Difference between revisions of "SamyGO Firmware Patcher"
(Added Advanced mode explanations) |
(→Usage) |
||
| (6 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
SamyGO Firmware Patcher Script is a tool, modifies original firmwares that downloaded from Samsung site and converting them to Hacked firmwares for enabling Telnet on boot, executing start scripts via advanced mode and implement Video AR Fix for to exeDSP programs. | SamyGO Firmware Patcher Script is a tool, modifies original firmwares that downloaded from Samsung site and converting them to Hacked firmwares for enabling Telnet on boot, executing start scripts via advanced mode and implement Video AR Fix for to exeDSP programs. | ||
| Line 9: | Line 8: | ||
*Before start, you needed to download 32 bit python 2.6.4 (not 3.x one) for your operating system from www.python.org site. | *Before start, you needed to download 32 bit python 2.6.4 (not 3.x one) for your operating system from www.python.org site. | ||
*Python is OS independent language for using this script at all OS'es. | *Python is OS independent language for using this script at all OS'es. | ||
| − | *You needed pyCrypto package too if you try to modify CI+ device firmwares which has 'CIP' string in that firmware name ( | + | *You needed pyCrypto package too if you try to modify CI+ device firmwares which has 'CIP' string in that firmware name (example: T-CHLCIPDEUC). |
==Usage== | ==Usage== | ||
| − | *Download SamyGO Firmware Patcher script from download area. | + | *Download SamyGO Firmware Patcher script from [http://download.samygo.tv/ download area]. |
*Download your devices original firmware from Samsung site. | *Download your devices original firmware from Samsung site. | ||
| − | *Extract downloaded original firmware (by double clicking at windows or using | + | *Extract downloaded original firmware (by double clicking at windows or using unzip on Linux, OS X...) |
| − | *patch it using SamyGO Firmware patcher as "python SamyGO.py < | + | *patch it using SamyGO Firmware patcher as "'''python SamyGO.py <your extracted firmware directory>'''" |
for example: | for example: | ||
python SamyGO.py ./T-CHL7DEUC | python SamyGO.py ./T-CHL7DEUC | ||
| Line 21: | Line 20: | ||
death@triQuad:/SamyGO> python ./SamyGO.py Silo/T-CHL7DEUC | death@triQuad:/SamyGO> python ./SamyGO.py Silo/T-CHL7DEUC | ||
| − | + | SamyGO Firmware Patcher v0.16 Beta (c) 2010 Erdem U. Altinyurt | |
-=BIG FAT WARNING!=- | -=BIG FAT WARNING!=- | ||
| Line 93: | Line 92: | ||
echo "USB-File detected" | echo "USB-File detected" | ||
$USB/usb.sh | $USB/usb.sh | ||
| + | exit | ||
else | else | ||
echo "Running Normal SamyGO Startup" | echo "Running Normal SamyGO Startup" | ||
| − | |||
fi | fi | ||
| + | |||
| + | #Your lines here! | ||
| + | |||
exit | exit | ||
Set the right permissions | Set the right permissions | ||
| Line 102: | Line 104: | ||
Now reboot your TV and you ready to rock and roll.... | Now reboot your TV and you ready to rock and roll.... | ||
| + | |||
| + | ==Python Works== | ||
| + | '''Notice: This part is for python programmers. Not for users.''' | ||
| + | *If you wanted to modify firmware with hand, or wanted to use SamyGO Firmware Patcher script at manual, here how can you make it. I explain those functions for use script for manual operations. | ||
| + | *First you needed to open python shell and than import SamyGO script | ||
| + | |||
| + | death@triQuad:/SamyGO> python | ||
| + | Python 2.6.2 (r262:71600, Oct 24 2009, 03:15:21) | ||
