Motorola iTunes hacking revealed

Motorola iTunes hacking revealed Guides written by Warp

Warp is writing a series of guides on this topic - Motorola iTunes hacking. The guides are published in www.inbrite.com forum.

Part 1:

In this part, Warp gives an introduction to all the stock version of Motorola iTunes. Read more at Motorola iTunes hacking revealed #1.

Part 2:

In part 2, Warp talks about Java disassemblers and decompilers, and show us the related codes about the iTunes protection of song limit. Read more at Motorola iTunes hacking revealed #2.

Part 3:

In part 3, Warp shows us how to break the 400 songs limit. Read more at Motorola iTunes hacking revealed #3.

Part 4:

Warp gives us the final cracking solution and the iTunes translation script. Read more at Motorola iTunes hacking revealed #4.

Sponsors links:

Make MPs compatible with sticky firmwares

Make your MPs compatible with sticky firmwares AER/E0R

Russian hackers announced a great CG1 patch. With this patch, you can make your MPs also compatible with phones with AER/E0R. You don't need to get rid of the sticky firmware any more.

This patch was brought to me by coccolino_dbro. He has tried it on his V360 successfully. I also tried. I flashed to AER, then I can flash successfully to my newly created YuetMod v1.9a MP, which is based on ABR.

Use V360 ABR as an example, you can follow these steps to apply the patch to your MP.
(Assume you already know how to apply RSA patch and compile MP.)
1. split/extract your MP, which has RSA protection removed.
2. use XVI32 to open the CG1 file.
3. press Ctrl + G and jump to hex offset 386A8.
4. replace the Hex values from 477846C0 to 20014770.
5. press Ctrl + G and jump to hex offset A373D8.
6. replace the Hex values from 477846C0 to 20014770.
7. save CG1, then compile a new MP.

Different firmwares have different offsets, please refer to the following patch codes for your firmware version:

V360 ABR: (provided by coccolino_dbro)

[Patch_Code]
000386A8: 20014770
00A373D8: 20014770

[Patch_Undo]
000386A8: 477846C0
00A373D8: 477846C0


===================
V360 ACR: (provided by coccolino_dbro)

[Patch_Code]
000386DC: 20014770
00A37A08: 20014770

[Patch_Undo]
000386DC: 477846C0
00A37A08: 477846C0


===================
L7 ACR_RB:

[Patch_Code]
000386DC: 20014770
00A37A08: 20014770

[Patch_Undo]
000386DC: 477846C0
00A37A08: 477846C0

===================

Discussion thread in www.inbrite.com.

Sponsors links:

Fix checksum errors in MP

Ultimate way to fix checksum errors in MP

This is the method I always used to fix the checksum errors in the MP.

Tools you need:
1. RSD Lite
2. RandomSHX
3. HexEditor

Steps:

1. flash the MP with checksum errors, using RSDLite.

2. open the FlashErrorLog1.log file in RSDLite folder, look for checksum errors similar to those in the attached image in the forum. The file checksum is the one in your file, which is wrong. The phone checksum is the correct one.

3. use RandomSHX to extract your MP into bins.

4. open the 0.bin file using hex editor.

5. search for the file checksum. You need to swap the bytes. For example, if the file checksum is 0x8D8A, you should search for 8A8D in the hex editor.

6. replace the file checksum with phone checksum. You also need to swap the bytes. For example, if the phone checksum is 0x8C39, you should replace the file checksum with 398C.

7. repeat steps 5-6 until you fix all the checksum errors in the log.

8. save the 0.bin file and compile the MP using RandomSHX.

Discussion thread in inbrite.com forum

Sponsors links: