Zune Boards - View Single Post

ZunePet · 09-02-2007, 03:32 PM

Cool. It works for me too!

Tested with 'dingbats' font (a unicode font, part of the 'msgothic.ttc' font collection)
Photos (sorry for the blur). 3 tracks with dingbat characters in the name:
Before hack, dingbats characters drawn as boxes: http://aibohack.com/zune/before1.jpg
After hack: http://aibohack.com/zune/after1.jpg
Thanks to 'scheme' for the discovery. Thanks to 'lpxxfaintxx' for the heads up.
-----
Technical note:
It is calling the WinCE API 'AddFontResource' which *should* add fonts or font collections (officially ".ttf" is one font, and ".ttc" is a collection, but the API handles both)
So in theory, you should be able to use regular .TTF files (rename to one of the 4 hard coded .ttc file names)
NOTE: the built in 'Convection' font is around 130KB of data. The extra unicode fonts are an additional 40MB!

Unfortunately, tweeking these files is not very practical because it requires a hard drive swap
-----
> doing this is it possible to change font style and color????????????????
It may be possible to replace the limited built-in 'Convection' font, depending on how it does the font matching. Someone needs to do more experimentation.
Color is a different problem. With full access to the hard drive, there are visual attributes in one of the settings database.

Unfortunately, tweeking these files is not very practical because it requires a hard drive swap
-----
re: tweeking the font files without the hard drive swap.

It *may* be possible to trick the update software to update these files. The update process handles the special 3 BIN files (EBOOT.BIN, RECOVERY.BIN and NK.BIN) and copies them to the system partition.
Certain other files appear to be permitted as well (.AC3, .TTC and .TTF file extensions). There is similar logic in the GigaBeat-S. Someone needs to do more experimentation.
-----

re: can this be used for a homebrew hack?
Possibly. It is the only place in the registry with a direct link to an optionally loaded file on the "Hard Disk" (the first partition, AKA the system partition)
Since you can place your own TTF files on the device, a corrupted one may be possible to crash the device in a semi-predictable way.
The font loading/rendering process is rather complicated. Bugs/exploits have been found in the past.
For example: http://www.cve.mitre.org/cgi-bin/cve...=CVE-2007-1213

Someone needs to do more experimentation.
DISCLAIMER: This may be a hole to get true homebrew working, or it may be yet another dead-end. Don't get your hopes up. If anyone is seriously looking at a Zune homebrew hack, I recommend looking in this area.

09-02-2007, 03:32 PM	#14 (permalink)
ZunePet Zuner Join Date: Nov 2006 Posts: 74 Reputation: 9	Cool. It works for me too! Tested with 'dingbats' font (a unicode font, part of the 'msgothic.ttc' font collection) Photos (sorry for the blur). 3 tracks with dingbat characters in the name: Before hack, dingbats characters drawn as boxes: http://aibohack.com/zune/before1.jpg After hack: http://aibohack.com/zune/after1.jpg Thanks to 'scheme' for the discovery. Thanks to 'lpxxfaintxx' for the heads up. ----- Technical note: It is calling the WinCE API 'AddFontResource' which should add fonts or font collections (officially ".ttf" is one font, and ".ttc" is a collection, but the API handles both) So in theory, you should be able to use regular .TTF files (rename to one of the 4 hard coded .ttc file names) NOTE: the built in 'Convection' font is around 130KB of data. The extra unicode fonts are an additional 40MB! Unfortunately, tweeking these files is not very practical because it requires a hard drive swap ----- > doing this is it possible to change font style and color???????????????? It may be possible to replace the limited built-in 'Convection' font, depending on how it does the font matching. Someone needs to do more experimentation. Color is a different problem. With full access to the hard drive, there are visual attributes in one of the settings database. Unfortunately, tweeking these files is not very practical because it requires a hard drive swap ----- re: tweeking the font files without the hard drive swap. It may be possible to trick the update software to update these files. The update process handles the special 3 BIN files (EBOOT.BIN, RECOVERY.BIN and NK.BIN) and copies them to the system partition. Certain other files appear to be permitted as well (.AC3, .TTC and .TTF file extensions). There is similar logic in the GigaBeat-S. Someone needs to do more experimentation. ----- re: can this be used for a homebrew hack? Possibly. It is the only place in the registry with a direct link to an optionally loaded file on the "Hard Disk" (the first partition, AKA the system partition) Since you can place your own TTF files on the device, a corrupted one may be possible to crash the device in a semi-predictable way. The font loading/rendering process is rather complicated. Bugs/exploits have been found in the past. For example: http://www.cve.mitre.org/cgi-bin/cve...=CVE-2007-1213 Someone needs to do more experimentation. DISCLAIMER: This may be a hole to get true homebrew working, or it may be yet another dead-end. Don't get your hopes up. If anyone is seriously looking at a Zune homebrew hack, I recommend looking in this area. Last edited by ZunePet : 09-02-2007 at 03:34 PM.