T-VALDEUC Firmware AES key :)

Ideas and dreaming about C series TV will go this forum.

User avatar
juusso
SamyGO Moderator
Posts: 10129
Joined: Sun Mar 07, 2010 6:20 pm

Re: T-VALDEUC Firmware AES key :)

Post by juusso »

Yes, mirsev, you`re right. But here is one limitations - does not work on lthe latest firmware, because TV does not accept the same firmware twice, just version higher.
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE
mirsev
Posts: 48
Joined: Tue Apr 05, 2011 7:58 pm

Re: T-VALDEUC Firmware AES key :)

Post by mirsev »

juuso wrote:Yes, mirsev, you`re right. But here is one limitations - does not work on lthe latest firmware, because TV does not accept the same firmware twice, just version higher.
What is the problem to mark the modified firmware as higher version?
Denny
Official SamyGO Developer
Posts: 350
Joined: Thu Sep 30, 2010 12:18 pm
Location: Croatia

Re: T-VALDEUC Firmware AES key :)

Post by Denny »

mirsev wrote:
card2000 wrote:

Code: Select all

Denny, yes, your way is good! But we need hack TV first to get telnet access. New 3009 firmwares do not allow make hotel mode hack.
i know what u mean, but dont worry about this , will be also posible to do by widget, just the one point that needs to be done, in code is litelbit fuzzy to reverse it complete but will be done!!! :)

look, if someone alredy update 3009 he even can not do anything with modified firmware coz he can not disable rsa check coz it is in exeDSP and we dont have private key, so no way except widget way and i am 1000% sure it can be done coz i have for cmk private rsa key! :D .
Denny
Hi, I don't understand, if you can decrypt and encrypt back firmware, why don't you just install telnetd, ftpd, and/or sshd and their startup scripts on the decrypted rootfs or mtd_exe, build new squashfs, rewrite hashes, encrypt firmware back and flash it by standard way? Is there problem do do that?


and what do you think about RSA firmware verify and DSA firmware verify functions whitch are still enabled in your current running exeDSP by doing standard way ? :oops:


Denny
Last edited by Denny on Fri May 13, 2011 6:14 pm, edited 1 time in total.
Denny - 데니 - 丹尼 (card2000)
UE55C8000 UE55D8000 UE32D6510 BD-C9600 3xDM8000
Reversing HW Demux Drivers and API from Samsung´s TV
User avatar
juusso
SamyGO Moderator
Posts: 10129
Joined: Sun Mar 07, 2010 6:20 pm

Re: T-VALDEUC Firmware AES key :)

Post by juusso »

mirsev wrote:What is the problem to mark the modified firmware as higher version?
Then ok. Could you explane how?
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE
Denny
Official SamyGO Developer
Posts: 350
Joined: Thu Sep 30, 2010 12:18 pm
Location: Croatia

Re: T-VALDEUC Firmware AES key :)

Post by Denny »

juuso , by manual way, there is no care whitch is actual active fw version, you just flash unused parition and swap to it.

i alredy swaped from 3005 to 3003 in TV... so no problem :)

Denny
Denny - 데니 - 丹尼 (card2000)
UE55C8000 UE55D8000 UE32D6510 BD-C9600 3xDM8000
Reversing HW Demux Drivers and API from Samsung´s TV
User avatar
juusso
SamyGO Moderator
Posts: 10129
Joined: Sun Mar 07, 2010 6:20 pm

Re: T-VALDEUC Firmware AES key :)

Post by juusso »

You want to say, it works on TV :)
lol. Now i understand...
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE
mirsev
Posts: 48
Joined: Tue Apr 05, 2011 7:58 pm

Re: T-VALDEUC Firmware AES key :)

Post by mirsev »

card2000 wrote:juuso , by manual way, there is no care whitch is actual active fw version, you just flash unused parition and swap to it.

i alredy swaped from 3005 to 3003 in TV... so no problem :)
How? Flashing your own modified encrypted firmware, so that TV accepted it as its native Samsung firmware? Or, by flashing partitions from inside TV, for which TV must be hacked?
User avatar
juusso
SamyGO Moderator
Posts: 10129
Joined: Sun Mar 07, 2010 6:20 pm

Re: T-VALDEUC Firmware AES key :)

Post by juusso »

i think, Denny made the same trick as with BD player - mounted partition as read write from inside of pre-hacked TV and changed it. For downgrading - tool for hash calculation and writing to right places is already done if i understand correctly ;)
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE
Denny
Official SamyGO Developer
Posts: 350
Joined: Thu Sep 30, 2010 12:18 pm
Location: Croatia

Re: T-VALDEUC Firmware AES key :)

Post by Denny »

juuso u understand i well correct and it is not a trick, it just folow asm code reversed from exeDSP ,
and same is Samsung doing inside FW update routines except that they do more steps like rsa verify and dsa verfy and show you this in OSD and our tool will do all in Console , that is all magic .

mirsev now i am with plain files direct flashing like BD player , later on, tool should do all job (decrypt - mount- modify - flash).

so, again, GUI Flashing, or GUI Firmware upgrade , you can do only!!!! :
if you have signed crypted firmware or in alredy changed exeDSP the verify points are disabled, whitch is realy not need to do.

Denny
Denny - 데니 - 丹尼 (card2000)
UE55C8000 UE55D8000 UE32D6510 BD-C9600 3xDM8000
Reversing HW Demux Drivers and API from Samsung´s TV
User avatar
juusso
SamyGO Moderator
Posts: 10129
Joined: Sun Mar 07, 2010 6:20 pm

Re: T-VALDEUC Firmware AES key :)

Post by juusso »

We need something... to patch firmware and avoid RSA checks. Is it possible somehow? By following SWU upgrade procedure on IDA (as you`ve made)? Now unhackable TV`s are still unhackable and as you know, T-VALDEUC 3009 is restricting HotelMode hack. Ideal case could be: virgin TV accepts our patched firmware and it opens the gates. We need work on this and the main question still remains open - how to avoid RSA check by patching firmware or by running some widget. Sorry if i`m repeating my self :roll:
LE40B653T5W,UE40D6750,UE65Q8C
Have questions? Read SamyGO Wiki, Search on forum first!
FFB (v0.8), FFB for CI+ . Get root on: C series, D series, E series, F series, H series. rooting K series, exeDSP/exeTV patches[C/D/E/F/H]

DO NOT EVER INSTALL FIRMWARE UPGRADE

Post Reply

Return to “[C] Brainstorm”