LExxB650 T2P CI+ hacking

This forum is for information related with B series hardware instead of firmware/software.

User avatar
erdem_ua
SamyGO Admin
Posts: 3125
Joined: Thu Oct 01, 2009 6:02 am
Location: Istanbul, Turkey
Contact:

Re: LExxB650 T2P CI+ hacking

Post by erdem_ua »

robbiesz wrote:Have a look at the files in linux-b650t2p/init folder... The encryption used is cmac-eas where the cmac ciphering is done by the processor.. I've managed to compile the CI+ kernel so I can run some tests myself. Yeah, you can run CI+ kernel on a CI set... Of course my build has a bit (a lot) more debugging info..
I've also been working on a kernel module which will do the HW ciphering. It seems to be working on my set but will need a CI+ tester soon.. Jeroen, how would you feel about doing some testing for me? :-)
robbiesz
So If we run CI+ kernel on CI machine, couldn't we run CI kernel on CI+ ? Wouldn't Cross firmware update drop entire CI+ problem?
User avatar
erdem_ua
SamyGO Admin
Posts: 3125
Joined: Thu Oct 01, 2009 6:02 am
Location: Istanbul, Turkey
Contact:

Re: LExxB650 T2P CI+ hacking

Post by erdem_ua »

I think we can't publish the original Firmware images for download as our own.
If we can decrypt firmware update images, It helps much.
We have the flash dumps means literally any key and salt we need. But we need a person, who understands that encryption thing for modify those flashes.
User avatar
erdem_ua
SamyGO Admin
Posts: 3125
Joined: Thu Oct 01, 2009 6:02 am
Location: Istanbul, Turkey
Contact:

Re: LExxB650 T2P CI+ hacking

Post by erdem_ua »

I wanted to say that, we can't re-distrubute Samsung owned programs. But we can distribute patches that modify original firmware.
If we crack the encryption of images (as it samsung download pages), than we can modify that FWs with SamyGO Firmware Patcher script.
User avatar
erdem_ua
SamyGO Admin
Posts: 3125
Joined: Thu Oct 01, 2009 6:02 am
Location: Istanbul, Turkey
Contact:

Re: LExxB650 T2P CI+ hacking

Post by erdem_ua »

almar10 wrote:I still don't think we are on the same line. The person responsible for this shouldn't have to publish anything proprietary. If we made a memory dump during an update proces its safe to say we have the key (in memory). (start firmware update cancel it and do a dd /dev/mem)We just don't know where, hence the decryption using the whole memory. I think the key will be a logical or one deductable from the firmware image afterwards so that we do the same trick for the other ci models.
Sorry, I miss understood your last post by my low knowledge of english :)
mprotect
Official SamyGO Developer
Posts: 19
Joined: Sun Dec 06, 2009 4:41 pm

Encryption/Decryption of Update files.

Post by mprotect »

Hi,

I attach some tools for decrypting/encrypting the CIP firmware files and a plugin for disabling the RSA signature check.
Try them on your own risk :!: I tested the tools but I didn't flash a patched firmware yet.
You do not have the required permissions to view the files attached to this post.

Post Reply

Return to “[B] Hardware”