janaum
07-12-2010, 00:12
Nazdar,
kedze nase UPC SVK stale tuzi predavat korejsky zazrak Handan CV-5000 a dovoli si tvrdit, ze dodava digitalne vysielanie, pricom digitalne je len po STB, zaroven nas obmedzuje vo vybere STB a nedovoluje nam pouzivat vstavane CAM v CI novsich TV, rozhodol som sa tomu pozriet na zubky.
Nase skvele UPCcko chce ludom nahovorit, ze dva roky testuje funkcnost CI/CAM, pricom vsetci vieme, ze parovany CAS7 CAM uz davno funguje v CZ a u nas ho blokuju len preto, aby mohli prenajimat vraky typu Handan a udrziavajuc si praktiky z cias socializmu drzali ludi bez moznosti vyberu:
http://www.facebook.com/topic.php?uid=226129151683&topic=15822
Tak som ten Handan rozobral:
- zistil som, ze jadrom systemu je IBM cip: stbx25xx (vid. stbx25xx.jpg)
- neosadeny seriovy konektor som pripajkoval a pripojil k PC, ale nic tam nezilo,
- hladal, patral, rezal a pilil, az nakoniec pripojil kabliky k tzv. CON1 a ozivil ich (vid. handan-cv-5000.jpg),
- pripojil CON1 na USB2TTL prevodnik,
GND RX TX
biela modra zelena
- nastavil minicom na:
38400 8N1
- az som dostal prompt >
Tak som sa zacal hrat v systeme a objavil som tieto prikazy (prikazy su za >):
- general help
>help
>h
- memory menu
>m help
- video menu
>v help
- stlacenie klavesu ako na dialkovom, napr. k1
>k1
- audio prikazy
>a help
>a stop
>a play
>a pause
>a resume
>md 0x200000 1000
- a este dalsie som vycital z dumpu boxu, vid. citanie pamate dole:
mem
msg
pwr
on
off
exit
pid
com_pc - urobilo restart
eeprom
uic help
otz help
jjj - divne - vypisuje nieco do rebootu
timer
Z helpu sa da precitat dost, aby sme vedeli urobit kompletny memory dump:
>md 0x0 1000000
- mala ukazka zaujimaveho vystupu zo zariadenia:
0x4200 69 66 65 61 73 74 28 30 2c 30 29 3a 5c 74 6f 72 "ifeast(0,0):\tor"
0x4210 6e 61 64 6f 5c 74 61 72 67 65 74 5c 76 65 73 74 "nado\target\vest"
0x4220 61 5c 76 78 77 6f 72 6b 73 5c 64 65 66 61 75 6c "a\vxworks\defaul"
0x4230 74 5c 76 78 77 6f 72 6b 73 20 65 3d 31 30 2e 31 "t\vxworks e=10.1"
0x4240 30 2e 31 30 2e 31 31 35 3a 66 66 66 66 66 66 30 "0.10.115:ffffff0"
0x4250 30 20 68 3d 30 2e 30 2e 30 2e 30 20 20 67 3d 31 "0 h=0.0.0.0 g=1"
0x4260 30 2e 31 30 2e 31 30 2e 31 20 75 3d 76 75 6c 63 "0.10.10.1 u=vulc"
0x4270 61 6e 62 72 64 20 70 77 3d 76 75 6c 63 61 6e 62 "anbrd pw=vulcanb"
0x4280 72 64 20 66 3d 30 78 38 61 20 74 6e 3d 76 75 6c "rd f=0x8a tn=vul"
0x4290 63 61 6e 62 72 64 00 00 00 00 00 00 00 00 00 00 "canbrd.........."
