Difference between revisions of "ExeDSP modifications"


From SamyGO
Jump to: navigation, search
(Just exe.img is enough. Not needed to decrypt other files.)
m (Upcoming patches)
 
(26 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
Article describes how to prepare and test your own patched firmware for BD-Player.
 
Article describes how to prepare and test your own patched firmware for BD-Player.
 
== Preparing device and firmware ==
 
== Preparing device and firmware ==
1. Root your device using [[Patched_firmware#SamyGO_DNS_service | DNS trick]]<br>
+
1. Root your device using '''[[Patched_firmware#SamyGO_DNS_service | DNS trick]]'''<br>
 
2. Download firmware from Samsung support page<br>
 
2. Download firmware from Samsung support page<br>
3. Decrypt firmware with [http://sourceforge.net/p/samygo/code/1245/tree/patcher/trunk SamyGO Firmware patcher] (example):
+
3. Decrypt firmware with '''[http://sourceforge.net/p/samygo/code/1246/tree/patcher/trunk SamyGO Firmware patcher]''' (example):
 
  SamyGO.py decrypt ./B-FIRHRTBEUC
 
  SamyGO.py decrypt ./B-FIRHRTBEUC
 
4. Extract exeDSP binary from decrypted exe.img. Here are different ways to do that, you can mount exe.img as squashfs image file or open it in 7zip<br>
 
4. Extract exeDSP binary from decrypted exe.img. Here are different ways to do that, you can mount exe.img as squashfs image file or open it in 7zip<br>
Line 9: Line 9:
 
==[[ExeDSP_modifications#exeDSP_Patches | Available patches]]==
 
==[[ExeDSP_modifications#exeDSP_Patches | Available patches]]==
  
* [[ExeDSP_modifications#Free_Patch | Cinavia Free Patch]]
+
* '''[[ExeDSP_modifications#Free_Patch | C-Free Patch]]'''
 
* To be updated
 
* To be updated
 
* To be updated
 
* To be updated
 +
 
==Installing patched exeDSP==
 
==Installing patched exeDSP==
 
1. Make sure you have FTP and shell (netcat) access<br>
 
1. Make sure you have FTP and shell (netcat) access<br>
Line 31: Line 32:
 
  sysctl -w kernel.msgmni=64
 
  sysctl -w kernel.msgmni=64
 
  ./exeDSP
 
  ./exeDSP
9. {{red|'''If you want to be 100% safe, add the following line:'''}}
+
9. {{red|'''To be 100% safe, add the following line:'''}}
 
  mv /mtd_rwarea/user.sh /mtd_rwarea/user.sh.safe
 
  mv /mtd_rwarea/user.sh /mtd_rwarea/user.sh.safe
 
{{red|'''before the previous block, example:'''}}
 
{{red|'''before the previous block, example:'''}}
Line 57: Line 58:
 
  chmod +x /mtd_rwarea/user.sh
 
  chmod +x /mtd_rwarea/user.sh
 
12. Reboot your device and pray :)
 
12. Reboot your device and pray :)
 +
 
== '''exeDSP Patches''' ==
 
== '''exeDSP Patches''' ==
 
=== [[File:Cinavia_logo.gif]] Free Patch===
 
=== [[File:Cinavia_logo.gif]] Free Patch===
Line 63: Line 65:
 
  Content protected by this technology carry inaudible codes (the watermark) embedded in the audio tracks by the owner of the copy-
 
  Content protected by this technology carry inaudible codes (the watermark) embedded in the audio tracks by the owner of the copy-
 
  right that indicate how and where they are to be used.  
 
  right that indicate how and where they are to be used.  
{{small | When such a movie is played back on a player with Cinavia detection the players firmware will detect the watermark and check if the device has been authorized for the watermark. If there isn't authorization for the device a message will be displayed saying that the content is protected by Cinavia and not authorized for playback on the device.
+
{{small | When such a movie is played back on a player with C*****a detection the players firmware will detect the watermark and check if the device has been authorized for the watermark. If there isn't authorization for the device a message will be displayed saying that the content is protected by C*****a and not authorized for playback on the device.
Cinavia DRM has been added to all new BD players beginning the first quarter, 2010.[http://www.afterdawn.com/glossary/term.cfm/cinavia]}}
+
C*****a DRM has been added to all new BD players beginning the first quarter, 2010.[http://www.afterdawn.com/glossary/term.cfm/cinavia]}}
  
