View Full Version : UTV rom dump

04-29-2003, 02:16 AM
heres a rom dump. if anyone makes progress disasming or understanding the structure make a post. i know a little about it

rename bmp to rar

04-29-2003, 02:17 AM
well it seems i can't post files from some dealdatabase tech problem. at least that is what the screen told me

04-29-2003, 01:42 PM
let try is again

04-29-2003, 01:43 PM
and 2

remember rename bmp to rar

05-04-2003, 07:28 PM
Bluecop, this is a copy of the onboard ROM or EEPROM? If it's EEPROM, was it pre-3.7? Has it changed since 3.7? Would be nice to have a pre/post comparison if there were any changes.


05-05-2003, 02:16 PM
it is what i said it is. rom

it won't ever change

05-11-2003, 02:25 PM
Bluecop mentioned that the code that is use to generate the password is in the rom. What is used to disassemble rar files and what should I look for?

05-11-2003, 03:57 PM
Originally posted by Tiger1776
What is used to disassemble rar files and what should I look for? Here's some info which should help. As far as tools, and what to look for - we don't really know, we're looking for all the help we can get. That's why the dump was posted here.

Processor Quantum Effect Devices(QED) RM5231-250Q MIPS Datasheet attached ROM Samsung km23c1600 2MB Mask ROM Datasheet here (http://www.samsung.com/Products/Semiconductor/MaskROM/Pagemode/16Mbit/K3P5C1000D/K3P5C1000D.htm)
IDE Security Document here (http://www.t13.org/project/d2008r7b.pdf)

Now everyone get to work! :D


05-24-2003, 08:52 PM

I'm not going to assume here are these images supposed to be the same. Thanks


07-29-2003, 09:37 PM
ok there has been some confusion those files are rar files. you extract them with winrar or some other rar extractor.

08-14-2003, 07:32 PM
Any one know what adress range is the rom is mapped to?

Any one have the processor files for IDA? Mine has mipsr mipsl. not sure if those are right. ( I know little to nothing about the mips :( )

08-15-2003, 03:46 PM
Bluecop, a couple of questions. The rar files posted are of the same chip or 2 chips, they seem to be both the same size. Or is there some kind of joining that needs to be done with the 2 rar files.

Could you shed some light on the extraction method, eg, desolder read, chipclip read, jtag(or some type of connector) read.

Thirdly after a very quick glance in winhex, the dumps seem to mainly have images and web tv modem control code in them. I do not see much in the way of reference with the conditional access module or any other functions. It just seems to be webtv and modem transfer stuff and images and screen layouts for the gui for web tv.

Are you trying to gain access to web tv for some kind of hack on webtv or in general trying to find out how the system works, eg drive changeouts, cam code return spoofs, use as a standalone pvr etc.

The reason I ask is so that we can focus on a particular item to make better progress.

Thanks for the time and your offering of the dump.

08-15-2003, 04:16 PM