Forced revert back to older firmware


From SamyGO
Revision as of 13:34, 12 June 2010 by Erdem ua (talk | contribs)
Jump to: navigation, search

This is procedure for reverting back to an older firmware. It can help you if you upgraded TV to latest firmware accidentally or buy TV with allready latest firmware, however it only works for TV which support Content Library.

Samy horse.jpg

Enabling Telnet

With the latest firmware, Samsung disabled both Ex-Link console connection and external applications probably to stopping us. So you cannot create telnet connection to TV because you cannot use Telnet Enabler application. If you copied Telnet Application to TV's flash memory before you are lucky. But if you didn't please don't cry, here is the solution.


Trojan Horse

Historically: Trojan is a giant horse that has hidden soldiers in it and it was used first at Troya A.D.2500-3000, which is in Çanakkale, Turkey now. Soldiers leave a huge wooden horse behind them as a gift and fade away... Enemies take that giant horse inside of city walls. But when the night comes, soldiers hidden in the horse get out and open the gates... :)


First you need enable (if not allready) copy/remove feature in Content Library Manager.

  • Enter Service Menu ( quickly push [INFO] [MENU] [MUTE] [POWER] on your remote control )
  • Change setting (Control -> Sub Option -> Wiselink Write -> On )
  • Download SamyGO Telnet Enabler Trojan.
  • Unpack and copy telnet-enabler folder to root USB and plug in to TV.
  • Enter Content Library Manager -> Select USB -> Select Children category.
  • Use Copy function on TV to copy Telnet Enabler as Trojan content to TV internal flash.
  • Return back to main manu in Content Library Manager and select again Children but from TV flash contents this time.
  • Run Run this Telnet Enabler to enable telnet access (or open the gates :) ).

Forcing to Enable Alternative Firmware if you upgraded to latest firmware (CI and CI+)

After some firmware upgrades, Samsung disable reverting firmware back to older state. Actually we were using as a solution for that, flashing mtd_exe and mtd_appdata partitions via manual flashing procedure over telnet connection, enabled with Telnet Enabler application.

Instead of flashing dump of older firmware over actually used partition which is risky, we can switch to older firmware via this simple hack. This way is safer than other approaches. Code bellow unhides alternative firmware in TV.

Notice: These code lines are as an example for B650-B750 devices, so firmware name contains T-CHL7DEUC, for other TV's you need to use corresponding version string of previously installed firmware and corresponding missing Version file (Version.0 or Version.1)!!!

localhost login: root
-sh: id: not found
# cd mtd_rwarea/
# ls -l Version.*
-rwxr-xr-x    1 root     0              44 Jan  1  1980 Version.1
# cat Version.1
SWU_T-CHL7DEUC_003000_I02_EK000DK000_100125
# echo SWU_T-CHL7DEUC_002004_I02_ES000DS000_090816 > Version.0
# ls -l Version.*
-rwxr-xr-x    1 root     0              44 Jan  1 00:00 Version.0
-rwxr-xr-x    1 root     0              44 Jan  1  1980 Version.1
# cat Version.*
SWU_T-CHL7DEUC_002004_I02_ES000DS000_090816
SWU_T-CHL7DEUC_003000_I02_EK000DK000_100125
#

After this, disabled "Alternative Firmware" selection in standard TV's Support / Software Upgrade Menu becomes enabled and populated again. You can switch to previously flashed firmware and then flash some safe firmware over the latest firmware which has restrictions.

Flash older firmware on new TV (CI only) with latest firmware

  • For safety reasons enable ex-link and turn off watchdog in service menu.
  • Install python on your computer if not yet installed.
  • Download one of below firmwares used by your TV.
  • Download SamyGO Firmware Decrypter.
  • Unpack firmware to some directory.
  • Copy SamyGO Firmware Decrypter to unpacked firmware directory.
  • Run shell/cmdline and change directory to unpacked firmware.
  • Run Decrypter:
python "SamyGO Firmware Decrypter"
  • After it successfully finished you will have two decrypted files in image folder: appdata.img and exe.img.
  • Copy that two files into USB drive.
  • Plug USB drive into TV.
  • Telnet to TV.

