home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Unsorted BBS Collection
/
thegreatunsorted.tar
/
thegreatunsorted
/
texts
/
cell_nfo
/
4711-mod.asm
< prev
next >
Wrap
Assembly Source File
|
1993-04-17
|
4KB
|
71 lines
; **********************************************************************
; * *
; * This is 4711 mod for the Oki 900 Phone *
; * *
; * by G.R.A.S.P. This *
; * *
; * There are a few changes you will have to make to your binary *
; * in order for this code to work for you. A you need to get *
; * around the check summs, if you can not do that, you should not *
; * have this. *
; * *
; * Look at $0221, you will see 12073D, Change this to 12A100, do *
; * this to get the code to run. *
; * *
; **********************************************************************
begin: .org $a100
eleetmod:mov dptr, #$bfaf ; Security feature for phone
movx a, @dptr ; Load up secured bit
mov $60, a ; Lets save this for a second
mov dptr, #$a6aa ; \ Get REAL ESN
movx a, @dptr ; / ESN (Encrypted)
xrl $60, a ; XOR The two
xrl $60, #$ff ; better be $00
mov a, $60 ;
cjne a, #$00, nothing ; Did someone try to copy the chip?
ljmp eleetesn ; Pass, go on
; *******************************
nothing:ljmp $073d ; Normal Phone
eleetesn:mov dptr, #$bf2c ; NAM Select
movx a, @dptr ; Load that data up
cjne a, #$01, try2 ;
mov dptr, #$be8e ; ESN Location #1 $be8e-$be91
ljmp letsgo ;
try2: cjne a, #$02, try3 ;
mov dptr, #$be93 ; ESN Location #2 $be93-$be96
ljmp letsgo ;
try3: cjne a, #$03, try4 ;
mov dptr, #$be98 ; ESN Location #3 $be98-$be9b
ljmp letsgo ;
try4: cjne a, #$04, its5 ;
mov dptr, #$be9d ; ESN Location #4 $be9d-$bea0
ljmp letsgo ;
its5: mov dptr, #$bea2 ; ESN location #5 $BEA2-$BEA5
letsgo: mov r0, #$60 ; Starting location
mov r1, #$04 ; Loop 4 times
cploop: movx a, @dptr ; Loader up
mov @r0, a ; Save in RAM so we can free up DPTR
inc dptr ; Next address
inc r0 ; Next RAM location
djnz r1, cploop ; Loop it!
; Setup for the ESN write to working storage
mov dptr, #$bec2 ; ESN working storage location
mov r0, #$60 ; RAM starting location
mov r1, #$04 ; Number of loops
; Write ESN to working storage
wrloop: mov a, @r0 ; Loader up
lcall $2ffb ; Write A to @DPTR, for EEPROM
inc dptr ; Next address in working storage
inc r0 ; Next RAM address
djnz r1, wrloop ; Loop it!
mov r0, #$64 ; \
mov r1, #$04 ; |
clr a ; | Clear
clwork: mov @r0, a ; | ESN
inc r0 ; | workspace
djnz r1, clwork ; /
clr a ;
ret ; All set for F0N3 PhRaUd!
.END
