Results 1 to 5 of 5

Thread: Phoenix loaders and firmwares header format

  1. #1

    Question Phoenix loaders and firmwares header format

    Has anyone already reversed the firmwares' and loaders' header?
    The only thing that i could understand from Dct4Crypter code, that there:
    1) a signature 0xA0 (1 Byte)
    2) length of the header (4 Bytes) Big Endian.
    3) some unknown data (2 Bytes)
    4) Loader name length (1 Byte)
    5) Loader Name (Length is in 4) )
    6) Again unknown data

    There must be also a size of the firmware/loader. I'm writing a dumper ram-loader for DCTL models. My loader works, but to test it i have to take the original loader, find the of the header, and then overwrite the original code by my own.

  2. #2
    go to and scroll down a little bit

  3. #3
    Looks cool, but it doesn't match the header that i have.

    0xA0 - Preloader Signature.
    0x00, 0x00, 0x00, 0x13 - Header Length
    0x00, 0x00, 0x00, 0x03 - Fields count

    Field 1):
    0xC2, 0x05, 0x44, 0x43, 0x54, 0x4C, 0x00 //"DCTL"
    Field 2):
    0xDB, 0x03, 0x01, 0x10, 0x00
    Field 3):
    0xC0, 0x01, 0x01

    According to g3gg0 C2 - is a secondary_id, but in my case this should be algorithm_id. Fields 0xDB and 0xC0 are not described at all
    Last edited by Hexxx; 06-03-2006 at 12:09 PM.

  4. #4
    take also a look to page 2, 4th post of his bloq.

    i think he has the names from some flashfiles maybe ?

  5. #5
    I've already saw that. Fields 0xDB and 0xC0 remain unknown... :-\

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts