Not for me, I always have the same. Do you have active Incognito?
I just tried and changed the mac address in cal0, but there must be a checksum that failed so I got a fallback mac instead of my chosen one...
When checking how incognito clears cal0, they create a checksum.
Not using incognito - just changed the string in the prodinfo with a hex editor. Some boots it will still the same, sometimes it will have none, but usually it cycles between different ones.
I only changed two digits, yet I went from starting with
I only changed two digits, yet I went from starting with
Code:
98:B6:E9 to always having something with 40:D2:8A
Last edited by veekay,
I just tried again, softbricking and fixing the checksum. It still ends up with a fallback address.
Its the same 40
2:8A for me.
In the dump, there are 2 more bytes behind the actual wifi/bd mac address... This might be some kind of checksum, but its not a common one like CRC8/16 or Checksum-8/16
Its the same 40
2:8A for me.In the dump, there are 2 more bytes behind the actual wifi/bd mac address... This might be some kind of checksum, but its not a common one like CRC8/16 or Checksum-8/16
I just tried again, softbricking and fixing the checksum. It still ends up with a fallback address.
Its the same 40
In the dump, there are 2 more bytes behind the actual wifi/bd mac address... This might be some kind of checksum, but its not a common one like CRC8/16 or Checksum-8/16
Are you able to edit it in a manner that doesn't involve making a nand backup, extracting the file, editing and then writing it back? I hate having to take an hour or so for each attempt.
On Linux you can install ninfs and use something like the following:
python3 -mninfs nandhac -e —keys BIS_keys.txt /dev/sdb2 (or whatever your emummc partition is) mountpoint (replace this with the directory you want to mount it at)
and then in the directory you mounted it in, there should an image file for each partition (which includes prodinfo ofc).
No matter what I change, i can't seem to make HOS accept it as valid data.
I changed my Serial by one character, updated the hash, pushed CAL0 and rebooted.
The serial is not being displayed at all anymore
I don't see what the problem is. At this point it might be better to just make a kip that interfaces with the broadcom module via I2C and tell it what mac to use, but who wants to reverse this?
I changed my Serial by one character, updated the hash, pushed CAL0 and rebooted.
The serial is not being displayed at all anymore
I don't see what the problem is. At this point it might be better to just make a kip that interfaces with the broadcom module via I2C and tell it what mac to use, but who wants to reverse this?
No matter what I change, i can't seem to make HOS accept it as valid data.
I changed my Serial by one character, updated the hash, pushed CAL0 and rebooted.
The serial is not being displayed at all anymore
I don't see what the problem is. At this point it might be better to just make a kip that interfaces with the broadcom module via I2C and tell it what mac to use, but who wants to reverse this?
Well, the good thing is it seems this should be possible. Will require someone with more knowledge than I have. For now I'll just have to block/unlock everything depending on which I am booting.
You need to apply the same crc16 used for the other values in PRODINFO, but this time only on the first 6 bytes, and the crc value goes as the 7th and 8th byte. Do that and it works
Similar threads
-
-
@
Psionic Roshambo:
https://imgur.com/gallery/ZfBfPgk 100 million... Can think of better uses but OK lol -
-
-
@
K3N1:
I like how this is #2 in headphones Perytong Sleep Headphones Wireless, Bluetooth Sports Headband Headphones with Ultra-Thin HD Stereo Speakers Perfect for Sleeping,Workout,Jogging,Yoga,Insomnia, Air Travel, Meditation, Grey https://a.co/d/fPOFL4J -
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
