Support developing a patch

Ideas and dreaming about C series TV will go this forum.
Post Reply

Neoplane
Posts: 9
Joined: Thu Apr 12, 2012 3:38 pm

Support developing a patch

Post by Neoplane » Fri Sep 02, 2016 12:17 pm

Hello everyone!

I was trying to debug some strange behaviour that I have with Internet@TV (I'm getting network interference message in almost all widgets), so I tried to modify .js files from widget manager and find out that, everytime that I modify something in widget manager, it gets reinstalled, overriding my changes. I've find out where to patch this behaviour, and I'm trying to create a patch injectable using samygoso, but I cannot find how to write the proper change on memory...

In GDB I patch by

Code: Select all

set {long int}0x016f3768 = 0xe3530001
I've create a lib that currently is able to find the proper point to patch, by:
SpoilerShow

Code: Select all

	unsigned long int *cur_addr,*addr;
	addr = (long int*)*hCTX.CNNaviAppBase_t_VerifyWM;
	log("Starting to search at: @0x%08x\n",addr);
	for(cur_addr=addr;cur_addr<addr+0x1000;cur_addr++)
	{
		if(*cur_addr == CMP_R3_0)
		{
			log("Found point to patch at: @0x%08x\n",cur_addr);
			log("Actual memory value: @0x%08x\n",*cur_addr);
			*(long int*)cur_addr = 0xE3530001; //CMP_R3_1
			log("After patch value is: @0x%08x\n",*cur_addr);
			break;
		}
	}
And the logs output that I'm getting is:
SpoilerShow

Code: Select all

[blockInfolinkUpdate] Found _ZN16CPluginInterface13GetSupportPIGEv location at: 0x01700af4
[blockInfolinkUpdate] Found _fini location at: 0x01ac19a0
[blockInfolinkUpdate] text range: @0x016f6af4 -> @0x016a6af4
[blockInfolinkUpdate] rodata range: @0x01ac19a0 -> @0x0a2c19a0
[blockInfolinkUpdate] Found t_VerifyWM at @0x016f3744
[blockInfolinkUpdate] Found _ZN13CNNaviAppBase10t_VerifyWMEv at: 0x016f3728
[blockInfolinkUpdate] _ZN13CNNaviAppBase10t_VerifyWMEv [0x16f3728].
[blockInfolinkUpdate] TV Model: C Series
[blockInfolinkUpdate] Starting to search at: @0x016f3728
[blockInfolinkUpdate] Found point to patch at: @0x016f3768
[blockInfolinkUpdate] Actual memory value: @0xe3530000
And exeDSP crashes, but I cannot find why, as dmesg gets totally filled with trash and I don't have an EXLink cable (I'll make one soon I think :lol: )...
I assume that my problem is how I'm writting to memory, maybe a problem with types... but I'm totally a noob in C thus, someone have a clue where it's my error?

Thanks!!!

sectroyer
Official SamyGO Developer
Posts: 5643
Joined: Wed May 04, 2011 5:10 pm

Re: Support developing a patch

Post by sectroyer » Fri Sep 02, 2016 10:09 pm

you have to mprotect from lib :)
I do NOT support "latest fw" at ALL. If you have one you should block updates on router and wait for it to STOP being "latest":)
If you want me to help you please paste FULL log(s) to "spoiler"/"code" bbcodes or provide link(s) to pasted file(s) on http://ctrlv.it/ Otherwise "NO HELP"!!!
If you want root DISABLE internet access to your device!!!!
DO NOT EVER INSTALL FIRMWARE UPGRADE !!!!

Neoplane
Posts: 9
Joined: Thu Apr 12, 2012 3:38 pm

Re: Support developing a patch

Post by Neoplane » Tue Sep 06, 2016 6:01 pm

You're the man! Got it working by using mprotect.

I will clean a bit the patch and publish it soon.

Thanks for your support sectroyer!

Post Reply

Return to “[C] Brainstorm”