Hacking the Firmware 1.10.04.exe
I've been trying to peek and poke the ZENX-Fi2_PCFW_L22_1_10_04.exe file to see
if there was anything interesting to be done.
So far I've change the boot logo using Gimp raw image import function
and a hexeditor to put the altered image back into the 1.10.04.exe file
and then updated the player. So there is no "checksum verification".
I've also extracted a LUA application from the firmware, looks like a
calculator, if run on the Zen X-fi2 (it sort of works, there is no clear screen). I've uploaded it here
If I use the luadec.exe -f 0 then this:
C:\luadec>luadec -f 0 hack.lua -- Decompiled using luadec 2.0 standard by sztupy (http://luadec51.luaforge.net) -- Command line was: -f 0 hack.lua version = "20091116" print("CTC LUA calc." .. version) image.setresource("res.bin") swidth = screen.width() sheight = screen.height() color_black = color.new(0, 0, 0) color_white = color.new(255, 255, 255) color_red = color.new(255, 0, 0) color_blue = color.new(0, 0, 255) More.......
The boot image header in the firmware is at '0xD09480'
0C DE 00 00 07 CB 60 04
The first 3 or 4 bytes is the size(in reverse) of the image block including the next 4 bytes, witch contains the image width CB = 203 and height?
6004 = 0x46 = 70 dec. ?
203*70*4 = 56840 0xDE08
203*70*4+4 = 56844 0xDE0C
I'm using this free Hexeditor http://mh-nexus.de/en/hxd/
it can do block copy/paste.
I should be possible to extract all images,icons and put them back in, but it's manual hard work
and ONE byte off and your risking bricking the player.
Using GIMP raw import function and playing with the offset and width,
I can find a lot of bitmap in the firmware, and then using the hex editor to fine tune the image location and size in the exe file.
more to come...
Last edited by Jan_DK; 01-07-2010 at 11:16 AM.
|Thread Tools||Search this Thread|
All times are GMT -5. The time now is 05:01 AM.