No they don't have a keygen. That's why we try to encourage the crackers here

Who's got a same files on SD,because i don't install R8,error install

20WRZ$ from me too!

@satan
here you are my R66N8:
http://www.megaupload.com/it/?d=PO77XT96

Who's got a same files on SD,because i don't install R8,error install

20WRZ$ from me too!

@satan
here you are my R66N8:
http://www.megaupload.com/it/?d=PO77XT96

Thanks

Can I please a other share ? Rapid

No they don't have a keygen. That's why we try to encourage the crackers here

all i know that it's in the file "navkey.dat" in \data\res
because i had a trial map for 14 days and if this file is in data, map info are demo for 14 days,
il this file is not present the map appears as unlocked only, but thre is not the info about trial...

thus i think we must crack this file, but how ???
i dont know, i'm not able to do this

Who's got a same files on SD,because i don't install R8,error install

20WRZ$ from me too!

@satan
here you are my R66N8:
http://www.megaupload.com/it/?d=PO77XT96

Thanks

Can I please a other share ? Rapid

Here is the mirror:
http://rapidshare.com/files/103135114/r66n8.rar.html

no more possible having 14 days trial code from r66 site.
now the only way to use it is ...................................................................
.... OUR BEST CRACKERS MIRACLE!!!!!
i hope and believe in them!

Let us wait and see what is going to happen. But I think our crackers can't crack this soft.

of course they can crack it
they cracked any programs
they cracked vista, XP ........

No they don't have a keygen. That's why we try to encourage the crackers here

all i know that it's in the file "navkey.dat" in \data\res
because i had a trial map for 14 days and if this file is in data, map info are demo for 14 days,
il this file is not present the map appears as unlocked only, but thre is not the info about trial...

thus i think we must crack this file, but how ???
i dont know, i'm not able to do this

Thanks !!!

[giuseppe4322]

OK. its works on a Mio C520 (nice interface), now where do get maps..

Thanks

Is anyone actually looking into hacking R66?

Each MAP file has a DRM header (address 0x00 - 0x70) that contains cryptographic information.
The R66 program uses (among other things) the data from the DRM header to verify if you have access to a map.

The MAP file patcher posted here earlier will just put part of the Iberian DRM header on other MAP files.
This partially satisfies the R66 program, it initially looks like the map is accepted, but obviously other checks fail so the patched maps can not be used.
(offset 0B: 0x09, offset 1b: 0x82 and at offset 0x28 16 bytes are patched (aes data?) into C5 C7 92 0A 67 69 71 B6 33 2F C3 9D 71 AA 43 44)

Another patcher file called Parcheador tries to do a similar thing but patches the map files with different DRM data.
(offset 0A: 00 09, offset 1A: 00 A1, offset 28: D0 52 2F C5 ED C7 A1 3B 5C F8 56 C4 96 44 5E 9A)
Similar problems occure.

Copying the entire DRM header to another MAP file also does not work.

The Res directory contains a default.ccc file. This file contains the Iberian map name and most likely data that is used in the verification process. Another file that have something to do with this process is navkeys.dat.
Its possible that devices with preloaded maps have the maps authorized through the default.ccc file, while maps that are added later/purchased online on are authorized through the navkeys.dat files.
Since purchased content like maps, poi's etc. are not to be shared with other devices the device ID number is also used in the verification process.
It could be interesting to compare data taken from different working sets.

Btw, it seems that the R66 program internally uses the AES algorithm to make the calculations.

Is anyone actually looking into hacking R66?

Each MAP file has a DRM header (address 0x00 - 0x70) that contains cryptographic information.
The R66 program uses (among other things) the data from the DRM header to verify if you have access to a map.

The MAP file patcher posted here earlier will just put part of the Iberian DRM header on other MAP files.
This partially satisfies the R66 program, it initially looks like the map is accepted, but obviously other checks fail so the patched maps can not be used.
(offset 0B: 0x09, offset 1b: 0x82 and at offset 0x28 16 bytes are patched (aes data?) into C5 C7 92 0A 67 69 71 B6 33 2F C3 9D 71 AA 43 44)

Another patcher file called Parcheador tries to do a similar thing but patches the map files with different DRM data.
(offset 0A: 00 09, offset 1A: 00 A1, offset 28: D0 52 2F C5 ED C7 A1 3B 5C F8 56 C4 96 44 5E 9A)
Similar problems occure.

Copying the entire DRM header to another MAP file also does not work.

The Res directory contains a default.ccc file. This file contains the Iberian map name and most likely data that is used in the verification process. Another file that have something to do with this process is navkeys.dat.
Its possible that devices with preloaded maps have the maps authorized through the default.ccc file, while maps that are added later/purchased online on are authorized through the navkeys.dat files.
Since purchased content like maps, poi's etc. are not to be shared with other devices the device ID number is also used in the verification process.
It could be interesting to compare data taken from different working sets.

Btw, it seems that the R66 program internally uses the AES algorithm to make the calculations.

All my RESPECTS to you, Voyager2003!!!

Is anyone actually looking into hacking R66?
Btw, it seems that the R66 program internally uses the AES algorithm to make the calculations.

YES, YOU CAN !

nobody can

Each MAP file has a DRM header (address 0x00 - 0x70) that contains cryptographic information.

Err.
_GetDRMContentHeaderSize_r66PDRM__SAIXZ ; DATA XREF: .pdata:1015FD88o
.text:100DAD20 40 00 A0 E3 MOV R0, #0x40
.text:100DAD24 0E F0 A0 E1 RET

Currently the program has a fixed value of 0x40. Meaning the DRM header is 64 bytes long