| + | [GCC 4.4.1 [gcc-4_4-branch revision 150839]] on linux2 | ||
| + | Type "help", "copyright", "credits" or "license" for more information. | ||
| + | >>> import SamyGO | ||
| + | SamyGO Firmware Patcher pre-v0.16 (c) 2010 Erdem U. Altinyurt | ||
| + | |||
| + | -=BIG FAT WARNING!=- | ||
| + | You can brick your TV with this tool! | ||
| + | Authors accept no responsibility about ANY DAMAGE on your devices! | ||
| + | project home: http://SamyGO.sourceforge.net | ||
| + | |||
| + | For use this script, you have to extract your firmware to a directory first! | ||
| + | usage: python <path to extracted directory from firmware> | ||
| + | example: python ./T-CHL7DEUC/ | ||
| + | |||
| + | ===AESdec( filename,key )=== | ||
| + | *This function decrypts AES encrypted exe.img.sec file and writes xor encrypted firmware. If you not give key, it defaults to use key bellow. Returns decrypted/encrypted filename. | ||
| + | >>> SamyGO.AESdec( '/SamyGO/Silo/T-CHUCIPDEUC/image/exe.img.sec' ) | ||
| + | secret key : A435HX:d3e90afc-0f09-4054-9bac-350cc8dfc901-7cee72ea-15ae-45ce-b0f5-611c4f8d4a71 | ||
| + | Decrypting AES... done | ||
| + | '/SamyGO/Silo/T-CHUCIPDEUC/image/exe.img.enc' | ||
| + | |||
| + | ===AESenc( filename,key )=== | ||
| + | *This function encrypts any file (usually XOR encrypted firmware image) with AES-128-CBC encryption and writes encrypted firmware. If you not give key, it defaults to use key bellow. Returns decrypted/encrypted filename. | ||
| + | SamyGO.AESenc( '/SamyGO/Silo/T-CHUCIPDEUC/image/exe.img.enc' ) | ||
| + | secret key : A435HX:d3e90afc-0f09-4054-9bac-350cc8dfc901-7cee72ea-15ae-45ce-b0f5-611c4f8d4a71 | ||
| + | Encrypting with AES... done | ||
| + | '/SamyGO/Silo/T-CHUCIPDEUC/image/exe.img.sec' | ||
| + | ===xor( filename, key)=== | ||
| + | *This function make XOR encryption and decryption (which is same process for both), key input required. Returns decrypted/encrypted filename and it's MD5 for identification. | ||
| + | >>> SamyGO.xor( '/Silo/T-CHUCIPDEUC/image/exe.img.enc' , 'T-CHUCIPDEUC') | ||
| + | Crypto package found, using fast XOR engine. | ||
| + | |||
| + | ('/SamyGO/Silo/T-CHUCIPDEUC/image/exe.img', '1ec6cb71c53fcbd3ca27f5e67c3fdfee') | ||
| + | ===patch_Telnet( filename )=== | ||
| + | *This function scan for | ||
| + | "#Remove engine logging." | ||
| + | text in while firmware image and replaces it with | ||
| + | ';/etc/telnetd_start.sh&' | ||
| + | string if selected Telnet patch or replaces with | ||
| + | ';/mtd_rwarea/SamyGO.sh&' | ||
| + | if selected Advanced mode. It returns true on successful patch. | ||
| + | Function Output is like: | ||
| + | >>> SamyGO.patch_Telnet( 'SamyGO/Silo/T-CHUCIPDEUC/image/exe.img' ) | ||
| + | Applying Telnet Patch... | ||
| + | Searching %92 | ||
| + | Suitable Location Found for Script injection on Image Offset : 52204063 | ||
| + | Enable Telnet or Advanced Mode on image( T/a )? T | ||
| + | Patching File... | ||
| + | Telnet Enabled on image. | ||
| + | True | ||
| + | |||
| + | ===patch_VideoAR( filename, md5dig )=== | ||
| + | *This function look md5 digest and patched VideoAR Fix to "image". If MD5 image is not meet with anything, than it calls VideoARFix_v1_patch_auto() option for implement patch. If MD5 is match from choices at script, it calls for xdelta tool for apply patch(usually for SquashFS images like T-CHL5DEUC), or ımplement patch via inner diff engine (for T-CHL7DEUC-2004.1 FW) | ||
| + | >>> SamyGO.patch_VideoAR( '/SamyGO/Silo/T-CHL7DEUC/image/exe.img', '' ) | ||