{{red |'''This patch will let you playback your *LEGIT* movie copies, without Cinavia interrupting, and is provided for educational purposes only.<br/>We're not at all responsible if your TV/BD explodes!'''}}
+
{{red |'''This patch will let you playback your *LEGIT* movie copies, without C*****a interrupting, and is provided for educational purposes only.<br/>We're not at all responsible if your TV/BD explodes!'''}}
 
<br>
 
<br>
 
[[File:B-FIRHTBEUC_1016.3_exedsp_cynavia_free.png]]
 
[[File:B-FIRHTBEUC_1016.3_exedsp_cynavia_free.png]]
Line 73: Line 75:
 
----
 
----
 
==== Patching exeDSP ====
 
==== Patching exeDSP ====
1. [[Patched_firmware#Preparing_device_and_firmware | '''Prepare exeDSP''']]<br>
+
1. [[ExeDSP_modifications#Preparing_device_and_firmware | '''Prepare exeDSP''']]<br>
2. Open exeDSP in HEX editor and search for hex string:
+
'''2a. Manually'''.<br>
  10 80 BD E8 08 40 2D E9 04 00 50 E3 00 {{red|'''F1 9F 97'''}}
+
:Open exeDSP in HEX editor and search for hex string (i use '''??''' as mask, there can be any symbol instead.):
Replace last three bytes ('''F1 9F 97''') to '''00 A0 E1'''. Result must look like:
+
  08 40 2D E9 04 00 50 E3 00 {{red|'''F1 9F 97'''}} ?? ?? 00 EA ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? {{red|06}} 00 A0 E3
  10 80 BD E8 08 40 2D E9 04 00 50 E3 00 {{red|'''00 A0 E1'''}}  
+
:Replace three bytes {{red|'''F1 9F 97'''}} to {{green|'''00 A0 E1'''}}. Result must look like:
 +
  08 40 2D E9 04 00 50 E3 00 {{green|'''00 A0 E1'''}} ?? ?? 00 EA ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? {{red|06}} 00 A0 E3
 +
:'''N.B!''' In some firmwares red marked 06 doesn`t exist. Needed to check of 00 or 08 instead of 06 at 37th place of string are proper place to patch... Anyone? :)<br>
 +
'''2b. FreePatcher'''. Download it from [http://download.samygo.tv/Others/FreePatcher_v0.6.zip here].<br>
 +
:Just place next to exeDSP and click "start". Normally 18 bytes must be written. If you get 0 bytes written, this means - no address to patch found. Either nothing to patch or string is different and needed to be checked individually. Ask for support on forum.
 
3. Save patched exeDSP<br>
 
3. Save patched exeDSP<br>
 
4. [[ExeDSP_modifications#Installing_patched_exeDSP | '''Install modified exeDSP''']] to BD player.
 
4. [[ExeDSP_modifications#Installing_patched_exeDSP | '''Install modified exeDSP''']] to BD player.
Line 90: Line 96:
 
  B-FIRHT7WWC 1012.5
 
  B-FIRHT7WWC 1012.5
 
  B-FIRBSPWWC 1011.0
 
  B-FIRBSPWWC 1011.0
 +
 +
'''{{red|B-ECBHRDEUC 1011.0}}'''
 +
 +
=== other ===
 +
*[[Injectso_patches | Injectable exeDSP patches]] (no need for hardware modifications)
 +
----
  
=== Upcoming patches ===
+
= References =
<Placeholder for other patches>
+
All questions and answers on the '''[http://forum.samygo.tv/viewtopic.php?f=57&t=5275 SamyGO forum]'''.

Latest revision as of 12:15, 11 May 2014

Article describes how to prepare and test your own patched firmware for BD-Player.

