One of users reported, he found on his C630 TV this:
(spI Debug) :
Code: Select all
0 : Register & Physical Memory Read
1 : Register & Physical Memory Write
As you all know, this firmware is not hacked yet and might enabling shell is the way to do that.
Who could say what address to patch? Remember - we have decrypted kernel to look at.
Edit: I checked exeDSP of T-VAL6DEUC for txt string Physical Memory Write and here isn`t any Memory Write (just read).
But might the menu we are looking for is just hidden, because all menus are in that order:
Code: Select all
0: Register & Physical Memory Read
2:
Edit2:
===================================================================================
1. Searching for string
Code: Select all
013092E7042082E2040053E10200000A
in kernel of C630 (T-VAL6DEUC-1012), (compared to kernel of B550 ) , indicates, that address to patch is 0016DAAB or in DRAM:60175AAB (or close to it)
String is not duplicated and found on C630 kernel only once.
2. Rvs2 suggest to path kernel ...
Code: Select all
ROM:0016DA98 E0 1D 9F E5 LDR R1, =0xC02FBF9C
ROM:0016DA9C 01 30 92 E7 LDR R3, [R2,R1]
ROM:0016DAA0 04 20 82 E2 ADD R2, R2, #4
ROM:0016DAA4 04 00 53 E1 CMP R3, R4
ROM:0016DAA8 02 00 00 0A BEQ loc_16DAB8
ROM:0016DAAC 4C 00 52 E3 CMP R2, #0x4C ==19
ROM:0016DAB0 2E 03 00 0A BEQ loc_16E770
ROM:0016DAB4 F7 FF FF EA B loc_16DA98
original value: 0A
changed value: EA
EDIT: It woks!