MediaWiki API result
This is the HTML representation of the JSON format. HTML is good for debugging, but is unsuitable for application use.
Specify the format parameter to change the output format. To see the non-HTML representation of the JSON format, set format=json.
See the complete documentation, or the API help for more information.
{
"batchcomplete": "",
"continue": {
"gapcontinue": "Repair_TV_from_u-boot",
"continue": "gapcontinue||"
},
"query": {
"pages": {
"47": {
"pageid": 47,
"ns": 0,
"title": "Recovery of Bricked Device",
"revisions": [
{
"contentformat": "text/x-wiki",
"contentmodel": "wikitext",
"*": "==If you make bad Service Menu setting==\nThan you needed to read [[UnBricking TV by EEPROM Reset]] page.\n\n==If you write bad boot.img to tv.==\n\nA) Connect to TV by ex-link cable.\n\nB) Enable USB support. Command \"/lib/modules/rc.local\"\n\nC) Enable NAND support. Commands \n # insmod /lib/modules/fsr.ko\n # insmod /lib/modules/rfs.ko\n # insmod /lib/modules/fsr_stl.ko\nD) Erase old bad image. Command \"bml.erase /dev/bml0/7\"\n\nE) Write original (work) image. Command \"bml.restore /dev/bml0/7 /dtv/usb/sd1/boot.img\"\n\nIt all!!! Happy new Year.\n\n== Restore TV from u-boot ==\nGo [http://wiki.samygo.tv/index.php5?title=Repair_TV_from_u-boot here]\n\n== Restore firmware (exe.img, appdata.img) images (CI only) ==\n=== Before to start === \n''To restore TV you need:''<br>\n* Settings in Service menu are set before TV broke - do it now, if your TV isn`t broken - insurance for future :)\n* Enter Service Menu ( quickly push [INFO] [MENU] [MUTE] [POWER] on your remote control )\n* Change setting for your RS232C interface to \"'''debug'''\" ( Control -> Sub Option -> RS-232 Jack -> [ '''Debug''' | UART | Logic ] )\n* Change setting for Watchdog to \"'''off'''\", so that the device doesn't reboot while you are in uBoot menu ( Control -> Sub Option -> Watchdog -> [ on | '''off''' ] )<br><br>\n* Make or buy '''Service Cable''' - [http://wiki.samygo.tv/index.php5?title=Enable_Serial_Console_on_non_CI%2B_Devices#The_Ex-Link_.28serial.29_cable ExLink]\n\n* You need images to restore (or dumps of partitions you made before. How to make dumps [http://wiki.samygo.tv/index.php5?title=Dumping_and_Flashing_images_by_hand read here].)<br>\n* If you use firmware files from firmware upgrade file (you can download it from [http://wiki.samygo.tv/index.php5?title=Old_%26_Good_Firmwares here], make sure, that you have UNxored exe.img and appdata.img on USB/update (NOT exe.img.enc and NOT appdata.img.enc). How to unXOR images read [http://wiki.samygo.tv/index.php5?title=Playing_with_Firmware_Images#Decryption.2FEncrpytion_of_Image here.]\n=== Prepare USB ===\n* 1. Format USB to FAT32\n* 2. Copy required images to /update directory on USB. <br>\n* 3. Place exe.'''img''' and appdata.'''img''' to USB/update<br>\n* 4. Reboot TV, go to [http://wiki.samygo.tv/index.php5?title=Enable_Serial_Console_on_non_CI%2B_Devices#Debug_Menu_.28On_CI.2B_Devices_Too.29 TOP Debug menu]\n* 5. Enter Ctrl+c to get to console. TV from this moment does not respond to RC.\n* 6. Mount USB disk with next command\n sh +x /sbin/usb_start.sh\n\nIf you get error (in some models) about not existing file, try:\n sh +x /sbin/start_usb.sh\n\n* 7. Check if USB is mounted\n cd dtv/usb\n ls\nYou get something like:\n log sda1\n* 8. Check images on USB/update\n cd sda1/update \n ls\nYou get:\n Image exe.img oneboot.bin uboot_env.bin\n Image_serial fnw.bin rootfs.img validinfo.txt\n appdata.img info.txt serial_temp version_info.txt\n boot.img onboot.bin u-boot.bin\n* 9. Prevent TV from rebooting when exeDSP is stopped \n /mtd_boot/MicomCtrl 23\n* 10. Kill exeDSP\n killall -9 exeDSP\n* 11. unmount /mtd_exe/ and /mtd_appdata/\n umount /mtd_exe/\n umount /mtd_appdata/\n\n* 12. Write \u00e2\u0080\u0098exe.img and appdata.img\u00e2\u0080\u0099 to TV\n fsrrestore /dev/bml0/8 exe.img;\n fsrrestore /dev/bml0/9 appdata.img;\n\n* 13. Mount the updated images\n mount -t auto /dev/tbml8 /mtd_exe\n mount -t auto /dev/tbml9 /mtd_appdata\n\n* 14. Start exeDSP again (Do not worry if screen is bottom to up, after restart TV you get normal operating TV)\n /mtd_exe/rc.local\n\n=== Flash another partitions from console ===\n\n* 15. If you need restore some other partitions, you can do it as example:\n cat /dtv/usb/sda1/update/u-boot.bin > /dev/bml0/2\n cat /dtv/usb/sda1/update/fnw.bin > /dev/bml0/4\n cat /dtv/usb/sda1/update/Image > /dev/bml0/5\n cat /dtv/usb/sda1/update/rootfs.img > /dev/bml0/6\n cat /dtv/usb/sda1/update/boot.img > /dev/bml0/7\n\nor you can use bml tool:\n bml.restore /dev/bml0/2 /dtv/usb/sda1/update/u-boot.bin \n bml.restore /dev/bml0/4 /dtv/usb/sda1/update/fnw.bin \n bml.restore /dev/bml0/5 /dtv/usb/sda1/update/Image \n bml.restore /dev/bml0/6 /dtv/usb/sda1/update/rootfs.img \n bml.restore /dev/bml0/7 /dtv/usb/sda1/update/boot.img\n\n== Make dumps ==\nIt is good to have dumps of partitions on TV before you start playing with flashing. You need USB Fat32, working console (over ExLink or telnet). \n\nHow is your USB recognized you can see with command\n df -h\nHere is output of LE40B653T5W:\n # df -h\n Filesystem Size Used Available Use% Mounted on\n /dev/tbml6 3.1M 3.1M 0 100% /\n none 10.0M 8.0k 10.0M 0% /dtv\n /dev/tbml7 896.0k 896.0k 0 100% /mtd_boot\n none 10.0M 0 10.0M 0% /mtd_ram\n /dev/stl0/14 11.0M 10.8M 208.0k 98% /mtd_rwarea\n /dev/tbml8 60.0M 51.2M 8.8M 85% /mtd_exe\n /dev/tbml9 28.6M 28.6M 0 100% /mtd_appdata\n /dev/stl0/13 189.0M 134.3M 54.7M 71% /mtd_tlib\n /dev/stl0/15 50.0M 7.3M 42.6M 15% /mtd_contents\n /dev/stl0/16 87.9M 9.5M 78.4M 11% /mtd_down\n /dev/stl0/12 149.0M 224.0k 148.8M 0% /mtd_wiselink\n /dev/stl0/17 87.0M 176.0k 86.8M 0% /mtd_swu\n /dev/sda1 298.0k 298.0k 0 100% /dtv/usb/sda1\n\nMake dumps by commands:\n bml.dump /dev/bml0/1 /dtv/usb/sda1/dump/bml0_1_dump\n bml.dump /dev/bml0/2 /dtv/usb/sda1/dump/bml0_2_dump\n bml.dump /dev/bml0/3 /dtv/usb/sda1/dump/bml0_3_dump\n bml.dump /dev/bml0/4 /dtv/usb/sda1/dump/bml0_4_dump \n bml.dump /dev/bml0/5 /dtv/usb/sda1/dump/bml0_5_dump \n bml.dump /dev/bml0/6 /dtv/usb/sda1/dump/bml0_6_dump \n bml.dump /dev/bml0/7 /dtv/usb/sda1/dump/bml0_7_dump \n bml.dump /dev/bml0/8 /dtv/usb/sda1/dump/bml0_8_dump\n bml.dump /dev/bml0/9 /dtv/usb/sda1/dump/bml0_9_dump\n bml.dump /dev/bml0/10 /dtv/usb/sda1/dump/bml0_10_dump\n bml.dump /dev/bml0/11 /dtv/usb/sda1/dump/bml0_11_dump\n\nFinish!\n\n--[[User:Juzis28|Juzis28]] 09:01, 1 January 2011 (UTC)"
}
]
},
"586": {
"pageid": 586,
"ns": 0,
"title": "Remove shell input filtration",
"revisions": [
{
"contentformat": "text/x-wiki",
"contentmodel": "wikitext",
"*": "= Theory =\nStarting B series CI+ TV models, Samsung patched n_tty.c to cripple the console at kernel level. So it is not possible to get full unrestricted shell trough ExLink cable, even the required menu exists on TDM. All what is possible - input HEX chars A-F, 0...9.<br>\nExample (T-VALDEUC) how to get in to shell trough ExLink:\n 10041004 {Enter}\n 20089999\n 2 (Platform Print Setting)\n 0\n 0\n 2 (Advanced Platform)\n 2 (DeviceManager Debug)\n 91 (DeviceManager SS Debug)\n 20 (Enter system command)\n SELP#>\nFunction in /drivers/char/n_tty.c:\n int allow_char[] = { 48, 49, 50, 51, 52, 53, 54, 55, 56, 57 /* 0~9 */, 32 /*space*/, 13 /*enter*/, 8 /*backspace*/ };\n ..\n ..\n ..\n #ifdef CONFIG_SERIAL_INPUT_ENABLE_ONLY_NUMBER\n // additional checking 0~9, space, enter, backspace, SPTEAM 2009-02-12\n check = i = 0;\n while(i < MAX_ARRAY )\n {\n if( allow_char[i] == c )\n {\n check = 1;\n break;\n }\n i++;\n }\n if( !check )\n return;\n #endif\n\nUnlimited shell access might be useful in developing, repair if TV is bricked or any other emergency situations.