I was interested in how the Az Link software differed from the Jynxbox. I downloaded both the Jynx 251 file and the Az link v3-243 file that folks say is clone safe. Disassembled both files after extracting main sw with lzma. Found both boxes use RAM address base of 0x80000200. Found both use At88SC3216 type of chips as security chips (have a data sheet on the chip). Both call similar routines around the same time as they setup for HDMI. Both seem to have the same byte arrays to send to the chip and test against returned byte sequences.
I'm posting the routines I found in both--some utilities like memset and memcmp are of use to find similar routines in either. String use is really the easy way to find routines.

In Jx 251 file:

800C28A8 # debug message (crypto)
800C34B8 # verify crypto chip
(uses 4394D0 CB 14 38 45 EE 0B E6 03 --and 60 57 34, 20 58 E5, )
800C30D8 # verify password 7 (8A 58 51 45 and 8A 58 51 62-9D 2B AE 47 88 44 18 0E 8B 72 E6 03)

800C3410 # calls to password 7 test
800BA3C4 # key size, password 7 test....

800C5CE0 # crypt test
800CF898 # string copy?
800CF8D8 # mem compare?
800CF91C # find str length
800CF684 # memset?
800CF394 # memcopy?
800CF3CC # memcpy?

800CF370 # long memset
800BA4D4 # fuse test and KSV test
800C2B00 # ATMEL chip detect
800C2C54 # test ATMEL fuse
800C2F6C # user zone test
800C2DC0 # verify test and config erase
800C2CC4 # "Blow Fuse Verify Password"
800C2A50 # INIT (crypto?)
800BA87C # call init(crypto) and verify crypto chip
800BA934 # start crypto chip and find "S3602 HD STB" string
800C36A8 # cm_ReadConfigZone
800BEE48 # HDMI setup, sys watch dog and crypto chip detect


800D0670 # Front LED display message pan_display
8026E674 # CreateServerTask (SRV RCV)
800283A8 # AppInit (can Show "Er01 ")
8001A08C # dog_init
8026FD30 # osal_dual_get_see_run_address
80028374 # see_boot

800274E0 # "MC: APP init system_hw_init
8003C460 # Factory test
8003C884 # Fact test LNB1 and 2
8003C9C4 # fact test: usb test
8003D568 # RS232 Test part of fact test
8004526C # "HDMI Factory Test menu"
8003C1F0 # fact test callback number
8003C248 # fact test callback
8000D42C # ap_hk_to_vk
8000D3C0 # scan_code_to_msg_code
800CC8F0 # dev_get_by_id
802A83DC # ge_open
8000075C # sys_watchdog_reboot
800F10F8 # OSD_SurfaceInit
8000D2C8 # osd_ge_init
8000E54C # ap_get_key_msg
8001DB84 # power_switch
80019D78 # key_pan_display
800CF234 # printf
8012B800 # get_sdk_ver
802A84BC # get_core_ver

In the Az file I did not find that AT88 chip routines were called any diff than in the Jx box's file. Seem pretty similar, so I'm not all that sure why one would be clone safe and the other not. Not sure why folks are not just using Az Link file rather than Jynx box file given the other reports on the Az file running cooler in the boxes.

Here are the routines found in Az 243:
802A6610 # debug message (231 calls)
800CF1DC # strcpy (450 odd calls)
800CF114 # memcpy?
800CF0A8 # memcmp?
800CEFC8 # memset?
800CED10 # memcpy?

800199DC # front display message?
800CFFB4 # show on front display
8001B1EC # JX_AUTOTEST.txt
802A6AD0 # show messge like "RS232_test" on screen?
8001B328 # rs232, usb tests
800C2444 # detect "AT88SC0808C "...
800C2DFC # detect at88/crypto test
800B9D08 # key size/KSM tests at88

800C5860 # Set User Zone
800C5428 # Check Fuse
800C6A20 # Blow Fuse Verify Password
800C5624 # Write issuer code
800C21EC # error messages for AT88 use
800C2A1C # Verify Password 7...
800C2608 # blown fuse....
800C2D54 # password test....
8002734C # MC: APP init
8002F52C # show "Model" sysinfo (includes detect of tuner module)
8002FBFC # call to show sysinfo--maybe be "Normal"

8002FBC8 # other part of "Normal" struct
800F1588 # put string on menu list?
80043EA0 # ud hd sd Tuner detect?
800CEA98 # menu string printf (450 or so calls)
80035468 # I2C write/read
pointers for factory test?:
41E8C0 00 00 00 00 00 00 00 00-00 00 00 00 D4 D3 03 80
41E8D0 00 C8 03 80 90 CE 03 80-30 C8 03 80 E8 C9 03 80
41E8E0 A0 CB 03 80

8003C2CC # "Factory test
8003C0B4 # factory test start
8003C6F0 # factory test LNBs?
8003C05C # factory test button handling?
8003D3D4 # RS232 Test part of factory

800BE78C # HDMI setup, sys watch dog and crypto chip detect
80000750 # sys_watchdog_reboot
800BA1C0 # call init(crypto) and verify crypto chip
800BA278 # start crypto chip and find "S3602 HD STB" string

I wonder if both boxes actually have the ATMEL chip and that part of the code is not what is used to clone detect. Maybe pictures of the insides of all boxes would be a good idea--real jynx, clone jynx and Az link.