Achievements.

[juusso]

...
T-GAPDEUC-orig/exe.img/exeDSP...

Heh, how did he say...
Proof: md5 T-GAP8DEUC exeDSP of version 1012.2: ec8c9dbd107237d2f3804903bdaa56c2
Proof: md5 of Image of version 1012.2: c1a4a95224820ffc50cc5c29545b9737

[juusso]

Zibri,

why don`t you respect our forum users? You write your monologues, you`re creating a lot of topics without sharing any valuable information what could help us really root TV.
The link with your tool for removing character filtering is worthless until you give us the binaries or write the code out of respect for samygo community.

[arris69]

juuso:

What do you mean?

arris:

did you check: http://forum.samygo.tv/viewtopic.php?f= ... 05&p=16520 ??

method from here: http://forum.samygo.tv/viewtopic.php?f= ... t=20#p5650 and added 3 printf's?

arris

[arris69]

No. That method won't work on D series.

And you can't even use "dd" on /dev/mem on D series.

but you can write to serial and i guess you can read the SELP_ENABLE value from /proc/cmdline

edit: what's about framebuffer and x-server?

arris

[arris69]

Yep. I could read the selp enable code but I had to code a different program to read and patch kernel memory.

My program also uses a clever search algorithm that should seek and patch any GAPDEUC kernel.

The patcher program will be released soon along with a very easy to use procedure to fully "root" the TV.
I have written everything from scratch.
And I'm trying to put together a single update that will:

1) root the TV.
2) install a nice configuration widget with all options.

The 2 point will take a long time, so be patient.

About releasing the patcher source, even if it's a simple program, I don't want to give samsung and other people an easy hint so they will patch the firmware against it.

you think there is no disassambler avail in korea?

For this reason, the patcher will be released in binary form only.

but /dev/mem has no protection at kernel level (just my 2?)

Code: Select all

....................................................................................................... done, booting the kernel.
Linux version 2.6.30.9 (zsolt@crius.zsolttech.com) (gcc version 4.2.0 20070413 (prerelease)) #4 PREEMPT Mon Jun 13 14:02:03 CEST 2011
CPU: ARMv7 Processor [410fc080] revision 0 (ARMv7), cr=10c5387f
CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
Machine: SGemu-ARMv7a pb Samsung SDP1002 Evaluation board
Memory policy: ECC disabled, Data cache writeback
On node 0 totalpages: 65536
free_area_init_node: node 0, pgdat c03474f4, node_mem_map c037a000
  Normal zone: 512 pages used for memmap
  Normal zone: 0 pages reserved
  Normal zone: 65024 pages, LIFO batch:15
Built 1 zonelists in Zone order, mobility grouping on.  Total pages: 65024
Kernel command line: console=ttyS0 root=/dev/sda rw vmalloc=256m SELP_ENABLE=11111111 nodtvlog debug loglevel=8
Parsing ARGS: console=ttyS0 root=/dev/sda rw vmalloc=256m SELP_ENABLE=11111111 nodtvlog debug loglevel=8
[SELP:kernel/params.c:64] param : console, val:ttyS0
[SELP:kernel/params.c:64] param : root, val:/dev/sda
[SELP:kernel/params.c:64] param : rw, val:<NULL>
[SELP:kernel/params.c:64] param : vmalloc, val:256m
[SELP:kernel/params.c:64] param : SELP_ENABLE, val:11111111
[SELP:kernel/params.c:64] param : nodtvlog, val:<NULL>
[SELP:kernel/params.c:64] param : debug, val:<NULL>
[SELP:kernel/params.c:64] param : loglevel, val:8
Parsing ARGS: console=ttyS0 root=/dev/sda rw SELP_ENABLE=11111111 nodtvlog debug loglevel=8
[SELP:kernel/params.c:64] param : console, val:ttyS0
[SELP:kernel/params.c:64] param : root, val:/dev/sda
[SELP:kernel/params.c:64] param : rw, val:<NULL>
[SELP:kernel/params.c:64] param : SELP_ENABLE, val:11111111
[SELP:kernel/params.c:64] param : nodtvlog, val:<NULL>
[SELP:kernel/params.c:64] param : debug, val:<NULL>
[SELP:kernel/params.c:64] param : loglevel, val:8
NR_IRQS:64
PID hash table entries: 1024 (order: 10, 4096 bytes)
Console: colour dummy device 80x30
Dentry cache hash table entries: 32768 (order: 5, 131072 bytes)
Inode-cache hash table entries: 16384 (order: 4, 65536 bytes)
Memory: 256MB = 256MB total
Memory: 256128KB available (3116K code, 317K data, 84K init, 0K highmem)
SLUB: Genslabs=11, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
[SELP] preset_lpj manual setting 1597440
Calibrating delay loop (skipped) preset value.. 319.48 BogoMIPS (lpj=1597440)
Mount-cache hash table entries: 512
CPU: Testing write buffer coherency: ok
net_namespace: 496 bytes
NET: Registered protocol family 16
PCI core found (slot 11)
pci 0000:00:0c.0: reg 10 32bit mmio: [0x000000-0x0000ff]
pci 0000:00:0d.0: reg 10 io port: [0x00-0xff]
pci 0000:00:0d.0: reg 14 32bit mmio: [0x000000-0x0003ff]
pci 0000:00:0d.0: reg 18 32bit mmio: [0x000000-0x001fff]
PCI: bus0: Fast back to back transfers disabled
PCI map irq: slot 0, pin 1, devslot 12, irq: 27
PCI map irq: slot 0, pin 1, devslot 13, irq: 27
bio: create slab <bio-0> at 0
SCSI subsystem initialized
NET: Registered protocol family 2
IP route cache hash table entries: 2048 (order: 1, 8192 bytes)
TCP established hash table entries: 8192 (order: 4, 65536 bytes)
TCP bind hash table entries: 8192 (order: 3, 32768 bytes)
TCP: Hash tables configured (established 8192 bind 8192)
TCP reno registered
NET: Registered protocol family 1
NetWinder Floating Point Emulator V0.97 (extended precision)
squashfs: version 4.0 (2009/01/31) Phillip Lougher
NTFS driver 2.1.29 [Flags: R/O].
SGI XFS with security attributes, no debug enabled
msgmni has been set to 500
alg: No test for stdrng (krng)
io scheduler noop registered (default)
io scheduler deadline registered
Serial: AMBA PL011 UART driver
dev:f1: ttyS0 at MMIO 0x101f1000 (irq = 12) is a AMBA/PL011
console [ttyS0] enabled
dev:f2: ttyS1 at MMIO 0x101f2000 (irq = 13) is a AMBA/PL011
dev:f3: ttyS2 at MMIO 0x101f3000 (irq = 14) is a AMBA/PL011
fpga:09: ttyS3 at MMIO 0x10009000 (irq = 38) is a AMBA/PL011
brd: module loaded
loop: module loaded
PCI: enabling device 0000:00:0d.0 (0100 -> 0103)
sym0: <895a> rev 0x0 at pci 0000:00:0d.0 irq 27
sym0: No NVRAM, ID 7, Fast-40, LVD, parity checking
sym0: SCSI BUS has been reset.
scsi0 : sym-2.2.3
sym0: unknown interrupt(s) ignored, ISTAT=0x5 DSTAT=0x80 SIST=0x0
scsi 0:0:0:0: Direct-Access     QEMU     QEMU HARDDISK    0.14 PQ: 0 ANSI: 5
scsi target0:0:0: tagged command queuing enabled, command queue depth 16.
scsi target0:0:0: Beginning Domain Validation
scsi target0:0:0: Domain Validation skipping write tests
scsi target0:0:0: Ending Domain Validation
scsi 0:0:2:0: CD-ROM            QEMU     QEMU CD-ROM      0.14 PQ: 0 ANSI: 5
scsi target0:0:2: tagged command queuing enabled, command queue depth 16.
scsi target0:0:2: Beginning Domain Validation
scsi target0:0:2: Domain Validation skipping write tests
scsi target0:0:2: Ending Domain Validation
Driver 'sd' needs updating - please use bus_type methods
smc91x.c: v1.1, sep 22 2004 by Nicolas Pitre <nico@cam.org>
IRQ 25/eth%d: IRQF_DISABLED is not guaranteed on shared IRQs
eth0: SMC91C11xFD (rev 1) at d08ce000 IRQ 25 [nowait]
eth0: Ethernet addr: 52:54:00:12:34:56
eth0: No PHY found
[BIF:IN ] ++FSR_BML_Init(nFlag: 0x0)
LinuStoreIII_TERR: fsr_init[182] Tiny BML_Init: error (90060000)

LinuStoreIII_TERR: fsr_init[183] Check the PAM module

mice: PS/2 mouse device common for all mice
sd 0:0:0:0: [sda] 1077784 512-byte hardware sectors: (551 MB/526 MiB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] Mode Sense: 1f 00 00 08
sd 0:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
 sda: unknown partition table
sd 0:0:0:0: [sda] Attached SCSI disk
Netfilter messages via NETLINK v0.30.
nf_conntrack version 0.5.0 (4096 buckets, 16384 max)
ip_tables: (C) 2000-2006 Netfilter Core Team
TCP cubic registered
NET: Registered protocol family 17
VFP support v0.3: implementor 41 architecture 3 part 30 variant c rev 0
kjournald starting.  Commit interval 5 seconds
EXT3 FS on sda, internal journal
EXT3-fs: recovery complete.
EXT3-fs: mounted filesystem with writeback data mode.
VFS: Mounted root (ext3 filesystem) on device 8:0.
Freeing init memory: 84K
================================================================================
 SAMSUNG Genoa-P Kernel
 Version : 1010_223 RELEASE
================================================================================
INIT: version 2.86 booting
mount: mounting /dev/root on / failed: No such device or address
mount: mounting /dev/tbml10 on /mtd_exe failed: No such device
mount: mounting /dev/tbml11 on /mtd_appdata failed: No such file or directory
mount: mounting /dev/tbml7 on /mtd_boot failed: No such file or directory
mount: mounting /dev/stl0/12 on /mtd_tlib failed: No such device
mount: mounting /dev/stl1/2 on /mtd_contents failed: No such device
mount: mounting /dev/stl0/14 on /mtd_down failed: No such device
mount: mounting /dev/stl1/3 on /mtd_wiselink failed: No such device
mount: mounting /dev/stl0/15 on /mtd_swu failed: No such device
mount: mounting devpts on /dev/pts failed: No such device
mount: mounting none on /proc/bus/usb failed: No such file or directory
eth0: link up
udhcpc (v1.18.3) started
Sending discover...
Sending select for 10.0.2.15...
Lease of 10.0.2.15 obtained, lease time 86400
adding dns 10.0.2.3
Parsing ARGS: 
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
====================================================================
[SELP] usbcore module load!!(1010_223 RELEASE preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
ohci_hcd: block sizes: ed 64 td 64
PCI: enabling device 0000:00:0c.0 (0100 -> 0102)
ohci_hcd 0000:00:0c.0: OHCI Host Controller
drivers/usb/core/inode.c: creating file 'devices'
drivers/usb/core/inode.c: creating file '001'
ohci_hcd 0000:00:0c.0: new USB bus registered, assigned bus number 1
ohci_hcd 0000:00:0c.0: created debug files
ohci_hcd 0000:00:0c.0: irq 27, io mem 0x50002400
ohci_hcd 0000:00:0c.0: OHCI controller state
ohci_hcd 0000:00:0c.0: OHCI 1.0, NO legacy support registers
ohci_hcd 0000:00:0c.0: control 0x083 HCFS=operational CBSR=3
ohci_hcd 0000:00:0c.0: cmdstatus 0x00000 SOC=0
ohci_hcd 0000:00:0c.0: intrstatus 0x00000004 SF
ohci_hcd 0000:00:0c.0: intrenable 0x8000005a MIE RHSC UE RD WDH
ohci_hcd 0000:00:0c.0: hcca frame #0002
ohci_hcd 0000:00:0c.0: roothub.a 00000203 POTPGT=0 NPS NDP=3(3)
ohci_hcd 0000:00:0c.0: roothub.b 00000000 PPCM=0000 DR=0000
ohci_hcd 0000:00:0c.0: roothub.status 00008000 DRWE
ohci_hcd 0000:00:0c.0: roothub.portstatus [0] 0x00000100 PPS
ohci_hcd 0000:00:0c.0: roothub.portstatus [1] 0x00000100 PPS
ohci_hcd 0000:00:0c.0: roothub.portstatus [2] 0x00000100 PPS
usb usb1: default language 0x0409
usb usb1: New USB device found, idVendor=1d6b, idProduct=0001
usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
usb usb1: Product: OHCI Host Controller
usb usb1: Manufacturer: Linux 2.6.30.9 ohci_hcd
usb usb1: SerialNumber: 0000:00:0c.0
usb usb1: usb_probe_device
usb usb1: configuration #1 chosen from 1 choice
usb usb1: adding 1-0:1.0 (config #1, interface 0)
hub 1-0:1.0: usb_probe_interface
hub 1-0:1.0: usb_probe_interface - got id
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 3 ports detected
hub 1-0:1.0: standalone hub
hub 1-0:1.0: no power switching (usb 1.0)
hub 1-0:1.0: global over-current protection
hub 1-0:1.0: power on to power good time: 0ms
hub 1-0:1.0: local power source is good
hub 1-0:1.0: no over-current condition exists
hub 1-0:1.0: trying to enable port power on non-switchable hub
drivers/usb/core/inode.c: creating file '001'
====================================================================
[SELP] ohci_hcd module load!!(1010_223 RELEASE preempt mod_unload ARMv7 )
====================================================================
 ##### call default signal (17) handler

