SamyGO

Samsung TV Firmware on the GO
http://forum.samygo.tv/

LExxB650 T2P CI+ hacking

http://forum.samygo.tv/viewtopic.php?t=120

Page 8 of 8

Re: LExxB650 T2P CI+ hacking

Posted: Sun Jan 03, 2010 4:37 pm
by mprotect
erdem_ua wrote: About flashing modified firmware. It isn't possible to flash TV with encrypt_update programs output, right?
Wrong. That's why I created the "RSA disable" game.
erdem_ua wrote: And if checksums are generated after flashing, than we can hack exeDSP via IDA as at CI devices (like for implementing Video ARFix.)
I think so, yes.

Re: LExxB650 T2P CI+ hacking

Posted: Sun Jan 03, 2010 6:15 pm
by erdem_ua
mprotect wrote:
erdem_ua wrote: About flashing modified firmware. It isn't possible to flash TV with encrypt_update programs output, right?
Wrong. That's why I created the "RSA disable" game.
erdem_ua wrote:
Okay. Instead of "RSA disable" game method, I wanted to generate this signature from XOR encrypted image since we know the "secret" key. But I think this RSA secret is different than AES secret, so we needed to scan/bruteforce entire RSA key space for implementing this.
Your method is remove kernel signature check but not every CI+ device has Game menu. We can execute derivative application from telnet too but CI+ devices could only enable their telnet via Telnet Enabler Application which is requires game menu too..

Sum off all those, CI+ is broken for only devices with a "Game" menu. Other CI+ devices cannot update their firmwares as they want...

Re: LExxB650 T2P CI+ hacking

Posted: Sun Jan 03, 2010 7:24 pm
by erdem_ua
So, this topic close to the end here since we got almost all Hardware related things. So I open new topic for at software forum for software discussions/problems for CI+ devices.
Please follow this topic for SOFTWARE related questions and applications for CI+ devices...

Re: LExxB650 T2P CI+ hacking

Posted: Tue Feb 09, 2010 2:49 am
by dasilverpaladin
Sorry,

i know you wanna close this topic but i have something to add here.

After i flashed my TV 2 or 3 times (don`t know exactly) with modified firmware i noticed that my TV says there was no firmware backup.
I checked the path you mentioned in the wiki (Ensure the backup exe.img ( stored on /dev/tbml10 ) is in good condition ( and ideally not altered. ) )
but there is no folder just an 60MB file.

Maybe disabling the RSA also disables the backup progress.

As precoution i suggest every 2nd or 3rd flash should be an original unaltered firmwareimage, havent tried it, bust should work.

As adittion i installed an FTP server on my TV, if someone needs files from an 37" B650 CI+, just ask :)

Re: LExxB650 T2P CI+ hacking

Posted: Sat May 21, 2011 12:55 pm
by juusso
1198282 is for B series. You are looking T-VALDEUC, It`s for C series.
All times are UTC+01:00
Page 8 of 8

Powered by phpBB® Forum Software © phpBB Limited