If you take a look at the authorization routine you will see that there are two checks: One against $85 and one against $87. If the checks pass, the device will pass with a
7001 moveq #1,d0
or else it will fail with a
7000 moveq #0,d0
If getting access to the whole command set is really all you’re interested in, then just change all the 7000′s to 7001′s. Go ahead and patch both the $85 check as well as the $87 check and you should have all the authorizations you need for BabyFinder and more. Update the CRC and you should be ready to go.
For those of you unable to do the patches, or just looking for instant gratification you can download v3.1 firmware with EJFM patch and BabyFinder ChkAuth patch. You can also download a text file of the BabyFinder command set.
Enjoy!
Recent Comments