View Full Version : OZ: Latest Software Tivoapp Patches
Hi All,
I will use this thread from now on to hold the latest patches for the tivoapp in Australia. I will also include the line required for the bufferhack too.
This post is for software version 11.1b-01-2-663
VMA/HEX orig value new value
0x005cf3fc/0x001cf3fc 104000AA 100000AA //NoCSO
0x0076e7C0/0x0036e7C0 00008021 24100001 //Backdoors
0x00651EE0/0x00251EE0 30B000FF 00008021 // CCI
0x00651F04/0x00251F04 00E08821 24110000
0x001177438/0x00d77438 30B000FF 00008021
0x00B8E414/0x0078E414 14400026 10400026 //30-sec Skip
Commands for the above are
echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=1897468
echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=3598272
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=2432736
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=2432772
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=14119992
echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=7922708
The bufferhack code is
set sys(11.1)[list 0x114efa 0x114bc6 0x6c 0x1bc6c6 32149040 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
These patches incidentally are exactly the same as the previous software version. Tivoapp has changed from the previous version though as the checksum is different.
Software 11.3a has just been released in Australia and the patches for tivoapp are now as follows
VMA/HEX Original value New value Comment
0x00d11a34/0x00911a34 126000A2 100000A2 //NoCSO
0x00739b2c/0x00339b2c 00008021 24100001 //Backdoors
0x006232e4/0x002232e4 30B000FF 00008021 // CCI
0x00623308/0x00223308 00E08821 24110000
0x00f87fb0/0x00b87fb0 30B000FF 00008021
0x00af0b08/0x006f0b08 14400026 10400026 //30-sec Skip
0x511f92/0x111f92 0E10AFC4 //Bufferhack
0x511c5e/0x111c5e 01A33C13
0x5a79ca/0x1a79ca 00040C14
Commands for the above are
echo -ne "\x10\x00\x00\xa2" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=9509428
echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=3382060
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=2241252
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=2241288
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=12091312
echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=7277320
Please note the NoCSO patch has not been verified yet so I would not advise using it yet. I will modify this post when it has been tested.
The bufferhack line is now
set sys(11.3) [list 0x111f92 0x111c5e 0x6c 0x1a79ca 28682188 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
Another release in less than a month.. they must have stuffed something up
Software 11.3b has just been released in Australia and the patches for tivoapp are now as follows
VMA/HEX Original value New value Comment
0x00d118b0/0x009118b0 126000A2 100000A2 //NoCSO
0x007398cc/0x003398cc 00008021 24100001 //Backdoors
0x00623138/0x00223138 30B000FF 00008021 // CCI
0x0062315c/0x0022315c 00E08821 24110000
0x00f87e2c/0x00b87e2c 30B000FF 00008021
0x00af0984/0x006f0984 14400026 10400026 //30-sec Skip
0x511f92/0x111f92 0E10AFC4 //Bufferhack
0x511c5e/0x111c5e 01A33C13
0x5a79ca/0x1a79ca 00040C14
Commands for the above are
echo -ne "\x10\x00\x00\xa2" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=9509040
echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=3381452
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=2240824
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=2240860
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=12090924
echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=7276932
Please note the NoCSO patch has not been verified yet so I would not advise using it yet. I will modify this post when it has been tested.
The bufferhack line is now
set sys(11.3)[list 0x111f92 0x111c5e 0x6c 0x1a79ca 28686284 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
And another release
Software 11.3b2 has just been released in Australia and the patches for tivoapp are now as follows
VMA/HEX Original value New value Comment
0x00d13834/0x00913834 126000A2 100000A2 //NoCSO
0x00739874/0x00339874 00008021 24100001 //Backdoors
0x006230e0/0x002230e0 30B000FF 00008021 // CCI
0x00623104/0x00223104 00E08821 24110000
0x00f87dd4/0x00b87dd4 30B000FF 00008021
0x00af0bd0/0x006f0bd0 14400026 10400026 //30-sec Skip
0x511f3a/0x111f3a 0E10AFC4 //Bufferhack
0x511c06/0x111c06 01A33C13
0x5a7972/0x1a7972 00040C14
Commands for the above are
echo -ne "\x10\x00\x00\xa2" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=9517108
echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=3381364
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=2240736
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=2240772
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=12090836
echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=7277520
Please note the NoCSO patch has not been verified yet so I would not advise using it yet. I will modify this post if it is ever tested.
Bufferhack for 11.3b2
set sys(11.3b2) [list 0x111f3a 0x111c06 0x6c 0x1a7972 28686284 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
It is very important that you remove any old 11.3 lines from your bufferhack script as the size of tivoapp has not changed. If you run this and bufferhack uses an older version then you could potentially kill your tivoapp and hence have to restore tivoapp from a backup.
