SamyGO

Samsung TV Firmware on the GO
http://forum.samygo.tv/

LExxB650 T2P CI+ hacking

http://forum.samygo.tv/viewtopic.php?t=120

Page 6 of 8

Re: LExxB650 T2P CI+ hacking

Posted: Thu Dec 03, 2009 9:44 pm
by erdem_ua
robbiesz wrote:Have a look at the files in linux-b650t2p/init folder... The encryption used is cmac-eas where the cmac ciphering is done by the processor.. I've managed to compile the CI+ kernel so I can run some tests myself. Yeah, you can run CI+ kernel on a CI set... Of course my build has a bit (a lot) more debugging info..
I've also been working on a kernel module which will do the HW ciphering. It seems to be working on my set but will need a CI+ tester soon.. Jeroen, how would you feel about doing some testing for me? :-)
robbiesz
So If we run CI+ kernel on CI machine, couldn't we run CI kernel on CI+ ? Wouldn't Cross firmware update drop entire CI+ problem?

Re: LExxB650 T2P CI+ hacking

Posted: Thu Dec 17, 2009 12:03 am
by erdem_ua
I think we can't publish the original Firmware images for download as our own.
If we can decrypt firmware update images, It helps much.
We have the flash dumps means literally any key and salt we need. But we need a person, who understands that encryption thing for modify those flashes.

Re: LExxB650 T2P CI+ hacking

Posted: Thu Dec 17, 2009 2:58 pm
by erdem_ua
I wanted to say that, we can't re-distrubute Samsung owned programs. But we can distribute patches that modify original firmware.
If we crack the encryption of images (as it samsung download pages), than we can modify that FWs with SamyGO Firmware Patcher script.

Re: LExxB650 T2P CI+ hacking

Posted: Mon Dec 21, 2009 11:18 pm
by erdem_ua
almar10 wrote:I still don't think we are on the same line. The person responsible for this shouldn't have to publish anything proprietary. If we made a memory dump during an update proces its safe to say we have the key (in memory). (start firmware update cancel it and do a dd /dev/mem)We just don't know where, hence the decryption using the whole memory. I think the key will be a logical or one deductable from the firmware image afterwards so that we do the same trick for the other ci models.
Sorry, I miss understood your last post by my low knowledge of english :)

Encryption/Decryption of Update files.

Posted: Wed Dec 30, 2009 6:26 pm
by mprotect
Hi,

I attach some tools for decrypting/encrypting the CIP firmware files and a plugin for disabling the RSA signature check.
Try them on your own risk :!: I tested the tools but I didn't flash a patched firmware yet.
All times are UTC+01:00
Page 6 of 8

Powered by phpBB® Forum Software © phpBB Limited