Beispiel #1
0
# Vocoder Patch for MD380 Firmware
# Applies to version S013.020

from Patcher import Patcher

#Match all public calls.
monitormode = False
#Match all private calls.
monitormodeprivate = False

if __name__ == '__main__':
    print "Creating patches from unwrapped.img."
    patcher = Patcher("unwrapped.img")

    # bypass vocoder copy protection on S013.020
    patcher.nopout((0x8034a60))
    patcher.nopout((0x8034a60 + 0x2))
    patcher.nopout((0x8034a76))
    patcher.nopout((0x8034a76 + 0x2))
    patcher.nopout((0x8034a8c))
    patcher.nopout((0x8034a8c + 0x2))
    patcher.nopout((0x8034aa2))
    patcher.nopout((0x8034aa2 + 0x2))
    patcher.nopout((0x8034ab8))
    patcher.nopout((0x8034ab8 + 0x2))
    patcher.nopout((0x8034ace))
    patcher.nopout((0x8034ace + 0x2))
    patcher.nopout((0x8049f9a))
    patcher.nopout((0x8049f9a + 0x2))
    patcher.nopout((0x804a820))
    patcher.nopout((0x804a820 + 0x2))
Beispiel #2
0
# Vocoder Patch for MD380 Firmware
# Applies to version S013.020

from Patcher import Patcher

# Match all public calls.
monitormode = False
# Match all private calls.
monitormodeprivate = False

if __name__ == '__main__':
    print("Creating patches from unwrapped.img.")
    patcher = Patcher("unwrapped.img")

    # bypass vocoder copy protection on S013.020
    patcher.nopout((0x8034a60))
    patcher.nopout((0x8034a60 + 0x2))
    patcher.nopout((0x8034a76))
    patcher.nopout((0x8034a76 + 0x2))
    patcher.nopout((0x8034a8c))
    patcher.nopout((0x8034a8c + 0x2))
    patcher.nopout((0x8034aa2))
    patcher.nopout((0x8034aa2 + 0x2))
    patcher.nopout((0x8034ab8))
    patcher.nopout((0x8034ab8 + 0x2))
    patcher.nopout((0x8034ace))
    patcher.nopout((0x8034ace + 0x2))
    patcher.nopout((0x8049f9a))
    patcher.nopout((0x8049f9a + 0x2))
    patcher.nopout((0x804a820))
    patcher.nopout((0x804a820 + 0x2))
Beispiel #3
0
# Applies to version D013.020

from Patcher import Patcher

# Match all public calls.
monitormode = False
# Match all private calls.
monitormodeprivate = False

if __name__ == '__main__':
    print("Creating patches from unwrapped.img.")
    patcher = Patcher("unwrapped.img")

    # bypass vocoder copy protection on D013.020

    patcher.nopout((0x08033f30 + 0x18))
    patcher.nopout((0x08033f30 + 0x1a))
    patcher.nopout((0x08033f30 + 0x2e))
    patcher.nopout((0x08033f30 + 0x30))
    patcher.nopout((0x08033f30 + 0x44))
    patcher.nopout((0x08033f30 + 0x46))
    patcher.nopout((0x08033f30 + 0x5a))
    patcher.nopout((0x08033f30 + 0x5c))
    patcher.nopout((0x08033f30 + 0x70))
    patcher.nopout((0x08033f30 + 0x72))
    patcher.nopout((0x08033f30 + 0x86))
    patcher.nopout((0x08033f30 + 0x88))
    patcher.nopout((0x0804915c + 0x12))
    patcher.nopout((0x0804915c + 0x14))
    patcher.nopout((0x080499e2 + 0x12))
    patcher.nopout((0x080499e2 + 0x14))
Beispiel #4
0
# Applies to version D013.020

from Patcher import Patcher

# Match all public calls.
monitormode = False
# Match all private calls.
monitormodeprivate = False

if __name__ == '__main__':
    print("Creating patches from unwrapped.img.")
    patcher = Patcher("unwrapped.img")

    # bypass vocoder copy protection on D013.020

    patcher.nopout((0x08033f30 + 0x18))
    patcher.nopout((0x08033f30 + 0x1a))
    patcher.nopout((0x08033f30 + 0x2e))
    patcher.nopout((0x08033f30 + 0x30))
    patcher.nopout((0x08033f30 + 0x44))
    patcher.nopout((0x08033f30 + 0x46))
    patcher.nopout((0x08033f30 + 0x5a))
    patcher.nopout((0x08033f30 + 0x5c))
    patcher.nopout((0x08033f30 + 0x70))
    patcher.nopout((0x08033f30 + 0x72))
    patcher.nopout((0x08033f30 + 0x86))
    patcher.nopout((0x08033f30 + 0x88))
    patcher.nopout((0x0804915c + 0x12))
    patcher.nopout((0x0804915c + 0x14))
    patcher.nopout((0x080499e2 + 0x12))
    patcher.nopout((0x080499e2 + 0x14))
Beispiel #5
0
    #We don't use this anymore, because the new patch is better.
    #patcher.nopout(0x0803ee36,0xd1ef);
    
