Due to problems ...

ok, a more enhanced version

Team Daydream presents mcpx1.1 Toolkit v2.0

Due to some people thinking they are Gods, i show them now, how far the development in real is.

All people think, there are only 3 methods (wraparound, swaput, Xcode
TEA hash trick) for creating a hacked bios.

BUT this is false

There exists a lot of other methods, but kept secret. (i never told

As some subjects think, they are the masters, i today present a new method.

This new method only works on 1.1, but the bios can be made multiboot able with wraparound trick then too(only wraparound for 1.0 version).

the thing is simple:
you know, there is a RSA key inside the intro-loader of the flash,and there is a 2048 bit rsa signature inside the flash.
Unbreakable you may think ?

you only have to factor the key, and you have won.

This tool is very simple to use, use an 

- ->Original Introloader (the thing inside the tea hashsection)
- ->provide a 2bl crypted with the RC4 key, which this tool reports
- ->provide kernel
- ->assemble all together

open the file
press: Sign the Bios:

Save the bios.

your bios is signed new, and ready for using.
cool, isn't it ?
you can check it, it will report good condition.

for 1.0 dualuse, i recommend:

dump the certificate key, eeprom, etc into the free section (0x90 are
there) into the top rom of the flash (the 1.0 keys logicall)
make in the last staement of the X-codes a check of 1.0 or 1.1, (seen
in evox bios) and implement some jump back code to the microloader at offset 0x0 in ram.

Afterwards sign the bios.
Also the Xcodes are hashed with the cryptgraphic routines ...

so after the mcpx jumps into memory 0x0 .. it executes .. you jump
back to introloader beginning.
as the mcpx is swapped out, the 2bl finds the eeprom, hdd keys in the flash, and not inside the mcpx.

All roger, should work, but i have no 1.0 box for testing.

good luck
and enjoy the tool.