SamyGO

Samsung TV Firmware on the GO
http://forum.samygo.tv/

Decrypting F Series Firmware Updates...

http://forum.samygo.tv/viewtopic.php?t=6262

Page 2 of 3

Re: Decrypting F Series Firmware Updates...

Posted: Wed Jan 14, 2015 12:40 am
by lbalan79
I guess everyone knows by now but for whoever is still reading this:

Salted_ is just the salt header of an encrypted OpenSSL file. There will be multiple encrypted files in each firmware. If you know the password / or we can extract this from a dump of the device OS the files in the firmware can be decrypted.

Re: Decrypting F Series Firmware Updates...

Posted: Tue May 12, 2015 4:21 pm
by timoo
hi ,for my developer purposes (idont have F tv :( ) i am looking for some F series firmware dumps i prefer arm(my samsung C tv have arm) because of ida+hexarm decompiler :D if somebody want to share with me pm me link ;) thnx

Re: Decrypting F Series Firmware Updates...

Posted: Tue May 12, 2015 4:32 pm
by zoelechat
timoo wrote:F series firmware dumps i prefer arm(my samsung C tv have arm)
F are only arm anyway :)
timoo wrote:because of ida+hexarm decompiler :D if somebody want to share with me pm me link ;) thnx
What do you need exactly? exeAPP+exeTV (=exeDSP)? MST? non-MST?

Re: Decrypting F Series Firmware Updates...

Posted: Tue May 12, 2015 6:58 pm
by timoo
zoelechat wrote:What do you need exactly? exeAPP+exeTV (=exeDSP)? MST? non-MST?
i need everything you could post for probabbly non-MST (T-FXPDEUC???) ;) or other if you dont have ,thnx

Re: Decrypting F Series Firmware Updates...

Posted: Mon Jun 01, 2015 12:20 pm
by 464646
Is it possible to extract the firmware of the logic board of a certain model of F-series TV?

Re: Decrypting F Series Firmware Updates...

Posted: Sun Jun 07, 2015 1:19 am
by pico
First of all sorry for my english, i hope to be clearly.
I'm new at the forum and i've been reading it and found this topic which is interesting for me.
I'm looking for a firmware dump of a F series. Is there any dump of it? Someone could share it with me?
Is it possible to obtain one dump of the firmware? I would like to have one for collaborate on decrypting it.

Re: Decrypting F Series Firmware Updates...

Posted: Sat Aug 01, 2015 12:57 am
by pico
Is someone still trying to decrypt F series firmware?

Re: Decrypting F Series Firmware Updates...

Posted: Mon Dec 28, 2020 12:23 pm
by eigma
I have made some progress in extracting upgrade.msd files. The following is from H-series T-NT14MAKUC v1220.0 which can be found on Samsung site dated May 29, 2020 (recent). Here is an updated 'SamyGO Firmware Decrypter' which can extract most sections, the largest ones.

Code: Select all

SamyGO Firmware Decrypter

Firmware:  T-NT14MAKUC v1220.0

Identifier MSDU10, 10 sections:
Section  1: Offset 0x00000632-0x0E28E3A9, 237559160 bytes
Section  2: Offset 0x0E28E3AA-0x0E28E7A9, 1024 bytes
Section  3: Offset 0x0E28E7AA-0x0E80DC51, 5764264 bytes
Section  4: Offset 0x0E80DC52-0x0E80E051, 1024 bytes
Section  5: Offset 0x0E80E052-0x0EB70239, 3547624 bytes
Section  6: Offset 0x0EB7023A-0x0EBF02E1, 524456 bytes
Section  7: Offset 0x0EBF02E2-0x0EC70389, 524456 bytes
Section  8: Offset 0x0EC7038A-0x1717FC71, 139524328 bytes
Section  9: Offset 0x1717FC72-0x22450D19, 187502760 bytes
Section 10: Offset 0x22450D1A-0x22451119, 1024 bytes
Header end: Zero=0, TOC section:
Section  1: Offset 0x000000A2-0x00000631, 1424 bytes
Model Name: T-NT14MAKUC

Extracting...
       TOC: Extracted to toc.img
Section  1: Extracted to s1.img
Section  2: Unknown format, skipping
Section  3: Extracted to s3.img
Section  4: Unknown format, skipping
Section  5: Extracted to s5.img
Section  6: Extracted to s6.img
Section  7: Extracted to s7.img
Section  8: Extracted to s8.img
Section  9: Extracted to s9.img
Section 10: Unknown format, skipping
Done.
and the file types:

Code: Select all

s1.img:   Squashfs filesystem, little endian, version 4.0, 236116532 bytes, 5998 inodes, blocksize: 131072 bytes, created: Thu Jan  1 00:00:00 1970
s3.img:   Squashfs filesystem, little endian, version 4.0, 3556408 bytes, 771 inodes, blocksize: 131072 bytes, created: Thu Jan  1 00:00:00 1970
s5.img:   u-boot legacy uImage, linux-3.8.2-nvt, Linux/ARM, OS Kernel Image (Not compressed), 3546370 bytes, Tue Apr 25 08:46:21 2017, Load Address: 0x10A08000, Entry Point: 0x10A08000, Header CRC: 0xCA31BD8E, Data CRC: 0xC4B7AF5A
s6.img:   data  # unknown, no readable strings
s7.img:   data  # strings like "SERET", "A-SER2GDSN-2020-M0006", "freebsd/controller/ehci.c"
s8.img:   Squashfs filesystem, little endian, version 4.0, 137911157 bytes, 7381 inodes, blocksize: 131072 bytes, created: Thu Jan  1 00:00:00 1970
s9.img:   data  # VDFS
toc.img:  data  # discussed below
Big thanks to robert for MSDHEADER struct definitions.

The special section at the start which robert calls "salt section", after decryption, contains strings like "exe.img", "rootfs.img", so it appears to be a sort of table of contents. When extracting, my script writes it to "toc.img". The format is still unknown, I attached the one from T-NT14MAKUC for others to look.

The magic starts with exeTV function "SWU::MSDOUSearchStrategy::doMSDFileUpgrade".

SamyGO Firmware Decrypter.zip
toc.img.zip

Re: Decrypting F Series Firmware Updates...

Posted: Sun Apr 03, 2022 12:04 pm
by synth1984
can it extract J series? (J6400) I just want to remove all the bloatware like facebook and stuff

Re: Decrypting F Series Firmware Updates...

Posted: Mon Apr 04, 2022 9:05 am
by sectroyer
synth1984 wrote: Sun Apr 03, 2022 12:04 pm can it extract J series? (J6400) I just want to remove all the bloatware like facebook and stuff
Yes you can remove anything you want. But you CANNOT install it on TV :)
All times are UTC+01:00
Page 2 of 3

Powered by phpBB® Forum Software © phpBB Limited