i have opend UART what ssh command for CWPKMaybe you can edit/reflash rootfs to enable SSH, Telnet or UART to get access and decrypt CWPK.
Try open your dump with 7zip ;P
Or you can extract squashfs from address 0x5C0028 and open with 7zip.
Anyway you can edit u-boot in your dump too and reflash.
for sti7105-jud you need to use new method called dma bruteforce because dcw adress is locked by security fuseGood morning all
I relaunch the post, I have uart access on a soc7105jud, how to calculate the cwpk
of course I have the flash dump
Thanks for your help
can tell me more about this brut force methodfor sti7105-jud you need to use new method called dma bruteforce because dcw adress is locked by security fuse
in short decrypt + encrypt works but 3des decryption result is unreadable from fixed models
dma bruteforce method is explained in latest security explorations pdfs
Mon ami gazoil, you need to put your receiver in upgrade mode , that way the protected memory address will be free to dumpcan tell me more about this brut force method
do you have a link for the documents
thanks
it is otp security in cpu you cant unlock dcw adress by upgrading receiver firmware or whatsoever , any of firmware modiffications also would not helpMon ami gazoil, you need to put your receiver in upgrade mode , that way the protected memory address will be free to dump
Play a little on the receivers firmware via shell and check how upgrade mode is launched, check receivers initialisations and conditions and you will get it
Some inits modifications do the trick.
We use essential cookies to make this site work, and optional cookies to enhance your experience.