Change font size   Print view

5.1 crack [DONE]

Discussion board for Mackie's d8b Digital Console users.

5.1 crack [DONE]

Postby munkustrap » Wed Feb 17, 2016 8:02 pm

Hi Guys

old Topic new idea.

As far as I understood, the CPU reads the Brain Board ESN and checks if the licenses are valid.
So If we are able to send always the same ESN where we have the codes then the d8b is 5.1 open.

Now the Story behind that.
The d8b console boots with a small Firmware which is in the EROM on the brainboard. there also the ESN can be read out (I guess). Additional the CPU transmitts the real Firmware (its a hex file on the System). If this Firmware has also the possibility to read out this ESN, then it is also possible to Hack that file that it sends always the same ESN where we know the Authentification codes. The 5.1 then should be usable.

can somebody sniff the command for the ESN request? that would be helpful.
I just started to write a disassembler for the DSP in the brainboard. I already found two lines where the Program Memory is read, maybe there they read out the ESN.

best regards
Munk
munkustrap
Moderator
Moderator
 
Posts: 465
Joined: Fri Apr 04, 2014 8:10 am
Location: EU

Re: 5.1 crack

Postby bitSync » Wed Feb 17, 2016 8:43 pm

munkustrap wrote:Hi Guys

old Topic new idea.

As far as I understood, the CPU reads the Brain Board ESN and checks if the licenses are valid.
So If we are able to send always the same ESN where we have the codes then the d8b is 5.1 open.

Now the Story behind that.
The d8b console boots with a small Firmware which is in the EROM on the brainboard. there also the ESN can be read out (I guess). Additional the CPU transmitts the real Firmware (its a hex file on the System). If this Firmware has also the possibility to read out this ESN, then it is also possible to Hack that file that it sends always the same ESN where we know the Authentification codes. The 5.1 then should be usable.

can somebody sniff the command for the ESN request? that would be helpful.
I just started to write a disassembler for the DSP in the brainboard. I already found two lines where the Program Memory is read, maybe there they read out the ESN.

best regards
Munk


So as I understand it, you're considering -

- Identifying the RS232 request and reply messages between the console and the CPU for brain board ESN.
- Seeing if the returned ESN from the console is in cleartext. If not, figure out how it is encoded.
- Consider implementing an overwrite function (in firmware or some other translator) of the returned ESN and code-resident unlock codes with known functioning values.

Is that about right?

So, do you have any clues about the RS232 command and reply for ESN, or would a sniffing contributor to the project be looking for his or her own cleartext ESN in the RS232 traffic?
Win7 Pro x64 SP1 / SONAR 2016 Platinum x64 Newburyport / 2x Mackie d8b 5.1 + (D8Bridge v1.1 x32 or ProBox) / 3.20 GHz Intel i7 950, 24 GB DDR3 RAM, 2TB SATA3 SSD / RME HDSP9652 PCI (ASIO) / RME ADI-8 QS / New Belgium 1554
User avatar
bitSync
Premium Member
Premium Member
 
Posts: 381
Joined: Sat Dec 13, 2008 4:01 pm
Location: Baltimore, MD, USA

Re: 5.1 crack

Postby bitSync » Wed Feb 17, 2016 8:46 pm

Or a custom-built firmware for the brain board?
Win7 Pro x64 SP1 / SONAR 2016 Platinum x64 Newburyport / 2x Mackie d8b 5.1 + (D8Bridge v1.1 x32 or ProBox) / 3.20 GHz Intel i7 950, 24 GB DDR3 RAM, 2TB SATA3 SSD / RME HDSP9652 PCI (ASIO) / RME ADI-8 QS / New Belgium 1554
User avatar
bitSync
Premium Member
Premium Member
 
Posts: 381
Joined: Sat Dec 13, 2008 4:01 pm
Location: Baltimore, MD, USA

Re: 5.1 crack

Postby munkustrap » Thu Feb 18, 2016 12:10 pm

I'm thinking of a custom build Firmware for the brain board.
The Firmware is uploaded by the CPU, therefore it is more easy to hack that the one in the EPROM.
If this Firmware (that is uploaded by CPU) supports the readout of the ESN, then it is possible to make a hack that always sends the same ESN (doesn't matter which is stored in the EROM). For sure it must be an existing ESN where we know the license keys. But then it would be the same keys for all d8bs.

I already hacked the Firmware to double the Baud Speed on the RS232, also the meterbridge command was hacked. So if this Firmware also transmit the ESN then it is possible to hack it. Only the effort is the question.

If we know the command to readout the ESN, then it is possible to vrify the hack (to see if the wanted ESN Comes back)
munkustrap
Moderator
Moderator
 
Posts: 465
Joined: Fri Apr 04, 2014 8:10 am
Location: EU

Re: 5.1 crack

Postby Old School » Fri Feb 19, 2016 5:00 am

Hi Munk,
Of all the people who came to this stream promising great things, you are the only one who delivered. A long time ago I asked if it was a possibility to write new software for the D8B hardware & free us from this OEM ball & chain. Is this still something that you could or would do? With the ability to use any motherboard & 3rd party plugins, the D8B hardware would be a world-beater. I for one would be willing to pay over a thousand dollars for a new OS. Right now my studio is down, I can't find a console out there that I want to invest in. Is this a project that could be economically viable for you?

