SamyGO

How do we write changed hashes to TV?

probutus, may I ask you, where do you see the bug in the fixed version of getmkey.c? By the way, the mkey printed in your last post is the real right mkey for T-VALDEUC TV.

My latest version of tools, which includes getmkey, calchash (it was renamed to chkhash because I have added many useful options, including hash search, etc.) and script mknewfs.sh to build new rootfs, mtd_exe, mtd_appdata as squash filesystem, calculate hashes and write them to correct files and correct offsets, so that these files will be ready to write to firmware... All this stuff (with source code, of course) is uploaded here:

http://www.multiupload.com/MI03O2RSG6

Please, read file README, script mknewfs.sh, and check everything for possible errors before doing anything with your firmware. This toolkit does not include tools for writing firmware and switching partitions, as they can be different for various devices. So, be careful.

probutus wrote:sorry, I did not want to insult you, it was just a question...

Don't worry, you did not. I have asked you about the bug just because you said it without any explanation.

- the output from the kernel module gave me this decrypted key: "c0 34 6d bf 20 5b 9e dd e4 7e d1 dc d0 7e d1 dc". Shouldn't be the results identical?

Well, in theory yes and I don't know why the module gives different result.

- Are the decrypted mkeys identical for all tv's ? (so the cmac key is just a personalized encrypted version of the mkey)?

I think that all TVs or bluray players which have identical firmware have identical keys. And different families of devices have different keys. Moreover, it seems that cryptoengine in different models is programmed differently in bootloader or in the kernel (I did not check that). Latest version of getmkey.c accepts cmac key from the command line, so I tried to run it with the seed from the T-VALDEUC TV but the mkey produced by cryptoengine in my bluray player did not match with the real mkey from that TV. Therefore, besides the seed stored in /dev/tfsr11 there is something else for initialization of cryptoengine...

This is bootloader from your TV, right? It would be interesting to compare it with bootloader from BD-C6900 player. Could you please check the firmware here? It is encrypted but you can use program from here to decrypt and unpack the firmware file. The part number 6 is the bootloader.

probutus, I'm sorry, what fw-patcher.c do you mean? Could you post a link? Regarding your question, it could be that C5900 firmware have different structure, other file header, data endianness, etc. Therefore, a program for C6900 may incorrectly read data from the C5900 firmware file.