- a potom cely tento dump som si previedol do binarneho suboru z ulozeneho vystupu minicomu:
$ gawk 'BEGIN{i=2} {while (i<=17) {printf"%c",strtonum("0x"$i); i+=1;} i=2;}' cv5000.cap > cv5000.bin
Pozrime sa na vystup z helpov, nech vieme, o com hovorim:
>help
-Main Menu---------------------------------------------------------------------
a <command> - audio commands |bc <command> - board configuration
c <command> - chan change commands |d <command> - denc commands
demo - demo program |h[elp] - help menu
mp3 <command> - mp3 commands |sci0 <command> - smart card 0 commands
sci1 <command> - smart card 1 commands|t <command> - TeleText commands
tuner <command> - Tuner command |v <command> - video commands
x <command> - transport commands |scp <command> - Serial Control Port
-------------------------------------------------------------------------------
>m help
-Memory Menu------------------------------------------------------------------
d x x - display memory
f x x - fill memory |help - display help menu
rb x - read byte |rh x - read half word
rw x - read word |wb x x - write byte
wh x x - write half word |ww x x - write word
test x x - memory test
------------------------------------------------------------------------------
display format: address count
write format: address data
fill format: address count
test format: address count
------------------------------------------------------------------------------
>a help
-Audio Menu-------------------------------------------------------------------
clip [addr len] - audio clip |dreg - display all regs
help - display help menu |ini6 <id> - set stream id
ini7 <type> - set stream type |ini8 <mode> - set audio mode
inid - display init vals |init - initialize audio
melody1 - play melody tones |melody2 - play melody tones
mute - audio mute |pcmmix [addr len] - audio PCM mix clip
play - audio play |read <addr> - read register
soff - turn sync off |son - turn sync on
stop - audio stop |pause - pause
resume - resume |umut - audio unmute
ver - display ucode ver |writ <addr val> - write register
wstc <b32-1 b0> - write STC |
------------------------------------------------------------------------------
>v help
-Video Menu-------------------------------------------------------------------
clip [addr len] - play video clip |dreg - display all regs
help - display help menu |ini5 <0|1> - set letterbox flag
ini6 <0|1> - set 16x9 flag |ini7 <val> - set # vbi lines
inid - disp init values |inin - init NTSC mode
inip - init PAL mode |init - re-init video core
play - play video |read <addr> - read register
soff - turn sync off |son - turn sync on
spd [x y addr len]- display sp |spoff - sp off
stop - video stop |ver - disp ucode version
writ <addr val> - write register |wstc <b32-1 b0> - write STC
------------------------------------------------------------------------------
Takze uz vieme, ze bezime na vxworks, ze zariadenie podporuje napr. audio nahravanie, kedze sa da pauznut a neskor pustit, ze mame k dispozicii mnoho prikazov a memory dump.
Teraz uz len vytiahnut kluce zo spravneho miesta:
http://id-discussions.com/forum/showthread.php?t=87923&page=11
A umiestnit do konfiguraku spravneho camd, napr. oscam.
Poradi niekto ako?
PS: Binarny subor zamerne neprikladam, kedze obsahuje privatne data - kluce mojho boxu.
kedze nase UPC SVK stale tuzi predavat korejsky zazrak Handan CV-5000 a dovoli si tvrdit, ze dodava digitalne vysielanie, pricom digitalne je len po STB, zaroven nas obmedzuje vo vybere STB a nedovoluje nam pouzivat vstavane CAM v CI novsich TV, rozhodol som sa tomu pozriet na zubky.
Nase skvele UPCcko chce ludom nahovorit, ze dva roky testuje funkcnost CI/CAM, pricom vsetci vieme, ze parovany CAS7 CAM uz davno funguje v CZ a u nas ho blokuju len preto, aby mohli prenajimat vraky typu Handan a udrziavajuc si praktiky z cias socializmu drzali ludi bez moznosti vyberu:
http://www.facebook.com/topic.php?uid=226129151683&topic=15822
Tak som ten Handan rozobral:
- zistil som, ze jadrom systemu je IBM cip: stbx25xx (vid. stbx25xx.jpg)
- neosadeny seriovy konektor som pripajkoval a pripojil k PC, ale nic tam nezilo,
- hladal, patral, rezal a pilil, az nakoniec pripojil kabliky k tzv. CON1 a ozivil ich (vid. handan-cv-5000.jpg),
- pripojil CON1 na USB2TTL prevodnik,
GND RX TX
biela modra zelena
- nastavil minicom na:
38400 8N1
- az som dostal prompt >
Tak som sa zacal hrat v systeme a objavil som tieto prikazy (prikazy su za >):
- general help
>help
>h
- memory menu
>m help
- video menu
>v help
- stlacenie klavesu ako na dialkovom, napr. k1
>k1
- audio prikazy
>a help
>a stop
>a play
>a pause
>a resume
>md 0x200000 1000
- a este dalsie som vycital z dumpu boxu, vid. citanie pamate dole:
mem
msg
pwr
on
off
exit
pid
com_pc - urobilo restart
eeprom
uic help
otz help
jjj - divne - vypisuje nieco do rebootu
timer
Z helpu sa da precitat dost, aby sme vedeli urobit kompletny memory dump:
>md 0x0 1000000
- mala ukazka zaujimaveho vystupu zo zariadenia:
0x4200 69 66 65 61 73 74 28 30 2c 30 29 3a 5c 74 6f 72 "ifeast(0,0):\tor"
0x4210 6e 61 64 6f 5c 74 61 72 67 65 74 5c 76 65 73 74 "nado\target\vest"
0x4220 61 5c 76 78 77 6f 72 6b 73 5c 64 65 66 61 75 6c "a\vxworks\defaul"
0x4230 74 5c 76 78 77 6f 72 6b 73 20 65 3d 31 30 2e 31 "t\vxworks e=10.1"
0x4240 30 2e 31 30 2e 31 31 35 3a 66 66 66 66 66 66 30 "0.10.115:ffffff0"
0x4250 30 20 68 3d 30 2e 30 2e 30 2e 30 20 20 67 3d 31 "0 h=0.0.0.0 g=1"
0x4260 30 2e 31 30 2e 31 30 2e 31 20 75 3d 76 75 6c 63 "0.10.10.1 u=vulc"
0x4270 61 6e 62 72 64 20 70 77 3d 76 75 6c 63 61 6e 62 "anbrd pw=vulcanb"
0x4280 72 64 20 66 3d 30 78 38 61 20 74 6e 3d 76 75 6c "rd f=0x8a tn=vul"
0x4290 63 61 6e 62 72 64 00 00 00 00 00 00 00 00 00 00 "canbrd.........."