Preparing device and firmware

1. Root your device using DNS trick
2. Download firmware from Samsung support page
3. Decrypt firmware with SamyGO Firmware patcher (example):

SamyGO.py decrypt ./B-FIRHRTBEUC

4. Extract exeDSP binary from decrypted exe.img. Here are different ways to do that, you can mount exe.img as squashfs image file or open it in 7zip

Available patches

Installing patched exeDSP

1. Make sure you have FTP and shell (netcat) access
2. Copy your patched exeDSP into /mtd_rwarea folder
3. Connect through netcat and apply proper permissions to it, for example:

chmod 755 /mtd_rwarea/exeDSP

4. Connect through FTP and copy /mtd_exe/rc.local to your PC
5. Rename it (on your PC) to user.sh
6. Open it for editing (on your PC of course!), using your favorite editor, eg. Notepad++, AkelPad, UltraEdit. don`t use Notepad, winword, wordpad!
7. Find the line where original exeDSP is started, example:

cd /mtd_exe
sysctl -w kernel.msgmni=64
./exeDSP

8. Add BEFORE these lines the following line:

mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP

So it should be like this:

mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP
cd /mtd_exe
sysctl -w kernel.msgmni=64
./exeDSP

9. To be 100% safe, add the following line:

mv /mtd_rwarea/user.sh /mtd_rwarea/user.sh.safe

before the previous block, example:

if [ -e /mtd_rocommon/watermark_set ]; then
	echo "watermark_set flag exists"
fi

echo "B-FIRHTBEUC" > /dtv/info
echo 7 4 1 7 > /proc/sys/kernel/printk

mv /mtd_rwarea/user.sh /mtd_rwarea/user.sh.safe 

if [ -e /mtd_rwarea/myBoot.sh ]; then
	/mtd_rwarea/myBoot.sh
else
	mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP 
	cd /mtd_exe
	sysctl -w kernel.msgmni=64
	./exeDSP
fi

This will make the script execute only once, so if it doesn't work and the device doesn't boot, a reboot will fix the problems!
After you ensure it works good, you should remove that line, and name the file user.sh on the device, so that it always executes and loads your patched exeDSP.

10. Save script ANSI encoding, copy it into /mtd_rwarea
11. Apply proper permissions to it, example:

chmod +x /mtd_rwarea/user.sh

12. Reboot your device and pray :)

exeDSP Patches

Cinavia logo.gif Free Patch

A Digital Rights Management (DRM) system utilizing audio watermaking technology created by verance that can detect when an illegal
movie download / pirate DVD is being played on a PlayStation 3 (PS3) console and modern Blu-ray stand-alone players on  the market.
Content protected by this technology carry inaudible codes (the watermark) embedded in the audio tracks by the owner of the copy-
right that indicate how and where they are to be used. 

When such a movie is played back on a player with C*****a detection the players firmware will detect the watermark and check if the device has been authorized for the watermark. If there isn't authorization for the device a message will be displayed saying that the content is protected by C*****a and not authorized for playback on the device. C*****a DRM has been added to all new BD players beginning the first quarter, 2010.[1]

This patch will let you playback your *LEGIT* movie copies, without C*****a interrupting, and is provided for educational purposes only.
We're not at all responsible if your TV/BD explodes!

B-FIRHTBEUC 1016.3 exedsp cynavia free.png

© theos0o


Patching exeDSP

1. Prepare exeDSP
2a. Manually.

Open exeDSP in HEX editor and search for hex string (i use ?? as mask, there can be any symbol instead.):
08 40 2D E9 04 00 50 E3 00 F1 9F 97 ?? ?? 00 EA ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 06 00 A0 E3
Replace three bytes F1 9F 97 to 00 A0 E1. Result must look like:
08 40 2D E9 04 00 50 E3 00 00 A0 E1 ?? ?? 00 EA ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 06 00 A0 E3
N.B! In some firmwares red marked 06 doesn`t exist. Needed to check of 00 or 08 instead of 06 at 37th place of string are proper place to patch... Anyone? :)

2b. FreePatcher. Download it from here.

Just place next to exeDSP and click "start". Normally 18 bytes must be written. If you get 0 bytes written, this means - no address to patch found. Either nothing to patch or string is different and needed to be checked individually. Ask for support on forum.

3. Save patched exeDSP
4. Install modified exeDSP to BD player.

Supported Firmwares

Patch tested and works well on B-FIRHTBEUC_1016.3. Patch expected to work on all FIR* based devices. Checked on IDA, but not tested on devices yet:

B-FIRBPEWWC 1053.2
B-FIRHRDEUC-1012.0
B-FIRURDEUC 1012.0
B-FIRBP7WWC 1010.0
B-FIRHTSWWC 1012.5
B-FIRHT7WWC 1012.5
B-FIRBSPWWC 1011.0

B-ECBHRDEUC 1011.0

other


References

All questions and answers on the SamyGO forum.