\n\n= How To =\n'''We have few possibilities to get unrestricted root access via exlink cable:'''\n==Patch kernel in memory== \nCheck [http://forum.samygo.tv/viewtopic.php?f=2&t=289&start=20#p5650 '''this topic'''] - for B series CI+ and maybe for D550(if anyone finds proper code to patch) only. Because on other models the required TDM function ''Register & Physical Memory Write'' is not available anymore (removed or hidden).\n\n==Recompile kernel==\nAnyone should document that!\n\n==Patch kernel image ==\nDirtiest, but '''confirmed''' way to patch out input filtration.\nChecked on IDA, proper function and HEX string to search for is found.\n<br><br>\n<font size=\"3\">'''Steps:'''</font size>\n* Use dump of kernel`s partition or decrypt kernel using '''[http://sourceforge.net/p/samygo/code/1246/tree/patcher/trunk SamyGO Firmware patcher]''' (example):\n SamyGO.py decrypt_all ./T-VALDEUC\n* Open decrypted kernel image in HEX editor\n* Search for HEX string\n 01 30 92 E7 04 20 82 E2 04 00 53 E1 02 00 00 {{red|0A}}\n* Replace last byte ('''0A''' to '''EA'''). Result must look like:\n 01 30 92 E7 04 20 82 E2 04 00 53 E1 02 00 00 {{red|EA}}\nThe Mathematics in asm code:\n ROM:0016DA98 E0 1D 9F E5 LDR R1, =0xC02FBF9C\n ROM:0016DA9C 01 30 92 E7 LDR R3, [R2,R1]\n ROM:0016DAA0 04 20 82 E2 ADD R2, R2, #4\n ROM:0016DAA4 04 00 53 E1 CMP R3, R4 \n ROM:0016DAA8 02 00 00 0A BEQ loc_16DAB8\n ROM:0016DAAC 4C 00 52 E3 CMP R2, #0x4C ==19\n ROM:0016DAB0 2E 03 00 0A BEQ loc_16E770\n ROM:0016DAB4 F7 FF FF EA B loc_16DA98 \nWith such patch we escaped from that input filtration loop and can input whatever we need now.\n* Save new kernel image\n* '''[[Hashes#Calculating_hashes | Calculate]]''' new cmac blocks (hashes) for new kernel:\n mkey=6f6bc7e1fc7f86bf9c150a82f343e2e0 (for T-VAL* firmwares)\n:Calculating and comparing of hashes can be done with '''[http://download.samygo.tv/Others/chkhash-0.02.zip chkhash tool]'''\n* '''[[Hash_partition_structure | Edit hashes file]]''' (cmac bloks (hashes) of appdata.img, exe.img, Image and rootfs.img are stored in some separate partition on TV). \n:If you miss this step, you get TV reboot every 30 sec, which is initialized by authuld due hashes mismatch. \n* Connect to TV (telnet/ssh) and restore both (Image and hash partition) with new files you`ve made. It is MANDATORY to flash both partition at one TV session. If you reboot TV with just one partition re-flashed, you get cyclic reboot by authuld, where repair is almost impossible if no full root access at boot time is available.<br>\nDecide what is your active partition set (on C/D/E series here are two sets of rootfs+kernel, active and alternative). For this goal you have to check for console output:\n cat /proc/cmdline\nThe output for '''1st set''' should look:\n root=/dev/tfsr6 console=ttyS1 quiet\nThis means active firmware uses '''first''' set of partitions, kernel=/dev/bml0/'''{{red|5}}''', rootfs=/dev/bml0/'''{{red|6}}''' and hashes are checked from /dev/bml0/'''{{red|9}}'''<br>\nOutput for '''2nd set''':\n root=/dev/tfsr8 console=ttyS1 quiet\nThis means active firmware uses '''second''' set of partitions, kernel=/dev/bml0/'''{{red|7}}''', rootfs=/dev/bml0/'''{{red|8}}''' and hashes are checked from /dev/bml0/'''{{red|10}}'''<br>\n''In example we got the 2nd partition set is used and we have to restore bml0/7 with patched kernel and bml0/10 with correct hashes:''\n bml.restore /dev/bml0/7 /dtv/usb/sda1/bml7_VAL_3015_patched.dmp\n sync\n sync\n sync\n bml.restore /dev/bml0/10 /dtv/usb/sda1/bml10_VAL_3015_patched.dmp\n sync\n sync\n sync\n'''{{red|If you get ANY error while restoring partitions, DO NOT REBOOT or POWER OFF TV, ask for help and wait...}}'''\n\n\n* If no errors came, reboot TV. And pray :)\n\n\n=== Firmwares ===\nHEX patching possible with same string from example on:\nB series CI+ devices, firmwares T-CHUCIP*, T-CHLCIP*, T-CHL5CIP*, T-CHL6CIP*<br>\nC series T-VAL* family firmwares<br>\n\n= References =\n[http://forum.samygo.tv/viewtopic.php?f=10&t=2165 Support forum]"
}
]
}
}
}
}