Well....through an anonymous source....we have some interesting finds on the so-called "hacked" BIOS from Sjeep and crew.
Pretty much near undeniable truth to the fact that Sjeep/FilterX and Vector/digital were behind the so-called Toxic BIOS. Also...releasing of a hacked BIOS in under 24 hours?I had a look at ***4 0.2 and that toxic bios thing at the same time
-) both were sjcrunched, using the same sjcruncher (although this is quite unlikely people recompile sjcrunch)
now, this gets interesting:
when uncompressed, this is what I can tell:
-) both upgrades are crypted
maybe using the same ***3 cryptographic scheme, but I won't bet on it; anyway, this makes it difficult to hack, of course.
and very unlikely to be cracked within less than 24 hours.
(especially since the crypto key more likely lies within the chip's)
-) both upgrade *softwares* are BASICALLY the same
HOWEVER, they slightly differs each other
which makes it IMPOSSIBLE to be something "cracked"
the toxic upgrade software was *recompiled* from the *sources*, and I can guarantee that
the changes within it are not as simple as the hdloader tweaks by zero-x and crazyc: the whole code is relinked; even if it basically LOOKS the same (same code sequences, same places, same "logic", etc...), it couldn't be done without a ground recompilation
As you can see in the following 2 photos, the original chip flash and the "hacked" flash, the addressing is virtually identical, however there is added code between the sequences of 84-90 in the Toxic, which is damn near impossible to do in under 24 hours without the original source files because of the size change and the relinking involved.
In the last set, this is a function called by MAIN, but it is the same code relinked elsewhere. Comparisons between address, code insertion, string changing, and various other stuff is "probant".
There's tons of the exact same code between the 2, just relinked to different locations. Virtually 99% of the code is the exact same. All the relinking is impossible to do without months of work or.............the original source
The screenshots above are just a small sample of what is the same code between both releases. Anyone with the know-how can load both files in IDA and compare it themselves.