I will check the first hack Trials this evening.
hopefully I'm able to find the read out commands for the ESN. Then I'm able to verify the hack on my own.
I will Keep you updated
best regards
bitSync wrote:So as I understand it, you're considering -
- Identifying the RS232 request and reply messages between the console and the CPU for brain board ESN.
- Seeing if the returned ESN from the console is in cleartext. If not, figure out how it is encoded.
- Consider implementing an overwrite function (in firmware or some other translator) of the returned ESN and code-resident unlock codes with known functioning values.
Is that about right?
So, do you have any clues about the RS232 command and reply for ESN, or would a sniffing contributor to the project be looking for his or her own cleartext ESN in the RS232 traffic?
munkustrap wrote:does anybody has the possibility to sniff the command for ESN ? maybe ist transmitted when the ESN Dialog is opened?
munkustrap wrote:Hi
yes, the ESN it is on the COM1.
munkustrap wrote:When OS5.1 has booted up, there must be a Setup Windows somewhere where you can read the ESN (I think its the one where you can add your licences).
munkustrap wrote:I' try to find out the command by analysing the hex code of the brain Firmware.
actual Status:
I found the place where the ESN is read from the small chip that holds the ESN. I also know how I can overwrite that with a fixed ESN with license code (I already got one, thanks !)
I fount the Position in the Firmware where the ESN is send out. the Format on the RS232 is something like
????????????c (???... stands for the ESN) The ESN seems to be terminated with a "c".
munkustrap wrote:In fact my first hack Trial is ready, I only Need to verify it somehow.
As I do not have a Mackie CPU I Need this command to read out the ESN. Without this command it is only possible to
Exchange the original asc file with the hacked one, boot up and lokk what ESN the System Shows.
munkustrap wrote:what about if I give you the hacked control.asc file and you try it in your CPU ? you should get the ESN that I've programmed into the Firmware. If it doesn't work you have to go back to your original control.asc. this should be at least faster then sniffing I guess.
munkustrap wrote:what about if I give you the hacked control.asc file and you try it in your CPU ? you should get the ESN that I've programmed into the Firmware. If it doesn't work you have to go back to your original control.asc. this should be at least faster then sniffing I guess.
Users browsing this forum: Google [Bot] and 8 guests