PDA

View Full Version : UTV rom dump



BlueCop
04-29-2003, 02:16 AM
heres a rom dump. if anyone makes progress disasming or understanding the structure make a post. i know a little about it

rename bmp to rar

BlueCop
04-29-2003, 02:17 AM
well it seems i can't post files from some dealdatabase tech problem. at least that is what the screen told me

BlueCop
04-29-2003, 01:42 PM
let try is again

BlueCop
04-29-2003, 01:43 PM
and 2

remember rename bmp to rar

CyberJaak
05-04-2003, 07:28 PM
Bluecop, this is a copy of the onboard ROM or EEPROM? If it's EEPROM, was it pre-3.7? Has it changed since 3.7? Would be nice to have a pre/post comparison if there were any changes.


-CyberJaak

BlueCop
05-05-2003, 02:16 PM
it is what i said it is. rom

it won't ever change

Tiger1776
05-11-2003, 02:25 PM
Bluecop mentioned that the code that is use to generate the password is in the rom. What is used to disassemble rar files and what should I look for?

fray
05-11-2003, 03:57 PM
Originally posted by Tiger1776
What is used to disassemble rar files and what should I look for? Here's some info which should help. As far as tools, and what to look for - we don't really know, we're looking for all the help we can get. That's why the dump was posted here.


Processor Quantum Effect Devices(QED) RM5231-250Q MIPS Datasheet attached ROM Samsung km23c1600 2MB Mask ROM Datasheet here (http://www.samsung.com/Products/Semiconductor/MaskROM/Pagemode/16Mbit/K3P5C1000D/K3P5C1000D.htm)
IDE Security Document here (http://www.t13.org/project/d2008r7b.pdf)


Now everyone get to work! :D

Fraser

metrotech
05-24-2003, 08:52 PM
BlueCop

I'm not going to assume here are these images supposed to be the same. Thanks

MT

BlueCop
07-29-2003, 09:37 PM
ok there has been some confusion those files are rar files. you extract them with winrar or some other rar extractor.

The_ChiefGeek
08-14-2003, 07:32 PM
Any one know what adress range is the rom is mapped to?

Any one have the processor files for IDA? Mine has mipsr mipsl. not sure if those are right. ( I know little to nothing about the mips :( )

wad
08-15-2003, 03:46 PM
Bluecop, a couple of questions. The rar files posted are of the same chip or 2 chips, they seem to be both the same size. Or is there some kind of joining that needs to be done with the 2 rar files.

Could you shed some light on the extraction method, eg, desolder read, chipclip read, jtag(or some type of connector) read.

Thirdly after a very quick glance in winhex, the dumps seem to mainly have images and web tv modem control code in them. I do not see much in the way of reference with the conditional access module or any other functions. It just seems to be webtv and modem transfer stuff and images and screen layouts for the gui for web tv.

Are you trying to gain access to web tv for some kind of hack on webtv or in general trying to find out how the system works, eg drive changeouts, cam code return spoofs, use as a standalone pvr etc.

The reason I ask is so that we can focus on a particular item to make better progress.

Thanks for the time and your offering of the dump.

wad
08-15-2003, 04:16 PM
DOH!