From: "ab8kf" <ab8kf@...>
Mar 9, 2004
Where can I get the ROM image?
-Sean
From: "ab8kf" <ab8kf@...>
Mar 10, 2004
The chip is a low-profile 29SF080 flash (SOP) soldered directly on the
board.
-Sean
They wouldn't dare socket the ROM?
Service.
From: "donhamilton2002" <donhamilton2002@...>
Mar 13, 2004
What flavor of machine do you have ?
I can make an image of my rom, how would you like it ?
Intel hex, binary, ascii hex ??
What do you intend to do with it ??
Hacking is good, but what are YOU going to do with it ?
hamilton
From: Sean Walton <ab8kf@...>
Mar 15, 2004
I have a MS 150 (v. 4.05a(?)).
I want to discover the hardware specs and completely
rewrite the firmware. I have found that there appears
to be messages in the 2.xx version which indicate
through-parallel port re-imaging. If this is true, I
would like to start reprogramming the device from
scratch. Sure, I like the MS, but it would be fun for
me and my kids to actually start with a clean system.
-Sean
__________________________________
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
(URL)
From: Sean Walton <ab8kf@...>
Mar 15, 2004
Format? .... oops
I would like it in a hex dump that is the form:
AAAAA0HHHH...HHHss
A=address
0=placeholder
H=data
ss=checksum
If this is "Intel Hex," cool.
Otherwise, if this is too much of a pain, zip up the
binary for me, please.
-Sean
__________________________________
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
(URL)
From: "donhamilton2002" <donhamilton2002@...>
Mar 15, 2004
OK, OK, I'll get working on it.
But my kitchen gets first priority :-).
.......
Now where did I put that piece of .... Oopppss :-]
From: "jmareksr" <jimmarek@...>
Mar 18, 2004
Just to be clear, the copy of the ROM image in the Files section is the Model 100, right?
All the parts listed match the parts in my 100, so I supposed that the ROM does, too.
Jim
From: "donhamilton2002" <donhamilton2002@...>
Mar 19, 2004
the Model 100, right?
Yes Jim, Its version 2.53yr.
That dump was created by the hardware in the photo section
under 'ROM DUMP'.
I have not been able to get that hardware working again. So a single
file of my version of ROM will take longer than I thought.
If that 'ROM DUMP' file is good enough, I'll move on to something else.
hamilton
From: "jmareksr" <jimmarek@...>
Mar 19, 2004
Don,
That dump seems just fine. I have used a little Pascal program to
convert it into 64 16KB binary files (based on the notes from
ThePinkPanther) and started disassembling them using DASMx 1.30.
I need to stop for a while, so I'm in the process of writing up what
I have done so far, in the hopes of encouraging someone else to
continue it for a while. I will upload the binary files that I
created and describe what I have done and learned so far. I hope to
have it done by next week some time.
This venue has been a great inspiration. Thanks again for setting it
up!
Jim
else.
From: Sean Walton <ab8kf@...>
Mar 20, 2004
If there is a way a dump of a later version, I would
still be interested in it. I am concerned that the
system hooks I looking for may be different with the
version (4.03) that my unit has. If you recall, the
manufacturer has been trying to lock down its built-in
back doors.
-Sean
__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
(URL)
From: "donhamilton2002" <donhamilton2002@...>
Mar 20, 2004
This has been the basic problem with the MS device.
The main code ROM is a surface mount chip, soldered down to the board.
As I posted is message 13, people have been trying to figure out how
the MS works internally.
There seem to be more software people here than hardware people who
are willing to actually hack their hardware. I have one unit that is
no longer functioning. I bought a second unit so I can still play with
one.
If the code in the file section can be hacked so we all can see how
the "uploading code" function works, we can use that to re-load any MS
device. ( but read my comments in message 13 )
There is also a potental problem, that MS engineers changed the way
latter versions reload their code. ( or maybe they removed it
altogether, we have no way of knowing )
On my MS, I removed the code ROM and inserted a surface mount socket.
