Hacking the Firmware 1.10.04.exe

[Jan_DK]

I've been trying to peek and poke the ZENX-Fi2_PCFW_L22_1_10_04.exe file to see
if there was anything interesting to be done.

So far I've change the boot logo using Gimp raw image import function
and a hexeditor to put the altered image back into the 1.10.04.exe file
and then updated the player. So there is no "checksum verification".

I've also extracted a LUA application from the firmware, looks like a
calculator, if run on the Zen X-fi2 (it sort of works, there is no clear screen). I've uploaded it here
http://www.exras.netne.net/Hack.lua

If I use the luadec.exe -f 0 then this:

Code:

C:\luadec>luadec -f 0 hack.lua
-- Decompiled using luadec 2.0 standard by sztupy (http://luadec51.luaforge.net)

-- Command line was: -f 0 hack.lua

version = "20091116"
print("CTC LUA calc." .. version)
image.setresource("res.bin")
swidth = screen.width()
sheight = screen.height()
color_black = color.new(0, 0, 0)
color_white = color.new(255, 255, 255)
color_red = color.new(255, 0, 0)
color_blue = color.new(0, 0, 255)
More.......

The red X-fi text I drew on the boot image is displaying as blue so the image format must be 'BGRA' and not RGBA





The boot image header in the firmware is at '0xD09480'
0C DE 00 00 07 CB 60 04

The first 3 or 4 bytes is the size(in reverse) of the image block including the next 4 bytes, witch contains the image width CB = 203 and height?
6004 = 0x46 = 70 dec. ?

203*70*4 = 56840 0xDE08
203*70*4+4 = 56844 0xDE0C

I'm using this free Hexeditor http://mh-nexus.de/en/hxd/
it can do block copy/paste.

I should be possible to extract all images,icons and put them back in, but it's manual hard work
and ONE byte off and your risking bricking the player.

Using GIMP raw import function and playing with the offset and width,
I can find a lot of bitmap in the firmware, and then using the hex editor to fine tune the image location and size in the exe file.

more to come...

[CrowdAds]