PDA

View Full Version : 11.0b sitting in mfs



Vegas
02-13-2009, 09:35 AM
This is version 11.0b.E2-01-2-652 on my TivoHD. It appeared on 2/10
Anyone have any info. tivoapp patches...

T_RJ
02-14-2009, 04:03 PM
on mine as well

jt1134
02-14-2009, 08:09 PM
Anyone have any info. tivoapp patches...

0x005d39fc 104000aa 100000aa

or :

echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=tivoapp bs=1 seek=1915388
untested.

found this tidbit in /etc/rc.d/StageE_PreApplication/rc.Sequence_650.CleanupPlanetX.sh :

puts "Obliterating PlanetX datum (it obstructs my view of Venus)..."

if {[catch {RetryTransaction { mfs unlink "/Drm/NF/MovieData" }}]} {
puts "Where's the KABOOM? There's supposed to be an Earth-shattering KABOOM\041"
} else {
puts "KABOOM\041"
}
looks like a handful of idl files dealing with MenuItem/Showcases were altered. /tvlib/tcl/tv/DbEnum.tcl has had these values added :

variable DirectvA3 -2147287026

variable NowPlayingLocalList1 24
variable NowPlayingLocalList2 25
variable NowPlayingLocalList3 26
variable NowPlayingLocalList4 27

variable VODClip 10
variable VODMenu 9
meh..

ciper
02-14-2009, 11:40 PM
Any thoughts on what "rc.Sequence_650.CleanupPlanetX.sh" is for?

Jamie
02-15-2009, 12:50 PM
Looks to me like it is wiping old NetFlix DRM keys out of MFS.

lgkahn
02-16-2009, 11:26 PM
no new version on 650b s3's

Vegas
02-17-2009, 10:04 PM
0x005d39fc 104000aa 100000aa

or :

echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=tivoapp bs=1 seek=1915388
untested.


Tested on TivoHD

also

VMA / HEX orig value new value
0x00773654 / 0x00373b54 00008021 24100001 //Backdoors

lrhorer
02-20-2009, 07:46 PM
Thanks guys.

Y'know, since TiVo releases a new version of software pretty much every quarter, perhaps it would be a good idea to start a sticky thread dedicated only to posting the hack values, rather than starting a new thread for each release or burying the data deep inside other threads?

T_RJ
02-23-2009, 09:31 PM
Anyone played with bufferhack for this?
Version: 11.0b.E2-01-2-652 Tivoapp size: 32140016

T_RJ
02-24-2009, 01:58 AM
QAM Mapped channels survived across the 11.0b.E2-01-2-652 update.

T_RJ
02-25-2009, 02:40 PM
Here is bufferhack including 11.0b.E2-01-2-652.
I can also confirm Backdoors from above post.
I'm removing this file as there is a final version 11.0b-01-2

laurent
02-26-2009, 04:54 AM
I have 11.0b-01-2-652 on my TivoHD and the NoCSO patch has moved to:


VMA/HEX orig value new value
0x005d3a1c/0x001d3a1c 104000aa 100000aa //NoCSO

or :

echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=tivoapp bs=1 seek=1915420

jt1134
02-27-2009, 07:09 PM
set sys(11.0b) [list 0x115e4e 0x115b1a 0x6c 0x1bd402 32140016 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]

T_RJ
02-27-2009, 11:08 PM
jt1134 did I have it wrong? I tried what I posted and it worked but maybe I did something wrong. I will change it in my post if it is wrong.

Vegas
02-28-2009, 01:29 AM
jt1134 did I have it wrong? I tried what I posted and it worked but maybe I did something wrong. I will change it in my post if it is wrong.

Looks like jt's is for 11.0b-01
11.0b.E2 didn't last very long.

jt1134
02-28-2009, 01:30 AM
jt1134 did I have it wrong? I tried what I posted and it worked but maybe I did something wrong. I will change it in my post if it is wrong.

if it worked for you, then it should be correct. note however, that tivoapp is different between the beta (11.0b.E2-01-2) and final (11.0b-01-2) versions. the values I posted are for the final version.

T_RJ
02-28-2009, 01:47 AM
Ahh I see said the blind man as he opened his eyes!

captain_video
02-28-2009, 09:34 PM
Looks like jt's is for 11.0b-01
11.0b.E2 didn't last very long.
That would explain my dilemma. I went to rehack my S3 after taking the 11.0b update and discovered that all of the hack files that should have been in the inactive partition were all missing. I must have received 11.0b.E2 without realizing it and then took the 11.0b update shortly thereafter, subsequently wiping out all of my hacks.

