Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > More E-Book Readers > Bookeen

Notices

Reply
 
Thread Tools Search this Thread
Old 12-09-2011, 07:40 AM   #1
markun
Junior Member
markun began at the beginning.
 
Posts: 7
Karma: 10
Join Date: Dec 2011
Device: none
decrypting the firmware upgrade files

Is there any information about the firmware upgrade files for the orizon and the odyssey? I want to have a look at the files inside them and was hoping there was some obvious way to decrypt them

The files (CybUpdate.bin) start with the string 'Boo1' and end with 'GAME OVER', but otherwise I didn't discover any patterns in the data. There are no text strings and it's not very compressible (with bzip2 they actually become bigger). I looked at the firmware upgrade files from both devices and besides the header and the footer I didn't see any similarities in the data.

Does anyone have access to the file system to figure out how the firmware updates are done?

Last edited by markun; 12-09-2011 at 07:42 AM.
markun is offline   Reply With Quote
Old 12-12-2011, 09:52 AM   #2
Godzil
a pthread?? where? where?
Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.
 
Godzil's Avatar
 
Posts: 1,741
Karma: 30462
Join Date: Mar 2009
Location: Somewhere in EU
Device: Newton MessagePad 2100, and only this
I never heard of such a thing...

But I will be interested if some people have informations on this!

Last edited by Godzil; 12-12-2011 at 10:35 AM.
Godzil is offline   Reply With Quote
Old 12-12-2011, 11:17 AM   #3
markun
Junior Member
markun began at the beginning.
 
Posts: 7
Karma: 10
Join Date: Dec 2011
Device: none
Actually I did find some patterns

At the start of the Odyssey firmware update:

Code:
00000004  df a3 79 1f 0c 5a 51 57  e9 09 be bb 3d 3e 61 68  |..y..ZQW....=>ah|
00000014  51 fc 24 ff 05 45 f8 43  4c b7 84 3c 96 a2 65 06  |Q.$..E.CL..<..e.|
00000024  0a dd 8d a1 9e 14 26 93  0a dd 8d a1 9e 14 26 93  |......&.......&.|
00000034  0a dd 8d a1 9e 14 26 93  5b 19 42 79 b8 6e b6 86  |......&.[.By.n..|
00000044  45 b3 27 7c 48 8d ca 38  b0 21 b0 3e 55 c8 51 9d  |E.'|H..8.!.>U.Q.|
00000054  50 c1 30 43 01 50 a6 52  63 d9 ab 92 ff 5a 24 2e  |P.0C.P.Rc....Z$.|
00000064  7d d4 6a 8f ff 36 64 28  0a dd 8d a1 9e 14 26 93  |}.j..6d(......&.|
00000074  0c 4b e9 d2 32 76 2e 67  29 20 93 66 22 26 15 fd  |.K..2v.g) .f"&..|
At the start of the Orizon firmware update:

Code:
00000004  11 86 c9 5c 3c c4 7f 07  7e ad 73 2c c7 20 34 5d  |...\<...~.s,. 4]|
00000014  21 2c 85 cf f2 99 1d bb  46 b6 d3 5a a8 60 e5 96  |!,......F..Z.`..|
00000024  d0 d4 62 9e 86 bf a4 18  d0 d4 62 9e 86 bf a4 18  |..b.......b.....|
00000034  d0 d4 62 9e 86 bf a4 18  1b 5c 35 05 96 82 8f f1  |..b......\5.....|
00000044  ad ed 29 bc e8 20 7e 63  97 06 5b d4 d6 de 7d 94  |..).. ~c..[...}.|
00000054  9e ea bd 94 94 d2 93 7d  d0 3a de ad 26 63 14 c8  |.......}.:..&c..|
00000064  63 0e 52 57 98 a9 19 14  d0 d4 62 9e 86 bf a4 18  |c.RW......b.....|
00000074  57 72 59 5f 55 96 73 db  05 9d c1 20 68 70 ba c4  |WrY_U.s.... hp..|
The bytes that I maked can also be found at the end of the firmware files:

Odyssey:

