Difference between revisions of "Dumping and Flashing images by hand"
Dynamic1969 (talk | contribs) |
(→Manual flashing steps) |
||
(11 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
The steps outlined below allow the flashing of an image directly into the flash of your TV, without using the offical upgrade process of the TV.<br>The example shown below is for flashing a modified exe.img on a UExxB70xx.<br> | The steps outlined below allow the flashing of an image directly into the flash of your TV, without using the offical upgrade process of the TV.<br>The example shown below is for flashing a modified exe.img on a UExxB70xx.<br> | ||
− | There is no need to flash app_data Image, if the | + | There is no need to flash app_data Image, if you are just flashing modifications of the same exeDSP Version.<br> |
− | + | '''In any case you need to ensure that you erase the respective flash before overwriting it.''' | |
− | |||
== Device files used == | == Device files used == | ||
Find below the device files for different areas of the firmware for FW types listed ( this information is taken from the run.sh file and was not validated! ) | Find below the device files for different areas of the firmware for FW types listed ( this information is taken from the run.sh file and was not validated! ) | ||
Line 17: | Line 16: | ||
*EXE_DEVICE='''/dev/bml0/8''' | *EXE_DEVICE='''/dev/bml0/8''' | ||
*APPDATA_DEVICE='''/dev/bml0/9''' | *APPDATA_DEVICE='''/dev/bml0/9''' | ||
+ | |||
+ | === For All Devices === | ||
+ | *It's better to conceive the structure of your TV by '''df''' tool. | ||
+ | You can check your "'''df'''" output. Here is mine on LE40B650T2W which uses T-CHL7DEUC firmware | ||
+ | |||
+ | # df | ||
+ | Filesystem 1k-blocks Used Available Use% Mounted on | ||
+ | /dev/tbml6 3136 3136 0 100% / | ||
+ | none 10240 0 10240 0% /dtv | ||
+ | /dev/tbml7 1024 1024 0 100% /mtd_boot | ||
+ | none 10240 0 10240 0% /mtd_ram | ||
+ | /dev/stl0/14 11224 1778 9446 16% /mtd_rwarea | ||
+ | /dev/tbml10 61400 52440 8960 85% /mtd_exe | ||
+ | /dev/tbml11 29312 29312 0 100% /mtd_appdata | ||
+ | /dev/stl0/13 193536 160000 33536 83% /mtd_tlib | ||
+ | /dev/stl0/15 51160 1976 49184 4% /mtd_contents | ||
+ | /dev/stl0/16 90012 16344 73668 18% /mtd_down | ||
+ | /dev/stl0/12 152576 224 152352 0% /mtd_wiselink | ||
+ | /dev/stl0/17 89072 176 88896 0% /mtd_swu | ||
+ | |||
+ | Interpretation of this list is like that: | ||
+ | |||
+ | As you can easily understand mount of '''/mtd_exe''' means EXE_DEVICE is that '''/dev/tbml10'''. | ||
+ | |||
+ | And '''/''' describes that is ROOT device at '''/dev/tbml6'''. | ||
+ | |||
+ | *EXE_DEVICE = /dev/tbml10 | ||
+ | *ROOT_DEVICE = /dev/tbml6 | ||
+ | *APPDATA_DEVICE = /dev/tbml11 | ||
+ | *BOOT_DEVICE = /dev/tbml7 | ||
+ | |||
+ | You have to aware that, there is some devices not shown on '''df''' commands like bootloader or like kernel devices... | ||
== Manual flashing steps == | == Manual flashing steps == | ||
Line 27: | Line 58: | ||
*(4) Take a backup of the current image in the flash. | *(4) Take a backup of the current image in the flash. | ||
bml.dump /dev/bml0/8 /mtd_swu/exe.img.orig | bml.dump /dev/bml0/8 /mtd_swu/exe.img.orig | ||
− | *(5) Move backup image to a safe space ( e.g. USB ) | + | If you dont have bml.dump tool in your firmware, than you can use '''dd''' or '''cat''' tool too. |
