Page 3 of 5
Re: T-VALDEUC Firmware AES key :)
Posted: Thu May 12, 2011 7:54 pm
by juusso
Denny, yes, your way is good! But we need hack TV first to get telnet access. New 3009 firmwares do not allow make hotel mode hack and widget hack is gone too. Then we need somthing new...
Is here a way to run telnet-enabler from widget? Or widget-telnet enabler, makes no sense how do we call it.
Re: T-VALDEUC Firmware AES key :)
Posted: Thu May 12, 2011 8:03 pm
by Denny
Code: Select all
Denny, yes, your way is good! But we need hack TV first to get telnet access. New 3009 firmwares do not allow make hotel mode hack.
i know what u mean, but dont worry about this , will be also posible to do by widget, just the one point that needs to be done, in code is litelbit fuzzy to reverse it complete but will be done!!!
look, if someone alredy update 3009 he even can not do anything with modified firmware coz he can not disable rsa check coz it is in exeDSP and we dont have private key, so no way except widget way and i am 1000% sure it can be done coz i have for cmk private rsa key!
.
Denny
Re: T-VALDEUC Firmware AES key :)
Posted: Thu May 12, 2011 8:04 pm
by juusso
coz i have for cmk private rsa key!
God bless (Denny)!
Re: T-VALDEUC Firmware AES key :)
Posted: Thu May 12, 2011 8:08 pm
by Denny
wortex , yes simple arm_v7_vfp_le
i think if u try #include <openssl/something.h> u will get error, so , simple c standard code , finish
@ juuso ^..^
so am now away, let see when i get fw flash routine out, in BD-C6900 asm code was easy, for valdeuc is litelbit fuzzy to trace all.
Re: T-VALDEUC Firmware AES key :)
Posted: Thu May 12, 2011 8:09 pm
by juusso
wortex wrote:
BTW a good idea to test key with 3009 too...
Yes, i can confirm, it decrypts T-VALDEUC-3009.2 properly. Just done
Re: T-VALDEUC Firmware AES key :)
Posted: Fri May 13, 2011 7:03 am
by juusso
k4roshi wrote:Just so you know.. it decrypts t-val6deuc successfully too..
T-VALDAAC-1008.0 as well.
I think the same key is for whole T-VAL**** firmware family.
Re: T-VALDEUC Firmware AES key :)
Posted: Fri May 13, 2011 12:44 pm
by timoo
T-VALDCNC 1011.1
decrypted too
Re: T-VALDEUC Firmware AES key :)
Posted: Fri May 13, 2011 5:20 pm
by mirsev
card2000 wrote:Code: Select all
Denny, yes, your way is good! But we need hack TV first to get telnet access. New 3009 firmwares do not allow make hotel mode hack.
i know what u mean, but dont worry about this , will be also posible to do by widget, just the one point that needs to be done, in code is litelbit fuzzy to reverse it complete but will be done!!! :)
look, if someone alredy update 3009 he even can not do anything with modified firmware coz he can not disable rsa check coz it is in exeDSP and we dont have private key, so no way except widget way and i am 1000% sure it can be done coz i have for cmk private rsa key! :D .
Denny
Hi, I don't understand, if you can decrypt and encrypt back firmware, why don't you just install telnetd, ftpd, and/or sshd and their startup scripts on the decrypted rootfs or mtd_exe, build new squashfs, rewrite hashes, encrypt firmware back and flash it by standard way? Is there problem do do that?