Sorry, but no good news from me. I couldnt manage to get a character input. I found many ways to get a console but everything I can Input are numbers -.-
Disabling the watchdog didnt't help. And sence we are default in a directory on TV's memory we can't name something different.
That's really bad...
I had a look at the sources but I couldn't find anything...
I found a way to send Micom signals but I guess that won't get us any further...
Edit: Since I can kill Micom from debug menu I think I can read the remote signals. Sice this produces a subsystem error. I will try this tomorrw
Access Linux Shell of TV on CI+ without "Game Menu"
-
- Posts: 54
- Joined: Sun Jan 10, 2010 3:22 pm
-
- Posts: 54
- Joined: Sun Jan 10, 2010 3:22 pm
Re: Access Linux Shell of TV on CI+ without "Game Menu"
See this post: http://forum.samygo.tv/viewtopic.php?p=833#p833maxkostuk wrote:I don?t know, is it really something useful, but I found following in the dump of exeDSP (Version T-CHL5CIPDEUC 2005.2) at the offset 013EDA40:The first number is our well known access code to the debug menu.Code: Select all
1198282 1194444 8158282 81588 81599 81501 81590 30101
May be one of another numbers could be an access code with another access rights???
Unfortunally I can try it first late in the evening.
Hmm, this is really tricky, I think the character Handling is done directly in the kernel or even direct on the chip by setting a special flag. That would make it nearly impossible to get access without knowing the RSA secret -.-
- erdem_ua
- SamyGO Admin
- Posts: 3125
- Joined: Thu Oct 01, 2009 6:02 am
- Location: Istanbul, Turkey
- Contact:
Re: Access Linux Shell of TV on CI+ without "Game Menu"
Nope, I thing character handling done in MicomCtrl program. We need to compare CI+ MicomCtrl and CI MicomCtrl.
- erdem_ua
- SamyGO Admin
- Posts: 3125
- Joined: Thu Oct 01, 2009 6:02 am
- Location: Istanbul, Turkey
- Contact:
Re: Access Linux Shell of TV on CI+ without "Game Menu"
Hi cowen, I can't see you here for a long time.
-
- Posts: 54
- Joined: Sun Jan 10, 2010 3:22 pm
Re: Access Linux Shell of TV on CI+ without "Game Menu"
Ok, got some news!
Played a bit again if I can get Micom commands, like I mentioned before but it didnt work.
After that I found an interesting Option in debug menu. It's called 'DirectSWUpgrade'. After selecting it the TV will search for USB for 30 seconds... Maybe it will flash everything it gets from there.
Wish me luck when I try this
Another option is called '[5 : TV_OPTION_BOOT_PARAM'. I can read it and it says
Dont know if this is worth to have a look at...
Edit: Hmm, SamyGo FW Patcher won't patch my Firmware T-CHL5CIPDEUC:
Edit2: Sure it wont patch it since there is no Network on my TV... Have to find a way to modify FW without changing anything
Played a bit again if I can get Micom commands, like I mentioned before but it didnt work.
After that I found an interesting Option in debug menu. It's called 'DirectSWUpgrade'. After selecting it the TV will search for USB for 30 seconds... Maybe it will flash everything it gets from there.
Wish me luck when I try this
Another option is called '[5 : TV_OPTION_BOOT_PARAM'. I can read it and it says
Code: Select all
Select Option : : 5
Success...Read Value = 0
Edit: Hmm, SamyGo FW Patcher won't patch my Firmware T-CHL5CIPDEUC:
Code: Select all
SamyGO Firmware Patcher v0.16 (c) 2010 Erdem U. Altinyurt
-=BIG FAT WARNING!=-
You can brick your TV with this tool!
Authors accept no responsibility about ANY DAMAGE on your devices!
project home: http://SamyGO.sourceforge.net
AES Encrytped CI+ firmware detected.
Decrypting with AES...
secret key : A435HX:d3e90afc-0f09-4054-9bac-350cc8dfc901-7cee72ea-15ae-45ce-b0f
5-611c4f8d4a71
Decrypting AES...
Decrypting with XOR key : T-CHL5CIPDEUC
Crypto package found, using fast XOR engine.
Calculated CRC : 0xE0839866
CRC Validation passed
It's not safe to change exeDSP at CI+ devices now.
Skipped Video AR Fix.
Applying Telnet Patch...
Searching %99
Oops!: "#Remove engine logging." string not found on image.
Probably this firmware is already patched or firmware is encrypted with SSL
Telnet Patch not applied.
No Change applied, Aborting...
- erdem_ua
- SamyGO Admin
- Posts: 3125
- Joined: Thu Oct 01, 2009 6:02 am
- Location: Istanbul, Turkey
- Contact:
Re: Access Linux Shell of TV on CI+ without "Game Menu"
Firmware Patcher is not compatible with CHL5CIPDEUC, it can be patched manually but you can't flash that modified FW because of RSA check.