**YAWN**
And another release.. they seem to be working hard on the Australian software.. or it's full of bugs
Software 11.3b3 has just been released in Australia and the patches for tivoapp are now as follows
VMA/HEX Original value New value Comment
0x00d1194c/0x0091194c 126000A2 100000A2 //NoCSO
0x00739884/0x00339884 00008021 24100001 //Backdoors
0x00622d84/0x00222d84 30B000FF 00008021 // CCI
0x00622da8/0x00222da8 00E08821 24110000
0x00f87de4/0x00b87de4 30B000FF 00008021
0x00af093c/0x006f093c 14400026 10400026 //30-sec Skip
0x511f4a/0x111f4a 0E10 //Bufferhack
0x511c16/0x111c16 01A3
0x5a7982/0x1a7982 0004
Commands for the above are
echo -ne "\x10\x00\x00\xa2" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=9509196
echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=3381380
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=2239876
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=2239912
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=12090852
echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=7276860
Please note the NoCSO patch has not been verified yet so I would not advise using it yet. I will modify this post if it is ever tested.
Bufferhack for 11.3b3
set sys(11.3b3) [list 0x111f4a 0x111c16 0x6c 0x1a7982 28686284 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
It is very important that you remove any old 11.3 lines from your bufferhack script as the size of tivoapp has not changed. If you run this and bufferhack uses an older version then you could potentially kill your tivoapp and hence have to restore tivoapp from a backup.
Software 11.3b4 has just been released in Australia and the patches for tivoapp are now as follows
VMA/HEX Original value New value Comment
0x00D13834/0x00913834 126000A2 100000A2 //NoCSO
0x00739874/0x00339874 00008021 24100001 //Backdoors
0x006230E0/0x002230E0 30B000FF 00008021 // CCI
0x00623104/0x00223104 00E08821 24110000
0x00F87DD4/0x00B87DD4 30B000FF 00008021
0x00AF0BD0/0x006F0BD0 14400026 10400026 //30-sec Skip
0x00783ef4/0x00383ef4 10400008 10000008 //No Thanks (Stop update reboots)
0x0095a0d8/0x55a0d8 12400003 10000003 //Delete this Recording??
0x511f3a/0x111f3a 0E10 //Bufferhack
0x511c06/0x111c06 01A3
0x5a7972/0x1a7972 0004
Commands for the above are
echo -ne "\x10\x00\x00\xa2" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=9517108
echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=3381364
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=2240736
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=2240772
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=12090836
echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=7277520
echo -ne "\x10\x00\x00\x08" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=3686132
echo -ne "\x10\x00\x00\x03" | dd conv=notrunc of=/tvbin/tivoapp bs=1 seek=5611736
Please note the NoCSO patch has not been verified yet so I would not advise using it yet. I will modify this post if it is ever tested.
Bufferhack for 11.3b4
set sys(11.3b4) [list 0x111f3a 0x111c06 0x6c 0x1a7972 28686284 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
It is very important that you remove any old 11.3 lines from your bufferhack script as the size of tivoapp has not changed. If you run this and bufferhack uses an older version then you could potentially kill your tivoapp and hence have to restore tivoapp from a backup.
healeydave
07-18-2012, 01:46 PM
I've tried to work out the offsets for 11.3b5 but failed dismally :(
It doesn't help that I've only just got an S3, so I don't have any old tivoapp's to compare so the only unique "Original Value" I've been able to find in 11.3b5 is the "NoCSO" which according to my hex editor is at 9527064.
I'm trying to figure this stuff for myself but its baffling me. I know I can edit the value in my hex editor and I'm quietly confident I can achieve the same result in this "NoCSO" example by modifying the echo command line but I'm trying to figure out how to translate this to the hacks.fil patch file.
If I convert the seek value to hex for the same patch on 11.3b4, 9517108 converts to 0x913834 which seems to tally up with the offset in post #6 above.
However, if I try to do the same with my new found string in 11.3b5, the seek value of 9527064 converts to 0x915F18. If I put that in the hacks.fil patch file I send up with the example below but when I test it out, it fails to patch the right location!?!?!?
0x00915F18 126000A2 100000A2 //nocso
psxboy
07-19-2012, 03:38 PM
The hacks.fil file uses VMA offsets (the location in the binary when it's loaded into memory). You probably just need to add 0x00400000 to your HEX location & that should fix it: 0x00915F18 + 0x00400000 = 0xD15F18
Also, if you can get me a copy of your tivoapp binary I can try to work out the rest of the patch locations.
-psxboy
Powered by vBulletin® Version 4.2.0 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.