I had to give myself a quick refresher on how to rehack the unit from scratch. Fortunately the amount of hacking I did to my S3 was limited at best so it was just a matter of uploading the tivotools.tar binaries and installing them along with creating a new rc.sysinit.author file. I patched the tivoapp file with nocso and ftp'd the tserver file for TyTools and now all is right with the world once again. I pretty much just use the extraction function once in a while when I see a movie on one of the HD channels I'd like to add to my library.

swinokur
02-28-2009, 11:28 PM
does anyone have the backdoor patch for 11.0b-01-2-648? (so excited that the beta was on my machine for *one* day. luckily i've got this process down to mostly a science...)

lgkahn
03-02-2009, 02:44 PM
anyone have all the patch locations.. new version now on all 3 of my s3's non hd /xl version
ie
Directory listing of /SwSystem Name Type Id Date Time Size
11.0-01-2-648 tyDb 368064 01/04/09 11:33 908
11.0b-01-2-648 tyDb 603656 02/27/09 17:13 884
ACTIVE tyDb 368064 01/04/09 11:33 908


looking for the following patches



edit: found everytihing but backdoors and 30 sec skip see below



thanks

lgkahn
03-03-2009, 09:20 PM
so far confirmed on 11.0b-0-648 that the following turn off encryption and cci pathes work still looking for backdoors and 30 sec skip

below is for 11.0b
echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=tivoapp bs=1 seek=1915420
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=2451664
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=2451700
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=14115792

lgkahn
03-03-2009, 09:46 PM
the above hack for backdoors on the first page does not weem to workfor me at least i cannot find the string at the correct offset.. closest i found was 373b70 here is the entire virgin tivoapp fora 11.0b-01-648 if someone has the time to dissassemble and find the backdoor and 30 sec skip thanks..

http://stage1.icentrix.com/tivoapp.sav

T_RJ
03-04-2009, 01:55 AM
BufferHack tested on TivoHD
Add to bufferhack.tcl

set sys(11.0b) [list 0x115e4e 0x115b1a 0x6c 0x1bd402 32140016 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]



Backdoors tested on TivoHD

echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=tivoapp bs=1 seek=3619700

These are for 11.0b-01-2-652

lgkahn
03-04-2009, 09:39 AM
thanks verified patch locations and the above also works on 11.0b-01-2-648

also the above bufferpatch already posted previously also works with this version of tivoapp.. so now all that is missing is 30 sec. skip

newbie
03-04-2009, 10:26 AM
Don't you have upgrades blocked? Is current software forcing an upgrade even if software upgrades are blocked?

I was going to send my unit out to have the PROM replaced but FiOS isn't copy protecting anything.




That would explain my dilemma. I went to rehack my S3 after taking the 11.0b update and discovered that all of the hack files that should have been in the inactive partition were all missing. I must have received 11.0b.E2 without realizing it and then took the 11.0b update shortly thereafter, subsequently wiping out all of my hacks.

I had to give myself a quick refresher on how to rehack the unit from scratch. Fortunately the amount of hacking I did to my S3 was limited at best so it was just a matter of uploading the tivotools.tar binaries and installing them along with creating a new rc.sysinit.author file. I patched the tivoapp file with nocso and ftp'd the tserver file for TyTools and now all is right with the world once again. I pretty much just use the extraction function once in a while when I see a movie on one of the HD channels I'd like to add to my library.

T_RJ
03-04-2009, 10:31 AM
I haven't tested 30 second skip, not in front of ny TiVo right now, but this should be it.

30-sec Skip
echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=tivoapp bs=1 seek=7934352

lgkahn
03-04-2009, 12:59 PM
thanks.. no it doesnt install the s/w automatically but unless you jump through hoops it does reboot every morning trying to install the update

T_RJ
03-04-2009, 03:30 PM
I confirmed the 30 sec skip, it works.

psxboy
03-05-2009, 01:03 PM
thanks verified patch locations and the above also works on 11.0b-01-2-648

also the above bufferpatch already posted previously also works with this version of tivoapp.. so now all that is missing is 30 sec. skip

Does your 30-second skip not survive the upgrade? I've been through several software versions now without having to re-enable it (or patch tivoapp to make it default to "on").

-psxboy