| + | Applying VideoAR Patch... | ||
| + | MD5 of Decrypted image is : e9489b2c40878977df0194853a8beccc | ||
| + | FAT image analyzed - exeDSP location: 7811072 size: 37414044 | ||
| + | ARM ELF exeDSP File Detected | ||
| + | CToolMmbDisplaySizeItem::GetToolItem() Adress : 0x13537D0 | ||
| + | CToolMmbDisplaySizeItem::PressLeftRightKey() Adress : 0x1353AC8 | ||
| + | VideoAR Fix v1 Compatibility NOT Found. | ||
| + | Oops!: This firmware is unknown for VideoAR patch. Skipped! | ||
| + | Please visit forum for support. | ||
| + | SamyGO Home: http://SamyGO.sourceforge.net | ||
| + | |||
| + | ===VideoARFix_v1_patch_auto( filename )=== | ||
| + | *This function extracts exeDSP from FAT image and inspect it via ELFRead() function. After finding requires adress, implements VideoAR Fix v1 patch. | ||
| + | |||
| + | >>> SamyGO.VideoARFix_v1_patch_auto( '/SamyGO/Silo/T-CHL7DAUC/image/exe.img' ) | ||
| + | FAT image analyzed - exeDSP location: 3166208 size: 36887876 | ||
| + | ARM ELF exeDSP File Detected | ||
| + | CToolMmbDisplaySizeItem::GetToolItem() Adress : 0x1320320 | ||
| + | CToolMmbDisplaySizeItem::PressLeftRightKey() Adress : 0x1320614 | ||
| + | VideoAR Fix v1 Compatibility Found. | ||
| + | |||
| + | ===ReadELF( filename_exeDSP )=== | ||
| + | *This function read exeDSP than generate and return symbol table of it. | ||
| + | >>> SymbolTable = SamyGO.ReadELF( '/SamyGO/SamyGO.exeDSP' ) | ||
| + | ARM ELF exeDSP File Detected | ||
| + | |||
| + | ===calculate_crc( decfile )=== | ||
| + | *This function calculates crc for given file and returns it as integer. | ||
| + | >>> SamyGO.calculate_crc( '/SamyGO/Silo/T-CHL7DAUC/image/exe.img' ) | ||
| + | Calculated CRC : 0x4C008347 | ||
| + | 1275102023 | ||
Latest revision as of 20:36, 27 February 2011
SamyGO Firmware Patcher Script is a tool, modifies original firmwares that downloaded from Samsung site and converting them to Hacked firmwares for enabling Telnet on boot, executing start scripts via advanced mode and implement Video AR Fix for to exeDSP programs.
- Why we are using patches instead of releasing hacked firmwares?
Because we are not allowed to distribute Samsung owned firmwares even we modify it. For avoiding any legal problems, we are turning around and modify original software via this script instead of releasing hacked firmwares.
Contents
Needings
- Before start, you needed to download 32 bit python 2.6.4 (not 3.x one) for your operating system from www.python.org site.
- Python is OS independent language for using this script at all OS'es.
- You needed pyCrypto package too if you try to modify CI+ device firmwares which has 'CIP' string in that firmware name (example: T-CHLCIPDEUC).
Usage
- Download SamyGO Firmware Patcher script from download area.
- Download your devices original firmware from Samsung site.
- Extract downloaded original firmware (by double clicking at windows or using unzip on Linux, OS X...)
- patch it using SamyGO Firmware patcher as "python SamyGO.py <your extracted firmware directory>"
for example:
python SamyGO.py ./T-CHL7DEUC
- Take look at process output
death@triQuad:/SamyGO> python ./SamyGO.py Silo/T-CHL7DEUC
SamyGO Firmware Patcher v0.16 Beta (c) 2010 Erdem U. Altinyurt
-=BIG FAT WARNING!=-
You can brick your TV with this tool!
Authors accept no responsibility about ANY DAMAGE on your devices!
project home: http://SamyGO.sourceforge.net
XOR Encrytped CI firmware detected.
Decrypting with XOR key : T-CHL7DEUC
Crypto package found, using fast XOR engine.
Applying VideoAR Patch...