+ | cat /dev/bml0/8 > /mtd_swu/exe.img.orig | ||
+ | |||
+ | dd if=/dev/bml0/8 of=/mtd_swu/exe.img.orig | ||
+ | *(5) Move backup image to a safe space ( e.g. USB ) | ||
mv /mtd_swu/exe.img.orig /dtv/usb/sda1 | mv /mtd_swu/exe.img.orig /dtv/usb/sda1 | ||
− | |||
*(6) Copy Image to be flashed from your USB to /mtd_swu | *(6) Copy Image to be flashed from your USB to /mtd_swu | ||
cp /dtv/usb/sda1/exe.img /mtd_swu | cp /dtv/usb/sda1/exe.img /mtd_swu | ||
-> this is the safest way, even though flashing directly from USB-Device may also be possible, which I have not tested | -> this is the safest way, even though flashing directly from USB-Device may also be possible, which I have not tested | ||
− | *(7) Perform the actual step of flashing the file. | + | *(7) Erase the flash before flashing the new file |
+ | bml.erase /dev/bml0/8 | ||
+ | *(8) Perform the actual step of flashing the file. exe.img file is needed to be non-encrypted. So you needed to decrypt exe.img.sec or exe.img.enc images before flashing! | ||
bml.restore /dev/bml0/8 /mtd_swu/exe.img | bml.restore /dev/bml0/8 /mtd_swu/exe.img | ||
->Flashing progress will be shown 0% ... 100%. Don't interrupt this process!! | ->Flashing progress will be shown 0% ... 100%. Don't interrupt this process!! | ||
− | *( | + | *(9) Mount the updated image( afterwards check out content and ensure it mounts without problems and looks ok from a content perspective. ) |
mount -t auto /dev/tbml8 /mtd_exe<br> | mount -t auto /dev/tbml8 /mtd_exe<br> | ||
− | *( | + | *(10) Starting exeDSP<br> |
/mtd_exe/rc.local | /mtd_exe/rc.local | ||
− | -> If something went wrong and your exeDSP doesn't start up properly, then you can flash back your backup ".orig" image following steps 3-9.<br>-> Don't worry, if you see your screen upside down | + | -> If something went wrong and your exeDSP doesn't start up properly, then you can flash back your backup ".orig" image following steps 3-9.<br>-> Don't worry, if you see your screen upside down after re-starting exeDSP ;-) as |
− | + | the exeDSP binary seems to expect a freshly initialized HW to start-up properly <br> | |
− | + | <br>'''Attention:'''This process does not validate the correctness and validity of the file being flashed. THIS IS YOUR RESPONSIBILITY!!! | |
+ | |||
+ | ==Flashing via TVs Software== | ||
+ | If you are flashing root image, how can you make it if you unmount the root?<br> | ||
+ | Here is another way of flashing partitions (that not limited with root partition, instead any partition that you wanted) via Flashing menu of TV. | ||
+ | *Revert firmware to previous one.(Not needed every time) | ||
+ | *Download last firmware of TV from Samsung. | ||
+ | *Put modified image dump (like rootfs.img ) to the /image directory, near exe.img.enc on new FW that gonna flash. | ||
+ | *Update validinfo.txt file and add required changes that described at bottom. | ||
+ | *Than flash it as usual firmware update. | ||
+ | *Pray to god. ( Always needed specially while doing such a critical things. ) | ||
+ | *If your TV is not bricked after flash, do not forget that you are praying a minute ago and say "thank you God!". This will prevent your TV to become bricked next time. | ||
+ | |||
+ | This will safely flash that partition (like "rootfs.img" or others)<br> | ||
+ | You could needed to update validinfo.txt file too.<br> | ||
+ | Its structure is basic, for example: | ||
