Difference between revisions of "Dumping and Flashing images by hand"


From SamyGO
Jump to: navigation, search
(Manual flashing steps)
(Manual flashing steps)
 
(12 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
The steps outlined below allow the flashing of an image directly into the flash of your TV, without using the offical upgrade process of the TV.<br>The example shown below is for flashing a modified exe.img on a UExxB70xx.<br>
 
The steps outlined below allow the flashing of an image directly into the flash of your TV, without using the offical upgrade process of the TV.<br>The example shown below is for flashing a modified exe.img on a UExxB70xx.<br>
There is no need to flash app_data Image, if the actual exeDSP Version is unchanged and you are flashing your personal changes.
+
There is no need to flash app_data Image, if you are just flashing modifications of the same exeDSP Version.<br>
== WARNING - WARNING - WARNING - WARNING - WARNING - WARNING ==
+
'''In any case you need to ensure that you erase the respective flash before overwriting it.'''
 
 
 
 
''' Don't use this method until further notice, as I have observed some wired behavior that results in the TV not booting up.<br> '''
 
''' I am investigating the problem at the moment and advise everyone TO NOT USE THIS METHOD FOR THE TIME BEING!!!!! '''
 
 
 
== WARNING - WARNING - WARNING - WARNING - WARNING - WARNING ==
 
 
 
 
== Device files used ==
 
== Device files used ==
 
Find below the device files for different areas of the firmware for FW types listed ( this information is taken from the run.sh file and was not validated! )
 
Find below the device files for different areas of the firmware for FW types listed ( this information is taken from the run.sh file and was not validated! )
Line 23: Line 16:
 
*EXE_DEVICE='''/dev/bml0/8'''
 
*EXE_DEVICE='''/dev/bml0/8'''
 
*APPDATA_DEVICE='''/dev/bml0/9'''
 
*APPDATA_DEVICE='''/dev/bml0/9'''
 +
 +
=== For All Devices ===
 +
*It's better to conceive the structure of your TV by '''df''' tool.
 +
You can check your "'''df'''" output. Here is mine on LE40B650T2W which uses T-CHL7DEUC firmware
 +
 +
# df
 +
Filesystem          1k-blocks      Used Available Use% Mounted on
 +
/dev/tbml6                3136      3136        0 100% /
 +
none                    10240        0    10240  0% /dtv
 +
/dev/tbml7                1024      1024        0 100% /mtd_boot
 +
none                    10240        0    10240  0% /mtd_ram
 +
/dev/stl0/14            11224      1778      9446  16% /mtd_rwarea
 +
/dev/tbml10              61400    52440      8960  85% /mtd_exe
 +
/dev/tbml11              29312    29312        0 100% /mtd_appdata
 +
/dev/stl0/13            193536    160000    33536  83% /mtd_tlib
 +
/dev/stl0/15            51160      1976    49184  4% /mtd_contents
 +
/dev/stl0/16            90012    16344    73668  18% /mtd_down
 +
/dev/stl0/12            152576      224    152352  0% /mtd_wiselink
 +
/dev/stl0/17            89072      176    88896  0% /mtd_swu
 +
 +
Interpretation of this list is like that:
 +
 +
As you can easily understand mount of '''/mtd_exe''' means EXE_DEVICE is that '''/dev/tbml10'''.
 +
 +
And '''/''' describes that is ROOT device at '''/dev/tbml6'''.
 +
 +
*EXE_DEVICE =  /dev/tbml10
 +
*ROOT_DEVICE =  /dev/tbml6
 +
*APPDATA_DEVICE = /dev/tbml11
 +
*BOOT_DEVICE =  /dev/tbml7
 +
 +
You have to aware that, there is some devices not shown on '''df''' commands like bootloader or like kernel devices...
  
 
== Manual flashing steps ==
 
== Manual flashing steps ==
Line 33: Line 58:
 
*(4) Take a backup of the current image in the flash.
 