Code:
01244604  0a dd 8d a1 9e 14 26 93  54 53 e1 de 72 f2 2d bd  |......&.TS..r.-.|
01244614  57 e3 6c 3f fb 6b 2b 97  09 11 0c 13 5d 51 95 1f  |W.l?.k+.....]Q..|
01244624  38 4e f2 48 05 1e dc 1d  ac a0 a0 4b 15 f5 2a 72  |8N.H.......K..*r|
01244634  3d ae 26 fd 79 a7 d0 d1  16 32 b8 42 57 ca 91 fd  |=.&.y....2.BW...|
01244644  bc 2e b4 ee ae 0c ce 0f  ac 0a 94 ea bf be 80 dd  |................|
01244654  85 6d b7 cd d3 11 b5 10  62 81 5b e5 80 a4 d6 ad  |.m......b.[.....|
01244664  3f c1 f8 15 96 2a 7b 7d  13 3d b9 89 3d be a8 d7  |?....*{}.=..=...|
01244674  1c 31 6b f6 c3 ad d5 1c  23 32 00 58 75 86 e9 60  |.1k.....#2.Xu..`|
01244684  04 a1 66 fd 69 dd 6d 05  47 41 4d 45 5f 4f 56 45  |..f.i.m.GAME_OVE|
01244694  52                                                |R|
Orizon:

Code:
010d7194  d0 d4 62 9e 86 bf a4 18  c7 f7 cb 93 5b 5f 00 d5  |..b.........[_..|
010d71a4  7b ab 4d cb e3 1b 93 b2  d7 b3 54 4f 47 4c c9 88  |{.M.......TOGL..|
010d71b4  e1 9c 7d f5 17 17 8d 7c  3c 59 6c 40 0a 73 60 45  |..}....|<Yl@.s`E|
010d71c4  3b 9c cb da 0f 9b 34 f4  63 5c 41 60 bb ba f6 4c  |;.....4.c\A`...L|
010d71d4  f4 32 b0 40 5d 74 78 c7  cf 16 5e 39 95 ae 74 56  |.2.@]tx...^9..tV|
010d71e4  7c 92 a2 ef 45 0f da 98  68 07 db 03 20 85 45 eb  ||...E...h... .E.|
010d71f4  07 5d 67 70 fc 7f 19 2d  ce 6a 3b 24 f9 df 4c da  |.]gp...-.j;$..L.|
010d7204  eb c0 54 20 18 d5 3f a0  60 6f 35 cd 43 21 7c 2a  |..T ..?.`o5.C!|*|
010d7214  81 7a 2a 27 d9 15 ce 7e  47 41 4d 45 5f 4f 56 45  |.z*'...~GAME_OVE|
010d7224  52                                                |R|
I will update the thread if I find out more.
markun is offline   Reply With Quote
Old 12-13-2011, 04:01 AM   #4
Godzil
a pthread?? where? where?
Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.
 
Godzil's Avatar
 
Posts: 1,741
Karma: 30462
Join Date: Mar 2009
Location: Somewhere in EU
Device: Newton MessagePad 2100, and only this
Can you give the exact version of the update, and the exact position where you find these patterns ?
Godzil is offline   Reply With Quote
Old 12-13-2011, 04:09 AM   #5
markun
Junior Member
markun began at the beginning.
 
Posts: 7
Karma: 10
Join Date: Dec 2011
Device: none
I got the firmware updates here:

http://www.bookeen.com/en/supportdownload/?idPart=2

Odyssey firmware upgrade 4.0 (build 1476)

Orizon firmware upgrade 3.1 (build 1398)

I used "hexdump -s4 -C CybUpdate.bin" in linux to make the dumps show in my previous post. On the left of the dumps you can see the byte positions in hexadecimal. The -s4 argument skips the first 4 characters (which are 'Boo1' for both files)

btw, I don't know if it's ok to put links to the firmware upgrade files here since you normally need to log in to get to the download section.. should I remove it and replace it with a link to the download page?

Last edited by markun; 12-13-2011 at 04:18 AM.
markun is offline   Reply With Quote
Old 12-13-2011, 04:54 AM   #6
Godzil
a pthread?? where? where?
Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.
 
Godzil's Avatar
 
Posts: 1,741
Karma: 30462
Join Date: Mar 2009
Location: Somewhere in EU
Device: Newton MessagePad 2100, and only this
Oups you're right about the address in file, I was misleading it with a "line number" in the "code" box
Godzil is offline   Reply With Quote
Old 12-13-2011, 05:42 AM   #7
markun
Junior Member
markun began at the beginning.
 
