Patched firmware


From SamyGO
Revision as of 13:25, 2 January 2013 by Juzis28 (talk | contribs) (File:Cinavia_logo.gif)
Jump to: navigation, search

Work in progress!

SamyGO DNS service

Is used only for Firmware downgrade and Patched firmware installation on C/D/E series for supported models only. You further acknowledge and agree that we are not responsible or liable, directly nor indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such Content, site or resource.

Precheck:
If you never touched OTN in service menu there is no reason to change anything now. You can skip this step!!!!!

  • Access Service menu
  • Enter the Control-SubOption menu and set the values:
  • OTN to enabled.
  • OTN type operating

Caution! RC Keys Up&Down arrows make selections, while Right&Left arrows make changes. You needed to backup previous value before changing any option. Some options cannot be reverted once changed. The service menu has a protected 'advanced' submenu. Press the 0 button four times on advanced to enter the hidden menu. Before touching any setting, please note the original value. The menu settings are listed (with their default values?) in the Service Manuals.

Installing firmware

  • Set dns (depends on you network setup on tv or/and on your router) to:

Develop ip.png

  • Switch tv off and on again
  • Check from tv's menu for firmware update via internet
  • Install firmware if it detects one

Notes:

  • If you get an error at ~90% of install process turn tv off for ~3min and try again
  • If no firmware are shown -> report it (not to Samsung but here in SUPPORT forum)
  • Set your dns back to normal operational (if you don't do this your device will be banned after 2 days on server due senseless filling up of logfiles)
  • Turn tv off and on again
  • Don't forget to disable further firmware updates!!! (Samsung won't make any technical improvements in new firmwares)

B series TV`s

To be updated

C series TV`s

T-VAL6DEUC

1. Original firmware: T-VAL6DEUC-1016.0
2. Features:

  • Execute own script during TV boot: (from root of fat32 formatted usb.)
/SamyGO/rcSGO
  • Full unrestricted shell trough Exlink (Symbol filtration at kernel level removed)
  • Custom autostart - for advanced users only!. Ask on forum!

3. Installation:
Use SamyGO DNS service to get patched firmware installed.
4. How to use:
To have SamyGO running on TV, You should download, extract (and overwrite existing files):

1. SamyGO-All-Extensions-v0.03.6-r12-for-T-VALDEUC-20110103184650
2. SamyGO-All-Extensions-Bugfix-v0.03.6-r15-for-valencia-20111001120232
3. SamyGO-libs-T-VALDEUC-20110123101934
4. SamyGO-All-Modules-v0.03.7-r01-for-armv7a_valencia_DEV-T-VAL6DEUC-20110912071317.zip

Required files are to be downloaded from download area

T-VALAUSC

Original firmware: T-VALAUSC-1035.0
Features, installation and usage: same as T-VAL6DEUC, except you don`t need modules from VAL6DEUC (p.4)

D series TV`s

To be updated

E series TV`s

T-MST10DEUC

T-MST10DEUC-1030.0
To be updated

T-ECPDEUC

T-ECPDEUC-2003.4
To be updated

BluRay players

B-FIRHTBEUC

B-FIRHTBEUC-1016.3
To be updated

exeDSP Patches

Cinavia logo.gif

A Digital Rights Management (DRM) system utilizing audio watermaking technology created by verance that can detect when an illegal
movie download / pirate DVD is being played on a PlayStation 3 (PS3) console and modern Blu-ray stand-alone players on  the market.
Content protected by this technology carry inaudible codes (the watermark) embedded in the audio tracks by the owner of the copy-
right that indicate how and where they are to be used. 

When such a movie is played back on a player with Cinavia detection the players firmware will detect the watermark and check if the device has been authorized for the watermark. If there isn't authorization for the device a message will be displayed saying that the content is protected by Cinavia and not authorized for playback on the device. Cinavia DRM has been added to all new BD players beginning the first quarter, 2010.[1]

This patch will let you playback your *LEGIT* movie copies, without Cinavia interrupting, and is provided for educational purposes only.
We're not at all responsible if your TV/BD explodes!

B-FIRHTBEUC 1016.3 exedsp cynavia free.png

© theos0o


Patching exeDSP

1. Root your device using DNS trick
2. Download firmware from Samsung support page
3. Decrypt firmware with SamyGO Firmware patcher (example):

SamyGO.py decrypt_all ./B-FIRHRTBEUC

4. Extract exeDSP binary from decrypted exe.img. Here are different ways to do that, you can mount exe.img as squashfs image file or open it in 7zip
5. Open exeDSP in HEX editor and search for hex string:

10 80 BD E8 08 40 2D E9 04 00 50 E3 00 F1 9F 97

Replace last three bytes (F1 9F 97) to 00 A0 E1. Result must look like:

10 80 BD E8 08 40 2D E9 04 00 50 E3 00 00 A0 E1 

6. Save patched exeDSP

Installing patched exeDSP
1. Make sure you have FTP and shell (netcat) access
2. Copy your patched exeDSP into /mtd_rwarea folder
3. Connect through netcat and apply proper permissions to it, for example:

chmod 755 /mtd_rwarea/exeDSP

4. Connect through FTP and copy /mtd_exe/rc.local to your PC
5. Rename it (on your PC) to user.sh
6. Open it for editing (on your PC of course!), using your favorite editor, eg. Notepad++, AkelPad, UltraEdit. don`t use Notepad, winword, wordpad!
7. Find the line where original exeDSP is started, example:

cd /mtd_exe
sysctl -w kernel.msgmni=64
./exeDSP

8. Add BEFORE these lines the following line:

mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP

So it should be like this:

mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP
cd /mtd_exe
sysctl -w kernel.msgmni=64
./exeDSP

9. If you want to be 100% safe, add the following line:

mv /mtd_rwarea/user.sh /mtd_rwarea/user.sh.safe

before the previous block, example:

if [ -e /mtd_rocommon/watermark_set ]; then
	echo "watermark_set flag exists"
fi

echo "B-FIRHTBEUC" > /dtv/info
echo 7 4 1 7 > /proc/sys/kernel/printk

mv /mtd_rwarea/user.sh /mtd_rwarea/user.sh.safe 

if [ -e /mtd_rwarea/myBoot.sh ]; then
	/mtd_rwarea/myBoot.sh
else
	mount -o bind /mtd_rwarea/exeDSP /mtd_exe/exeDSP 
	cd /mtd_exe
	sysctl -w kernel.msgmni=64
	./exeDSP
fi

This will make the script execute only once, so if it doesn't work and the device doesn't boot, a reboot will fix the problems!
After you ensure it works good, you should remove that line, and name the file user.sh on the device, so that it always executes and loads your patched exeDSP.

10. Save script ANSI encoding, copy it into /mtd_rwarea
11. Apply proper permissions to it, example:

chmod +x /mtd_rwarea/user.sh

12. Reboot your device and pray :)


Patch tested and works well on B-FIRHTBEUC_1016.3. Patch expected to work on all FIR* based devices. Checked on IDA, but not tested on devices yet:

B-FIRBPEWWC 1053.2
B-FIRHRDEUC-1012.0
B-FIRURDEUC 1012.0
B-FIRBP7WWC 1010.0
B-FIRHTSWWC 1012.5
B-FIRHT7WWC 1012.5
B-FIRBSPWWC 1011.0



References

Related samygo.tv forum topics:

  1. [B series]
  2. C series
  3. D series
  4. E series
  5. BluRay players