+ | *007_exe.img_35bda3e4*011_appdata.img_69153622 | ||
+ | Structure is '''star, partition number, underline, image name, underline, crc32 at lower case.''' You needed to calculate CRC32 of that image. | ||
+ | Your new valid.txt needed to be like this if you are gonna flash your root partition that located at /dev/bml0/6: | ||
+ | *006_rootfs.img_1234abcd*007_exe.img_35bda3e4*011_appdata.img_69153622 | ||
+ | |||
+ | |||
+ | Other partitions names are: | ||
+ | Image - KERNEL image partition<br> | ||
+ | u-boot.bin - BOOTLOADER image partition<br> | ||
+ | boot.img - BOOT image partition<br> | ||
+ | rootfs.img - RFS image partition<br> | ||
+ | exe.img - EXE image partition<br> | ||
+ | appdata.img - APPDATA image partition<br> | ||
+ | onw.bin - BOOTLOADER image on CHL5DEUC or T-CHL5DSEUC - Flex Onenand Writer<br> | ||
+ | fnw.bin - BOOTLOADER image on CHL5DEUC or T-CHL5DSEUC - Flex Onenand Writer<br> | ||
+ | |||
+ | This information from run.sh.enc file that available at almost firmware upgrades, but you needed to decrypt it via XOR with firmware name first.<br> | ||
− | --[[User:Dynamic1969|Dynamic1969]] 17:59, 3 October 2009 (UTC) | + | --[[User:Dynamic1969|Dynamic1969]] 17:59, 3 October 2009 (UTC)<br> |
+ | --[[User:Erdem_ua|Erdem_ua]] 2:26, 10 January 2010 (EET) |
Latest revision as of 15:53, 8 March 2010
The steps outlined below allow the flashing of an image directly into the flash of your TV, without using the offical upgrade process of the TV.
The example shown below is for flashing a modified exe.img on a UExxB70xx.
There is no need to flash app_data Image, if you are just flashing modifications of the same exeDSP Version.
In any case you need to ensure that you erase the respective flash before overwriting it.
Contents
Device files used
Find below the device files for different areas of the firmware for FW types listed ( this information is taken from the run.sh file and was not validated! )
T-CHL5DSEUC, T-CHL5DEUC and T-CHU7DEUC
- BOOTLOADER_DEVICE=/dev/bml0/2
- FNW_DEVICE=/dev/bml0/4
- KERNEL_DEVICE=/dev/bml0/5
- RFS_DEVICE=/dev/bml0/6
- BOOT_DEVICE=/dev/bml0/7
T-CHL5DSEUC and T-CHL5DEUC Specific
- EXE_DEVICE=/dev/stl0/8
- APPDATA_DEVICE=/dev/stl0/9
T-CHU7DEUC Specific
- EXE_DEVICE=/dev/bml0/8
- APPDATA_DEVICE=/dev/bml0/9
For All Devices
- It's better to conceive the structure of your TV by df tool.
You can check your "df" output. Here is mine on LE40B650T2W which uses T-CHL7DEUC firmware
# df Filesystem 1k-blocks Used Available Use% Mounted on /dev/tbml6 3136 3136 0 100% / none 10240 0 10240 0% /dtv /dev/tbml7 1024 1024 0 100% /mtd_boot none 10240 0 10240 0% /mtd_ram /dev/stl0/14 11224 1778 9446 16% /mtd_rwarea /dev/tbml10 61400 52440 8960 85% /mtd_exe /dev/tbml11 29312 29312 0 100% /mtd_appdata /dev/stl0/13 193536 160000 33536 83% /mtd_tlib /dev/stl0/15 51160 1976 49184 4% /mtd_contents /dev/stl0/16 90012 16344 73668 18% /mtd_down /dev/stl0/12 152576 224 152352 0% /mtd_wiselink /dev/stl0/17 89072 176 88896 0% /mtd_swu
Interpretation of this list is like that:
As you can easily understand mount of /mtd_exe means EXE_DEVICE is that /dev/tbml10.
And / describes that is ROOT device at /dev/tbml6.
- EXE_DEVICE = /dev/tbml10
- ROOT_DEVICE = /dev/tbml6
- APPDATA_DEVICE = /dev/tbml11
- BOOT_DEVICE = /dev/tbml7
You have to aware that, there is some devices not shown on df commands like bootloader or like kernel devices...
