So, I just started looking at aadec because judb mentioned the strings inside that mention the flash.
Here's a partial list of odd things inside aadec, from what I've seen:
* Code to read the flash from userland for both the V1 board (using /dev/mem) and the V2 board (using /dev/mtdblock/0). Both call mmap. This is exactly the code that we have been trying to work out in the other thread ... I will figure out what the exact parms they are using, and try to code up a little C util to test it out.
I don't know if my "Rev B" board is a "V2", but we don't have the MTD driver or device -- so hopefully the /dev/mem code therein will work.
* Code to use hdparm to verify the hard drive signature.
* all sorts of crypto code to support the above 2 items
* phatlib -- this is all of the code needed to communicate with phatd through that socket. This is included in 51d, and is quite a bit of code. It is not present in nmp3, oggplay, or playwma.
* I do not see any code that actually refers to the playing of audio (!) but I am not ruling that out.
I find this all highly suspicious. The first two items are things I was convinced were located in the flash rom. I don't know that this is really an audio player -- maybe it's just supposed to look like one? I dunno.
Even if this code is not actually used to verify the drive signature, flash hash, etc, it is interesting. because it is probably very similar to the code in the ROM, so I'll continue working with it.
if it really IS the Audible player, what's with all the security stuff? Maybe Audible has some licensing requirements that they had to accomodate -- for example, maybe the player has to verify that it's running on an authentic PhatBox (as opposed to an emulator or something), or maybe that it's unmodified (so you couldn't capture the output, or something.)
Anyone have any thoughts? I'll keep hacking away at this and post back later.
-b
