我正在尝试反转LG 家庭影院 BH7220的固件更新,但我遇到了麻烦。
该 HTS 有一个来自 LG 的主芯片,在原理图中称为“BH7000:1165” 。该芯片的标记为“D78F1165 1205EM406 MALAYSIA”,这让我相信它是NEC/Renesas的μPD78F1165,至少数据表和原理图中的引脚配置匹配。有趣的是,硬件手册显示该芯片具有内部 ROM,但在此家庭影院中,它连接到外部 EEPROM 芯片(ST M24C16,16-Kbit)。更新文件的大小正好为 2KB,因此它与 EEPROM 的大小相匹配。
该文件具有有线结构。它有一些标题,并且由于某种原因数据被复制。
它有一些字符串
...
0000c000 4c 6f 61 64 65 72 46 57 24 20 20 20 20 20 20 20 |LoaderFW$ |
0000c010 4d 41 49 4e 00 16 80 00 00 00 00 00 00 09 30 00 |MAIN..........0.|
0000c020 50 4f 57 43 00 01 00 00 02 00 00 00 00 00 04 00 |POWC............|
0000c030 46 41 54 42 00 01 10 00 01 0f e0 00 00 00 20 00 |FATB.......... .|
0000c040 50 41 52 4d 00 01 50 00 02 00 00 00 00 00 20 00 |PARM..P....... .|
0000c050 42 4f 4f 54 00 00 00 00 00 00 00 00 00 00 10 00 |BOOT............|
0000c060 53 48 49 46 00 1f b0 00 04 00 00 00 00 00 10 00 |SHIF............|
0000c070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
...
00010000 05 80 00 31 1f 00 00 00 4d 54 4b 20 38 35 35 30 |...1....MTK 8550|
00010010 4a 56 30 33 39 30 20 20 20 20 20 20 38 35 35 30 |JV0390 8550|
00010020 30 33 39 30 04 30 9f e5 03 30 8f e0 13 ff 2f e1 |0390.0...0..../.|
...
0008b410 06 06 41 62 6e 6f 72 6d 61 6c 20 74 65 72 6d 69 |..Abnormal termi|
0008b420 6e 61 74 69 6f 6e 00 00 00 41 72 69 74 68 6d 65 |nation...Arithme|
0008b430 74 69 63 20 65 78 63 65 70 74 69 6f 6e 3a 20 00 |tic exception: .|
0008b440 49 6c 6c 65 67 61 6c 20 69 6e 73 74 72 75 63 74 |Illegal instruct|
0008b450 69 6f 6e 00 00 00 00 49 6e 74 65 72 72 75 70 74 |ion....Interrupt|
0008b460 20 72 65 63 65 69 76 65 64 00 00 00 00 00 49 6c | received.....Il|
0008b470 6c 65 67 61 6c 20 61 64 64 72 65 73 73 00 00 00 |legal address...|
0008b480 00 00 00 00 00 54 65 72 6d 69 6e 61 74 69 6f 6e |.....Termination|
0008b490 20 72 65 71 75 65 73 74 00 00 00 00 53 74 61 63 | request....Stac|
0008b4a0 6b 20 6f 76 65 72 66 6c 6f 77 00 00 00 00 00 00 |k overflow......|
0008b4b0 00 00 00 52 65 64 69 72 65 63 74 3a 20 63 61 6e |...Redirect: can|
0008b4c0 27 74 20 6f 70 65 6e 3a 20 00 4f 75 74 20 6f 66 |'t open: .Out of|
0008b4d0 20 68 65 61 70 20 6d 65 6d 6f 72 79 00 00 00 00 | heap memory....|
0008b4e0 00 55 73 65 72 2d 64 65 66 69 6e 65 64 20 73 69 |.User-defined si|
0008b4f0 67 6e 61 6c 20 31 00 00 55 73 65 72 2d 64 65 66 |gnal 1..User-def|
0008b500 69 6e 65 64 20 73 69 67 6e 61 6c 20 32 00 00 50 |ined signal 2..P|
0008b510 75 72 65 20 76 69 72 74 75 61 6c 20 66 6e 20 63 |ure virtual fn c|
0008b520 61 6c 6c 65 64 00 43 2b 2b 20 6c 69 62 72 61 72 |alled.C++ librar|
0008b530 79 20 65 78 63 65 70 74 69 6f 6e 00 00 4f 75 74 |y exception..Out|
0008b540 20 6f 66 20 68 65 61 70 00 00 00 00 00 00 00 00 | of heap........|
...
和“文件/段结束”?分数
...
000ffff0 00 ff ff ff ff ff ff ff 00 00 00 00 45 4e 44 46 |............ENDF|
...
001ffff0 00 ff ff ff ff ff ff ff 00 00 00 00 45 4e 44 46 |............ENDF|
00200000
根据这个答案,我尝试使用各种偏移将其加载到 Cubesuite+ (v2.2.0) 中,但从未奏效。它会出错“错误指令”或“非法文件类型”。
我尝试运行 Binwalk 来检查架构,这就是它显示的内容:
$ binwalk -B Downloads/H12IM2S.ROM
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
$ binwalk -Y Downloads/H12IM2S.ROM
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
64662 0xFC96 ARM executable code, 16-bit (Thumb), little endian, at least 851 valid instructions
binwalk -Y --verbose Downloads/H12IM2S.ROM
Scan Time: 2019-11-18 23:22:29
Target File: /home/Downloads/H12IM2S.ROM
MD5 Checksum: 73ec6a79d66112a7580f5dc7d0213594
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
64662 0xFC96 ARM executable code, 16-bit (Thumb), little endian, at least 851 valid instructions
64662 0xFC96 movs r0, r0
64664 0xFC98 movs r0, r0
64666 0xFC9A movs r0, r0
64668 0xFC9C movs r0, r0
64670 0xFC9E movs r0, r0
64672 0xFCA0 movs r0, r0
64674 0xFCA2 movs r0, r0
64676 0xFCA4 movs r0, r0
64678 0xFCA6 movs r0, r0
64680 0xFCA8 movs r0, r0
64682 0xFCAA movs r0, r0
64684 0xFCAC movs r0, r0
...
板上还有一个联发科 MT8580 SoC,用于处理 USB 端口和以太网,所以在更新文件中包含一些 ARM 指令可能有意义吗?
我从这里去哪里?我应该移除 EPROM 芯片并尝试使其内容变笨,还是有办法从这个更新文件中获取固件?
PS,我最感兴趣的是这个控制器的固件,因为它阻止了来自任何 HDMI 输入的多通道 PCM 音频,除了其他 LG 蓝光播放器。即它只能播放来自我测试过的任何个人电脑或 PlayStation 和其他设备的立体声 PCM,但如果它来自另一个 LG 播放器,它将完美地播放 5.1 PCM。已与德国的主要服务提供商核对,这是出于版权保护的目的。难以置信的!