Resetting.....

Upcoming fresh hacks

Non-Technical Hacks that works - Have Fun! (Status: in progress..)

Hacking network based biometric time-attendance system - Be your own boss! (Status: Done!)
Milestone Xprotect License Bypass hack - Replace a camera without license re-activation (Status: Done!)

Thursday, June 2, 2011

Second JTAG Attempt: Motorola CPEi35775 (from Menatelecom)


Had few problems with JTAG stuff but I managed to dump few parts of the FLASH.

BOOTLOADER.0x90000000,0x90020000 (Contains Wimax MAC)
IMAGE_A.0x90040000,0x90C40000
CONFIG_A.0x90C40000,0x90C60000
CONFIG_B.0x90C60000,0x90C80000
IMAGE_B.0x90CE0000,0x918E0000
FNE_CERTS.0x90C80000,0x90CA0000
DEV_CERTS.0x90CA0000,0x90CC0000 (LMMC format Contains Wimax MAC)
FACTORY_DEF.0x90CC0000,0x90CE0000
JFFS2.0x918E0000,0x92000000

Bootloader:
CONSOLE_STATE variable @ Offset 0x1163F set to locked
HWA_0: Wimax MAC address


End!

0 comments:

Post a Comment