Access Linux Shell of TV on CI+ without "Game Menu"

Here is information about customize your B series firmware..:!:This forum is NOT FOR USER questions or problems but DEVELOPER.

langerhans
Posts: 54
Joined: Sun Jan 10, 2010 3:22 pm

Re: Access Linux Shell of TV on CI+ without "Game Menu"

Post by langerhans »

Sorry, but no good news from me. I couldnt manage to get a character input. I found many ways to get a console but everything I can Input are numbers -.-
Disabling the watchdog didnt't help. And sence we are default in a directory on TV's memory we can't name something different.
That's really bad...

I had a look at the sources but I couldn't find anything...
I found a way to send Micom signals but I guess that won't get us any further...

Edit: Since I can kill Micom from debug menu I think I can read the remote signals. Sice this produces a subsystem error. I will try this tomorrw
langerhans
Posts: 54
Joined: Sun Jan 10, 2010 3:22 pm

Re: Access Linux Shell of TV on CI+ without "Game Menu"

Post by langerhans »

maxkostuk wrote:I don?t know, is it really something useful, but I found following in the dump of exeDSP (Version T-CHL5CIPDEUC 2005.2) at the offset 013EDA40:

Code: Select all

1198282 1194444 8158282 81588   81599   81501   81590   30101
The first number is our well known access code to the debug menu.
May be one of another numbers could be an access code with another access rights???
Unfortunally I can try it first late in the evening.
See this post: http://forum.samygo.tv/viewtopic.php?p=833#p833
Hmm, this is really tricky, I think the character Handling is done directly in the kernel or even direct on the chip by setting a special flag. That would make it nearly impossible to get access without knowing the RSA secret -.-
User avatar
erdem_ua
SamyGO Admin
Posts: 3125
Joined: Thu Oct 01, 2009 6:02 am
Location: Istanbul, Turkey
Contact:

Re: Access Linux Shell of TV on CI+ without "Game Menu"

Post by erdem_ua »

Nope, I thing character handling done in MicomCtrl program. We need to compare CI+ MicomCtrl and CI MicomCtrl.
User avatar
erdem_ua
SamyGO Admin
Posts: 3125
Joined: Thu Oct 01, 2009 6:02 am
Location: Istanbul, Turkey
Contact:

Re: Access Linux Shell of TV on CI+ without "Game Menu"

Post by erdem_ua »

Hi cowen, I can't see you here for a long time. :)
langerhans
Posts: 54
Joined: Sun Jan 10, 2010 3:22 pm

Re: Access Linux Shell of TV on CI+ without "Game Menu"

Post by langerhans »

Ok, got some news!
Played a bit again if I can get Micom commands, like I mentioned before but it didnt work.
After that I found an interesting Option in debug menu. It's called 'DirectSWUpgrade'. After selecting it the TV will search for USB for 30 seconds... Maybe it will flash everything it gets from there.
Wish me luck when I try this :?

Another option is called '[5 : TV_OPTION_BOOT_PARAM'. I can read it and it says

Code: Select all

Select Option : : 5
Success...Read Value = 0
Dont know if this is worth to have a look at...

Edit: Hmm, SamyGo FW Patcher won't patch my Firmware T-CHL5CIPDEUC:

Code: Select all

SamyGO Firmware Patcher v0.16 (c) 2010 Erdem U. Altinyurt

                   -=BIG FAT WARNING!=-
            You can brick your TV with this tool!
Authors accept no responsibility about ANY DAMAGE on your devices!
         project home: http://SamyGO.sourceforge.net

AES Encrytped CI+ firmware detected.
Decrypting with AES...
secret key :  A435HX:d3e90afc-0f09-4054-9bac-350cc8dfc901-7cee72ea-15ae-45ce-b0f
5-611c4f8d4a71
Decrypting AES...

Decrypting with XOR key :  T-CHL5CIPDEUC
Crypto package found, using fast XOR engine.

Calculated CRC : 0xE0839866
CRC Validation passed
It's not safe to change exeDSP at CI+ devices now.
Skipped Video AR Fix.

Applying Telnet Patch...
Searching %99
Oops!: "#Remove engine logging." string not found on image.
Probably this firmware is already patched or firmware is encrypted with SSL
Telnet Patch not applied.

No Change applied, Aborting...
Edit2: Sure it wont patch it since there is no Network on my TV... Have to find a way to modify FW without changing anything :shock:
User avatar
erdem_ua
SamyGO Admin
Posts: 3125
Joined: Thu Oct 01, 2009 6:02 am
Location: Istanbul, Turkey
Contact:

Re: Access Linux Shell of TV on CI+ without "Game Menu"

Post by erdem_ua »

Firmware Patcher is not compatible with CHL5CIPDEUC, it can be patched manually but you can't flash that modified FW because of RSA check.

Post Reply

Return to “[B] Firmware”