Topics

21

Software / Remote debugging

27. Apr 2008, 12:55

Hi,
Trying to connect to the box with VS2005, but can't seem to find file: DeviceAgentTransport.dll

In the BooterCE I noticed it looks for a folder called "win" , with the following files.
    debug1AppPath = RootPath + @"\win\ConmanClient2.exe";
    debug2AppPath = RootPath + @"\win\DeviceAgentTransport.dll";
    debug3AppPath = RootPath + @"\win\eDbgTL.dll";
    debug4AppPath = RootPath + @"\win\TcpConnectionA.dll";
    debug5AppPath = RootPath + @"\win\clientshutdown.exe";

I seem to have found all of them , apart from the DeviceAgentTransport.dll any ideas?

22

Software / Patching the DIT9719

23. Apr 2008, 18:26

I have applied the patch I made.


CPU Chip ID: 00001000011000110000000000000001 (08630001)
*** Found a SigmaDesigns SMP8634 Rev A CPU chip ***

    - EJTAG IMPCODE ....... : 01000000010000010100000000000000 (40414000)
    - EJTAG Version ....... : 2.6
    - EJTAG DMA Support ... : No

Issuing Processor / Peripheral Reset ... Done
Halting Processor ... <Processor Entered Debug Mode!> ... Done
Clearing Watchdog ... Done
============================
Detecting Bootloader Version
============================
0x9363f520: cd92f0cafaa0010
0x9363f618: 0cd8d00f
BT vision Version 1039 found
Patch applied !
...   now press OK Button on the X300T.
Processor exited debug mode.




but the box seems to be in disaster recovery mode.

I can't seem to get it out of this, and it doesnt seem to look at the hard drive at all.
It does exactly the same with the hard drive removed.


It displays a screen saying "Your set top box is experiencing difficulties. Please wait a few minutes while we try to resolve the issue"

If you plug a network lead into it, the progress bar moves along the bottom..
Eventually it displays a message on the screen saying "An error has occoured. Please call ......"

When it displays that message it also outputs this on the serial port

HALTING

any help appriciated....

Mick

23

Hardware / DIT9719 serial port

23. Apr 2008, 17:43

There are 7 pins marked 1300
pin 3 is serial out from the box
I think pin2 is serial in but I didnt seem to get any response from the box.

This is output



xosPe0 serial#<edited> subid 0xc4
xenv cs2 ok
power supply: ok
dram0 ok (7)
dram1 ok (6)
zboot (0) ok
SIGNED BL

Microsoft IPTV Bootloader, Build (1527)
Built by BM-DELL-131, Aug 22 2006 21:43:55


Mick

24

Software / TV2ClientCE.exe

22. Apr 2008, 20:00

Because the app is written in C#
if you upload it to

http://www.remotesoft.com/

it will decompile it entirely back to its source code
So it is fully moddable.

for instance...

   ManagedReadyEvent(_pipeId, _channel, _serviceInfo.ServiceId, _multicastEndPoint, _serviceInfo.TotalBitRate, _disableBurst, _serviceInfo.DeliveryMode);
            if (_disableServerTune)
            {
                if (!_multicastAllowed)
                {
                    _detuned = true;
                    Logger.RaiseDebugEvent(TV2LogSubSystem.AV, "Multicast not enabled for service: {0}", new object[]{serviceId});
                    return;
                }
                EnableUnderflowCheck();
            }


Mick

25

Hardware / Philips DIT9719 (BT Vision) bootloader dumped :)

21. Apr 2008, 22:36

Hi All,

I can confirm that the jtag points in my previous post are correct.

I tried a different pc, with the C program and dumped the bootloader.

The data seems valid as I had a look in a hex editor and can see plain strings.

I have uploaded it here:

http://www.megaupload.com/?d=34BB7N97


Cheers
Mick

26

Others / Jtag ram patcher chip?

21. Apr 2008, 17:23

Just came across your forum
I had a look at a bt vision a few months ago, but may have another play with it again now.

I was just thinking, it should be possible to create a chip that jtags the CPU, checks the bootloader version and applies the patch at the correct location. Then resumes execution.

The box could then be used stand alone without the need to be connected to a pc, and it would bypass the signature check.

It would be quite a neet solution i think.

Mick