Re: Access Linux Shell of TV on CI+ without "Game Menu"
Posted: Thu Jun 17, 2010 11:55 am
Having a B650 with ssh enabled the dumping isn't a big problem,
as all OTP Create/Dump Flash does is calling the /mtd_exe/sbin/flash_dump.cmd.
I see the Problem with TVs without that possibility (after all thats what this thread
is about, I'm just here to learn
). Patching the password-check would also be
very difficult as the only chance to do this is via "physical memory write" to an
unknown location.
So I guess you descrambled the password from another device and tried if they
reused it ?
What about using "physical memory read" as a poor-man's dumper
(invoking of this function has to be automated, and without your patch
only addresses without chars a-f in them could be dumped) ?
I guess figuring out the password was the better way to go
as all OTP Create/Dump Flash does is calling the /mtd_exe/sbin/flash_dump.cmd.
I see the Problem with TVs without that possibility (after all thats what this thread
is about, I'm just here to learn
). Patching the password-check would also bevery difficult as the only chance to do this is via "physical memory write" to an
unknown location.
So I guess you descrambled the password from another device and tried if they
reused it ?
What about using "physical memory read" as a poor-man's dumper
(invoking of this function has to be automated, and without your patch
only addresses without chars a-f in them could be dumped) ?
I guess figuring out the password was the better way to go