    # New patch for monitoring all talk groups , matched on first
    # entry iff no other match.
    #wa mov r5, 0 @ 0x0803ee86 # So the radio thinks it matched at zero.
    patcher.sethword(0x0803ee86, 0x2500);
    #wa b 0x0803ee38 @ 0x0803ee88 # Branch back to perform that match.
    patcher.sethword(0x0803ee88,0xe7d6); #Jump back to matched condition.
    
    patcher.export("prom-public.img");
    
    # This should be changed to only show missed calls for private
    # calls directed at the user, and to decode others without
    # triggering a missed call.
    patcher.nopout(0x0803ef10,0xd11f);  #Matches all private calls.
    patcher.export("prom-private.img");

    #Everything after here is experimental.
    #Everything after here is experimental.
    #Everything after here is experimental.
    
    #This cuts out the Chinese font, freeing ~200k for code patches.
    patcher.ffrange(0x809c714,0x80d0f80);
    
    #This mirrors the RESET vector to 0x080C020, for use in booting.
    patcher.setword(0x0800C020,
                    patcher.getword(0x0800C004),
                    0x00000000);

    #This makes the app its own sideload.  Don't ship with it!
Beispiel #6
0
# Applies to version 2.032

from Patcher import Patcher

#Match all public calls.
monitormode=False;
#Match all private calls.
monitormodeprivate=False;

if __name__ == '__main__':
    print "Creating patches from unwrapped.img.";
    patcher=Patcher("unwrapped.img");
    

#     #These aren't quite enough to skip the Color Code check.  Not sure why.
    patcher.nopout(0x0803ea62,0xf040);  #Main CC check.
    patcher.nopout(0x0803ea64,0x80fd);
    patcher.nopout(0x0803e994,0xf040);  #Late Entry CC check.
    patcher.nopout(0x0803e996,0x8164);
    patcher.nopout(0x0803fd98);  #dmr_dll_parser CC check.
    patcher.nopout(0x0803fd9a);
    patcher.sethword(0x0803fd8e,0xe02d, #Check in dmr_dll_parser().
                     0xd02d);
    patcher.nopout(0x0803eafe,0xf100); #Disable CRC check, in case CC is included.
    patcher.nopout(0x0803eb00,0x80af);
    
        
    # Patches after here allow for an included applet.
    
    #This cuts out the Chinese font, freeing ~200k for code patches.
    patcher.ffrange(0x809c714,0x80d0f80);
Beispiel #7
0
    #     patcher.nopout(0x0803ea64,0x80fd);
    #     patcher.nopout(0x0803e994,0xf040);  #Late Entry CC check.
    #     patcher.nopout(0x0803e996,0x8164);
    #     patcher.nopout(0x0803fd98);  #dmr_dll_parser CC check.
    #     patcher.nopout(0x0803fd9a);
    #     patcher.sethword(0x0803fd8e,0xe02d, #Check in dmr_dll_parser().
    #                      0xd02d);
    #     patcher.nopout(0x0803eafe,0xf100); #Disable CRC check, in case CC is included.
    #     patcher.nopout(0x0803eb00,0x80af);

    #patcher.export("prom-colors.img");

    # This should be changed to only show missed calls for private
    # calls directed at the user, and to decode others without
    # triggering a missed call.
    patcher.nopout(0x0803ef10, 0xd11f)
    #Matches all private calls.
    #patcher.export("prom-private.img");

    #Everything after here is experimental.
    #Everything after here is experimental.
    #Everything after here is experimental.

    #This cuts out the Chinese font, freeing ~200k for code patches.
    patcher.ffrange(0x809c714, 0x80d0f80)

    #This mirrors the RESET vector to 0x080C020, for use in booting.
    patcher.setword(0x0800C020, patcher.getword(0x0800C004), 0x00000000)

    #This makes RESET point to our stub below.
    patcher.setword(0x0800C004, 0x0809cf00 + 1)
Beispiel #8
0
# Applies to version S013.020

from Patcher import Patcher

# Match all public calls.
monitormode = False
# Match all private calls.
monitormodeprivate = True

if __name__ == '__main__':
    print("Creating patches from unwrapped.img.")
    patcher = Patcher("unwrapped.img")

    #test
    #patcher.sethword(0x08016850, 0x4770)
    patcher.nopout((0x080137D0))
    patcher.nopout((0x080137D0 + 0x2))