MD5 of Decrypted image is : 9b4d11ddc6bd41156573ae61d1660fdf
FAT image analyzed - exeDSP location: 7811072 size: 37414044
ARM ELF exeDSP File Detected
CToolMmbDisplaySizeItem::GetToolItem() Adress : 0x13537D0
CToolMmbDisplaySizeItem::PressLeftRightKey() Adress : 0x1353AC8
VideoAR Fix v1 Compatibility Found.
VideoAR Fix v1 Patched on image.
Applying Telnet Patch...
Searching %3
Suitable Location Found for Script injection on Offset : 3969567
Enable Telnet or Advanced Mode on image( T/a )?
Patching File...
Telnet Enabled on image.
Calculatin new CRC : d71d7f17
Updating /SamyGO/T-CHL7DEUC/image/validinfo.txt with new CRC.
Encrypting with XOR : T-CHL7DEUC
Crypto package found, using fast XOR engine.
Operation successfully completed.
Now you can flash your TV with ./T-CHL7DEUC directory.
- If everything goes on the way, copy the modified firmware directory to your USB flash device root and plug it to the TV and Flash your device. Thats all.
Advanced Mode
During the patching process you will be asked to use Enable Telnet or Advanced Mode.
Enable Telnet or Advanced Mode on image( T/a )?
- If you simply wish to just enable telnet on startup select "T"
- If you wish to automount shares and telnet then select "a"
If you selected Advanced Mode you will need to create a file called /mtd_rwarea/SamyGO.sh and set the permissions to 755
Once you have flashed your TV you will need to use the SamyGO Telnet Enabler Program, to enable telnet. This is a once off.
Once you have enabled telnet using SamyGO Telnet Enabler, telnet to your tv and create /mtd_rwarea/SamyGO.sh
# vi /mtd_rwarea/SamyGO.sh
Add the following to SamyGO.sh
#!/bin/sh
# Enable Telnetd
if [ `cat /proc/mounts | grep -c "/dev/pts"` -lt "1" ] ; then
echo "telnetd Enabled"
mount -t devpts devpts /dev/pts
telnetd
else
echo "/dev/pts is mounted"
fi
# Open back-door for fixing boot-loop situations
sleep 20 # Allow USB-stick to settle
USB="/dtv/usb/sda1" # USB mount-point
if [ -f $USB/usb.sh ];then
echo "USB-File detected"
$USB/usb.sh
exit
else
echo "Running Normal SamyGO Startup"
fi
#Your lines here!
exit
Set the right permissions
# chmod 755 /mtd_rwarea/SamyGO.sh
Now reboot your TV and you ready to rock and roll....
Python Works
Notice: This part is for python programmers. Not for users.
- If you wanted to modify firmware with hand, or wanted to use SamyGO Firmware Patcher script at manual, here how can you make it. I explain those functions for use script for manual operations.
- First you needed to open python shell and than import SamyGO script
death@triQuad:/SamyGO> python
Python 2.6.2 (r262:71600, Oct 24 2009, 03:15:21)
[GCC 4.4.1 [gcc-4_4-branch revision 150839]] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import SamyGO
SamyGO Firmware Patcher pre-v0.16 (c) 2010 Erdem U. Altinyurt
-=BIG FAT WARNING!=-
You can brick your TV with this tool!
Authors accept no responsibility about ANY DAMAGE on your devices!
project home: http://SamyGO.sourceforge.net
For use this script, you have to extract your firmware to a directory first!
usage: python <path to extracted directory from firmware>
example: python ./T-CHL7DEUC/
AESdec( filename,key )
- This function decrypts AES encrypted exe.img.sec file and writes xor encrypted firmware. If you not give key, it defaults to use key bellow. Returns decrypted/encrypted filename.
>>> SamyGO.AESdec( '/SamyGO/Silo/T-CHUCIPDEUC/image/exe.img.sec' ) secret key : A435HX:d3e90afc-0f09-4054-9bac-350cc8dfc901-7cee72ea-15ae-45ce-b0f5-611c4f8d4a71 Decrypting AES... done '/SamyGO/Silo/T-CHUCIPDEUC/image/exe.img.enc'
AESenc( filename,key )
- This function encrypts any file (usually XOR encrypted firmware image) with AES-128-CBC encryption and writes encrypted firmware. If you not give key, it defaults to use key bellow. Returns decrypted/encrypted filename.