( but I missplaced the ROM chip in a recent move )
Thats why I bought a second unit.
I have been looking into replacing that code althgether with my own
ROM. Time is my current enemy.
Please review the ROM dump we have now. Maybe you will see something
others have missed, this may help others crack this code.
Hamilton
Opportunity is missed by most people,
Because it is dressed in overalls and looks like work.
From: "donhamilton2002" <donhamilton2002@...>
Mar 20, 2004
For anyone who may be interested.
I posted a pic of my MS with surface mount sockets.
The pic shows a ribbon cable (on the left) soldered to the RAM chip.
I connected the other end to a logic analyzer. Tracing with the logic
analyzer, I can see Z80 code executing. ( So I am sure its a Z80 )
But now I have to find the ROM that goes into that socket. :-(
If I can find a serial port on this chip, I will burn a chip with a
debugger. I have used a debugger in the past call NOICE.
(URL)
This can be used to check whats inside the chip. ( along with a logic
analyzer )
hamilton
From: "Cyrano Jones" <cyranojones_lalp@...>
May 23, 2004
I was wondering if you could elaborate on these comments
from message 13:
13>Now if someone ever figured out how to externally re-load code, so
13>any non-tech type can reflash their roms. That would be cutting them out.
Reflashing is what we are trying to do here, right? Are you saying that we
should stop short of posting a reflash app???
13>I had always thought the posting about $100 to anyone who can reflash
13>thier MS was posted by someone at earthlink. ( we have a $100 bill for
13>you, just give us your name and address )
I had assumed that was just a joke, since their was no way
to contact "hacker howard". Why do you think earthlink
would want a name and address? Nasty letter from
the legal dept.???
Does anyone in this group work for earthlink????
Cyrano Jones
From: "John R. Hogerhuis" <jhoger@...>
May 23, 2004
IANAL, but IMHO It doesn't matter.
engineer the code in order to use a device I bought.
I never agreed to anything with any company Earthlink, Cidco, or
otherwise. I haven't even connected the thing to an ISP, so there is no
chance that I ever Clicked through a license agreement of any kind.
I bought the unit, I can do anything I want with it. I can erase the
flash, I can replace it with something else. I can take a sledgehammer
to it, etc. It's property, I own it. That said, I can't make copies of
the software within for redistribution to people who don't own a
mailstation due to copyright law. And if we find some encryption
anywhere that is intended to prevent copying of the software we aren't
allowed to break it (see: DMCA). But we haven't seen anything like that,
AFAIK. In any event for the purposes here I can't see how that would be
a proper application of DMCA, but I am not a lawyer.
Certainly the end product of a reflash app could never be an
infringement of copyright since we don't have access to the source code
of the original reflash application. And as above, I'm not breaking any
license agreement or contract since I never made any agreement.
So once we get to an actual reflash app I think there is even less to
worry about, since it will all be original code. I'd be more worried
about posting the original binary images than the reflash app, since
someone who doesn't own a CIDCO Det1 might download it, and that would
be an illegal distribution (copyright infringement) under copyright law.
As everyone here knows the $100 reward is a joke any way you look at it,
at least if you're using the brute force approach which is what it seems
we're left with. I wonder how much that $100/hour would divide out to
with the man-hours spent so far on this effort?
Hopefully we're all having fun with this, since that's all this is
really about...
From: "donhamilton2002" <donhamilton2002@...>
May 25, 2004
how
any MS
so
them out.
saying that we
reflash
bill for
I was sort of jokeing as well. But, with DMCA running around it
seemed to be a case of baiting. I think I said ( maybe I thought
it ) earthlink or who ever has control now is not interested in a
few hackers. But if any novice with a MS can cut out the
subscription cost and link to a free email server, then someone
(i.e. earthlink) may get heart burn over that.
hamilton