So If we run CI+ kernel on CI machine, couldn't we run CI kernel on CI+ ? Wouldn't Cross firmware update drop entire CI+ problem?robbiesz wrote:Have a look at the files in linux-b650t2p/init folder... The encryption used is cmac-eas where the cmac ciphering is done by the processor.. I've managed to compile the CI+ kernel so I can run some tests myself. Yeah, you can run CI+ kernel on a CI set... Of course my build has a bit (a lot) more debugging info..
I've also been working on a kernel module which will do the HW ciphering. It seems to be working on my set but will need a CI+ tester soon.. Jeroen, how would you feel about doing some testing for me?
robbiesz
LExxB650 T2P CI+ hacking
- erdem_ua
- SamyGO Admin
- Posts: 3125
- Joined: Thu Oct 01, 2009 6:02 am
- Location: Istanbul, Turkey
- Contact:
Re: LExxB650 T2P CI+ hacking
- erdem_ua
- SamyGO Admin
- Posts: 3125
- Joined: Thu Oct 01, 2009 6:02 am
- Location: Istanbul, Turkey
- Contact:
Re: LExxB650 T2P CI+ hacking
I think we can't publish the original Firmware images for download as our own.
If we can decrypt firmware update images, It helps much.
We have the flash dumps means literally any key and salt we need. But we need a person, who understands that encryption thing for modify those flashes.
If we can decrypt firmware update images, It helps much.
We have the flash dumps means literally any key and salt we need. But we need a person, who understands that encryption thing for modify those flashes.
- erdem_ua
- SamyGO Admin
- Posts: 3125
- Joined: Thu Oct 01, 2009 6:02 am
- Location: Istanbul, Turkey
- Contact:
Re: LExxB650 T2P CI+ hacking
I wanted to say that, we can't re-distrubute Samsung owned programs. But we can distribute patches that modify original firmware.
If we crack the encryption of images (as it samsung download pages), than we can modify that FWs with SamyGO Firmware Patcher script.
If we crack the encryption of images (as it samsung download pages), than we can modify that FWs with SamyGO Firmware Patcher script.
- erdem_ua
- SamyGO Admin
- Posts: 3125
- Joined: Thu Oct 01, 2009 6:02 am
- Location: Istanbul, Turkey
- Contact:
Re: LExxB650 T2P CI+ hacking
Sorry, I miss understood your last post by my low knowledge of englishalmar10 wrote:I still don't think we are on the same line. The person responsible for this shouldn't have to publish anything proprietary. If we made a memory dump during an update proces its safe to say we have the key (in memory). (start firmware update cancel it and do a dd /dev/mem)We just don't know where, hence the decryption using the whole memory. I think the key will be a logical or one deductable from the firmware image afterwards so that we do the same trick for the other ci models.
Encryption/Decryption of Update files.
Hi,
I attach some tools for decrypting/encrypting the CIP firmware files and a plugin for disabling the RSA signature check.
Try them on your own risk I tested the tools but I didn't flash a patched firmware yet.
I attach some tools for decrypting/encrypting the CIP firmware files and a plugin for disabling the RSA signature check.
Try them on your own risk I tested the tools but I didn't flash a patched firmware yet.
You do not have the required permissions to view the files attached to this post.