*(4) Take a backup of the current image in the flash.
 
  bml.dump /dev/bml0/8 /mtd_swu/exe.img.orig
 
  bml.dump /dev/bml0/8 /mtd_swu/exe.img.orig
*(5) Move backup image to a safe space ( e.g. USB ) and remove file from '''/mtd_swu'''
+
If you dont have bml.dump tool in your firmware, than you can use '''dd''' or '''cat''' tool too.
 +
cat /dev/bml0/8 > /mtd_swu/exe.img.orig
 +
 
 +
dd if=/dev/bml0/8 of=/mtd_swu/exe.img.orig
 +
*(5) Move backup image to a safe space ( e.g. USB )
 
  mv /mtd_swu/exe.img.orig /dtv/usb/sda1
 
  mv /mtd_swu/exe.img.orig /dtv/usb/sda1
rm /mtd_swu/exe.img.orig<br>
 
 
*(6) Copy Image to be flashed from your USB to /mtd_swu  
 
*(6) Copy Image to be flashed from your USB to /mtd_swu  
 
  cp /dtv/usb/sda1/exe.img /mtd_swu
 
  cp /dtv/usb/sda1/exe.img /mtd_swu
 
-> this is the safest way, even though flashing directly from USB-Device may also be possible, which I have not tested
 
-> this is the safest way, even though flashing directly from USB-Device may also be possible, which I have not tested
*(7) Perform the actual step of flashing the file.
+
*(7) Erase the flash before flashing the new file
 +
bml.erase /dev/bml0/8
 +
*(8) Perform the actual step of flashing the file. exe.img file is needed to be non-encrypted. So you needed to decrypt exe.img.sec or exe.img.enc images before flashing!
 
  bml.restore /dev/bml0/8 /mtd_swu/exe.img
 
  bml.restore /dev/bml0/8 /mtd_swu/exe.img
 
->Flashing progress will be shown 0% ... 100%. Don't interrupt this process!!
 
->Flashing progress will be shown 0% ... 100%. Don't interrupt this process!!
*(8) Mount the updated image( afterwards check out content and ensure it mounts without problems and looks ok from a content perspective. )
+
*(9) Mount the updated image( afterwards check out content and ensure it mounts without problems and looks ok from a content perspective. )
 
  mount -t auto /dev/tbml8 /mtd_exe<br>
 
  mount -t auto /dev/tbml8 /mtd_exe<br>
*(9) Starting exeDSP<br>
+
*(10) Starting exeDSP<br>
 
  /mtd_exe/rc.local
 
  /mtd_exe/rc.local
-> If something went wrong and your exeDSP doesn't start up properly, then you can flash back your backup ".orig" image following steps 3-9.<br>-> Don't worry, if you see your screen upside down. That is just due to a variable not been set ;-)
+
-> If something went wrong and your exeDSP doesn't start up properly, then you can flash back your backup ".orig" image following steps 3-9.<br>-> Don't worry, if you see your screen upside down after re-starting exeDSP ;-) as
<br><br>
+
the exeDSP binary seems to expect a freshly initialized HW to start-up properly <br>
<br><br>'''Attention:'''This process does not validate the correctness and validity of the file being flashed. THIS IS YOUR RESPONSIBILITY!!!
+
<br>'''Attention:'''This process does not validate the correctness and validity of the file being flashed. THIS IS YOUR RESPONSIBILITY!!!
 +
 
 +
==Flashing via TVs Software==
 +
If you are flashing root image, how can you make it if you unmount the root?<br>
 +
Here is another way of flashing partitions (that not limited with root partition, instead any partition that you wanted) via Flashing menu of TV.
 +
*Revert firmware to previous one.(Not needed every time)
 +
*Download last firmware of TV from Samsung.
 +
*Put modified image dump (like rootfs.img ) to the /image directory, near exe.img.enc on new FW that gonna flash.
 +
*Update validinfo.txt file and add required changes that described at bottom.
 +
*Than flash it as usual firmware update.
 +
*Pray to god. ( Always needed specially while doing such a critical things. )
 +
*If your TV is not bricked after flash, do not forget that you are praying a minute ago and say "thank you God!". This will prevent your TV to become bricked next time.
 +
 
