RE: A83: Re: Flash App Hacking

RE: A83: Re: Flash App Hacking

• To: "'assembly-83@lists.ticalc.org'" <assembly-83@lists.ticalc.org>
• Subject: RE: A83: Re: Flash App Hacking
• From: Hyperbyte <central@hyperfield.com>
• Date: Sun, 1 Oct 2000 12:48:47 +0200
• Reply-To: assembly-83@lists.ticalc.org

So the app validation and writing rom part is located in that memory 
part...

Another speculation:
can't we fake the validation part, and then jump to the part where the app 
gets written, or does the validation part involve flash writing too?



-----Original Message-----
From:	Solignac Julien [SMTP:x1cygnus@online.fr]
Sent:	Saturday, September 30, 2000 7:54 PM
To:	assembly-83@lists.ticalc.org
Subject:	Re: A83: Re: Flash App Hacking


>Just thinking, could not something be done like with ROMDUMP, but then
>backwards... :
>
>Person starts APPWRITE program.
>Person starts special app transfer link program on PC...
>APPWRITE program writes app to flash mem without validating...
>
>Just a speculation of course,
>
>Do I understand correctly that the flsh chip validates the app, and not
>some kind of ROM routine... (which makes the above hardly possible too)
>
>Peter Martijn

That would have been a good idea except that you can only write to flash
memory if you're in the "privileged" boot sector i.e. pages 1Eh-1Fh. Also
every unlocking sequence in that part of the ROM is very well protected
making spoofing impossible.

Solignac Julien
x1cygnus@xcalc.org
http://xcalc.org

Piracy is a victimless crime, like punching someone in the dark


____________________________________________________________
Get your FREE personal .com domain name and
NAMEzero Personal Portal at: http://www.namezero.com.
For customer service, mailto:customerservice@namezero.com.	


