From e34d1752753733fde743826f434b81825b823bb2 Mon Sep 17 00:00:00 2001 From: rapi3 <18531150+rapi3@users.noreply.github.com> Date: Tue, 6 Apr 2021 13:46:39 +0200 Subject: [PATCH] Update README.md --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index ac89561..a4ad7dd 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,14 @@ This is an effort to reverse-engineer the Raspberry Pi license key check for MPEG-2 and VC-1 hardware video encoding. -## Patch +## How to patch the latest version of start.elf?
+in /boot/start.elf and /boot/start_x.elf
+search for 47E933363248
+after this hex string:
+if you have 3C18 replace 18 with 1F
+if you have 1D18 replace 18 with 1F
+ +## Old Patch A patch for `start.elf`, a firmwware blob for the VideoCore IV processor used by all Raspberry Pi models, was posted to @@ -74,10 +81,3 @@ Here, two memory locations (`0xEE86680` for MPEG-2 and `0xEE869E0` for VC-1) that point to the `.bss` segment are checked to determine the return value of `is_licensed`. There are no other obvious references to these locations in `start.elf`, so memory-breakpoint debugging (**TBD**) is probably needed. - -## How to patch the latest version of start.elf?
-in /boot/start.elf and /boot/start_x.elf
-search for 47E933363248
-after this hex string:
-if you have 3C18 replace 18 with 1F
-if you have 1D18 replace 18 with 1F