Reverse Engineering on exeDSP

Here is information about customize your B series firmware..:!:This forum is NOT FOR USER questions or problems but DEVELOPER.
Post Reply

User avatar
erdem_ua
SamyGO Admin
Posts: 3125
Joined: Thu Oct 01, 2009 6:02 am
Location: Istanbul, Turkey
Contact:

Reverse Engineering on exeDSP

Post by erdem_ua »

This topic is useful on reverse engineering on exeDSP with tools like IDA, HexEdits for cure some illness like DTS, Player screen FIT.

Some questions on our users mind that if reverse engineering of exeDSP is legal or not.

If you download a program, EULA will say something about "disassembling, decompiling, reverse engineering is prohibited".
But there is no string about on firmware download pages of Samsung. And again no such a string in Firmware image or inside of exeDSP (A.F.A.I.K). So Samsung doesn't say a word about it. That means they allow such an act ( on my country as a son of lawyer). There is no obligation to make it prohibited depending on my country laws. I don't know what is your country and running on which laws. But this is free software and we don't sell this content with money. We also don't distribute Samsung's modified firmware too. Only thing we made is researching and trying to fix our devices. I don't think this is outlaw in any country, but if you want to reverse engineer exeDSP, it's better to visit your local lawyer. ;)
User avatar
erdem_ua
SamyGO Admin
Posts: 3125
Joined: Thu Oct 01, 2009 6:02 am
Location: Istanbul, Turkey
Contact:

Re: Reverse Engineering on exeDSP

Post by erdem_ua »

quoted from avsforum:
by new_age
Hello Guys!

I'm doing some investigations in B650 exeDSP executable. I've already figured out how to strech the picture of media player to full screen: h++p://newage.mpeg4-players.info/samsung/b650/

Now I'm checking DTS things. I don't have an exlink cable yet so please anyone would be kind to provide me a full debug log of starting a MKV file with first audio stream as DTS stream? That could probably help me tracking down the interesting codeparts.

thanks in advance.

Well I've found some things. The bad news that is seems like there is absolutely no DTS support in the B650 firmware.

staMkv_GetAudioCodecType returns 9 for DTS
then uldAvfd_InterfacerGetAudioCodecType doesn't handle DTS and returns unknown (8) value.
So in the gAvfdInterfaceAudioCodecFunctions tables (9 x 25 32bit pointer to .text functions) the last tables used. That only skips the audio data (uldAvfd_InterfacerSkipUnknownData, uldAvfd_InterfacerSkipUnknownEsData). So theoritically these two messages should appear in debug log.

De the 7xxx, 8xxx series support DTS audio?
User avatar
erdem_ua
SamyGO Admin
Posts: 3125
Joined: Thu Oct 01, 2009 6:02 am
Location: Istanbul, Turkey
Contact:

Re: Reverse Engineering on exeDSP

Post by erdem_ua »

I have investigated file and found that:
It's telnet enable code + custom AR fix.
Telnet enable code is old approach (without ampersand ), thus this firmware could be dangerous.
Custom AR Fix is applied to exeDSP;

Code: Select all

Search for differences
1. E:\org\exeDSP: 37.408.180 bytes
2. E:\fix\exeDSP: 37.408.180 bytes

Offsets: hexadec.
1352790:	01	04
1352798:	02	01
1352A98:	01	03
1352AA4:	02	04
1352AA8:	01	03
5 difference(s) found. 
I looked positions with IDA debugger and I understand that I missed IDA. I understand nothing about code.
Patch actually changes 5 bytes at function of "CToolMmbDisplaySizeItem::PressLeftRightKey()"

I can insert this bytes to Telnet-Patcher with exeDSP md5 checking (but if USA version use same patch, results will be catastrophic) but this will break the portability.
I think this will be better if its another patch which I will code this night. :)
newagehun
Official SamyGO Developer
Posts: 18
Joined: Tue Oct 06, 2009 10:21 pm

Re: Reverse Engineering on exeDSP

Post by newagehun »

Since we probably/hopefully will have different exeDSP patches I suggest we talk each in different topic. So I've started a new topic for the video display size issue.

Meanwhile I've discovered again a few interesting things: eg. how to handle in the *LeftRightKey routines which key was pressed. (In the
CToolMmbAudioLanguageSetItem::PressLeftRightKey routine is quite easy to understand)

To make an automatic patcher for the display size problem is easy since the routines I've modified 99% the same in all firmwares so will be compiled to the same bytes.

I hope the 9000 series will come soon with some fixes that we want to see in our tvs (eg MKV audio stream switch, DTS support, AR fix). So we can investigate and compare (and hopefully patch our tv). 8-)
newagehun
Official SamyGO Developer
Posts: 18
Joined: Tue Oct 06, 2009 10:21 pm

Re: Reverse Engineering on exeDSP

Post by newagehun »

I've managed to make my own exlink cable. But I've noticed that the debug log is not so detailed as I thought. Huge amount of messages are missing that could help my investigations (right now I'm on the audio switching issue).

Anyone any idea how to increase the rs232 debug log verbosity? :?:
newagehun
Official SamyGO Developer
Posts: 18
Joined: Tue Oct 06, 2009 10:21 pm

Re: Reverse Engineering on exeDSP

Post by newagehun »

You mean my listing should I share?
User avatar
erdem_ua
SamyGO Admin
Posts: 3125
Joined: Thu Oct 01, 2009 6:02 am
Location: Istanbul, Turkey
Contact:

Re: Reverse Engineering on exeDSP

Post by erdem_ua »

newagehun wrote:I've managed to make my own exlink cable. But I've noticed that the debug log is not so detailed as I thought. Huge amount of messages are missing that could help my investigations (right now I'm on the audio switching issue).

Anyone any idea how to increase the rs232 debug log verbosity? :?:
I think we needed to debug TV online with DBG.
I know that new version of IDA (probably 5.4) supports working with DBG.
It's better to update my IDA version. Who want to pay my bill? :D

Post Reply

Return to “[B] Firmware”