SamyGO

thwalker3 wrote:...Read the thread I cited. I know the cable works because I use it on numerous other 3.3V and 5V TTL serial connections) and I know the serial settings are correct (I can see what they are from /proc/cmdline). I do embedded linux programming for a living, I think I'm capable of getting a serial console to work. FWIW- I'm using http://store.ckdevices.com/products/FTDI-Pro.html which are great little devices and have small physical switches to reverse tx/rx and switch between 3.3V and 5V. Takes a lot of the guesswork out of these sorts of things usually.

Ok, cool! I just wanted to double check. You'd be surprised how many people complain about the same thing, only to find that they have constructed crappy cables or using the wrong settings. I already read that thread long ago, as you can see I commented on it, but then there never was any response from OP, so I just assumed that he had screwed up too...

Samsung has already clearly modified the the kernel TTY code (to limit input from the serial console) so I don't know why people think it a stretch that they started fiddling with the output too. Given that I can see patterns in the output, they're using a simple rotation or table lookup but I haven't gone digging in the binary yet.

Yeah, I'm sure the SEC engineers are drooling over this forum so that they can use what's left of their "can't think for themselves" talents to keep us from looking inside our TV's. Anyway, we can solve this. But first I noticed that your TV has a different firmware than mine, so it would be interesting to see how your 1041.1 kernels compares to my 1029. (Different kernel branches. Can you see your kernel compilation date?)

There are two simple things you can try to do.
1. Rollback your firmware until serial works.
2. Save a binary copy of your bootup output and run it through all XOR/ROT/ROL encodings, until you find a string that corresponds to what's expected.
(These are very popular ways to obscure code, but efficient to implement as they are essentially assembly "one liners" and thus hard to spot in reverse engineering.)

BTW. I updated the ES Wiki with:
Rooting the ES-series

Please have a look for errors and give me some feedback.

E3V3A wrote:BTW. I updated the ES Wiki with:
Rooting the ES-series

Please have a look for errors and give me some feedback.

sorry for my laziness, but think the widget is just named "Test" or so, also no icon for now....

thwalker3 wrote:... DNS hacks for downgrades don't work as they're now checking the SSL cert...

SSL certificates was checked before too only thing is that now samsung probably hardcoded the rootca into exe dsp (i replaced some of the cert files on tv with a custom root cert but it was for nuts...)

if someone has interest to play around on that "problem" for ECPDEUC there is a firmware online (on SamyGO server) with extensions included and you can safe reflash the exe partition with custom modified (what you have to build for your self ) for MST10 i can put one online (on request). but you need an "older" version on your tv to make the (down/up)date.

Hi,

Thanks you for this method, it works on my UE55ES6100 (Telnet and FTP access)

I have make a similar method to 'hack' a LG PVR (MS400/450 H) but we had already a root access through telnet on it (make an embedded filesystem in a file and mounted), with a web access console to start FTP,Samba,Network Share and other stuff

Is there a way or a method to have the 'drm key' to decrypt records ?

thanks

Seb@stien

thwalker3 wrote:eval("FilePlugin.Copy(\"/proc/self/cmdline\", \"$(sh /dtv/usb/sda1/run.sh)/dtv/usb/sda1/cmdline\")");

Why do you use eval?
There's no need.
FilePlugin.Copy("/proc/self/cmdline", "$(sh /dtv/usb/sda1/run.sh)/dtv/usb/sda1/cmdline");

Is easier on the eyes

welcome back, nobody
That`s why eval is used.

(Thanks for the welcome back.. I've been really busy this year, no time for hobbies)

I don't understand.
With or without eval, makes no difference.

E3V3A wrote: I noticed (too late) another thing. Be very careful when trying to start interactive shells, as they might wanna load /etc/profile !
Why, because this profile contains instructions to re-format, or switch FW, which can easily fail in the wrong circumstances.

Well I should have read that sooner...
I think the flag files in mtd_rwarea are in a state that makes it just keep flipping from one partition to the other. Video comes through just fine but it reboots every 30 sec or so. Cleared the eeprom (top left quadrant of the board with nicely labeled vcc, ground, sda, scl) but no luck (no suprise there, I hadn't been mucking with the service menu settings much).

May be time for the repairman unless anyone has made any progress on getting access to the MMC through hw.

Doh.

Yes, you should have read this before. Apologies. But chance to revive TV still exists. Check this topic. As soon i get required interface will report back about the result.

thwalker3 wrote:Cleared the eeprom (top left quadrant of the board with nicely labeled vcc, ground, sda, scl)

Could you please take some photos to add pictures to wiki? Thanks!