SamyGO

Posted: **Tue Feb 10, 2015 2:03 pm**

zoelechat wrote:For now I'm nearly beginner and I've absolutely no idea on how to develop for C nor Dmips (Dmips must not be too different, but AFAIK C is), and I'm not sure it will interest me one day, too outdated.
So, in state and since you already do a firmware/TV series check, I guess it means no real-time infos on C/Dmips

For D you can use same code just use D Mips headers

For C it "all" should work but please first start by reading my C Hacking Tutorial

Posted: **Tue Feb 10, 2015 3:43 pm**

sectroyer wrote:For D you can use same code just use D Mips headers For C it "all" should work but please first start by reading my C Hacking Tutorial

Maybe one day, who knows...

Posted: **Tue Mar 10, 2015 5:21 pm**

Compiled "as is" for B series. Got crash an empty file as result:

Code: Select all

# samyGOso -d -A -B -l /mtd_swu/libLogChannel.so
samyGOso v1.2.4 for B series(c) bugficks 2013, sectroyer 2014
Injecting '/mtd_swu/libLogChannel.so' resident: '0'
adding libc addr to found symaddress b63a0 + 4076f000 408253a0
mprotect: 0x408253a0
dlopen: 0x4060698c
dlclose: 0x40606b40
dlsymaddr: 0x40606b98
pc=405f3008 lr=405f5a44 sp=be9a4a18 fp=0
r0=fffffffc r1=0
r2=0 r3=0
stack: 0xbe990000-0xbe9a5000 length = 86016
executing injection code at 0xbe9a48e8
library injection completed!
Succeeded.
# cat /dtv/LogChannel.log
[LogChannel] SamyGO D/E/F/H libLogChannel v0.1.1 - (c) zoelechat 2015
[LogChannel] >>>
#

affected functions needed to be checked inside B series exeDSP...

Posted: **Tue Mar 10, 2015 5:41 pm**

juuso wrote:affected functions needed to be checked inside B series exeDSP...

You should comment "unlink(LOG_FILE);" (line 194) if you want to see if at least some of them are existing

Posted: **Sat Mar 14, 2015 7:01 pm**

zoelechat wrote:
juuso wrote:affected functions needed to be checked inside B series exeDSP...
You should comment "unlink(LOG_FILE);" (line 194) if you want to see if at least some of them are existing

Hello! I know your lib is made for D/E/F/H models, but I also wanted to use your module on B-series TV. I cannot compile it at all (probably due to differences in toolchain), but this is not the problem. The problem is that I wanted to use directly exeDSP functions listed in your code to determine current channel number. And it doesn't work.
This is the code I wrote:

Code: Select all

#include <stdio.h>
#include <memory.h>

extern void * _ZN9TCChannelC2Ev(void *);
extern short _ZNK9TCChannel5MajorEv(void *);

#define CHANNEL_SIZE 0x20 //maximum size, actually only 16 bytes but just in case ;)

int Game_Main(const char  *path, const char *udn __attribute__ ((unused)))
{
   static unsigned int ChannelNum;
   unsigned char channel[CHANNEL_SIZE];
   char s[255];

   FILE *f; f=fopen("/mtd_ram/test.txt", "wt");

   memset(channel, 0, sizeof(channel));
   _ZN9TCChannelC2Ev(channel);                      // <---- here we call external function 1
   ChannelNum = _ZNK9TCChannel5MajorEv(channel);    // <---- here we call external function 2

   sprintf(s, "ChannelNum=%d", ChannelNum);
   fputs(s, f);
   fclose(f);

   return 0;
}

After compiling and linking to *.so file I call it on B650 TV and the result should be in "/mtd_ram/test.txt" file. But it probably crashes in-between (file is not created). If I delete calling _ZN9TCChannelC2Ev(channel), I get the file with "ChannelNum=0" (always). If I add third external _ZN9TCChannelD2Ev function, TV crashes and coredump is created. Have you an idea what should I do to make it working on B650 (CHL7DEUC) ?
Strange that other known exeDSP functions like _ZN4TCTv14PreferLanguageEv (get current language) work well this way.

Posted: **Sat Mar 14, 2015 7:41 pm**

Honestly, I've absolutely no idea of how B-series behaves, and without the help of existing tools done by more advanced developers than me, I wouldn't be able to do anything

.
Are you sure that function names are the same? Especially the ones causing crash, if other "well-known" ones work.
Maybe TCChannel handling isn't done the same way, maybe different size, or whatever else...
I'd say what sectroyer always repeats to me: you have to check what TV does

Posted: **Sat Mar 14, 2015 7:55 pm**

Probably:

Code: Select all

 _ZN9TCChannelC2Ev

->

Code: Select all

 _ZN9TCChannelC1Ev

In the future:

Code: Select all

strings exeDSP | grep FUNCTION

Posted: **Mon Mar 16, 2015 9:51 pm**

zoelechat wrote:...Are you sure that function names are the same? ...you have to check what TV does

Absolutely. Of course, I am not sure. You're right. I want to know what TV does. Debug log (RS232C) doesn't provide enough data (no function names), so I am looking for a description how to "strace" exeDSP on B650. I was searchig this forum and Google and found many references to strace topic, but nothing for (linux-)dummies like me

All I have got to know until now is that I need strace utility compiled for B650 (ARM CPU) and to call exeDSP using this tool.

sectroyer wrote:Probably:
Code: Select all
 _ZN9TCChannelC2Ev
->
Code: Select all
 _ZN9TCChannelC1Ev
In the future:
Code: Select all
strings exeDSP | grep FUNCTION

_ZN9TCChannelC2Ev() returned nothing (zeros), but...
_ZN9TCChannelC1Ev() returned something (8 bytes of "random" data) in channel array, but it still cannot work when called next function to get channel number (still 0 or strange negative "random" number).
I don't want to do a mess on this forum topic due to it is on F Series section, so you don't need to answer here. If you could help me, please send me a PM or write it on B Series forum. When it is researched (i.e. functions calling method found), it will be possible to expand this lib to B series, too. Thanks.

Posted: **Mon Mar 16, 2015 10:47 pm**

And what about exeDSP reversing? Isn't it reliable on B? That's what I meant by "check what TV does"

Posted: **Mon Mar 16, 2015 11:16 pm**

geo650 wrote: _ZN9TCChannelC1Ev() returned something (8 bytes of "random" data) in channel array, but it still cannot work when called next function to get channel number (still 0 or strange negative "random" number).
I don't want to do a mess on this forum topic due to it is on F Series section, so you don't need to answer here. If you could help me, please send me a PM or write it on B Series forum. When it is researched (i.e. functions calling method found), it will be possible to expand this lib to B series, too. Thanks.

Well it's expected

You created channel and than checked what it's Major was and it's garbage. Now everything works

Check "what TV does"

Now problem is with your reversing skills nothing more. The code works as EXPECTED

Good luck

SamyGO

[App] libLogChannel B/D/E/F/H

Re: [App] libLogChannel D/E/F/H

Re: [App] libLogChannel D/E/F/H

Re: [App] libLogChannel D/E/F/H

Re: [App] libLogChannel D/E/F/H

Re: [App] libLogChannel D/E/F/H

Re: [App] libLogChannel D/E/F/H

Re: [App] libLogChannel D/E/F/H

Re: [App] libLogChannel D/E/F/H

Re: [App] libLogChannel D/E/F/H

Re: [App] libLogChannel D/E/F/H