ExeDSP modifications


From SamyGO
Revision as of 13:02, 18 January 2013 by Juzis28 (talk | contribs) (Patching exeDSP: hex string fixes)
Jump to: navigation, search

Article describes how to prepare and test your own patched firmware for BD-Player.

Preparing device and firmware

1. Root your device using DNS trick
2. Download firmware from Samsung support page
3. Decrypt firmware with SamyGO Firmware patcher (example): 

SamyGO.py decrypt ./B-FIRHRTBEUC

4. Extract exeDSP binary from decrypted exe.img. Here are different ways to do that, you can mount exe.img as squashfs image file or open it in 7zip

Available patches

Installing patched exeDSP

1. Make sure you have FTP and shell (netcat) access
2. Copy your patched exeDSP into /mtd_rwarea folder
3. Connect through netcat and apply proper permissions to it, for example: 

chmod 755 /mtd_rwarea/exeDSP

4. Connect through FTP and copy /mtd_exe/rc.local to your PC
5. Rename it (on your PC) to user.sh
6. Open it for editing (on your PC of course!), using your favorite editor, eg. Notepad++, AkelPad, UltraEdit. don`t use Notepad, winword, wordpad!
7. Find the line where original exeDSP is started, example: 

cd /mtd_exe
sysctl -w kernel.msgmni=64
./exeDSP

8. Add BEFORE these lines the following line: 

mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP

So it should be like this: 

mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP
cd /mtd_exe
sysctl -w kernel.msgmni=64
./exeDSP

9. To be 100% safe, add the following line: 

mv /mtd_rwarea/user.sh /mtd_rwarea/user.sh.safe

before the previous block, example: 

if [ -e /mtd_rocommon/watermark_set ]; then
	echo "watermark_set flag exists"
fi

echo "B-FIRHTBEUC" > /dtv/info
echo 7 4 1 7 > /proc/sys/kernel/printk

mv /mtd_rwarea/user.sh /mtd_rwarea/user.sh.safe 

if [ -e /mtd_rwarea/myBoot.sh ]; then
	/mtd_rwarea/myBoot.sh
else
	mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP 
	cd /mtd_exe
	sysctl -w kernel.msgmni=64
	./exeDSP
fi

This will make the script execute only once, so if it doesn't work and the device doesn't boot, a reboot will fix the problems!
After you ensure it works good, you should remove that line, and name the file user.sh on the device, so that it always executes and loads your patched exeDSP.

10. Save script ANSI encoding, copy it into /mtd_rwarea
11. Apply proper permissions to it, example: 

chmod +x /mtd_rwarea/user.sh

12. Reboot your device and pray :)

exeDSP Patches

Cinavia logo.gif Free Patch

A Digital Rights Management (DRM) system utilizing audio watermaking technology created by verance that can detect when an illegal
movie download / pirate DVD is being played on a PlayStation 3 (PS3) console and modern Blu-ray stand-alone players on  the market.
Content protected by this technology carry inaudible codes (the watermark) embedded in the audio tracks by the owner of the copy-
right that indicate how and where they are to be used.

When such a movie is played back on a player with Cinavia detection the players firmware will detect the watermark and check if the device has been authorized for the watermark. If there isn't authorization for the device a message will be displayed saying that the content is protected by Cinavia and not authorized for playback on the device. Cinavia DRM has been added to all new BD players beginning the first quarter, 2010.[1]

This patch will let you playback your *LEGIT* movie copies, without Cinavia interrupting, and is provided for educational purposes only.
We're not at all responsible if your TV/BD explodes!
B-FIRHTBEUC 1016.3 exedsp cynavia free.png

© theos0o

Patching exeDSP

1. Prepare exeDSP
2. Open exeDSP in HEX editor and search for hex string (i use 3F as mask, there can be any symbols instead.):

  • For B-ECB* firmwares:
08 40 2D E9 04 00 50 E3 00 F1 9F 97 3F 3F 00 EA

Replace three bytes (F1 9F 97) to 00 A0 E1. Result must look like: 

08 40 2D E9 04 00 50 E3 00 00 A0 E1 3F 3F 00 EA
  • For B-FIR* firmwares:
10 80 BD E8 08 40 2D E9 04 00 50 E3 00 F1 9F 97 3F 3F 00 EA

Replace three bytes (F1 9F 97) to 00 A0 E1. Result must look like: 

10 80 BD E8 08 40 2D E9 04 00 50 E3 00 00 A0 E1 3F 3F 00 EA

3. Save patched exeDSP
4. Install modified exeDSP to BD player.

Supported Firmwares

Patch tested and works well on B-FIRHTBEUC_1016.3. Patch expected to work on all FIR* based devices. Checked on IDA, but not tested on devices yet: 

B-FIRBPEWWC 1053.2
B-FIRHRDEUC-1012.0
B-FIRURDEUC 1012.0
B-FIRBP7WWC 1010.0
B-FIRHTSWWC 1012.5
B-FIRHT7WWC 1012.5
B-FIRBSPWWC 1011.0

B-ECBHRDEUC 1011.0

Upcoming patches

<Placeholder for other patches>

References

All questions and answers on the SamyGO forum.

Retrieved from "http://wiki.samygo.tv/index.php?title=ExeDSP_modifications&oldid=3594"