i tried again with different certs and an older version of cmnonvol (cmnonexpv1.1.1.exe). it kinda worked, but all the files were with some extra bytes, e.g. the public key was 141 bytes instead of 140. I opened in hex editor and compared with the original files and could see some extra spaces which were messing up everything. both certs CA an CM were also invalid due to this extra spaces 'D0' bytes.
the 2mb (cmnonexp2mb.exe) version was downloaded from this forum, so I really don't know what's going on.
I tried dumping again a 64k nonvol region using readmem.
I dumped the 3rd dynamic nonvol, offset 8257536, wich gave me 7E0000 in hex, so start woud be at 0x807e0000
the 4th dynamic nonvol starts at 8323072 = 7F0000, so I dumped until I reached 0x807f0000
then I searched for '31 81 89' for the public key in the hex editor, but no candy.
the 2mb (cmnonexp2mb.exe) version was downloaded from this forum, so I really don't know what's going on.
I tried dumping again a 64k nonvol region using readmem.
I dumped the 3rd dynamic nonvol, offset 8257536, wich gave me 7E0000 in hex, so start woud be at 0x807e0000
the 4th dynamic nonvol starts at 8323072 = 7F0000, so I dumped until I reached 0x807f0000
then I searched for '31 81 89' for the public key in the hex editor, but no candy.