SamyGO

If you weren't going to run it then why did I waste my time looking into it for you?! Next time just say so from the start. The patches it does could quite easily be automated, but the reason I don't do so is so that I can first verify it by looking at a particular kernel to ensure the patches are c...

Had you done anything out of the ordinary before updating? Like changed the model type of the TV in the service manual?

E3V3A: Ok attached is updated source and binaries that should support your kernel.
Use it like this: Hopefully it will work fine first go.
I take no responsibility if it kills your TV

Ah you mean you tried to read the address (0x40000000) in my example? That was just to show how to use it and what the expected output should be. Anyway that dump you got was just what was needed, I now know where in memory it is loaded and so I can look at adding support for your kernel.

The ioctls are just "magic numbers" that the kernel recognises and knows how to respond to. So unless the ioctl number in question is part of some standard, it is indeed just a "magic number". So unless your kernel was built with the ability to understand and know how to respond ...

What is the lag between? Video image and Audio? Or are you playing a game or something where lag is between your controls and the video? "Game Mode" should fix the second case, for the first case there was an option on my tv for audio lag which I was able to set. By default it was set to 1...

exploiting the javascript call to copyfile lets you run commands as root, at which stage you can do whatever you want I guess. the exploit was found by thwalker3 iirc, I just wrapped it in some easy to use javascript code and use some protection against formatting/micom rollback that can occur due t...

I am just running a stock system atm too, when I get some more time I will actually use the info I worked out to create something :) In the meantime I just run scripts via the copyfile exploit using some javascript widget that I wrote to do so safely (ie it removes the /etc/profile dangers). The ups...

Try dumping some areas in kernel text and kernel data, at least 0x100 byte from each area, maybe even 0x1000 bytes from each so I can gauge where stuff gets loaded to.

Hm just reread one of your earlier posts that shows:
40225000-404f6fff : Kernel text
404f8000-4057da1b : Kernel data

So praps it is differnt to the above 0x40xxxxxx address I posted too.