SamyGO

honestly i don`t understand why do you modify both partition sets, it should be enough to edit only one of them...

Okey, let`s check your old bml10 (hashes for 2nd boot set) Your calculated hash for mtd_exe (or /dev/stl0/17) is and new bml0/10 So you have to perform if lucky and our theory is ok, TV should reboot (... by authuld) to normal mode

p.s. and just in case, bml9 updated.

The /dev/stl0/17/rc.local is 0 bytes. So i had to modify it anyway. And that's the only partition i want to change ATM

i hope that size of stl0/17 haven`t changed because of modifications... (size left not changed in hash partition - authuld checks hashes according that value)

Sadly after changing partitions it still reboots after 45 secs.

After first sw toggle try something went wrong when running the start.sh script as it was designed for 1st partition... So i toggled back via micom EEPROM write and then renamed start.sh to start.sh.bak.
After second sw toggle try tv still reboots after 45 secs Log of first boot sequence after second sw toggle try, next boot and next boot with SamyGO stick plugged (at least i can be root for 10 secs) is attached. What unsettles me are all the i2c errors. I did definitively damage anything. Maybe i should remove all the wires still soldered (but isolated at the end, except micom eeprom)?

I thought about the stl0/17's size also, but how should that change? Isn't that fixed? Anyway, getting the size should be easy: make a dump and ls -lsa that dump, correct?

i think you have to:
-replace original rc.local (is not, or?)
-calculate hash and correct it via bml10.dmp

if failed, we have to find how to calculate corect size of stl0/17 and/or make stl.restore on that partition...
you cn`t get full dump of stl017 because you have not enough time for that.

I don`t think wires make any damage, but sure, you have to isolate them

btw: [GetPartitionSize]

Ok, i will try to place the original rc.local you send me there and repeat the hash procedure tomorrow.

I think i already made a 60MB dump to /mtd_swu/. Using the start.sh on the first partition should make the whole dump possible without any problems - i will try First i will try to dupm the /mtd_appdata/ partition and compare the partition sizes as its smaller and i definitively didn't touch it

In worst case i will try to repair first partition... As you know it's enough to have one partition working to have time for repairing the other section

BTW i checked logs from a time before i soldered - the i2c errors have always been there...

THX

Edit: Can i use sync and /sbin/toggle to toggle to first partition (instead of forced hw toggle)?

yes, you can use toggle w/o arguments to switch partitions.

Just for information: work is still in progress!
(i toggled back to 1st partition to repair the 2nd partition)

Yesterday i found out that samsung_hash seems to calculate incorrect hashes - extracted 3011 FW (AESdec, XOR) and moved exe.img to TV, hash of both this image and untouched /mtd_appdata/ are incorrect. I think its caused by a wrong mkey samsung_hash uses: 66 d7 7c 3a 49 7f 53 e2 51 5e f1 4c 21 d6 a4 d8 (same as mackey!)
getmkey shows this mkey: 6f6bc7e1fc7f86bf9c150a82f343e2e0 (input key is: 66d77c3a497f53e2515ef14c21d6a4d8)

So maybe that's the reason why my TV still shuts down after 45 seconds.

Today i could transfer the dump of /dev/stl017 to my pc via ftp! I could see the end of exe.img within this dump (last 3.6MByte of dump are FF's) and that's exactly the size the original and the bml0/10 partition show. Tomorrow i will try to build chkhash on windows and check the hashes of original exe.img and if it matches the hash of my image I will let you know!

don`t worry about FF! you`re absolutely right about hash calculations - empty space (FF) is being ignored. I prefer to cut out binary in hex, to don`t confuse myself.

Also you could transfer original decrypted exe.img and flash it.

ps. you can attach copy of stl, i`ll calculate hash for you

don`t worry about FF!

Excuse me, what do you mean?

Is there any tool ready to calculate the hash on pc (firmware patcher can not as i have seen)?

Original decrypted exe.img is already on tv and md5sum is correct. But there is not enough time to flash i suspect

I will upload it tomorrow as i have mobile internet right now only :/