Have a blessed day in Christ,
Mike W.
Wanna make God laugh, ...Tell Him your plans
User avatar
Old School
Premium Member
Premium Member
 
Posts: 422
Joined: Thu Jun 16, 2011 8:42 pm
Location: Elm City NC

Re: 5.1 crack

Postby munkustrap » Fri Feb 19, 2016 9:14 am

Hi

yes it is a pity that many People have great ideas but promise things that they cannot fullfill (such things need time).
The 5.1. hack in the moment is just a thought, I'm not in the phase where I can tell you that it is possible to realise that.

Regarding a new Mackie OS, I will not do that. It is too much effort and I do not have the skills to make the whole DSP/Plugin stuff. There was a guy "Augusto" who announced an OS many months ago. I personally think that he really has the skills to do something like that. I don't know how far he is or if he has dropped the idea.
There is a Facebook site with nearly 0 activity.

Some time ago I had the idea to implement a Basic Audio function to the probox like Audio Routing , fader moves, mutes, solo, but no EQs and no Plugins. But that stuff is blocked by the amount of free time and the fact that I do not own a CPU to get all the commands for that.

best regards
Munk
munkustrap
Moderator
Moderator
 
Posts: 465
Joined: Fri Apr 04, 2014 8:10 am
Location: EU

Re: 5.1 crack

Postby munkustrap » Mon Feb 22, 2016 5:09 pm

Ok, so I think a got a Little more understanding now regarding the ESN. Maybe somebody that has the 5.1 OS with FX Cards and Plugins can give me an idea if my guess is right.

1. I guess the d8b ESN is not stored on the brain board ROM. It drives me crazy to find any ROM read commands in the hex code. but there are non that will Point to as ESN read. I thought that it is also not a good soltion to have a dedicated ROM for each d8b. Usually for this Kind of stuff an EEPROM or at least an EPROM is used. And I found it. It is placed on the I/O Card. The function of a PIC with EEPROM on the I/O Card is useless, so for what is it for? I'm pretty sure the ESN is stored there. Maybe a Person that has two d8b makes an Experiment and Exchange the I/O boards. would be interesting what happens with the licences. The I/O Card is connected with a data line to the brainboard, so the brainboard can read the ESN from the I/O Card.

2. does every FX Card has ist own ESN ? I think so.

3. May somebody who has a FULL d8b (all licenses with codes and ESN ?) please PM me if you are willing to send it.

thanks to all, I will stay on this Project, maybe there will be positive results
munkustrap
Moderator
Moderator
 
Posts: 465
Joined: Fri Apr 04, 2014 8:10 am
Location: EU

Re: 5.1 crack

Postby anyhorizon » Mon Feb 22, 2016 10:24 pm

The ESN is actually a unique small chip on the brain board. There is reference to it on these pages if you do a search.

Peter
In the scheme of things, there isn't one... just chaos.
User avatar
anyhorizon
Premium Member
Premium Member
 
Posts: 1069
Joined: Fri Nov 21, 2008 9:36 pm
Location: Down under or up over, depending on where in space you are.

Re: 5.1 crack

Postby bitSync » Tue Feb 23, 2016 1:01 am

anyhorizon wrote:The ESN is actually a unique small chip on the brain board. There is reference to it on these pages if you do a search.

Peter


From the service manual -

Code: Select all
055-136-00 REV A, BRAIN BOARD -

PART NO.           DESCRIPTION         VALUE       REFERENCE DESIGNATORS
329-040-03         IC, SERIAL NUMBER   DS2401      U16


https://www.maximintegrated.com/en/products/digital/memory-products/DS2401.html
Last edited by bitSync on Tue Feb 23, 2016 1:11 am, edited 1 time in total.
Win7 Pro x64 SP1 / SONAR 2016 Platinum x64 Newburyport / 2x Mackie d8b 5.1 + (D8Bridge v1.1 x32 or ProBox) / 3.20 GHz Intel i7 950, 24 GB DDR3 RAM, 2TB SATA3 SSD / RME HDSP9652 PCI (ASIO) / RME ADI-8 QS / New Belgium 1554
User avatar
bitSync
Premium Member
Premium Member
 
Posts: 381
Joined: Sat Dec 13, 2008 4:01 pm
Location: Baltimore, MD, USA

Re: 5.1 crack

Postby munkustrap » Tue Feb 23, 2016 9:31 am

Hi bitsync

thanks a lot, that was a big hint for me !!!
I've overseen that in the schematics.

best regards
Ralph
munkustrap
Moderator
Moderator
 
Posts: 465
Joined: Fri Apr 04, 2014 8:10 am
Location: EU

Next

Return to d8b Forum

Who is online

Users browsing this forum: No registered users and 8 guests

cron