SamyGO

Samsung TV Firmware on the GO
https://forum.samygo.tv/

Enter to TV with Ex-Link on 3000.2 FW

https://forum.samygo.tv/viewtopic.php?t=461

Page 3 of 5

Re: Enter to TV with Ex-Link on 3000.2 FW

Posted: Mon Mar 15, 2010 9:04 pm
by juusso
how about game_verify_key.pem

Code: Select all

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGaB4qEPGgD3jPKPOAbk/BAi+b
y0W2Fy1DD7FM8XnnTcfZXqFsx3QbmuOCx9J0hbsRaVrUS6RF6OWlRcJkIAKg1Cnk
Otuc6w6GhwF+1hpfJwaGx5z5D0FoEqC1BCpYgnuAHoQpXBdT+bmxhFvw157BfZNx
5V9s/3FibGgs2mR7zwIDAQAB
-----END PUBLIC KEY-----
?

Re: Enter to TV with Ex-Link on 3000.2 FW

Posted: Tue Mar 16, 2010 4:04 am
by erdem_ua
I don't understand a lot from encryption :)
Does anyone here for find a secret key?

Re: Enter to TV with Ex-Link on 3000.2 FW

Posted: Tue Mar 16, 2010 5:25 am
by juusso
who said 1.5 hour? My AMD 3200 pc works all over the night and it seems, it will take much more time :D
I don`t understand encryption too, but this public key is in directory GAME_LIB just after XOR decryption.

Re: Enter to TV with Ex-Link on 3000.2 FW

Posted: Tue Mar 16, 2010 9:00 am
by marcelru
Hi juuso,

I'm not sure what you are trying to do, but disassembling a 50-odd MB executable shouldn't take that long. If you are trying to find the private key of the encryption, that's a totally different matter. That may take quite some time.....


grtz,

marcelr

Re: Enter to TV with Ex-Link on 3000.2 FW

Posted: Tue Mar 16, 2010 11:21 am
by juusso
game_verify_key.pem file doesn`t exist in older firmwares, but exist in 3000.2. What if before flashing u have to delete this file from FW? I guess, w/o this file it will be possible to copy samygo to tv memory ?
Something was wrong with my computer. It crashed this morning. Another PC takes about 2 hours to disassemble.
Few info about RSA keys: http://en.wikipedia.org/wiki/Public-key_cryptography . We have public key. Now we need private one. Anybody knows is it possible to generate private key if we have a public key?

Re: Enter to TV with Ex-Link on 3000.2 FW

Posted: Tue Mar 16, 2010 7:13 pm
by juusso
I found this

Code: Select all

.text:0065D8E0                 LDR     R1, =a1198282   ; "1198282"
.text:0065D92C                 LDR     R1, =a1194444   ; "1194444"
.text:0065D9A0                 LDR     R1, =a8158282   ; "8158282"
.text:0065D9C8                 LDR     R1, =a81588     ; "81588"
.text:0065D9F4                 LDR     R1, =a81599     ; "81599"
.text:0065DA20                 LDR     R1, =a81501     ; "81501"
.text:0065DA34                 LDR     R1, =a81590     ; "81590"
.text:0065DA78                 LDR     R1, =a30101     ; "30101"
these codes are in FW, but i dont`t know why they dont work.
and this:

Code: Select all

.text:0065E3F4 ; AutoRcInputBase::DebugMenu(void)
.text:0065E3F4                 EXPORT _ZN15AutoRcInputBase9DebugMenuEv
.text:0065E3F4 _ZN15AutoRcInputBase9DebugMenuEv        ; CODE XREF: AutoRcInputBase::Debuger(void)+10p
.text:0065E3F4                 STMFD   SP!, {R4,LR}
.text:0065E3F8                 MOV     R0, #0xA        ; c
.text:0065E3FC                 LDR     R4, =asc_1863BEC ; "===================================="
.text:0065E400                 BL      putchar
.text:0065E404                 MOV     R0, R4          ; s
.text:0065E408                 BL      puts
.text:0065E40C                 LDR     R0, =aKeyinputDebugM ; "      [ KeyInput Debug Menu]   "
.text:0065E410                 BL      puts
.text:0065E414                 LDR     R0, =asc_1967BD4 ; "------------------------------------"
.text:0065E418                 BL      puts
.text:0065E41C                 LDR     R0, =a1AutoRemoconTe ; "  1  : Auto Remocon Test"
.text:0065E420                 BL      puts
.text:0065E424                 LDR     R0, =a2CecTest  ; "  2  : CEC Test"
.text:0065E428                 BL      puts
.text:0065E42C                 LDR     R0, =a3PrintInitiali ; "  3  : Print Initialize Time"
.text:0065E430                 BL      puts
.text:0065E434                 MOV     R0, R4          ; s
.text:0065E438                 BL      puts
.text:0065E43C                 LDR     R0, =a99Exit_2  ; "  99 : Exit "
.text:0065E440                 BL      puts
.text:0065E444                 MOV     R0, R4
.text:0065E448                 LDMFD   SP!, {R4,LR}
.text:0065E44C                 B       puts
.text:0065E44C ; End of function AutoRcInputBase::DebugMenu(void)
.text:0065E44C
.text:0065E44C ; ---------------------------------------------------------------------------
I lost way...
Interesting code is there, but i`m not enough good to understand ...

Code: Select all

.text:0065D844 to .text:0065DB50

Re: Enter to TV with Ex-Link on 3000.2 FW

Posted: Tue Mar 16, 2010 7:14 pm
by erdem_ua
juuso wrote:game_verify_key.pem file doesn`t exist in older firmwares, but exist in 3000.2. What if before flashing u have to delete this file from FW? I guess, w/o this file it will be possible to copy samygo to tv memory ?
Something was wrong with my computer. It crashed this morning. Another PC takes about 2 hours to disassemble.
Few info about RSA keys: http://en.wikipedia.org/wiki/Public-key_cryptography . We have public key. Now we need private one. Anybody knows is it possible to generate private key if we have a public key?
Possible but requires massive computational power. Could be archived by Multi-Machine GPGPU attack. but requires custom application for that.

Re: Enter to TV with Ex-Link on 3000.2 FW

Posted: Tue Mar 16, 2010 8:16 pm
by juusso
Yes, few strings..
All times are UTC+01:00
Page 3 of 5

Powered by phpBB® Forum Software © phpBB Limited