware uploader is too big to load for some reason. If anyone knows of anythin that will disassemble a file n output the ARM code to a txt file to read through, that would be very benificial. Where would the algorithm be tho? Surely it will only be in the bootloader? Because creative will calculate it at their end n only on the player. There would be no need for the nk.bin nor the firmware updater program to calculate the checksum.
Since this is the case, would it be possible to modify some firmware to be uploaded directly to the HDD, which would output the algorithm? Long shot I know but might be worth a hefty effort if it works?
mcuelenaere:
--- Quote from: iSE on July 11, 2007, 10:17:11 AM ---I've been able to get the ARM code for the nk.bin using EMU8086 emultator, but the firmware uploader is too big to load for some reason. If anyone knows of anythin that will disassemble a file n output the ARM code to a txt file to read through, that would be very benificial. Where would the algorithm be tho? Surely it will only be in the bootloader? Because creative will calculate it at their end n only on the player. There would be no need for the nk.bin nor the firmware updater program to calculate the checksum.
Since this is the case, would it be possible to modify some firmware to be uploaded directly to the HDD, which would output the algorithm? Long shot I know but might be worth a hefty effort if it works?
--- End quote ---
I think the algorithm is surely used during the update progress and maybe during start-up; but it could be located anywhere... See it as a DLL, it could be loaded anytime (and used anytime), but where it is atm we don't know (flash or HDD or ...).
Isn't the algorithm (based on SHA-1) located in the updater program itself (so X86 code!) worth taking a look at? I have done it myself, but I am not that good at understanding assembler : )
iSE:
Well sure, if you can post the code for it I'll take a look. But why would the checksum of the firmware ever need to be calculated unless verifying it to be real and when first inserting the checksum into the file?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version