C series shell input filtration removal

Here is information about customize your C series firmware..:!:This forum is NOT FOR DUMMY USERS questions or problems but DEVELOPER.

User avatar
juusso
SamyGO Moderator
Posts: 10125
Joined: Sun Mar 07, 2010 6:20 pm

C series shell input filtration removal

Post by juusso » Wed Aug 17, 2011 12:40 pm

Hi,

One of users reported, he found on his C630 TV this:
(spI Debug) :

Code: Select all

0 : Register & Physical Memory Read
1 : Register & Physical Memory Write
I doubt about, because here were researches about that and w/o any success.
As you all know, this firmware is not hacked yet and might enabling shell is the way to do that.
Who could say what address to patch? Remember - we have decrypted kernel to look at.

Edit: I checked exeDSP of T-VAL6DEUC for txt string Physical Memory Write and here isn`t any Memory Write (just read).
But might the menu we are looking for is just hidden, because all menus are in that order:

Code: Select all

0: Register & Physical Memory Read
2: 
And 1: is missing. Might input of 1 isn`t disabled, just hidden somehow...?

Edit2:
===================================================================================
1. Searching for string

Code: Select all

013092E7042082E2040053E10200000A

in kernel of C630 (T-VAL6DEUC-1012), (compared to kernel of B550 )
bml5_B550CIP.zip
, indicates, that address to patch is 0016DAAB or in DRAM:60175AAB (or close to it)
String is not duplicated and found on C630 kernel only once.

2. Rvs2 suggest to path kernel ...

Code: Select all

ROM:0016DA98 E0 1D 9F E5                 LDR     R1, =0xC02FBF9C 
ROM:0016DA9C 01 30 92 E7                 LDR     R3, [R2,R1] 
ROM:0016DAA0 04 20 82 E2                 ADD     R2, R2, #4 
ROM:0016DAA4 04 00 53 E1                 CMP     R3, R4  
ROM:0016DAA8 02 00 00 0A                 BEQ     loc_16DAB8
ROM:0016DAAC 4C 00 52 E3                 CMP     R2, #0x4C ==19
ROM:0016DAB0 2E 03 00 0A                 BEQ     loc_16E770 
ROM:0016DAB4 F7 FF FF EA                 B       loc_16DA98 
All what we need is to patch kernel (change one value over HEX edditor) at address 001EF38B:
original value: 0A
changed value: EA

EDIT: It woks! :)
You do not have the required permissions to view the files attached to this post.
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE

User avatar
erdem_ua
SamyGO Admin
Posts: 3102
Joined: Thu Oct 01, 2009 6:02 am
Location: Istanbul, Turkey
Contact:

Re: C series shell input filtration removal

Post by erdem_ua » Wed Aug 17, 2011 1:52 pm

WoW, it's good. :)
I think it's could be publicated. Also in wiki.

User avatar
juusso
SamyGO Moderator
Posts: 10125
Joined: Sun Mar 07, 2010 6:20 pm

Re: C series shell input filtration removal

Post by juusso » Wed Aug 17, 2011 2:05 pm

I can confirm it works 100%. Tested with T-VALDEUC, VAL6DEUC, VALAUSC.
You do not have the required permissions to view the files attached to this post.
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE

tempinbox
Posts: 317
Joined: Wed May 11, 2011 7:00 pm

Re: C series shell input filtration removal

Post by tempinbox » Sat Oct 13, 2012 1:02 pm

How to do this and get full console over exlink?
I tried various method but withouth success could someone explain me how to get the full consolle? my tv is t-valdeuc
fw 3015. please help

User avatar
juusso
SamyGO Moderator
Posts: 10125
Joined: Sun Mar 07, 2010 6:20 pm

Re: C series shell input filtration removal

Post by juusso » Sun Oct 14, 2012 5:03 pm

1. Need patched kernel (from T-VALDEUC, not from val6!).
2. Need to calculate proper hash of patched and create sign0 (or sign1) partition image.
3. flash over telnet kernel and signature partition.

