Page 4 of 5

Re: Access Linux Shell of TV on CI+ without "Game Menu"

Posted: Thu Jun 17, 2010 11:55 am
by cyberdemon79
Having a B650 with ssh enabled the dumping isn't a big problem,
as all OTP Create/Dump Flash does is calling the /mtd_exe/sbin/flash_dump.cmd.

I see the Problem with TVs without that possibility (after all thats what this thread
is about, I'm just here to learn ;)). Patching the password-check would also be
very difficult as the only chance to do this is via "physical memory write" to an
unknown location.

So I guess you descrambled the password from another device and tried if they
reused it ?

What about using "physical memory read" as a poor-man's dumper
(invoking of this function has to be automated, and without your patch
only addresses without chars a-f in them could be dumped) ?

I guess figuring out the password was the better way to go ;)

Re: Access Linux Shell of TV on CI+ without "Game Menu"

Posted: Fri Jun 25, 2010 3:24 pm
by langerhans
I wrote a little tool for doing the enabling work. It issues the same commands which were posted here. Just connect your turned off TV to PC and follow the instructions. It's pretty easy.
Use at your own risk, and if you have any suggestions, fell free to contact me.
Was tested by me on my B550 CI+, Windows 7 x64 (in Testmode). May require admin rights, dont know about that.