Asian Characters Firmware 2.3

[theGoods]

Hack Name: Cached Firmware Hack
What it does: Modifies Zune software to allow the transmission of modified ZuneFirmware.cab
Suggestions: Don't modify the firmware itself, as we can't re-sign it. Getting extra files onto the system partition would be accomplishment enough.


Here's the idea... the Zune software downloads new firmware upon request, but then uses the same firmware from a cache when updating multiple zunes or the same zune multiple times. (fyi the firmware is downloaded to: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Zune\#\ZuneFirmware.cab where # is some number) I took the cab file and added the asian language font files and tried to get the Zune software to upload the file to a formatted Zune 4GB. The software recognized my tampering and did not send the updated cab. My idea is for someone to hack the Zune software to alter that firmware check. I tried to do it myself, but my limited knowledge of SoftIce prevented me from finding a nearby entry point. Anyone with more experience care to give it a go?

[CarbonOS]

Asian character support would be awesome, it sucks to change all these Chinese words into pronounciations.

[theGoods]

Quick update incase anyone is following this or *gasp* thinking of giving it a go... I found a good entry point for softice and have managed to find what looks like the code that needs to be modified. Anyone with good windows ASM knowledge or softice experience, the entry point I used was GetFileSize right before hitting the update button.

I'm still hacking around in the Zune software, I'll post a patched version if I ever figure this SOB out.

[umisguy]

Well +Rep for the work so far. I hope you or someone else follows the work you've done and manages to get the hack to work, with any hope, we could add some other things to it as well.. after all it's a modified Windows CE for ARM processors Firmware, so if you managed to add something else along the lines of a CE app.. and some sort of trigger in a font... OR something, that'd be awesome, you know like a boot loader in CE (CE is windows mobile and Pocket PC OS'es core.)or some other cool thing like an FM radio recording app or whatever.. but even just the asian language pack alone is worth the effort.

[PityOnU]

You coud probably just use all of the old tools but replace the old firmware .cab with the new one. Not that hard...

[theGoods]

Quote:

Originally Posted by PityOnU

You coud probably just use all of the old tools but replace the old firmware .cab with the new one. Not that hard...

This is exactly what I did. I took the cab file that the Zune software downloads and added the zune fonts just like the old hack did. When I then try to setup a formatted Zune, the software recognizes that there is something up with the cab. The old hack used the old software (fyi, I got the old software and tried to send with that as well ... I ran into other issues), so my next option was to modify the Zune software to forget whatever check it was doing to stop me from sending my updated cab. Again, anyone that has friends with cracking experience, that's basically what I'm attempting here.