begin 600 WINMAIL.DAT
M>)\^(C$*`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <`
M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`0V ! `"`````@`"``$$
MD 8`Z $```$````0`````P``, (````+``\.``````(!_P\!````5P``````
M``"!*Q^DOJ,0&9UN`-T!#U0"`````&%S<V5M8FQY+3@S0&QI<W1S+G1I8V%L
M8RYO<F<`4TU44 !A<W-E;6)L>2TX,T!L:7-T<RYT:6-A;&,N;W)G```>``(P
M`0````4```!33510`````!X``S !````'0```&%S<V5M8FQY+3@S0&QI<W1S
M+G1I8V%L8RYO<F<``````P`5# $````#`/X/!@```!X``3 !````'P```"=A
M<W-E;6)L>2TX,T!L:7-T<RYT:6-A;&,N;W)G)P```@$+, $````B````4TU4
M4#I!4U-%34),62TX,T!,25-44RY424-!3$,N3U)'`````P``.0`````+`$ Z
M`0```!X`]E\!````'0```&%S<V5M8FQY+3@S0&QI<W1S+G1I8V%L8RYO<F<`
M`````@'W7P$```!7`````````($K'Z2^HQ 9G6X`W0$/5 (`````87-S96UB
M;'DM.#- ;&ES=',N=&EC86QC+F]R9P!33510`&%S<V5M8FQY+3@S0&QI<W1S
M+G1I8V%L8RYO<F<```,`_5\!`````P#_7P`````"`?8/`0````0````````"
MN6T!!( !`!\```!213H@03@S.B!293H@1FQA<V@@07!P($AA8VMI;F<`# D!
M!8 #``X```#0!PH``0`,`# `+P```$T!`2" `P`.````T <*``$`# `M`#<`
M``!2`0$)@ $`(0```#$W-40S.38X.3@Y-T0T,3$X134U,#!#,#(V,C0P-C0X
M`- &`0.0!@`0" ``(0````L``@`!````"P`C```````#`"8```````L`*0``
M`````P`N```````#`#8``````$ `.0# $4(ME2O `1X`< `!````'P```%)%
M.B!!.#,Z(%)E.B!&;&%S:"!!<' @2&%C:VEN9P```@%Q``$````6`````< K
ME2TX:#E=&)>8$=2.50# )B0&2 ``'@`># $````%````4TU44 `````>`!\,
M`0```!<```!C96YT<F%L0&AY<&5R9FEE;&0N8V]M```#``80,DO@D0,`!Q!Q
M! ``'@`($ $```!E````4T]42$5!4%!604Q)1$%424].04Y$5U))5$E.1U)/
M35!!4E1)4TQ/0T%4141)3E1(051-14U/4EE005)404Y/5$A%4E-014-53$%4
M24]..D-!3E17149!2T542$5604Q)1$%420`````"`0D0`0```.P$``#H! ``
M]@<``$Q:1G5FMT15/P`*`0,!]P*D`^,"`&-HP0K <V5T," '$P*#0P!0#N9P
M<G$R#^9]$PJ ",@@.PEO,C4U2P* "H%V")!W:PN 9-HT#&!C`% +`V,`00M@
MP&YG,3 S,PNF!@``;R!T:&4@87 (<"!V!T!I9&%TSFD"(!=0%- @=P40& !U
M%@`@`V$@"K$%0 0`(/T)`&,7\ F &9 #H!<@%_"F( > !&!R>1E#+AN QPJB
M"H0*@$%N;Q<A!<"T<W %D'4+8!@".ANT*1GP;B<%0'<70&9AWFL70!<B%ZD9
M4BP80Q<AT0.@:G5M%X!T%P094^YW'+$>U!=B9P^P!" 8DLT:$&X@( 6Q9&\'
MD1[_:1ER;G8&\'8>@0M@<^9H&(<A(&\_&[HG:Q6@+P% $3 <D 60=!!T,3;4
M("TITD\%$&<+@ = \P70!Y!S82+ *=,;MBCD!RBQ"Q,HYFDM,30T'P% %\ M
M<PS0+7-B($:W`V$=H R28A;2%\!G*G X8R!*'3 (D .@6U.03510.BY 8WDO
MT!AU<T "(!? ;F4N_0-071NU+J &8 (P+P@7\'L(<!?@>2 @!F %,!K@8CD<
MP3,P(" !T#40(#= .C4T(%!-,B=4'F\O!R8`#Z &T&QY+:@X,T 7P',BX"X8
M`%$9\&QC+@6P9S(H=8QB:BD1+P=293H/X%<WD#IP.E)&)?-!%W%(OP#0%+$X
MMBOO*0,5Y#065_T;NCXP(#?@%Q$+@#OR("#_!: =,!AP'($<X -P#[! ,=\8
M\#2 (\$QP!G :1[!`_ #%R '\$]-1%5-4+D@(&)U0 ()\#]E8CO1KG<+$3@`
M&X @':4^/V5^4 2006 #H#?@&6$$($& 4%!74DE411E \P-@"<!A;1NE1ET<
M\@<Q;1=3=$@0`(!F',$QH6NG1\8CD .@4$,;ASY'3O\8@P>12B,7`"7D&M%"
MPPA@WP5 %Z86`$P8/VIA'.HCD%9F0+(/D2Q%C$07`$G\('44T$9Q`9 8806A
M"7#_*2 W8!IT%R(EX"81#V %('\7EB/U%V$@)!R!/V5!8B!_%+)2DD,A&0%#
MP#&R14$H_R'@.#!.X1ZQ5W4&X"6Q#W'29%61<&\$$&D"8![1/2;0*46.&A %
MP1EA:6KK1"4;M%0:DG= TP]P);'W-( @H5' 9R;0&C$!`%' V&5X8S0Q&G1Y
M"&! L/\#D3&!&R!-PTYG&[0:U0:076*B)R(1&E,70"(1,&GG%'!=`"+ 9")!
M\";004'S*1$%L6DN,= 902+ !"!(,45H+6!&:$500?568&\;M&4EL!L15' 9
MT>L[\F=1<0I0;F(0&D<94[]2H1<B6=(9H6G#'G!L`R#_*-4)@&1E'K!J<UR@
M4J 8TO\'<%RF&ZLOG1NT,/=B`#A;PF@"0' Z+R]RW1NT_%!I2! Q$!F24< 4
M<"D@?P=P70`$$04!!X @($*#<']4<%:A:H)!<4)"9=47X'+R:R=O"E]ZGWNO
M?+]]1AT;M$</L&*B!<!&4D7W1[%&<RJ!+@6@&3 CT # /QI1*G!9(1A2@6X;
MM$Y!>$U%>@20%P!&9"J!4%\)$4GR,N!<('/4=X40+M^ XH,2@")%4((:1@6Q
M'2!_-^!!<1S1!)!V07<Q@)%L[2$@.H<VA\5 A5L,@H)6"QNZ$?$`C% #`! 0
M``````,`$1 !`````P" $/____] ``<PP"C)QI0KP % ``@PP"C)QI0KP $+
M``" "" &``````# ````````1@`````#A0````````,``H (( 8``````, `
M``````!&`````!"%`````````P`%@ @@!@``````P ```````$8`````4H4`
M`+<-```#``J "" &``````# ````````1@`````!A0```````!X`$X (( 8`
M`````, ```````!&`````%2%```!````! ```#@N, `+`!> "" &``````# 
M````````1@`````.A0````````,`&( (( 8``````, ```````!&`````!&%
M`````````P`:@ @@!@``````P ```````$8`````&(4````````>`"F "" &
M``````# ````````1@`````VA0```0````$`````````'@`J@ @@!@``````
MP ```````$8`````-X4```$````!`````````!X`*X (( 8``````, `````
M``!&`````#B%```!`````0`````````>`#T``0````4```!213H@``````,`
(#33]-P``2A6%
`
end

• Prev: A83: Re: Need help with rom page
• Next: A83: Re: Need help with rom page
• Index(es):
  • Main
  • Thread