; **********************************************************************
; *                                                                    *
; *                This is 4711 mod for the Oki 900 Phone              *
; *                                                                    *
; *                         by   G.R.A.S.P.  This                      *
; *                                                                    *
; *      There are a few changes you will have to make to your binary  *
; *  in order for this code to work for you.  A you need to get        *
; *  around the check summs, if you can not do that, you should not    *
; *  have this.                                                        *  
; *                                                                    *
; *     Look at $0221, you will see 12073D, Change this to 12A100, do  *
; *  this to get the code to run.                                      * 
; *                                                                    *
; **********************************************************************

begin:  .org $a100
eleetmod:mov dptr, #$bfaf	  ; Security feature for phone
        movx a, @dptr             ; Load up secured bit
        mov $60, a                ; Lets save this for a second
        mov dptr, #$a6aa          ;      \   Get REAL ESN 
        movx a, @dptr             ;      /  ESN (Encrypted)
        xrl $60, a                ; XOR The two
        xrl $60, #$ff             ; better be $00
        mov a, $60                ; 
        cjne a, #$00, nothing	  ; Did someone try to copy the chip?
        ljmp eleetesn	          ; Pass, go on
;   *******************************
nothing:ljmp $073d	 	  ; Normal Phone
eleetesn:mov dptr, #$bf2c         ; NAM Select  
        movx a, @dptr             ; Load that data up
        cjne a, #$01, try2	  ; 
        mov dptr, #$be8e          ; ESN Location #1  $be8e-$be91
        ljmp letsgo               ;
try2:	cjne a, #$02, try3        ;
        mov dptr, #$be93          ; ESN Location #2  $be93-$be96
        ljmp letsgo               ;
try3:	cjne a, #$03, try4	  ;  
        mov dptr, #$be98          ; ESN Location #3  $be98-$be9b
        ljmp letsgo               ;
try4:	cjne a, #$04, its5 	  ;  
        mov dptr, #$be9d	  ; ESN Location #4  $be9d-$bea0
        ljmp letsgo               ;
its5:	mov dptr, #$bea2          ; ESN location #5  $BEA2-$BEA5
letsgo: mov r0, #$60              ; Starting location
        mov r1, #$04              ; Loop 4 times
cploop: movx a, @dptr             ; Loader up
        mov @r0, a                ; Save in RAM so we can free up DPTR
	inc dptr                  ; Next address
        inc r0                    ; Next RAM location
        djnz r1, cploop           ; Loop it!
				  ; Setup for the ESN write to working storage 
        mov dptr, #$bec2          ; ESN working storage location
        mov r0, #$60              ; RAM starting location
        mov r1, #$04              ; Number of loops
                                  ; Write ESN to working storage 
wrloop: mov a, @r0                ; Loader up
        lcall $2ffb               ; Write A to @DPTR, for EEPROM
        inc dptr                  ; Next address in working storage
        inc r0                    ; Next RAM address
        djnz r1, wrloop           ; Loop it!
	mov r0, #$64              ;  \
        mov r1, #$04              ;   | 
        clr a                     ;   |      Clear 
clwork: mov @r0, a                ;   |       ESN 
        inc r0                    ;   |     workspace 
        djnz r1, clwork           ;  /  
        clr a                     ; 
        ret                       ;  All set for F0N3 PhRaUd! 
.END