Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Messages - Mulder3
46
Since i am Portuguese,i don't speak German, i usually use Google translate tools to read the German posts, the problem is that Google messes up everything and i can barely understand what are you talking about, so i have a couple of questions for you...
- What are xtasks? As far as i understood, they are some kind of applications that you can execute on XPU, they are arranged in slots(i.e. you upload xtask X in XPU/XOS slot Y) So, the Video decoder uCode is a xtask? The same with the audio decoder and demuxer? They are xtasks? You can communicate with these xtasks or the xos via XRPC? Am i right?
- In the Portugal Telecom MEO firmware package the is 4 files in the root folder(XTLBoot.bin, XTUBoot.bin, XTLApp_1.2_XosE0.bin and XTUApp_1.2_XosE0.bin) What they represent? Also, the naming scheme is a bit odd, what is XTU, XTL, XTA?
- As far as i understood, we can't run the Linux version(i.e. the Popcorn version) of the audio/video uCodes because they are signed with a different certificate? So, what's stopping us from loading the WinCE version of these uCodes? Where they are located? Are they these files i mentioned in my last question?
- In PDA/Windows Mobile world the is a standard WinCE app called hret that can boot Linux from Windows Mobile by jump'ing into linux kernel directly from windows mobile, if we use that technique to boot linux from an already initialized WinCE with uCodes already loaded, in theory it should work... Anybody tried this?
-Where is the bootstrap/discovery address hard-coded in stb? In IPTV boot loader?
PS- the discovery address of Portugal Telecom's MEO iptv service is discovery.iptv.telecom.pt, you can add it to wiki (doesn't work using normal internet connection)
48
Can you, guys, make the nk.bin patcher source avaliable?
49
What`s the benefit of disabling Watchdog?
50
Has anyone access to this sdk? (
http://www.telekom.com/dtag/cms/content/dt/de/495580) Yes, i know is just an emulator of talisman browser and some tech docs, but i want to try if a can make a youtube client(like m.youtube.com and using some hacking to get h.264 streams instead of flv_video) using php/xhtml/javascript (sdk includes documentation on how to use javascript to manipulate/render network streams, right?)
Anyone know what's the level of standards compliance of talisman xhtml/javascript? (yes, i know its based on IE, so obvious i'm not expecting much...)
Does it support xhtml overlay on video?
Thanks.
51
we should keep an eye on copyrighted content... posting the tv2client.exe is not a good idea.
it is better to provide information on what bytes to change.
I have a feeling that Sigma and MS are not happy if they find out that their "secure" IPTV platform is not so secure after all ... if they search for a way to shut the forum down, copyrighted material is an easy target.
it is only a matter of time before a C&D is fired when you give them a reason to do so.
btw. you can also disable HDCP with config options... so if you have an old LCD or use a HDMI->DVI adapter, you should be able to use the box 
another nice change is to ignore the copyprotection flag on the record-tv-show method. (... thats what you get when you try to screw customers)
Where exactly in the namespace is "record-tv-show()" ?
52
Can anyone try this modified tv2client?
I modified stub method SetMacrovision(bool enable) to always set the argument of TV2Engine_MacrovisionEnable() to false... It should disable Macrovison...
REMOVED COPYRIGHT-PROTECTED FILE
53
So, tv2client just sends the message to XPU, and XPU will return its signature, looks like we have to wait for the xbox360 version, as far i know, xbox does´t have a secure CPU to store RSA keys... I currently not have a x300t, i am waiting the service to become available in my area, but even if we can´t get privatekey, we can at lest know what the box is sending/receiving to server, by injecting code into tv2client(adding code to methods that encrypt/decrypt messages) to dump the messages before they are encrypted(for messages sent) and after they are decrypted(for messages received), at least we can understand the protocol, it´s better than nothing... I thinking in trying this, in theory, it should work... What you think?
54
I've been playing around with .NET reflector and found some interesting things:
- yes, it logs on webservice with LoginEx(), you can find this on login() method on "Microsoft.TV.bootstrap" class, it authenticates with
"info = proxy.LoginEx(clientVersion, Authenticator.Default.MyCertificate, TV2Engine.GetSTBType());" it gets the certificate from "Microsoft.TV2.crypto.Authenticator" class, and "Authenticator" gets it from "Microsoft.TV2.security.TV2SecureCore" TV2SecureCore is just a stub no native DLL tv2engine.dll, with i think i will the retrieve keys from XPU(i don´t have experience with MIPS assembly)
So, maybe we can modify tv2client assembly with tools like Reflexil (
http://sourceforge.net/projects/reflexil) with allows us to inject C# code into tv2client.exe to dump certificate to UART port... i think it should be possible... what you think?
55
- How the patch to disable the signature check works? I know from the wiki that the bootloader is encrypted and signed, however, the XPU stores it in ram unencrypted, so this means the patch is only temporary, and every time we reboot the box, the bootloader goes to its original condition?
- What we know about communications with bootstrap.asmx, and exactly how the box logins on provider´s server? It logins with what? I don´t think it´s a username/password, but it has to be something.
Maybe the webservices used in bootstrap is based on Microsoft Connected Services Framework (on MSDN, it shows some methods related to iptv)
- What exactly is the role of MAC addr in the login authentication? I heard that STB´s MAC needs to be "authorized" to work. Is possible to modify MAC? The wiki says XENV has a SHA1 hash of its contents, but is encrypted or signed?
-TV2client is a CLR binary, in theory it should run out-of-box on a pc, probably is dependent on some non-managed DLL Anybody explored this?
-Will SMP direct JTAG connection give access to XPU? How exactly the communication between WinCE and XPU works? (i am not talking of boot process, but how about WinCE/tv2client retrieves the keys)
- I know there is some STBs based on SMP using Linux, but where is the source? Linux is GPL, they legally have the provide us the source, at least the kernel, its drivers and other GPLed applications that they chose to use (like busybox).
- Anybody knows what is the server that is used for firmware downloads for MEO service(IPTV in portugal)?
Thanks.