 +
This will safely flash that partition (like "rootfs.img" or others)<br>
 +
You could needed to update validinfo.txt file too.<br>
 +
Its structure is basic, for example:
 +
*007_exe.img_35bda3e4*011_appdata.img_69153622
 +
Structure is '''star, partition number, underline, image name, underline, crc32 at lower case.''' You needed to calculate CRC32 of that image.
 +
Your new valid.txt needed to be like this if you are gonna flash your root partition that located at /dev/bml0/6:
 +
*006_rootfs.img_1234abcd*007_exe.img_35bda3e4*011_appdata.img_69153622
 +
 
 +
 
 +
Other partitions names are:
 +
Image - KERNEL image partition<br>
 +
u-boot.bin - BOOTLOADER image partition<br>
 +
boot.img - BOOT image partition<br>
 +
rootfs.img - RFS image partition<br>
 +
exe.img - EXE image partition<br>
 +
appdata.img - APPDATA image partition<br>
 +
onw.bin - BOOTLOADER image on CHL5DEUC or T-CHL5DSEUC - Flex Onenand Writer<br>
 +
fnw.bin - BOOTLOADER image on CHL5DEUC or T-CHL5DSEUC - Flex Onenand Writer<br>
 +
 
 +
This information from run.sh.enc file that available at almost firmware upgrades, but you needed to decrypt it via XOR with firmware name first.<br>
  
--[[User:Dynamic1969|Dynamic1969]] 17:59, 3 October 2009 (UTC)
+
--[[User:Dynamic1969|Dynamic1969]] 17:59, 3 October 2009 (UTC)<br>
 +
--[[User:Erdem_ua|Erdem_ua]] 2:26, 10 January 2010 (EET)

Latest revision as of 15:53, 8 March 2010

The steps outlined below allow the flashing of an image directly into the flash of your TV, without using the offical upgrade process of the TV.
The example shown below is for flashing a modified exe.img on a UExxB70xx.
There is no need to flash app_data Image, if you are just flashing modifications of the same exeDSP Version.
In any case you need to ensure that you erase the respective flash before overwriting it.

Device files used

Find below the device files for different areas of the firmware for FW types listed ( this information is taken from the run.sh file and was not validated! )

T-CHL5DSEUC, T-CHL5DEUC and T-CHU7DEUC

  • BOOTLOADER_DEVICE=/dev/bml0/2
  • FNW_DEVICE=/dev/bml0/4
  • KERNEL_DEVICE=/dev/bml0/5
  • RFS_DEVICE=/dev/bml0/6
  • BOOT_DEVICE=/dev/bml0/7

T-CHL5DSEUC and T-CHL5DEUC Specific

  • EXE_DEVICE=/dev/stl0/8
  • APPDATA_DEVICE=/dev/stl0/9

T-CHU7DEUC Specific

  • EXE_DEVICE=/dev/bml0/8
  • APPDATA_DEVICE=/dev/bml0/9

For All Devices

  • It's better to conceive the structure of your TV by df tool.

You can check your "df" output. Here is mine on LE40B650T2W which uses T-CHL7DEUC firmware

# df
Filesystem           1k-blocks      Used Available Use% Mounted on
/dev/tbml6                3136      3136         0 100% /
none                     10240         0     10240   0% /dtv
/dev/tbml7                1024      1024         0 100% /mtd_boot
none                     10240         0     10240   0% /mtd_ram
/dev/stl0/14             11224      1778      9446  16% /mtd_rwarea
/dev/tbml10              61400     52440      8960  85% /mtd_exe
/dev/tbml11              29312     29312         0 100% /mtd_appdata
/dev/stl0/13            193536    160000     33536  83% /mtd_tlib
/dev/stl0/15             51160      1976     49184   4% /mtd_contents
/dev/stl0/16             90012     16344     73668  18% /mtd_down
/dev/stl0/12            152576       224    152352   0% /mtd_wiselink
/dev/stl0/17             89072       176     88896   0% /mtd_swu

Interpretation of this list is like that:

As you can easily understand mount of /mtd_exe means EXE_DEVICE is that /dev/tbml10.

And / describes that is ROOT device at /dev/tbml6.

  • EXE_DEVICE = /dev/tbml10
  • ROOT_DEVICE = /dev/tbml6
  • APPDATA_DEVICE = /dev/tbml11
  • BOOT_DEVICE = /dev/tbml7

You have to aware that, there is some devices not shown on df commands like bootloader or like kernel devices...

