Hex String and Checksum Hacking!

vbimport

#1

Explanation of Hex Strings and Checksums:

Hex Strings:
55 53 00 00 00 00 00 01 00 00 00 00 Region/Macrovision Hex String
The 01 in this string is Region 1 and the last 00 is Macrovision ON

55 53 00 00 00 00 00 00 00 00 00 01 = Region Free and Macrovision OFF

Hex String:
00 00 00 01 00 00 00 03 00 00 00 1B LP/3 Hour Hex String
The 1B in this string is LP/3 Hour mode OFF

00 00 00 01 00 00 00 03 00 00 00 1F
The 1F in this string is LP/3 Hour mode ON

Below are the Checksums:
0x47 = Macrovision Checksum
0xA7 = LP/3 Hour mode Checksum
0xEB = Main Checksum

By making a change to this string: 55 53 00 00 00 00 00 01 00 00 00 00
To: 55 53 00 00 00 00 00 00 00 00 00 01
Making this modification, sets to Region free and Macrovision Disabled.
This makes the Region bit -1 and Macrovision bit + 1 so this being an offset,
there is no need to change the Macrovision checksum at 0x47

By making changes to this string: 00 00 00 01 00 00 00 03 00 00 00 1B
To: 00 00 00 01 00 00 00 03 00 00 00 1F
Making this modification, sets to LP/3 Hour mode.
Changing the 1B to 1F on the end of this string, calls for adding + 4 to the
LP/3 Hour bit checksum at 0xA7 and + 4 to the Main Checksum at 0xEB
to compensate for the LP/3 Hour bit mode.

If you already have 00 00 00 01 00 00 00 03 00 00 00 1F in your Firmware
String which is LP/3 Hour mode enabled, no change is needed in this String.

Long story short, if you already have LP/3 Hour mode, the only change needed
to get Region free and Macrovision disabled, is to modify one string as below.
55 53 00 00 00 00 00 00 00 00 00 01

Old post Edited and cleaned up.
“Hack at your own risk”

Regards; Pop’s


#2

Be careful - this explanation really only applies completely to some US versions, although the basic principles are correct.

Even solely on version 098, there are subtle differences for PAL UK machines, and even more differences for PAL Europe (checksum locations do not agree).

This topic is well covered in other threads.

For other posters, if you state a hack, it woiuld make things cleaer if you define the version number e.g. LNEB2098.ES3, your region, machine serial code etc. Otherwise, because of the multiple firmware versions, and inexperienced newcomer could make changes that cause their machine to not function

I accept that this is fairly rare, and the most probable outcome is simply frustration as the hack is not accpeted by the machine in most cases - I know this happened to me until Mr Wizard’s program successfully hacked the European PAL version.

As a suggestion, perhaps we could set up a “sticky” thread whereby a USER hack is shown, along with all pertinent reference data (version etc.), rather than having to seacrh multiple threads?


#3

Oilman; The information in this post was used for the LiteOn 5005a Sept. 04 Build date. Firmware LNHA1098.ES3, Region 01, Serial #0104-1840-0098-G2BD (103-010D) USA machine. Thanks for the reminder, I should have included that information.
Regards; Pop’s


#4

Thanks Workknot - The information in your reply is exactly the sort of information I had in mind, and serves as a good example.
best regards
Oilman


#5

Explanation of Hex Strings and Checksums:

Folowing on from Workknot,

Here in the UK I am using LNFB098.324 firmware.

The string for region free and No Macrovision

55 53 00 00 00 00 00 02 00 00 00 00
therefore to add region free and no Macrovision
The 02 Stands for europe
55 53 00 00 00 00 00 00 00 00 00 01
WE have reduced region string by minus 2 and added No Macrovision +1
making the amendment to be made to Checksum 0X47 = -1
If not adding 3hr mode no change at 0XA7
Total checksum 0XEB -1

the above string as far as I am aware is the same on all 0098 firmware
but the region code would alter

55 53 00 00 00 00 00 00 00 00 00 00 Region free
55 53 00 00 00 00 00 01 00 00 00 00 USA/Canada
55 53 00 00 00 00 00 02 00 00 00 00 Europe
55 53 00 00 00 00 00 04 00 00 00 00 Austrailia

I think these are correct if someone can post a full set of region codes,
Would clarify this string

Therfore say region 4 to make region free - 4 add no M/V+1 =-3
at 0X47 reduce value by -3
and0XEB by -3

If you are to add the 3 hr mode you will alter string
we will use region 4 again

WE know now region free and no Macrovision the alteration is -3
By making changes to this string: 00 00 00 01 00 00 00 03 00 00 00 1B
To: 00 00 00 01 00 00 00 03 00 00 00 1F
Making this modification, sets to LP/3 Hour mode.
Changing the 1B to 1F on the end of this string, calls for adding + 4 to the
LP/3 Hour bit checksum at 0xA7 and + 4

but at main checksum 0XEB would be the value shown there -3 for region etc +4 for 3hr mode = +1
so main checksum 0XEB would be increased by +1

Hope this Clear


#6

0 No Region Coding
1 United States of America, Canada
2 Europe, including France, Greece, Turkey, Egypt, Arabia, Japan and South Africa
3 Korea, Thailand, Vietnam, Borneo and Indonesia
4 Australia and New Zealand, Mexico, the Caribbean, and South America
5 India, Africa, Russia and former USSR countries
6 Peoples Republic of China
7 Unused
8 Airlines/Cruise Ships
9 Expansion (often used as region free)

DVD Region Map


#7

Also note that for recorders outside of region 1, you can still use the same hack theory of Region -1 and MV +1, then use the 2960 remote region code to change the region to what you want afterward.


#8

Guitarman1; My machine is still going, like the Eveready Bunny.
Pop’s


#9

Eveready haven’t seen them in awhile, but i think i would like to.


#10

Sure would be nice if somebody could figure out the changes needed for the US 5005 0101 system fw update to get MV disabled for those that need the closed captioning and want the MV disabled also.