Welcome guest, is this your first visit? Click the "Create Account" button now to join.
Likes Likes:  0
Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Member
    Join Date
    Apr 2014
    Location
    Greece
    Posts
    10
    Rep Power
    0

    pin How to disable the start-up warning message on nuvi 2599

    Any way to disable the warning screen on nuvi 2599 with firmware 8.50 (HWID 1947).
    How do you find what changes should be applied in firmware?

  2.    Advertissements


  3. #2
    Member
    Join Date
    Apr 2016
    Location
    USA
    Posts
    24
    Rep Power
    48

    Default

    Quote Originally Posted by ioannis0 View Post
    Any way to disable the warning screen on nuvi 2599 with firmware 8.50 (HWID 1947).
    How do you find what changes should be applied in firmware?
    Download the latest or desired firmware and open it in RGN tool to extract out the fw_all.bin. Use IDA Pro to disassemble the fw_all.bin file. Locate the timeout function and patch so it times out in one millisecond. Depending on firmware another approach may need to be taken.
    Last edited by moddie; 15th September 2016 at 21:41.

  4. #3
    Member
    Join Date
    Apr 2014
    Location
    Greece
    Posts
    10
    Rep Power
    0

    Default

    Thanks for your reply. Could you provide a little more help? I have never used IDA Pro before and I'm lost in its data. I have loaded and disassembled my firmware but I have no idea what to do from this point.
    How could I locate the appropriate function and wha tto do after locating it?

  5. #4
    Member
    Join Date
    Apr 2016
    Location
    USA
    Posts
    24
    Rep Power
    48

    Default

    In briefly looking at your firmware, it looks similar to the firmware for the Garmin Infotainment unit. They both use boost functions which I am still trying to understand. You could patch the jumptable to make case 7 (loc_2B03B8) jump to the default case as I did for the infotainment but it would likely have undesired side effects like disabling phone functionality. In case you want to try it out, patch at file offset 0x2701F7 from 0xE3 to 0x72 to make case 7 jump to default case.

    How long does the warning screen display before timing out?
    Last edited by moddie; 17th September 2016 at 02:27.

  6. #5
    Member
    Join Date
    Apr 2014
    Location
    Greece
    Posts
    10
    Rep Power
    0

    Default

    Here is my fw_all.bin [Only registered and activated users can see links. ]

  7. #6
    Member
    Join Date
    Apr 2016
    Location
    USA
    Posts
    24
    Rep Power
    48

    Default

    I was looking at the firmware from the wrong device so as of yet no patches for HWID 1947.
    Last edited by moddie; 19th September 2016 at 00:21.

  8. #7
    Member
    Join Date
    Apr 2016
    Location
    USA
    Posts
    24
    Rep Power
    48

    Default

    Quote Originally Posted by moddie View Post
    In briefly looking at your firmware, it looks similar to the firmware for the Garmin Infotainment unit. They both use boost functions which I am still trying to understand. You could patch the jumptable to make case 7 (loc_2B03B8) jump to the default case as I did for the infotainment but it would likely have undesired side effects like disabling phone functionality. In case you want to try it out, patch at file offset 0x2701F7 from 0xE3 to 0x72 to make case 7 jump to default case.

    How long does the warning screen display before timing out?
    Ignore all that. The reason it looked similar is I accidentally extracted fw_all.bin from the infotainment gcd and it was of course identical. Woops.

  9. #8
    Member
    Join Date
    Apr 2014
    Location
    Greece
    Posts
    10
    Rep Power
    0

    Default

    Quote Originally Posted by moddie View Post
    Try patching at file offset 0x2B52AC from 10 27 00 00 to 01 00 00 00. I believe this will change the timeout value from 10000 milliseconds to 1 millisecond.
    Is this for me? At 0x2B52AC I see 21 AB 2A 46. What am I doing wrong?

  10. #9
    Member
    Join Date
    Apr 2016
    Location
    USA
    Posts
    24
    Rep Power
    48

    Default

    Quote Originally Posted by ioannis0 View Post
    Is this for me? At 0x2B52AC I see 21 AB 2A 46. What am I doing wrong?
    Sorry, I thought I was looking at your firmware but it was not. I am looking into a patch for your firmware now.

  11. #10
    Member
    Join Date
    Apr 2016
    Location
    USA
    Posts
    24
    Rep Power
    48

    Default

    Here is one to try on HWID 1947:

    At file offset 0x2F5E74 patch from 40 1C 33 D0 to 00 20 33 E0

    It appears our warning page function is at sub_207541A0. This skips it and other stuff in one instance where it is being called. There are other places that call it so it may skip the warning only when there are no EULAs to agree to or on some other condition. It may also crash at startup, or have no noticeable effect. I have not looked in detail yet at the firmware.

    sub_2070AA44 appears to fetch the string referenced by the dword in R1 so the following line sets up R1 to cause the "Agree" string to be loaded by sub_2070AA44.

    Code:
    Please Login or Register to see the links
    (Mods may want to split discussion of HWID 1947 to new thread)
    Done as suggested, thanks.

 

 
Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
This website uses cookies
We use cookies to store session information to facilitate remembering your login information, to allow you to save website preferences, to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners.