Page 1 of 2
E-Series Firmware downgrade with USB drive?
Posted: Fri Dec 21, 2012 7:02 pm
by E3V3A
Would it not be more easy to downgrade with USB drive?
That way you'd also have better control of what version you downgrade to?
Like arris69 said:
arris69 wrote:... if someone really like to revert to an older version he can decrypt an older usb firmware with samygo patcher and flash it manually over netcat shell and mmc.restore.
Looking in the T-MST10PDEUC_1029.0, I see we have the upgrade and revert scripts already.
Code: Select all
auto_fdisk_emmc.sh
network_init.sh
partition_check.sh
rest_mount.sh
umount_partition.sh
** update.sh
** update_change_partition_flag.sh
usb_start.sh
** May need to be edited or merged into our own update script.
So if we have root, we could just execute our own script that does the same thing as these:
1. Download the firmware (FW) you wanna "downgrade" to.
2. Extract FW on your local PC.
3. Extract & decrypt FW images with SamyGO patcher script.
4. Put all on your USB drive and put in to your TV.
5. Get root shell.
6. Run our own "samygo_reflash.sh" script to flash the various FW images via "dd" etc...
7. Reboot.
These steps are just begging to be scripted.
Now this is all in theory. I have no idea if this would actually work or brick. I currently have no way of testing, as I don't have an extra development TV to "play" with... (The only thing that worries me, is the key.bin file that I can't find...) Any comments?
Re: E-Series Firmware downgrade with USB drive?
Posted: Fri Dec 21, 2012 7:12 pm
by juusso
This "update" script (as all such kind scripts on any of previous series) do everything right except one: no hash calculating and if not patched kernel used - after rebot you get some urgent reboots (=almost brick if no initial root access).
If we use custom kernel where hash checking is patched out, then yes.
Re: E-Series Firmware downgrade with USB drive?
Posted: Fri Dec 21, 2012 7:34 pm
by E3V3A
^^ So it's OK then? Because we're not patching anything, just reverting entire firmware to lower version. Which I assumed this thread was for?
Re: E-Series Firmware downgrade with USB drive?
Posted: Fri Dec 21, 2012 7:56 pm
by juusso
NOT OK. Reverting entire firmware doesn`t touch hash partitions. I mean we need re-flash hashes as well (could be pre-calculated...).
Re: E-Series Firmware downgrade with USB drive?
Posted: Fri Dec 21, 2012 11:50 pm
by E3V3A
juuso wrote:NOT OK. Reverting entire firmware doesn`t touch hash partitions. I mean we need re-flash hashes as well (could be pre-calculated...).
Which ones are the "hash partitions"?
I don't see why we need to re-flash hashes, if we're downgrading with Samsung official FW?
Re: E-Series Firmware downgrade with USB drive?
Posted: Sat Dec 22, 2012 11:32 am
by juusso
From /mtd_exe/partition.txt:
Code: Select all
7 /dev/mmcblk0p7 8192 sign0.bin MLC NONE SECUREMAC0 NONE 1048576 NONE NONE
8 /dev/mmcblk0p8 8192 sign1.bin MLC NONE SECUREMAC1 NONE 1048576 NONE NONE
also from update.sh:
Code: Select all
export SECUREMAC1=/dev/mmcblk0p8
export SECUREMAC2=/dev/mmcblk0p9
Those are hash/signature partitions. Hashes(or cmacs...) are stored there for both (actual and alternative) partition sets. Doesn`t matter you flash original or not firmware by hand/by script, you have to be sure hashes on these partitions match. Script doesnt update hashes, normally firmware upgrade files doesn`t contain sign.bin, this job is done by exeDSP.
To don`t brick, sign0/sign1.bin must be prepared on PC for each firmware version you`re going to flash by script, and flashed by script. Moreover, code exists there already:
Code: Select all
if [ -e $MDIR/$directory/sign0.bin ] && [ "$partition" = "1" ]
then
echo "START update sign0.bin"
echo "update 1st partition"
dd if=$MDIR/$directory/sign0.bin of=${SECUREMAC0} 2> /dev/null
if [ $? != 0 ]
then
echo "Partition erase"
dd if=$MDIR/$directory/sign0.bin of=${SECUREMAC0} 2> /dev/null
fi
sync
echo "END update sign0.bin"
elif [ -e $MDIR/$directory/sign1.bin ] && [ "$partition" = "2" ]
then
echo "START update sign1.bin"
echo "update 2nd partition"
dd if=$MDIR/$directory/sign1.bin of=${SECUREMAC1} 2> /dev/null
if [ $? != 0 ]
then
echo "Partition erase"
dd if=$MDIR/$directory/sign1.bin of=${SECUREMAC1} 2> /dev/null
fi
sync
echo "END update sign1.bin"
else
echo "sign0.bin or sign1.bin is not found"
fi
I just want to make your attention that flashing just exe.img/apptata.img is not enough. signx.bin are very important for success.
If you gona to reflash kernel, you have to add hash/signature to kernel`s image. If you gona to change rootfs, you have to add authuld`s hash to the end of rootfs.img and hash of rootfs to signx.bin at correct address.
How to calculate required hashes is another question.
Re: E-Series Firmware downgrade with USB drive?
Posted: Sat Dec 22, 2012 12:04 pm
by arris69
E3V3A wrote:Would it not be more easy to downgrade with USB drive?
That way you'd also have better control of what version you downgrade to?
Like arris69 said:
arris69 wrote:... if someone really like to revert to an older version he can decrypt an older usb firmware with samygo patcher and flash it manually over netcat shell and mmc.restore.
...
ok to be more precise
you can easy downgrade to your prev. firmware (from samygo-patched firmware !!!! for ECPDEUC !!!!) you need to restore the exe.img from usb firmware and tell the tv to switch partitions (toggle, partitionflags etc...). but just if you have an original on the second partitions.
for full version from usb you need this signature stuff too...
Re: E-Series Firmware downgrade with USB drive?
Posted: Sat Dec 22, 2012 6:50 pm
by dajojo
i have options in menu :
upgrade alternative firmware.. greyed out
remote managment.. for helpdesk purposes.. this gives me a code and opens something on the tv.
dont think its wise idea to downgrade original firmware as somewhere in the line samsung implemented a new function to make the upgrade process saver.
downgrade option from modified ecpdeuc to original .. u tried ? it seems to me it get overwritten at succesfull boot the 2nd partition with new sign1.bin.
Re: E-Series Firmware downgrade with USB drive?
Posted: Sat Dec 22, 2012 7:43 pm
by arris69
dajojo wrote:i have options in menu :
upgrade alternative firmware.. greyed out
remote managment.. for helpdesk purposes.. this gives me a code and opens something on the tv.
its old dead fisch, it was also present on d-series...
dont think its wise idea to downgrade original firmware as somewhere in the line samsung implemented a new function to make the upgrade process saver.
downgrade option from modified ecpdeuc to original .. u tried ?
no, then i not checked that is some new version online from samsung or not.
it seems to me it get overwritten at succesfull boot the 2nd partition with new sign1.bin.
not checked just guessed -> if you install encrypted firmware (original one via usb or anyone over OTN) the flash routine rewrites the SECUREMACx partitions. so you need the signx.bin files if you
install unencrypted firmware images (probably samsung devs playing around this way...)
Re: E-Series Firmware downgrade with USB drive?
Posted: Sat Dec 22, 2012 8:42 pm
by dajojo
so to elaborate.. USB encrypted firmware with userkeys will be unpacked by flashroutine and then flashed and get signx.bin put in ?
USB unencrypted firmware without keys get stuck in flashroutine as no keys found or get passed by and flashed and get no signx.bin
so the thing is to get the firmware on eMMC and calculate keys for signx.bin and put this there also and it will work
first firmware bin0 can be upgraded over the air and halfway pull plug so it crashes and auto swaps from boot to firmware bin1 .. since one of latest official firmwares this is no more brick issue as they improved failure catching.