Portuguese KMM3010 New Firmware - Can anyone unpack/pack it?

Started by cuss, 03. Oct 2010, 14:29

previous topic - next topic
Go Down

cuss

Hi all,
can anyone unpack this DRA or give me an unpacker/packer?

I have an KMM3010, i have made some tests with the nk.bin and etc.bin ...

Here are the files that the box requests from our iptv servers:
http://rapidshare.com/files/422866731/From_Our_TFTP_-_KMM3010-PT.zip

- bootstrap
- dra (I wan't to know how to pack and unpack this file, to provide a hacked firmware to normal users)
- sync

Mulder3

#1
03. Oct 2010, 20:28 Last Edit: 03. Oct 2010, 20:50 by Mulder3
I've unpacked the dra file in the past, i don't recall how exactly, but i think it's just signed hashes in ASCII fallowed by a couple of concatenated files, including a WinCE rom(which you can unpack with wince tools viewbin.exe/dumprom.exe) that contains the actual recovery firmware, you can ignore the other files, they're encrypted XPU apps...

Anyway, you can alter the rom contents, but the box will reject it, because if you do that, the rom hash will change(the one included at the top of the dra file) and you will not be able to sign the new hash...

If you're interested you can find the "normal" firmware for MEO boxes at http://194.65.47.50/upgrade/upgrade-files/PKG.DIR

mce2222

yeah. the bootstrap files do not really contain much.
as Mulder already wrote, the main firmware is loaded from the bootstrap process.

cuss

Does the PKG.DIR have some hash control?

Mulder3

Yes, it has... You cannot load any non signed firmware unless you have jtag access! Period!

Go Up