*.gma - What's inside?!

Printable View

Show 40 post(s) from this thread on one page

5th January 2019, 07:06 AM
Giomen

Quote:

Originally Posted by Swall [Only registered and activated users can see links. Click Here To Register...]

Honestly, I don't think it saves an unlocking codes.

So it seems the unlocking code is buried in the map image.

The both of things are fact!
5th January 2019, 10:39 AM
Cnfhbr

Quote:

Originally Posted by Swall [Only registered and activated users can see links. Click Here To Register...]

So it seems the unlocking code is buried in the map image.

It's easy to verify via ImgTool or GMapTool.
The 25-digit unlock code is written to the MPS subfile of the map as a U-record.
5th January 2019, 10:53 PM
Swall

Quote:

Originally Posted by Giomen [Only registered and activated users can see links. Click Here To Register...]

The both of things are fact!

Another fact is the device performs the map enabling procedure on each cold start. So it does not relies on the stored history data
6th January 2019, 10:24 AM
Cnfhbr

Quote:

Originally Posted by Swall [Only registered and activated users can see links. Click Here To Register...]

Another fact is the device performs the map enabling procedure on each cold start. So it does not relies on the stored history data

For most devices, the info on the successful authentication of the map is stored in non-volatile memory after the first success and kept there right down to the next hard/master reset or NonVol clearing.
For example, some tricks for temporary map authentication are based on this property.
8th January 2019, 12:14 PM
Swall

Quote:

Originally Posted by Cnfhbr [Only registered and activated users can see links. Click Here To Register...]

It's easy to verify via ImgTool or GMapTool.
The 25-digit unlock code is written to the MPS subfile of the map as a U-record.

You're right. It's there

Quote:

Originally Posted by Cnfhbr [Only registered and activated users can see links. Click Here To Register...]

For most devices, the info on the successful authentication of the map is stored in non-volatile memory after the first success and kept there right down to the next hard/master reset or NonVol clearing.
For example, some tricks for temporary map authentication are based on this property.

Well, I think this security bug is by design. After all, Garmin's primary products are hardware devices so it's not seriously interested in closing all back doors
13th February 2019, 07:52 PM
Swall

Another update and I have to admit the .unl file is actually necessary. For the first time anyway. Garmin loves cashing very much
23rd February 2019, 05:13 AM
xxArtxx

Quote:

Originally Posted by timp4411 [Only registered and activated users can see links. Click Here To Register...]

Others had figured out how to get around the GMA file check, but I have no idea how it was done.

By disassembling a firmware, locating the routine that performs the check, and bypassing it.
It’s done by changing only four bytes, which is probably one or two instructions for a 16 bit processor.

Show 40 post(s) from this thread on one page