T-VALDEUC Firmware AES key :)
Re: T-VALDEUC Firmware AES key :)
Yes, mirsev, you`re right. But here is one limitations - does not work on lthe latest firmware, because TV does not accept the same firmware twice, just version higher.
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
Re: T-VALDEUC Firmware AES key :)
What is the problem to mark the modified firmware as higher version?juuso wrote:Yes, mirsev, you`re right. But here is one limitations - does not work on lthe latest firmware, because TV does not accept the same firmware twice, just version higher.
Re: T-VALDEUC Firmware AES key :)
mirsev wrote:Hi, I don't understand, if you can decrypt and encrypt back firmware, why don't you just install telnetd, ftpd, and/or sshd and their startup scripts on the decrypted rootfs or mtd_exe, build new squashfs, rewrite hashes, encrypt firmware back and flash it by standard way? Is there problem do do that?card2000 wrote:i know what u mean, but dont worry about this , will be also posible to do by widget, just the one point that needs to be done, in code is litelbit fuzzy to reverse it complete but will be done!!!Code: Select all
Denny, yes, your way is good! But we need hack TV first to get telnet access. New 3009 firmwares do not allow make hotel mode hack.
look, if someone alredy update 3009 he even can not do anything with modified firmware coz he can not disable rsa check coz it is in exeDSP and we dont have private key, so no way except widget way and i am 1000% sure it can be done coz i have for cmk private rsa key! .
Denny
and what do you think about RSA firmware verify and DSA firmware verify functions whitch are still enabled in your current running exeDSP by doing standard way ?
Denny
Last edited by Denny on Fri May 13, 2011 6:14 pm, edited 1 time in total.
Denny - 데니 - 丹尼 (card2000)
UE55C8000 UE55D8000 UE32D6510 BD-C9600 3xDM8000
Reversing HW Demux Drivers and API from Samsung´s TV
UE55C8000 UE55D8000 UE32D6510 BD-C9600 3xDM8000
Reversing HW Demux Drivers and API from Samsung´s TV
Re: T-VALDEUC Firmware AES key :)
Then ok. Could you explane how?mirsev wrote:What is the problem to mark the modified firmware as higher version?
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
Re: T-VALDEUC Firmware AES key :)
juuso , by manual way, there is no care whitch is actual active fw version, you just flash unused parition and swap to it.
i alredy swaped from 3005 to 3003 in TV... so no problem
Denny
i alredy swaped from 3005 to 3003 in TV... so no problem
Denny
Denny - 데니 - 丹尼 (card2000)
UE55C8000 UE55D8000 UE32D6510 BD-C9600 3xDM8000
Reversing HW Demux Drivers and API from Samsung´s TV
UE55C8000 UE55D8000 UE32D6510 BD-C9600 3xDM8000
Reversing HW Demux Drivers and API from Samsung´s TV
Re: T-VALDEUC Firmware AES key :)
You want to say, it works on TV
lol. Now i understand...
lol. Now i understand...
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
Re: T-VALDEUC Firmware AES key :)
How? Flashing your own modified encrypted firmware, so that TV accepted it as its native Samsung firmware? Or, by flashing partitions from inside TV, for which TV must be hacked?card2000 wrote:juuso , by manual way, there is no care whitch is actual active fw version, you just flash unused parition and swap to it.
i alredy swaped from 3005 to 3003 in TV... so no problem :)
Re: T-VALDEUC Firmware AES key :)
i think, Denny made the same trick as with BD player - mounted partition as read write from inside of pre-hacked TV and changed it. For downgrading - tool for hash calculation and writing to right places is already done if i understand correctly
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
Re: T-VALDEUC Firmware AES key :)
juuso u understand i well correct and it is not a trick, it just folow asm code reversed from exeDSP ,
and same is Samsung doing inside FW update routines except that they do more steps like rsa verify and dsa verfy and show you this in OSD and our tool will do all in Console , that is all magic .
mirsev now i am with plain files direct flashing like BD player , later on, tool should do all job (decrypt - mount- modify - flash).
so, again, GUI Flashing, or GUI Firmware upgrade , you can do only!!!! :
if you have signed crypted firmware or in alredy changed exeDSP the verify points are disabled, whitch is realy not need to do.
Denny
and same is Samsung doing inside FW update routines except that they do more steps like rsa verify and dsa verfy and show you this in OSD and our tool will do all in Console , that is all magic .
mirsev now i am with plain files direct flashing like BD player , later on, tool should do all job (decrypt - mount- modify - flash).
so, again, GUI Flashing, or GUI Firmware upgrade , you can do only!!!! :
if you have signed crypted firmware or in alredy changed exeDSP the verify points are disabled, whitch is realy not need to do.
Denny
Denny - 데니 - 丹尼 (card2000)
UE55C8000 UE55D8000 UE32D6510 BD-C9600 3xDM8000
Reversing HW Demux Drivers and API from Samsung´s TV
UE55C8000 UE55D8000 UE32D6510 BD-C9600 3xDM8000
Reversing HW Demux Drivers and API from Samsung´s TV
Re: T-VALDEUC Firmware AES key :)
We need something... to patch firmware and avoid RSA checks. Is it possible somehow? By following SWU upgrade procedure on IDA (as you`ve made)? Now unhackable TV`s are still unhackable and as you know, T-VALDEUC 3009 is restricting HotelMode hack. Ideal case could be: virgin TV accepts our patched firmware and it opens the gates. We need work on this and the main question still remains open - how to avoid RSA check by patching firmware or by running some widget. Sorry if i`m repeating my self
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]
DO NOT EVER INSTALL FIRMWARE UPGRADE