- a potom cely tento dump som si previedol do binarneho suboru z ulozeneho vystupu minicomu:
$ gawk 'BEGIN{i=2} {while (i<=17) {printf"%c",strtonum("0x"$i); i+=1;} i=2;}' cv5000.cap > cv5000.bin
Pozrime sa na vystup z helpov, nech vieme, o com hovorim:
>help
-Main Menu---------------------------------------------------------------------
a <command> - audio commands |bc <command> - board configuration
c <command> - chan change commands |d <command> - denc commands
demo - demo program |h[elp] - help menu
mp3 <command> - mp3 commands |sci0 <command> - smart card 0 commands
sci1 <command> - smart card 1 commands|t <command> - TeleText commands
tuner <command> - Tuner command |v <command> - video commands
x <command> - transport commands |scp <command> - Serial Control Port
-------------------------------------------------------------------------------
>m help
-Memory Menu------------------------------------------------------------------
d x x - display memory
f x x - fill memory |help - display help menu
rb x - read byte |rh x - read half word
rw x - read word |wb x x - write byte
wh x x - write half word |ww x x - write word
test x x - memory test
------------------------------------------------------------------------------
display format: address count
write format: address data
fill format: address count
test format: address count
------------------------------------------------------------------------------
>a help
-Audio Menu-------------------------------------------------------------------
clip [addr len] - audio clip |dreg - display all regs
help - display help menu |ini6 <id> - set stream id
ini7 <type> - set stream type |ini8 <mode> - set audio mode
inid - display init vals |init - initialize audio
melody1 - play melody tones |melody2 - play melody tones
mute - audio mute |pcmmix [addr len] - audio PCM mix clip
play - audio play |read <addr> - read register
soff - turn sync off |son - turn sync on
stop - audio stop |pause - pause
resume - resume |umut - audio unmute
ver - display ucode ver |writ <addr val> - write register
wstc <b32-1 b0> - write STC |
------------------------------------------------------------------------------
>v help
-Video Menu-------------------------------------------------------------------
clip [addr len] - play video clip |dreg - display all regs
help - display help menu |ini5 <0|1> - set letterbox flag
ini6 <0|1> - set 16x9 flag |ini7 <val> - set # vbi lines
inid - disp init values |inin - init NTSC mode
inip - init PAL mode |init - re-init video core
play - play video |read <addr> - read register
soff - turn sync off |son - turn sync on
spd [x y addr len]- display sp |spoff - sp off
stop - video stop |ver - disp ucode version
writ <addr val> - write register |wstc <b32-1 b0> - write STC
------------------------------------------------------------------------------
Takze uz vieme, ze bezime na vxworks, ze zariadenie podporuje napr. audio nahravanie, kedze sa da pauznut a neskor pustit, ze mame k dispozicii mnoho prikazov a memory dump.
Teraz uz len vytiahnut kluce zo spravneho miesta:
http://id-discussions.com/forum/showthread.php?t=87923&page=11
A umiestnit do konfiguraku spravneho camd, napr. oscam.
Poradi niekto ako?
PS: Binarny subor zamerne neprikladam, kedze obsahuje privatne data - kluce mojho boxu.