If you give me dumps:
Connect USB, check if it mounts as sda1, if not, correct commands below:
One by one.

Code: Select all

bml.dump /dev/bml0/9 /dtv/usb/sda1/bml9
bml.dump /dev/bml0/10 /dtv/usb/sda1/bml10
cat /proc/cmdline > /dtv/usb/sda1/cmdline
Attach those three files here pls, i`ll give you patched kernel and signature files + instructions ;)
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE

E3V3A
Posts: 247
Joined: Wed Oct 31, 2012 2:31 am
Location: /dev/zero

Re: C series shell input filtration removal

Post by E3V3A » Thu Dec 06, 2012 11:05 am

I'd like to try this kernel patching on the ES model.
I tried with the exeDSP, but I see you're using "Image" here. Which should I use?
Any suggestions?
HW: UE40ES5700SXXH
FW: T-MST10PDEUC-1029.0 Onboot: 1003

User avatar
juusso
SamyGO Moderator
Posts: 10125
Joined: Sun Mar 07, 2010 6:20 pm

Re: C series shell input filtration removal

Post by juusso » Sat Dec 08, 2012 9:25 am

But keep in mind, you have not only patch kernel, but also correct hashes to don`t get TV bricked. AFAIK this way to patch is valid for VAL* family.
Sure you can check kernel sources on IDA and check what is address to patch. By the way - memory write option is removed/hidden, so how else do you plan to patch kernel, than reflash needed images using telnet. If you aren`t ready to bring TV to service repair, don`t do this. I told you already about all dangerous stuff Samsung made to prevent firmware modifications.
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE

E3V3A
Posts: 247
Joined: Wed Oct 31, 2012 2:31 am
Location: /dev/zero

Re: C series shell input filtration removal

Post by E3V3A » Wed Dec 12, 2012 2:32 am

I have moved all my ES series shell patching discussion to this thread:
[DEV] Full Shell Access (ES 5/6 series) [wanted]

PS. I was able to use devmem once ... then it stopped working. :/
HW: UE40ES5700SXXH
FW: T-MST10PDEUC-1029.0 Onboot: 1003

tempinbox
Posts: 317
Joined: Wed May 11, 2011 7:00 pm

Re: C series shell input filtration removal

Post by tempinbox » Thu Jan 03, 2013 7:38 pm

juuso wrote:1. Need patched kernel (from T-VALDEUC, not from val6!).
2. Need to calculate proper hash of patched and create sign0 (or sign1) partition image.
3. flash over telnet kernel and signature partition.

If you give me dumps:
Connect USB, check if it mounts as sda1, if not, correct commands below:
One by one.

Code: Select all

bml.dump /dev/bml0/9 /dtv/usb/sda1/bml9
bml.dump /dev/bml0/10 /dtv/usb/sda1/bml10
cat /proc/cmdline > /dtv/usb/sda1/cmdline
Attach those three files here pls, i`ll give you patched kernel and signature files + instructions ;)
i try to do the dump but i get

Code: Select all

/mtd_rwarea/sh: bml.dump: not found
so how i can do this?
i also try the patch serial_unlock_arm.SGO_ext.tar but it seems not work on serial shell of tdm

Code: Select all

dtv/usb/sda1/SamyGO/etc/init.d # ./01_01_serial_unlock.init start
/dtv/usb/sda1/SamyGO/etc/init.d # RVR DRM Code not Found! or alredy Disabled , Suck Samsung

but after that i can input only 123456789abcdef

User avatar
juusso
SamyGO Moderator
Posts: 10125
Joined: Sun Mar 07, 2010 6:20 pm

Re: C series shell input filtration removal

Post by juusso » Fri Jan 04, 2013 8:30 am

Just checked, here is no bml.dump tool on your TV. Not big problem, use dd instead:

Code: Select all

dd if=/dev/bml0/9 of=/dtv/usb/sda1/bml9.dmp
dd if=/dev/bml0/10 of=/dtv/usb/sda1/bml10.dmp
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE

Post Reply

Return to “[C] Firmware”