Enter runlevel: hub 1-0:1.0: state 7 ports 3 chg 0000 evt 0000
 ##### call default signal (17) handler
Parsing ARGS: 
====================================================================
[SELP] firmware_class module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
====================================================================
[SELP] i2c_core module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
====================================================================
[SELP] dvb_core module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
====================================================================
[SELP] dvb_usb module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
usbcore: registered new interface driver dvb_usb_vp702x
====================================================================
[SELP] dvb_usb_vp702x module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
====================================================================
[SELP] mc44s803 module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
====================================================================
[SELP] evdev module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
====================================================================
[SELP] hid module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
usbcore: registered new interface driver hiddev
usbcore: registered new interface driver usbhid
usbhid: v2.6:USB HID core driver
====================================================================
[SELP] usbhid module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
dummy_hcd dummy_hcd: USB Host+Gadget Emulator, driver 02 May 2005
dummy_hcd dummy_hcd: Dummy host controller
drivers/usb/core/inode.c: creating file '002'
dummy_hcd dummy_hcd: new USB bus registered, assigned bus number 2
usb usb2: default language 0x0409
usb usb2: New USB device found, idVendor=1d6b, idProduct=0002
usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
usb usb2: Product: Dummy host controller
usb usb2: Manufacturer: Linux 2.6.30.9 dummy_hcd
usb usb2: SerialNumber: dummy_hcd
usb usb2: usb_probe_device
usb usb2: configuration #1 chosen from 1 choice
usb usb2: adding 2-0:1.0 (config #1, interface 0)
hub 2-0:1.0: usb_probe_interface
hub 2-0:1.0: usb_probe_interface - got id
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 1 port detected
hub 2-0:1.0: standalone hub
hub 2-0:1.0: individual port power switching
hub 2-0:1.0: global over-current protection
hub 2-0:1.0: power on to power good time: 0ms
hub 2-0:1.0: local power source is good
hub 2-0:1.0: no over-current condition exists
hub 2-0:1.0: enabling power on all ports
drivers/usb/core/inode.c: creating file '001'
====================================================================
[SELP] dummy_hcd module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
hub 2-0:1.0: state 7 ports 1 chg 0000 evt 0000
Parsing ARGS: 
g_file_storage gadget: File-backed for SamyGO, version: 20 November 2008
g_file_storage gadget: Number of LUNs=1
g_file_storage gadget-lun0: ro=0, file: /dtv/vusb
hub 2-0:1.0: state 7 ports 1 chg 0000 evt 0002
hub 2-0:1.0: port 1, status 0101, change 0001, 12 Mb/s
====================================================================
[SELP] g_file_storage module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
hub 2-0:1.0: debounce: port 1: total 100ms stable 100ms status 0x101
usb 2-1: new high speed USB device using dummy_hcd and address 2
usb 2-1: default language 0x0409
usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5
usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 2-1: Product: File-backed for SamyGO
usb 2-1: Manufacturer: SamyGO
usb 2-1: SerialNumber: 3230204E6F76
usb 2-1: usb_probe_device
usb 2-1: configuration #1 chosen from 1 choice
g_file_storage gadget: high speed config #1
usb 2-1: adding 2-1:1.0 (config #1, interface 0)
drivers/usb/core/inode.c: creating file '002'
hub 2-0:1.0: state 7 ports 1 chg 0000 evt 0002
[CIP_KERNEL] /dev/sda
[CIP_KERNEL] 0 is authuld length : file open success(rootfs)  
[CIP_KERNEL] /bin/authuld can read  (after=0)
[CIP_KERNEL] /bin/authuld size is wrong (pre:0, real:38328)
[CIP_KERNEL] >>> (/bin/authuld) file is illegally modified!! <<< 
[CIP_KERNEL] authuld authentication failed
[CIP_KERNEL] [init/main.c::Exception_from_authuld::864]auth failed in kernel. Arris says: don't care.
[CIP_KERNEL] [init/main.c::Exception_from_authuld::864]auth failed in kernel. Arris says: don't care.
[CIP_KERNEL] [init/main.c::Exception_from_authuld::864]auth failed in kernel. Arris says: don't care.
 ##### call default signal (17) handler
Parsing ARGS: 
fuse init (API version 7.11)
====================================================================
[SELP] fuse module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
====================================================================
[SELP] sunrpc module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
====================================================================
[SELP] lockd module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
Parsing ARGS: 
====================================================================
[SELP] nfs module load!!(2.6.30.9 preempt mod_unload ARMv7 )
====================================================================
 ##### call default signal (17) handler


Enter runlevel: S

/ # hexdump -n 10 /dev/mem
0000000 0000 e3a0 1083 e3a0 1c01               
000000a
/ # 

[arris69]

Hmm what's that log from?

That's not an original D series firmware.

it's a kernel build from samsung sources for arm emulator

What I meant is that on the original firmware this is what happens:

Code: Select all

ZibTv:/mtd_rwcommon # uname -a
Linux localhost 2.6.30.9 #45 PREEMPT Mon Feb 28 17:58:29 KST 2011 armv7l GNU/Linux
ZibTv:/mtd_rwcommon # hexdump -n 10 /dev/mem
hexdump: /dev/mem: Bad address

i know that you get this message, but i think is no special protection mechanism at kernel level (maximum a nommap from 0-4096 CONFIG_DEFAULT_MMAP_MIN_ADDR=4096)

...

arris