Article describes how to prepare and test your own patched firmware for BD-Player.
Preparing device and firmware
SamyGO.py decrypt ./B-FIRHRTBEUC
4. Extract exeDSP binary from decrypted exe.img. Here are different ways to do that, you can mount exe.img as squashfs image file or open it in 7zip
- C-Free Patch
- To be updated
- To be updated
Installing patched exeDSP
1. Make sure you have FTP and shell (netcat) access
2. Copy your patched exeDSP into /mtd_rwarea folder
3. Connect through netcat and apply proper permissions to it, for example:
chmod 755 /mtd_rwarea/exeDSP
4. Connect through FTP and copy /mtd_exe/rc.local to your PC
5. Rename it (on your PC) to user.sh
6. Open it for editing (on your PC of course!), using your favorite editor, eg. Notepad++, AkelPad, UltraEdit. don`t use Notepad, winword, wordpad!
7. Find the line where original exeDSP is started, example:
cd /mtd_exe sysctl -w kernel.msgmni=64 ./exeDSP
8. Add BEFORE these lines the following line:
mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP
So it should be like this:
mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP cd /mtd_exe sysctl -w kernel.msgmni=64 ./exeDSP
9. To be 100% safe, add the following line:
mv /mtd_rwarea/user.sh /mtd_rwarea/user.sh.safe
before the previous block, example:
if [ -e /mtd_rocommon/watermark_set ]; then echo "watermark_set flag exists" fi echo "B-FIRHTBEUC" > /dtv/info echo 7 4 1 7 > /proc/sys/kernel/printk mv /mtd_rwarea/user.sh /mtd_rwarea/user.sh.safe if [ -e /mtd_rwarea/myBoot.sh ]; then /mtd_rwarea/myBoot.sh else mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP cd /mtd_exe sysctl -w kernel.msgmni=64 ./exeDSP fi
This will make the script execute only once, so if it doesn't work and the device doesn't boot, a reboot will fix the problems!
After you ensure it works good, you should remove that line, and name the file user.sh on the device, so that it always executes and loads your patched exeDSP.
10. Save script ANSI encoding, copy it into /mtd_rwarea
11. Apply proper permissions to it, example:
chmod +x /mtd_rwarea/user.sh
12. Reboot your device and pray :)
A Digital Rights Management (DRM) system utilizing audio watermaking technology created by verance that can detect when an illegal movie download / pirate DVD is being played on a PlayStation 3 (PS3) console and modern Blu-ray stand-alone players on the market. Content protected by this technology carry inaudible codes (the watermark) embedded in the audio tracks by the owner of the copy- right that indicate how and where they are to be used.
When such a movie is played back on a player with C*****a detection the players firmware will detect the watermark and check if the device has been authorized for the watermark. If there isn't authorization for the device a message will be displayed saying that the content is protected by C*****a and not authorized for playback on the device. C*****a DRM has been added to all new BD players beginning the first quarter, 2010.
1. Prepare exeDSP
- Open exeDSP in HEX editor and search for hex string (i use ?? as mask, there can be any symbol instead.):
08 40 2D E9 04 00 50 E3 00 F1 9F 97 ?? ?? 00 EA ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 06 00 A0 E3
- Replace three bytes F1 9F 97 to 00 A0 E1. Result must look like:
08 40 2D E9 04 00 50 E3 00 00 A0 E1 ?? ?? 00 EA ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 06 00 A0 E3
- N.B! In some firmwares red marked 06 doesn`t exist. Needed to check of 00 or 08 instead of 06 at 37th place of string are proper place to patch... Anyone? :)
2b. FreePatcher. Download it from here.
- Just place next to exeDSP and click "start". Normally 18 bytes must be written. If you get 0 bytes written, this means - no address to patch found. Either nothing to patch or string is different and needed to be checked individually. Ask for support on forum.
3. Save patched exeDSP
4. Install modified exeDSP to BD player.
Patch tested and works well on B-FIRHTBEUC_1016.3. Patch expected to work on all FIR* based devices. Checked on IDA, but not tested on devices yet:
B-FIRBPEWWC 1053.2 B-FIRHRDEUC-1012.0 B-FIRURDEUC 1012.0 B-FIRBP7WWC 1010.0 B-FIRHTSWWC 1012.5 B-FIRHT7WWC 1012.5 B-FIRBSPWWC 1011.0 B-ECBHRDEUC 1011.0
- Injectable exeDSP patches (no need for hardware modifications)
All questions and answers on the SamyGO forum.