Manual flashing steps

  • (1) Prevent TV from rebooting when exeDSP is stopped
/mtd_boot/MicomCtrl 23
  • (2) Stop exeDSP binary
killall -9 exeDSP
  • (3) Unmount the respective directory
umount /mtd_exe
  • (4) Take a backup of the current image in the flash.
bml.dump /dev/bml0/8 /mtd_swu/exe.img.orig

If you dont have bml.dump tool in your firmware, than you can use dd or cat tool too.

cat /dev/bml0/8 > /mtd_swu/exe.img.orig
dd if=/dev/bml0/8 of=/mtd_swu/exe.img.orig
  • (5) Move backup image to a safe space ( e.g. USB )
mv /mtd_swu/exe.img.orig /dtv/usb/sda1
  • (6) Copy Image to be flashed from your USB to /mtd_swu
cp /dtv/usb/sda1/exe.img /mtd_swu

-> this is the safest way, even though flashing directly from USB-Device may also be possible, which I have not tested

  • (7) Erase the flash before flashing the new file
bml.erase /dev/bml0/8
  • (8) Perform the actual step of flashing the file. exe.img file is needed to be non-encrypted. So you needed to decrypt exe.img.sec or exe.img.enc images before flashing!
bml.restore /dev/bml0/8 /mtd_swu/exe.img

->Flashing progress will be shown 0% ... 100%. Don't interrupt this process!!

  • (9) Mount the updated image( afterwards check out content and ensure it mounts without problems and looks ok from a content perspective. )
mount -t auto /dev/tbml8 /mtd_exe
  • (10) Starting exeDSP
/mtd_exe/rc.local

-> If something went wrong and your exeDSP doesn't start up properly, then you can flash back your backup ".orig" image following steps 3-9.
-> Don't worry, if you see your screen upside down after re-starting exeDSP ;-) as the exeDSP binary seems to expect a freshly initialized HW to start-up properly

Attention:This process does not validate the correctness and validity of the file being flashed. THIS IS YOUR RESPONSIBILITY!!!

Flashing via TVs Software

If you are flashing root image, how can you make it if you unmount the root?
Here is another way of flashing partitions (that not limited with root partition, instead any partition that you wanted) via Flashing menu of TV.

  • Revert firmware to previous one.(Not needed every time)
  • Download last firmware of TV from Samsung.
  • Put modified image dump (like rootfs.img ) to the /image directory, near exe.img.enc on new FW that gonna flash.
  • Update validinfo.txt file and add required changes that described at bottom.
  • Than flash it as usual firmware update.
  • Pray to god. ( Always needed specially while doing such a critical things. )
  • If your TV is not bricked after flash, do not forget that you are praying a minute ago and say "thank you God!". This will prevent your TV to become bricked next time.

This will safely flash that partition (like "rootfs.img" or others)
You could needed to update validinfo.txt file too.
Its structure is basic, for example:

*007_exe.img_35bda3e4*011_appdata.img_69153622

Structure is star, partition number, underline, image name, underline, crc32 at lower case. You needed to calculate CRC32 of that image. Your new valid.txt needed to be like this if you are gonna flash your root partition that located at /dev/bml0/6:

*006_rootfs.img_1234abcd*007_exe.img_35bda3e4*011_appdata.img_69153622


Other partitions names are: Image - KERNEL image partition
u-boot.bin - BOOTLOADER image partition
boot.img - BOOT image partition
rootfs.img - RFS image partition
exe.img - EXE image partition
appdata.img - APPDATA image partition
onw.bin - BOOTLOADER image on CHL5DEUC or T-CHL5DSEUC - Flex Onenand Writer
fnw.bin - BOOTLOADER image on CHL5DEUC or T-CHL5DSEUC - Flex Onenand Writer

This information from run.sh.enc file that available at almost firmware upgrades, but you needed to decrypt it via XOR with firmware name first.

--Dynamic1969 17:59, 3 October 2009 (UTC)
--Erdem_ua 2:26, 10 January 2010 (EET)