Manual flashing steps
- (1) Prevent TV from rebooting when exeDSP is stopped
/mtd_boot/MicomCtrl 23
- (2) Stop exeDSP binary
killall -9 exeDSP
- (3) Unmount the respective directory
umount /mtd_exe
- (4) Take a backup of the current image in the flash.
bml.dump /dev/bml0/8 /mtd_swu/exe.img.orig
If you dont have bml.dump tool in your firmware, than you can use dd or cat tool too.
cat /dev/bml0/8 > /mtd_swu/exe.img.orig
dd if=/dev/bml0/8 of=/mtd_swu/exe.img.orig
- (5) Move backup image to a safe space ( e.g. USB )
mv /mtd_swu/exe.img.orig /dtv/usb/sda1
- (6) Copy Image to be flashed from your USB to /mtd_swu
cp /dtv/usb/sda1/exe.img /mtd_swu
-> this is the safest way, even though flashing directly from USB-Device may also be possible, which I have not tested
- (7) Erase the flash before flashing the new file
bml.erase /dev/bml0/8
- (8) Perform the actual step of flashing the file. exe.img file is needed to be non-encrypted. So you needed to decrypt exe.img.sec or exe.img.enc images before flashing!
bml.restore /dev/bml0/8 /mtd_swu/exe.img
->Flashing progress will be shown 0% ... 100%. Don't interrupt this process!!
- (9) Mount the updated image( afterwards check out content and ensure it mounts without problems and looks ok from a content perspective. )
mount -t auto /dev/tbml8 /mtd_exe
- (10) Starting exeDSP
/mtd_exe/rc.local
-> If something went wrong and your exeDSP doesn't start up properly, then you can flash back your backup ".orig" image following steps 3-9.
-> Don't worry, if you see your screen upside down after re-starting exeDSP ;-) as
the exeDSP binary seems to expect a freshly initialized HW to start-up properly
Attention:This process does not validate the correctness and validity of the file being flashed. THIS IS YOUR RESPONSIBILITY!!!
Flashing via TVs Software
If you are flashing root image, how can you make it if you unmount the root?
Here is another way of flashing partitions (that not limited with root partition, instead any partition that you wanted) via Flashing menu of TV.
- Revert firmware to previous one.(Not needed every time)
- Download last firmware of TV from Samsung.
- Put modified image dump (like rootfs.img ) to the /image directory, near exe.img.enc on new FW that gonna flash.
- Update validinfo.txt file and add required changes that described at bottom.
- Than flash it as usual firmware update.
- Pray to god. ( Always needed specially while doing such a critical things. )
- If your TV is not bricked after flash, do not forget that you are praying a minute ago and say "thank you God!". This will prevent your TV to become bricked next time.
This will safely flash that partition (like "rootfs.img" or others)
You could needed to update validinfo.txt file too.
Its structure is basic, for example:
*007_exe.img_35bda3e4*011_appdata.img_69153622
Structure is star, partition number, underline, image name, underline, crc32 at lower case. You needed to calculate CRC32 of that image. Your new valid.txt needed to be like this if you are gonna flash your root partition that located at /dev/bml0/6:
*006_rootfs.img_1234abcd*007_exe.img_35bda3e4*011_appdata.img_69153622
Other partitions names are:
Image - KERNEL image partition
u-boot.bin - BOOTLOADER image partition
boot.img - BOOT image partition
rootfs.img - RFS image partition
exe.img - EXE image partition
appdata.img - APPDATA image partition
onw.bin - BOOTLOADER image on CHL5DEUC or T-CHL5DSEUC - Flex Onenand Writer
fnw.bin - BOOTLOADER image on CHL5DEUC or T-CHL5DSEUC - Flex Onenand Writer
This information from run.sh.enc file that available at almost firmware upgrades, but you needed to decrypt it via XOR with firmware name first.
--Dynamic1969 17:59, 3 October 2009 (UTC)
--Erdem_ua 2:26, 10 January 2010 (EET)