    # bypass vocoder copy protection on S013.020
    patcher.nopout((0x8034a60))
    patcher.nopout((0x8034a60 + 0x2))
    patcher.nopout((0x8034a76))
    patcher.nopout((0x8034a76 + 0x2))
    patcher.nopout((0x8034a8c))
    patcher.nopout((0x8034a8c + 0x2))
    patcher.nopout((0x8034aa2))
    patcher.nopout((0x8034aa2 + 0x2))
    patcher.nopout((0x8034ab8))
    patcher.nopout((0x8034ab8 + 0x2))
    patcher.nopout((0x8034ace))
    patcher.nopout((0x8034ace + 0x2))
Beispiel #9
0
# Promiscuous Mode Patch for MD380 Firmware
# Applies to version 2.032

from Patcher import Patcher

#Match all public calls.
monitormode = False
#Match all private calls.
monitormodeprivate = False

if __name__ == '__main__':
    print "Creating patches from unwrapped.img."
    patcher = Patcher("unwrapped.img")

    #     #These aren't quite enough to skip the Color Code check.  Not sure why.
    patcher.nopout(0x0803ea62, 0xf040)
    #Main CC check.
    patcher.nopout(0x0803ea64, 0x80fd)
    patcher.nopout(0x0803e994, 0xf040)
    #Late Entry CC check.
    patcher.nopout(0x0803e996, 0x8164)
    patcher.nopout(0x0803fd98)
    #dmr_dll_parser CC check.
    patcher.nopout(0x0803fd9a)
    patcher.sethword(
        0x0803fd8e,
        0xe02d,  #Check in dmr_dll_parser().
        0xd02d)
    patcher.nopout(0x0803eafe, 0xf100)
    #Disable CRC check, in case CC is included.
    patcher.nopout(0x0803eb00, 0x80af)
Beispiel #10
0
# Promiscuous Mode Patch for MD380 Firmware
# Applies to version 2.032

from Patcher import Patcher

#Match all public calls.
monitormode = False
#Match all private calls.
monitormodeprivate = False

if __name__ == '__main__':
    print "Creating patches from unwrapped.img."
    patcher = Patcher("unwrapped.img")

    #     #These aren't quite enough to skip the Color Code check.  Not sure why.
    patcher.nopout(0x0803ea62, 0xf040)
    #Main CC check.
    patcher.nopout(0x0803ea64, 0x80fd)
    patcher.nopout(0x0803e994, 0xf040)
    #Late Entry CC check.
    patcher.nopout(0x0803e996, 0x8164)
    patcher.nopout(0x0803fd98)
    #dmr_dll_parser CC check.
    patcher.nopout(0x0803fd9a)
    patcher.sethword(
        0x0803fd8e,
        0xe02d,  #Check in dmr_dll_parser().
        0xd02d)
    patcher.nopout(0x0803eafe, 0xf100)
    #Disable CRC check, in case CC is included.
    patcher.nopout(0x0803eb00, 0x80af)
Beispiel #11
0
# Promiscuous Mode Patch for MD380 Firmware
# Applies to version 2.032

from Patcher import Patcher

# Match all public calls.
monitormode = False
# Match all private calls.
monitormodeprivate = False

if __name__ == '__main__':
    print("Creating patches from unwrapped.img.")
    patcher = Patcher("unwrapped.img")

    #     #These aren't quite enough to skip the Color Code check.  Not sure why.
    patcher.nopout(0x0803ea62, 0xf040)  # Main CC check.
    patcher.nopout(0x0803ea64, 0x80fd)
    patcher.nopout(0x0803e994, 0xf040)  # Late Entry CC check.
    patcher.nopout(0x0803e996, 0x8164)
    patcher.nopout(0x0803fd98)  # dmr_dll_parser CC check.
    patcher.nopout(0x0803fd9a)
    patcher.sethword(
        0x0803fd8e,
        0xe02d,  # Check in dmr_dll_parser().
        0xd02d)
    patcher.nopout(0x0803eafe,
                   0xf100)  # Disable CRC check, in case CC is included.
    patcher.nopout(0x0803eb00, 0x80af)

    # Disable the ALPU Licence Check (vocoder version)
    patcher.nopout(0x8032a54)
Beispiel #12
0
# Applies to version 2.032

from Patcher import Patcher

#Match all public calls.
monitormode=False;
#Match all private calls.
monitormodeprivate=False;

if __name__ == '__main__':
    print "Creating patches from unwrapped.img.";
    patcher=Patcher("unwrapped.img");
    

#     #These aren't quite enough to skip the Color Code check.  Not sure why.
    patcher.nopout(0x0803ea62,0xf040);  #Main CC check.
    patcher.nopout(0x0803ea64,0x80fd);
    patcher.nopout(0x0803e994,0xf040);  #Late Entry CC check.
    patcher.nopout(0x0803e996,0x8164);
    patcher.nopout(0x0803fd98);  #dmr_dll_parser CC check.
    patcher.nopout(0x0803fd9a);
    patcher.sethword(0x0803fd8e,0xe02d, #Check in dmr_dll_parser().
                     0xd02d);
    patcher.nopout(0x0803eafe,0xf100); #Disable CRC check, in case CC is included.
    patcher.nopout(0x0803eb00,0x80af);
    
        
    # Patches after here allow for an included applet.
    
    #This cuts out the Chinese font, freeing ~200k for code patches.
    patcher.ffrange(0x809c714,0x80d0f80);