Posts: 7
Karma: 10
Join Date: Dec 2011
Device: none
The Odyssey file contains these 8 byte 4 times: f1 4f 4c d7 86 75 4b 01
The Orizon file contains these 8 bytes 2 times: 0b af 05 35 3d 9b 10 4f

not sure if that is of any use
markun is offline   Reply With Quote
Old 12-19-2011, 08:26 AM   #8
markun
Junior Member
markun began at the beginning.
 
Posts: 7
Karma: 10
Join Date: Dec 2011
Device: none
Just noticed there is a new firmware for the Odyssey, so: more data!

Odyssey firmware upgrade 4.0 (build 1481)

Start:

Code:
00000004  aa 78 10 0d bd 73 20 10  31 8b ee 8c 0a a7 78 81  |.x...s .1.....x.|
00000014  f3 a2 31 aa 8b e3 7e e8  d7 b9 d6 6f 51 66 4b 8c  |..1...~....oQfK.|
00000024  4e 55 bb 36 d8 d5 21 22  4e 55 bb 36 d8 d5 21 22  |NU.6..!"NU.6..!"|
00000034  4e 55 bb 36 d8 d5 21 22  ed b9 a8 05 cb de a4 a7  |NU.6..!"........|
00000044  0b 6e ac 9d f2 93 c6 92  1a a9 3f 4c 7c a1 b8 e0  |.n........?L|...|
00000054  bb c8 dd d9 5c 95 a1 6a  e7 9b b3 1d 35 ce 3d 65  |....\..j....5.=e|
00000064  b4 da 9f 46 2e 51 53 a4  c2 6c 40 10 fb f2 fe 03  |...F.QS..l@.....|
00000074  58 03 30 c3 a0 dc bd cb  1a 7c 1f 45 ee 73 e5 82  |X.0......|.E.s..|
End:

Code:
0124c204  4e 55 bb 36 d8 d5 21 22  5a 50 74 fd b9 a3 22 5a  |NU.6..!"ZPt..."Z|
0124c214  f2 e0 6b a7 6c 3d 44 1e  c3 db 9d 89 cc 71 2c 2f  |..k.l=D......q,/|
0124c224  cb 2c 0a b4 5e 93 0e 5f  cd cd 90 5c 0e 82 94 87  |.,..^.._...\....|
0124c234  e9 3a 26 12 d0 70 a0 a3  93 9e 76 81 d0 4d d7 69  |.:&..p....v..M.i|
0124c244  12 50 6c da fc 6d a6 c6  d8 d5 36 52 4e 1b 7e 3a  |.Pl..m....6RN.~:|
0124c254  6e 49 40 2b 3b 6d 6b 3c  1d 89 97 b1 e2 5a 7b d6  |nI@+;mk<.....Z{.|
0124c264  a5 fc bc a1 76 af 8f e8  e5 12 75 ec 57 69 35 24  |....v.....u.Wi5$|
0124c274  3f df ae 1c 9c 5b 0f e5  21 ce 79 0b e3 66 4a 41  |?....[..!.y..fJA|
0124c284  38 a6 54 7a 12 18 1a c7  47 41 4d 45 5f 4f 56 45  |8.Tz....GAME_OVE|
0124c294  52                                                |R|
Recurring strings:

5 x 4e 55 bb 36 d8 d5 21 22
3 x 4f 16 aa 3f 96 91 12 26
2 x 7c 72 44 cc fc 69 0f 8e

Last edited by markun; 12-19-2011 at 10:18 AM.
markun is offline   Reply With Quote
Old 12-19-2011, 12:56 PM   #9
Godzil
a pthread?? where? where?
Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.
 
Godzil's Avatar
 
Posts: 1,741
Karma: 30462
Join Date: Mar 2009
Location: Somewhere in EU
Device: Newton MessagePad 2100, and only this
Maybe I'm wrong, but I'm unsure this will be of any help. Ok there is this 8 long byte repetition a different number of time on each file, but they are too different to be some usefull data...

I have doubt about this "discover". (somes seems to be placed at the same place, but what that can mean?)
Godzil is offline   Reply With Quote
Old 12-19-2011, 04:12 PM   #10
markun
Junior Member
markun began at the beginning.
 
Posts: 7
Karma: 10
Join Date: Dec 2011
Device: none
Well, my guess is that the decrypted files all have the same values at those positions in the header, could be 00 00 00 00 ... or ff ff ff ff ... for example. At first I thought the Odyssey and the Orizon might have different keys for the encryption which caused these recurring strings to be different, but since the two Odyssey files look so different I guess that's not true.

