Difference between revisions of "Samsung A Series (2008 Model) Hacks"

From SamyGO
Jump to: navigation, search
(Mounting windows shares on LNxxA850 is possible now)
(sh4 stuff moved to Samsung A Series (sh4 CPU) Hacks)
Line 1: Line 1:
==Firmware patching instruction for T-RBYDEU (Models LExxA756, LExxA856, LExxA956/959)==
==T-RBYDEUC and T-AMBDFRC (Models with SH4 CPU)==
For these models you can find the official firmware from Samsung T-RBYDEU in version 1013. THese models are NOT running on an ARM processor, but on the SH4 processor. Therefore the ARM-based hacks and tools won't run!
Moved to [[Samsung A Series (sh4 CPU) Hacks]]
Beyond that, the busybox has a malfunctioning telnet-Deamon compiled in. Therefore it's not that easy to start Telnet on these devices.
So, what you need is an updated BusyBox, a modified exe.img to enable script-starts from USB-Pens and a good USB-Script to start telnet-daemon.
You can find most of the things in the following thread:
Hacking T-RBYDEUC Firmware - LE40A756 and A856
So, what you need to do, to get access to your TV:
1. Modifiy your start.sh in exe.img, either by unpacking and repacking it (see below how to do), or by using a hex-editor.
There are many descriptions how to modify exe.img and to correct the crc-hash. What you need to add to start.sh:
  export LOGNAME="root" [already there]
  cd /dtv/usb
  PATH_USB=`cat log | grep Mount`
  PATH_USB=`echo ${PATH_USB##MountDir : }`
  echo $PATH_USB
  $PATH_USB/usb.sh &
  ## mount -n -t usbfs none /proc/bus/usb
and now I can run scripts (usb.sh) from pendrive. Therefore you need to build (or copy from archive) the folloing script to the root of your pendrive:
  #! /bin/sh
  echo "!!!!!!!!!!!!!! USB START !!!!!!!!!!!!!!"
  /bin/stty -F /dev/ttyAS0 ospeed 57600 ispeed 57600
  #line before enables console for speed 57600. Put 'debug' to console and you see menu, put '12' and ENTER
  echo "!!!!!!!!!!!!!! start console on 57600 !!!!!!!!!!!!!!"
  #sleep 25 (m)sec is need for wait ethernet start
  sleep 25
  cd /dtv/usb
  PU=`cat log | grep Mount`
  PU=`echo ${PU##MountDir : }`
  echo "!!!!!!!!!!!!!! start telnet !!!!!!!!!!!!!!"
  $PU/busybox telnetd -l /bin/sh
  echo "!!!!!!!!!!!!!! start cifs.ko !!!!!!!!!!!!!!"
  cd $PU
  insmod cifs.ko
  sleep 4
  echo "!!!!!!!!!!!!!! clear old contents USB on TV  !!!!!!!!!!!!!!"
  rm /mtd_contents/V* -R
  rm /mtd_contents/database -R
  echo "!!!!!!!!!!!!!! start mount !!!!!!!!!!!!!!"
  mount -t cifs //XXX.XXX.XXX.XXX/photo $PU/photo -o user=user_xp -o pass=password_xp
  mount -t cifs //XXX.XXX.XXX.XXX/mp3 $PU/mp3 -o user=user_xp -o pass=password_xp
  mount -t cifs //XXX.XXX.XXX.XXX/video $PU/video -o user=user_xp -o pass=password_xp
  echo "!!!!!!!!!!!!!! USB END !!!!!!!!!!!!!!"
On pendrive you have to have empty folders: photo, mp3, video and files: usb.sh, cifs.ko (size for my compilation 2707316 bytes), busybox (size for my compilation 992084 bytes)
You can download the whole package here:
==Firmware patching instruction for T-SPHAUSC (Models LNxxA850 and LNxxA860)==
==Firmware patching instruction for T-SPHAUSC (Models LNxxA850 and LNxxA860)==
Line 119: Line 56:
Hacking T-SPHAUSC Firmware - LN52A850 and LN52A860 :
Hacking T-SPHAUSC Firmware - LN52A850 and LN52A860 :
Hacking T-RBYDEUC Firmware - LE40A756 and A856

Revision as of 11:33, 14 March 2010

T-RBYDEUC and T-AMBDFRC (Models with SH4 CPU)

Moved to Samsung A Series (sh4 CPU) Hacks

Firmware patching instruction for T-SPHAUSC (Models LNxxA850 and LNxxA860)

Unfortunately there is no official firmware available on Samsung support web site for LNxxA8xx. For that reason we cannot provide simple patch script. But if you find the files on the internet you can use the following instructions to modify it manually. It seems the latest known firmware version is 1004.

The good news is that firmware files are NOT protected. You will just need to use squashtools v3.0 (not anything higher or lower) to unpack/pack the firmware files. Please don't use 3.1 because it will produce the files which won't be understood by your TV.

1. Unpack image with the following command:

   unsquashfs exe.img

2. Modify squashfs-root/rc.local as this:

   export MAPLE_DEFAULT_PATH=/mtd_cmmlib/InfoLink/lib
   export MAPLE_WIDGET_DATA_PATH=/mtd_down/widgets
   /etc/telnetd_start.sh &
  • "/etc/telnetd_start.sh &" is new line there.

3. Remove or move old exe.img to different location and then run:

   mksquashfs.exe ./squashfs-root exe.img -all-root -nolzma -b 65536 -no-exports

4. Calculate checksum of newly generated image. (see details on SamyGO wiki age)

5. Flash it via "Update Software" TV Menu

  • If you cannot connect with your TV using telnet after patching there is a chance that your firmware is bad. Fortunately TV has two copies of firmware and uses the backup copy to start up.

Starting telnet daemon using Content Library Game menu (aka injection method)

If you cannot patch your firmware or you are just afraid to do that, there is a safer method to start telnet daemon on your TV. You will need to download a package which was made from SamyGO 0.2 extension pack. It was developed and tested on LN52A850 running T-SPHAUSC 1004 firmware. But recently it was confirmed that it works on LNxxA750 running T-RBYAUSC 1012.2 firmware. It might also work on other LNxxAxxx models.

1. Please download the package from here: [1]

2. Please unpack the content of the zip file to the root of USB stick.

3. Then plug it into TV, go to content library on your TV, switch to USB drive using red button and run Telnetd game.

4. After several seconds of color blinking your TV will be running telnetd daemon and you will be able to connect from your PC.

Mounting network drives from your TV (Tested on LNxxA850 using T-SPHAUSC 1004)

  • Mounting NFS unix shares is possible. Please follow the instructions described on this page: [2]
  • Mounting windows shares is also possible now, you need to have cifs.ko kernel module built for the particular linux version installed in these TVs. cifs.ko supplied with SamyGO Extension v0.3 is not compatible. However new version of SamyGO Extensions will include compatible module. So stay tuned.

References to discussion threads

Hacking T-SPHAUSC Firmware - LN52A850 and LN52A860 : [3]