Rockbox Development > New Ports

Zune

<< < (11/19) > >>

svet-am:
this probably sounds pretty dumb, but have people tried exploiting the way that Zunes are "hard reset?"  According to the MS docs (MSKB 927001) during the hard reset the Zune first formats itself and then re-copies the firmware from the host PC to the player.  Now, this assumes that the bootloader is smart enough to handle these low level transaction and will probably be looking for properly signed code.  But, I thought I'd throw it out there just to stimulate discussion about this.

I picked up a zune for $85 from w00t and I really like the player.  But, I'd like to have Rockbox and/or Linux on it to make it work better with my Linux desktops.

tweezer:

--- Quote from: tipok on July 11, 2007, 05:00:58 AM ---The Guy from http://www.streamcentric.com/zune find JTAG and SERIAL connectors on clean side of PCB:

Serial:
Rx - 4
Tx - 5

JTAG:
TRST - 8
TDI - 9
TMS - 10
TCK - 11
TDO - 13

Power:
+3.3 - 6
GND - 17,18,19,20


--- End quote ---

You may want to be careful here. Give this a read...
http://www.freescale.com/files/32bit/doc/white_paper/IMX31SECURITYWP.pdf
Section 5 (Hardware Security) refers to security faults causing the Red Ram to be zeroed and yer device being pooched. One of those security faults potentially being any JTAG manipulation. The person who posted that on their site said they "sacrificed" their Zune. Soooo... maybe Microsoft uses that security feature.

zivan56:
I used Windows and modified the proper registry key to make it show up in My Computer, but that did not allow files to be copied to it.  Instead, I had to run the Zune software and end the process while it was converting a movie in order to have read/write/delete access to it.
Long story short, it will read ANY jpeg and ANY wmv video, no matter the size.  It will display them without issue (except for being very slow) even if you didn't use the Zune software to send it.

Are there any recent wmv/jpeg exploits that could be tried on the device?  It would have to inject ARM code...a long shot but it may work.  Any thoughts?

tipok:

--- Quote from: zivan56 on January 03, 2008, 06:26:39 PM ---Are there any recent wmv/jpeg exploits that could be tried on the device?  It would have to inject ARM code...a long shot but it may work.  Any thoughts?

--- End quote ---

I found that zune (v1.1 fw) reboots after playing VLC-encoded files.
Maybe media player inside zune (windows media player mobile) have leak while playing asf files with WMV2+MP3 You can try to encode some file to asf and play it on zune. You will see result.

zivan56:
What is now needed is for someone to go through the firmware and find an exploit.  The DLL files for the OS are easily extracted and do not appear to be encrypted.  Forcing people to downgrade is not really an option until rockbox fully works on the player (especially USB host).  The Gigabeat S port is progressing, so most of the base level stuff should work on the Zune.

Navigation

[0] Message Index

[#] Next page

[*] Previous page