Anyway, I personally think it's a good start and will keep trying
markun is offline   Reply With Quote
Old 12-20-2011, 10:17 AM   #11
Godzil
a pthread?? where? where?
Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.
 
Godzil's Avatar
 
Posts: 1,741
Karma: 30462
Join Date: Mar 2009
Location: Somewhere in EU
Device: Newton MessagePad 2100, and only this
I understand what you mean
Godzil is offline   Reply With Quote
Old 12-20-2011, 10:34 AM   #12
frostschutz
Linux User
frostschutz ought to be getting tired of karma fortunes by now.frostschutz ought to be getting tired of karma fortunes by now.frostschutz ought to be getting tired of karma fortunes by now.frostschutz ought to be getting tired of karma fortunes by now.frostschutz ought to be getting tired of karma fortunes by now.frostschutz ought to be getting tired of karma fortunes by now.frostschutz ought to be getting tired of karma fortunes by now.frostschutz ought to be getting tired of karma fortunes by now.frostschutz ought to be getting tired of karma fortunes by now.frostschutz ought to be getting tired of karma fortunes by now.frostschutz ought to be getting tired of karma fortunes by now.
 
frostschutz's Avatar
 
Posts: 738
Karma: 2030839
Join Date: Sep 2010
Device: iriver Story HD
Quote:
Originally Posted by markun View Post
Well, my guess is that the decrypted files all have the same values at those positions in the header, could be 00 00 00 00 ... or ff ff ff ff ... for example.
If that were the case there should probably be several more repeated patterns in the file. This is the case for example with the iriver Story HD firmware files which use a simple byte pad cipher, and the decoded file is a ZIP with an easy to bruteforce password. The Odyssey seems to be using a more sophisticated cipher. You might have to gain access to the system files and figure out the decryption routine from there...
frostschutz is offline   Reply With Quote
Old 12-21-2011, 04:13 AM   #13
markun
Junior Member
markun began at the beginning.
 
Posts: 7
Karma: 10
Join Date: Dec 2011
Device: none
I don't know if there would be many repeated patterns. If it's a compressed file (bzip2 or something) I wouldn't expect any repeated patterns except maybe in the header.

I don't actually own the Odyssey nor the Orizon and I didn't find out if anyone managed to get access to the filesystem. Do you own one of them?
markun is offline   Reply With Quote
Old 12-21-2011, 04:53 AM   #14
Godzil
a pthread?? where? where?
Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.
 
Godzil's Avatar
 
Posts: 1,741
Karma: 30462
Join Date: Mar 2009
Location: Somewhere in EU
Device: Newton MessagePad 2100, and only this
Quote:
Originally Posted by frostschutz View Post
If that were the case there should probably be several more repeated patterns in the file. This is the case for example with the iriver Story HD firmware files which use a simple byte pad cipher, and the decoded file is a ZIP with an easy to bruteforce password. The Odyssey seems to be using a more sophisticated cipher. You might have to gain access to the system files and figure out the decryption routine from there...
Wow, I search on the net about this, what a weak "protection"!
Godzil is offline   Reply With Quote
Old 02-13-2012, 12:01 PM   #15
Godzil
a pthread?? where? where?
Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.Godzil can even cheer up an android equipped with a defective Genuine Personality Prototype.
 
Godzil's Avatar
 
Posts: 1,741
Karma: 30462
Join Date: Mar 2009
Location: Somewhere in EU
Device: Newton MessagePad 2100, and only this
markun: do you have news on you investigations ?
Godzil is offline   Reply With Quote
Reply

Tags
firmware, odyssey, orizon

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
PRS-500 Can I still firmware upgrade this? Rangoon Sony Reader 9 08-11-2011 03:11 PM
PRS-500 Second Firmware Upgrade CO'Neil Sony Reader 0 04-03-2010 08:33 PM
Decrypting DRM-d BBeB ahi LRF 19 12-10-2009 11:07 AM
Firmware Upgrade Available! scottcstoness Sony Reader 65 08-06-2007 11:13 PM
Decrypting eReader books... bspline Other formats 2 03-20-2005 12:38 PM


All times are GMT -4. The time now is 03:38 PM.


MobileRead.com is a privately owned, operated and funded community.