Page 15 of 113
Re: [PC] SamyGO PVRDecoder for E/F series - Version 1.4.0.2
Posted: Thu Nov 14, 2013 1:04 pm
by Lordbyte
forumauro wrote:Now! I must block something TV/SmurtHub Upgrade?
You may do what you want with the SmartHUB .. Thats easy to rollback, if anything goes south.
You should however
never firmware-update UNLESS you have positive confirmation
by trusted member on this forum ..
Whenever your TV is offered an update, just WAIT to accept it before you have
read what experiences others have had with that PARTICULAR upgrade.
You may even create a thread asking if its "safe" .. Mention specific upgrade and your TV details,
and we will keep you safe
Congratz on your success !
PS: And you gave me a nice idea .. My TV-scanner should of cause figure out what telnet-port is active when it finds a TV .. Thanks !
Re: [PC] SamyGO PVRDecoder for E/F series - Version 1.4.0.2
Posted: Thu Nov 14, 2013 1:38 pm
by bugficks
Lordbyte wrote:
As far as I understand it, Bugficks has choosen to keep that particular source private, as its a work in progress.
You can do what we all do, when we want to pick the brains of an "adversary" .. Fire up your IDA and start studying
it's bascially the same as old drmdecrypt just waaaaaay faster
while other sources here process single "TS packets" im using threads to work on large "TS buffers".
Re: [PC] SamyGO PVRDecoder for E/F series - Version 1.4.0.2
Posted: Thu Nov 14, 2013 1:54 pm
by Lordbyte
bugficks wrote:it's bascially the same as old drmdecrypt just waaaaaay faster
while other sources here process single "TS packets" im using threads to work on large "TS buffers".
IT TALKS !
Welcome back on-line Buggie .. Oh so so so looking forward being able to close a few loose ends now you are back online
Where should I start .. hmm .. EPG/Scheduler-interface ?
Re: [PC] SamyGO PVRDecoder for E/F series - Version 1.4.0.2
Posted: Thu Nov 14, 2013 2:04 pm
by bugficks
no samy tv here
fwiw those .so about EPG seem to be used by webserver so you might check here for soap/dnla queries. arris reversed those afaik
Re: [PC] SamyGO PVRDecoder for E/F series - Version 1.4.0.2
Posted: Thu Nov 14, 2013 7:30 pm
by zoelechat
bugficks wrote:no samy tv here
Can't you get one directly at the factory?
Re: [PC] SamyGO PVRDecoder for E/F series - Version 1.4.0.2
Posted: Fri Nov 15, 2013 2:26 pm
by ppmkm
bugficks wrote:Lordbyte wrote:
As far as I understand it, Bugficks has choosen to keep that particular source private, as its a work in progress.
You can do what we all do, when we want to pick the brains of an "adversary" .. Fire up your IDA and start studying
it's bascially the same as old drmdecrypt just waaaaaay faster
while other sources here process single "TS packets" im using threads to work on large "TS buffers".
Yes, but the "other sources" for some reason did not work for me. Anyway many thanks for numerous responses. The particular audio track is marked in PMT as audio (be it mpg or ac3). When runing through projectx (I am myself using mostly Java so that was an obvious choice to run with debugger to see how the parser is behaving) I found that PES stream id was 0 on the few packets I checked. I was just hoping that I could modify the sources slightly to output some trace what they are doing with the particular packets. It seems to me that for me there is really no other way but to study the problem in detail. Worst that could happen is that the particular PID is really filled with garbage while recording (I cannot switch the tracks when playing original recording on TV), second worst they are encrypted with some other key or (I think unlikely) differently.
Re: [PC] SamyGO PVRDecoder for E/F series - Version 1.4.0.2
Posted: Fri Nov 15, 2013 3:02 pm
by bugficks
on E samsung uses some "out of spec" encryption. here is my modified version of process_section (see skipAF) from drmdecrypt sources from denny.
Code: Select all
#define TS_FRAME_SIZE 188
static int process_section(
uint8_t *data, uint8_t *outdata, uint8_t *drm_key)
{
unsigned char iv[0x10];
unsigned char *inbuf;
unsigned char *outbuf;
int rounds;
int offset = 4;
memcpy(outdata, data, TS_FRAME_SIZE);
int skipAF = 1;
if((data[3] & 0xC0 ) == 0xC0)
{
//printf ("Odd Key...\n");
}
else if((data[3] & 0xC0) == 0x80)
{
//printf ("EvenKey...\n");
}
else if((data[3] & 0xC0) == 0x40)
{
//printf ("samsung encrypted adaption field...\n");
skipAF = 0;
}
else
{
return 0;
}
if((data[3] & 0x20) && skipAF)
offset += data[4] + 1 ; // skip adaption field
outdata[3] &= 0x3f; // remove scrambling bits
inbuf = data + offset;
outbuf = outdata + offset;
rounds = (TS_FRAME_SIZE - offset) / 0x10;
// AES CBC / ECB
// CBC used at 2011 models
// ECB used at 2010 models
memset(iv, 0, 16);
for (int i = 0; i <rounds; i++) {
unsigned char *out = outbuf + i* 0x10;
//for(n = 0; n < 16; n++) out[n] ^= iv[n];
aes_decrypt_128(inbuf + i* 0x10, outbuf + i * 0x10, drm_key);
//aes_encrypt_128(inbuf + i* 0x10, outbuf + i * 0x10, drm_key);
//memcpy(iv, inbuf + i * 0x10, 16);
}
return 1;
}
thats about the only change. other changes are basically just speed optimizations or have nothing to do with decryption
Re: [PC] SamyGO PVRDecoder for E/F series - Version 1.4.0.2
Posted: Fri Nov 15, 2013 4:04 pm
by ppmkm
Thanks a lot. this will surely help investigating the problem.
Re: [PC] SamyGO PVRDecoder for E/F series - Version 1.4.0.2
Posted: Fri Nov 15, 2013 8:04 pm
by sailor404
Hi all,
I have on my F6500 the 1114.1 firmware version.
I tried to hack the TV. It looks everything OK!
SamyGO app also confirmed the patch.
Right now when i send "ping" to TV, I get answer
but there is no any FTP connection!
I tried to connect via ftp programs and SamyGO PVRDecoder but no connection via FTP!
Mesage from PVRDecorder "Unable to connect FTP Server"
Is there anyone who has firmware 1114.1 on the TV?
Does it actually work with this firmware version?
Thanks in advance
Re: [PC] SamyGO PVRDecoder for E/F series - Version 1.4.0.2
Posted: Fri Nov 15, 2013 8:49 pm
by Lordbyte
First of all .. make absolutely sure that your firewall, router, antivirus, anti-rootkits, and other anti-headacke-software/firmware/hardware
understands the need to allow traffic on port 21 + 23 / 2023 /1023