ExeDSP modifications

From SamyGO
Jump to: navigation, search

Article describes how to prepare and test your own patched firmware for BD-Player.

Preparing device and firmware

1. Root your device using DNS trick
2. Download firmware from Samsung support page
3. Decrypt firmware with SamyGO Firmware patcher (example):

SamyGO.py decrypt ./B-FIRHRTBEUC

4. Extract exeDSP binary from decrypted exe.img. Here are different ways to do that, you can mount exe.img as squashfs image file or open it in 7zip

Available patches

Installing patched exeDSP

1. Make sure you have FTP and shell (netcat) access
2. Copy your patched exeDSP into /mtd_rwarea folder
3. Connect through netcat and apply proper permissions to it, for example:

chmod 755 /mtd_rwarea/exeDSP

4. Connect through FTP and copy /mtd_exe/rc.local to your PC
5. Rename it (on your PC) to user.sh
6. Open it for editing (on your PC of course!), using your favorite editor, eg. Notepad++, AkelPad, UltraEdit. don`t use Notepad, winword, wordpad!
7. Find the line where original exeDSP is started, example:

cd /mtd_exe
sysctl -w kernel.msgmni=64

8. Add BEFORE these lines the following line:

mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP

So it should be like this:

mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP
cd /mtd_exe
sysctl -w kernel.msgmni=64

9. To be 100% safe, add the following line:

mv /mtd_rwarea/user.sh /mtd_rwarea/user.sh.safe

before the previous block, example:

if [ -e /mtd_rocommon/watermark_set ]; then
	echo "watermark_set flag exists"

echo "B-FIRHTBEUC" > /dtv/info
echo 7 4 1 7 > /proc/sys/kernel/printk

mv /mtd_rwarea/user.sh /mtd_rwarea/user.sh.safe 

if [ -e /mtd_rwarea/myBoot.sh ]; then
	mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP 
	cd /mtd_exe
	sysctl -w kernel.msgmni=64

This will make the script execute only once, so if it doesn't work and the device doesn't boot, a reboot will fix the problems!
After you ensure it works good, you should remove that line, and name the file user.sh on the device, so that it always executes and loads your patched exeDSP.

10. Save script ANSI encoding, copy it into /mtd_rwarea
11. Apply proper permissions to it, example:

chmod +x /mtd_rwarea/user.sh

12. Reboot your device and pray :)

exeDSP Patches

Cinavia logo.gif Free Patch

A Digital Rights Management (DRM) system utilizing audio watermaking technology created by verance that can detect when an illegal
movie download / pirate DVD is being played on a PlayStation 3 (PS3) console and modern Blu-ray stand-alone players on  the market.
Content protected by this technology carry inaudible codes (the watermark) embedded in the audio tracks by the owner of the copy-
right that indicate how and where they are to be used. 

When such a movie is played back on a player with C*****a detection the players firmware will detect the watermark and check if the device has been authorized for the watermark. If there isn't authorization for the device a message will be displayed saying that the content is protected by C*****a and not authorized for playback on the device. C*****a DRM has been added to all new BD players beginning the first quarter, 2010.[1]

This patch will let you playback your *LEGIT* movie copies, without C*****a interrupting, and is provided for educational purposes only.
We're not at all responsible if your TV/BD explodes!

B-FIRHTBEUC 1016.3 exedsp cynavia free.png

© theos0o

Patching exeDSP

1. Prepare exeDSP
2a. Manually.

Open exeDSP in HEX editor and search for hex string (i use ?? as mask, there can be any symbol instead.):
08 40 2D E9 04 00 50 E3 00 F1 9F 97 ?? ?? 00 EA ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 06 00 A0 E3
Replace three bytes F1 9F 97 to 00 A0 E1. Result must look like:
08 40 2D E9 04 00 50 E3 00 00 A0 E1 ?? ?? 00 EA ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 06 00 A0 E3
N.B! In some firmwares red marked 06 doesn`t exist. Needed to check of 00 or 08 instead of 06 at 37th place of string are proper place to patch... Anyone? :)

2b. FreePatcher. Download it from here.

Just place next to exeDSP and click "start". Normally 18 bytes must be written. If you get 0 bytes written, this means - no address to patch found. Either nothing to patch or string is different and needed to be checked individually. Ask for support on forum.

3. Save patched exeDSP
4. Install modified exeDSP to BD player.

Supported Firmwares

Patch tested and works well on B-FIRHTBEUC_1016.3. Patch expected to work on all FIR* based devices. Checked on IDA, but not tested on devices yet:

B-FIRBP7WWC 1010.0
B-FIRHT7WWC 1012.5




All questions and answers on the SamyGO forum.