Nessus
Member
- Joined
- Oct 5, 2011
- Messages
- 28
BCD996P2 might NOT be new hardware. I cannot locate a new Part 15 Certification for this product after searching here: https://www.fcc.gov/fccid I did find the equivalent to an FCC Part 15 filing for canada, and here is where it gets interesting: The manufacturer's model number for BCD996XT and BCD996P2 is IDENTICAL.
Consider this: The BCD996XT 1.07.03 Firmware has a license key decoder so if the hardware is unchanged, Uniden could have simply released a major firmware revision such as "2.0" (current release level is still 1.x) and charged a fee for a new SW License key. (For example Uniden issued 3.x License Keys for BCD996T, where the fee to go from 2.x to 3.x was zero dollars)
Then why release a new model if the hardware is unchanged? Unfortunately, there is only one answer that makes sense, and I have just verified it to be the case. The algorithm used to encrypt the new firmware is different. The BCD996XT Boot ROM includes a firmware decryptor that is loaded in RAM at BOOT time. This decryptor processes the incoming binary into clear text and then loads it into FLASH ROM. If you want to change this algorithm in the BOOT ROM it IS possible to do so. However, you would have to release the new firmware that includes the new algorithm using the original firmware encryption algorithm. If that had been broken, then the attacker would be able to access the new firmware decryption algorithm and defeat it. The only solution is to ship "New" hardware with a boot ROM that contains the new firmware decryption algorithm, and with the new firmware already encrypted using the new encryption algorithm.
I was hoping to compare the BCD996P2 firmware with the BCD996XT firmware to see if the demod was different.
Well...not today.
I attach some photos from BCD996XT. If anyone would like to attach similar ones for BCD996P2 this would be of great assistance. I will post photos of the BCD9996XT ECO-system later.
Attention RR.com Community: If you own a BCD996P2 please PM me if you would like to try an interesting (and completely safe) experiment.
Consider this: The BCD996XT 1.07.03 Firmware has a license key decoder so if the hardware is unchanged, Uniden could have simply released a major firmware revision such as "2.0" (current release level is still 1.x) and charged a fee for a new SW License key. (For example Uniden issued 3.x License Keys for BCD996T, where the fee to go from 2.x to 3.x was zero dollars)
Then why release a new model if the hardware is unchanged? Unfortunately, there is only one answer that makes sense, and I have just verified it to be the case. The algorithm used to encrypt the new firmware is different. The BCD996XT Boot ROM includes a firmware decryptor that is loaded in RAM at BOOT time. This decryptor processes the incoming binary into clear text and then loads it into FLASH ROM. If you want to change this algorithm in the BOOT ROM it IS possible to do so. However, you would have to release the new firmware that includes the new algorithm using the original firmware encryption algorithm. If that had been broken, then the attacker would be able to access the new firmware decryption algorithm and defeat it. The only solution is to ship "New" hardware with a boot ROM that contains the new firmware decryption algorithm, and with the new firmware already encrypted using the new encryption algorithm.
I was hoping to compare the BCD996P2 firmware with the BCD996XT firmware to see if the demod was different.
Well...not today.
I attach some photos from BCD996XT. If anyone would like to attach similar ones for BCD996P2 this would be of great assistance. I will post photos of the BCD9996XT ECO-system later.
Attention RR.com Community: If you own a BCD996P2 please PM me if you would like to try an interesting (and completely safe) experiment.