Notice: These code lines below are as an example for B650-B750 devices, so firmware name contains T-CHL7DEUC and specific versions IDs!!!

# cd /mtd_rwarea/
# ls -l Version.*

You should have this:

-rwxr-xr-x    1 root     0              44 Jan  1  1980 Version.1

or

-rwxr-xr-x    1 root     0              44 Jan  1  1980 Version.0

First case we call it now 1 and second 2 and you proceed only one of them.

---1---

# echo SWU_T-CHL7DEUC_002004_I02_ES000DS000_090816 > Version.0
# bml.restore /dev/bml0/8 /dtv/usb/sda1/exe.img
# bml.restore /dev/bml0/9 /dtv/usb/sda1/appdata.img

Now lets verify it:

# mkdir /dtv/test
# mount -t auto /dev/tbml8 /dtv/test

If there are not errors unmount it.

# umount /dtv/test

And test second:

# mount -t auto /dev/tbml9 /dtv/test

If there are not errors unmount it.

# umount /dtv/test

Checks if version file is ok:

# ls -l Version.0
SWU_T-CHL7DEUC_003000_I02_EK000DK000_100125

---2---

# echo SWU_T-CHL7DEUC_002004_I02_ES000DS000_090816 > Version.1
# bml.restore /dev/bml0/10 /dtv/usb/sda1/exe.img
# bml.restore /dev/bml0/11 /dtv/usb/sda1/appdata.img

Now lets verify it:

# mkdir /dtv/test
# mount -t auto /dev/tbml10 /dtv/test

If there are not errors unmount it.

# umount /dtv/test

And test second:

# mount -t auto /dev/tbml11 /dtv/test

If there are not errors unmount it.

# umount /dtv/test

Checks if version file is ok:

# ls -l Version.1
SWU_T-CHL7DEUC_003000_I02_EK000DK000_100125

After this, disabled "Alternative Firmware" selection in standard TV's Support / Software Upgrade Menu becomes enabled and populated again. You can switch to previously flashed firmware and then flash some safe firmware over the latest firmware which has restrictions.

List Firmware links, versions and their ids

T-CHE7AUSC - 1013.0
SWU_T-CHE7AUSC_001013_I02_ES000DS000_090914
http://downloadcenter.samsung.com/content/FM/200909/20090922135709687/2009_DTV_2G_firmware.exe
T-CHEAUSC - 1012.3
SWU_T-CHEAUSC_001012_I02_ES000DS000_090907
http://downloadcenter.samsung.com/content/FM/200909/20090922132250765/2009_DTV_1G_firmware.exe
T-CHL6CIPDSEUC - 1008.0
SWU_T-CHL6CIPDSEUC_001008_I03_ES000DS000TS000_091112
T-CHL7DAUC - 2001.1
SWU_T-CHL7DAUC_002001_I02_ES000DS000_090921
http://downloadcenter.samsung.com/content/FM/200911/20091127101733312/T-CHL7DAUC.exe
T-CHL7DEUC - 2005.0
SWU_T-CHL7DEUC_002005_I02_ES000DS000_090930
http://downloadcenter.samsung.com/content/FM/200910/20091030222802906/T-CHL7DEUC.exe
T-CHLCIPDEUC - 2006.0
SWU_T-CHLCIPDEUC_002006_I02_ES000DS000_091112
T-CHU7DAUC - 1008.0
SWU_T-CHU7DAUC_001008_I02_ES000DS000_090701
http://downloadcenter.samsung.com/content/FM/200908/20090806125546515/T-CHU7DAUC.exe
T-CHU7DEUC - 3000.G
SWU_T-CHU7DEUC_003000_I02_ES000DS000_091111
http://downloadcenter.samsung.com/content/FM/200911/20091124161213125/T-CHU7DEUC.exe
T-CHUCIPDEUC - 3000.0
SWU_T-CHUCIPDEUC_003000_I02_ES000DS000_091112