SamyGO.AESenc( '/SamyGO/Silo/T-CHUCIPDEUC/image/exe.img.enc' ) secret key : A435HX:d3e90afc-0f09-4054-9bac-350cc8dfc901-7cee72ea-15ae-45ce-b0f5-611c4f8d4a71 Encrypting with AES... done '/SamyGO/Silo/T-CHUCIPDEUC/image/exe.img.sec'
xor( filename, key)
- This function make XOR encryption and decryption (which is same process for both), key input required. Returns decrypted/encrypted filename and it's MD5 for identification.
>>> SamyGO.xor( '/Silo/T-CHUCIPDEUC/image/exe.img.enc' , 'T-CHUCIPDEUC')
Crypto package found, using fast XOR engine.
('/SamyGO/Silo/T-CHUCIPDEUC/image/exe.img', '1ec6cb71c53fcbd3ca27f5e67c3fdfee')
patch_Telnet( filename )
- This function scan for
"#Remove engine logging."
text in while firmware image and replaces it with
';/etc/telnetd_start.sh&'
string if selected Telnet patch or replaces with
';/mtd_rwarea/SamyGO.sh&'
if selected Advanced mode. It returns true on successful patch. Function Output is like: >>> SamyGO.patch_Telnet( 'SamyGO/Silo/T-CHUCIPDEUC/image/exe.img' )
Applying Telnet Patch... Searching %92 Suitable Location Found for Script injection on Image Offset : 52204063 Enable Telnet or Advanced Mode on image( T/a )? T Patching File... Telnet Enabled on image. True
patch_VideoAR( filename, md5dig )
- This function look md5 digest and patched VideoAR Fix to "image". If MD5 image is not meet with anything, than it calls VideoARFix_v1_patch_auto() option for implement patch. If MD5 is match from choices at script, it calls for xdelta tool for apply patch(usually for SquashFS images like T-CHL5DEUC), or ımplement patch via inner diff engine (for T-CHL7DEUC-2004.1 FW)
>>> SamyGO.patch_VideoAR( '/SamyGO/Silo/T-CHL7DEUC/image/exe.img', )
Applying VideoAR Patch... MD5 of Decrypted image is : e9489b2c40878977df0194853a8beccc FAT image analyzed - exeDSP location: 7811072 size: 37414044 ARM ELF exeDSP File Detected CToolMmbDisplaySizeItem::GetToolItem() Adress : 0x13537D0 CToolMmbDisplaySizeItem::PressLeftRightKey() Adress : 0x1353AC8 VideoAR Fix v1 Compatibility NOT Found. Oops!: This firmware is unknown for VideoAR patch. Skipped! Please visit forum for support. SamyGO Home: http://SamyGO.sourceforge.net
VideoARFix_v1_patch_auto( filename )
- This function extracts exeDSP from FAT image and inspect it via ELFRead() function. After finding requires adress, implements VideoAR Fix v1 patch.
>>> SamyGO.VideoARFix_v1_patch_auto( '/SamyGO/Silo/T-CHL7DAUC/image/exe.img' ) FAT image analyzed - exeDSP location: 3166208 size: 36887876 ARM ELF exeDSP File Detected CToolMmbDisplaySizeItem::GetToolItem() Adress : 0x1320320 CToolMmbDisplaySizeItem::PressLeftRightKey() Adress : 0x1320614 VideoAR Fix v1 Compatibility Found.
ReadELF( filename_exeDSP )
- This function read exeDSP than generate and return symbol table of it.
>>> SymbolTable = SamyGO.ReadELF( '/SamyGO/SamyGO.exeDSP' ) ARM ELF exeDSP File Detected
calculate_crc( decfile )
- This function calculates crc for given file and returns it as integer.
>>> SamyGO.calculate_crc( '/SamyGO/Silo/T-CHL7DAUC/image/exe.img' ) Calculated CRC : 0x4C008347 1275102023
