NMT C200 Deep

From Lundman Wiki
Jump to: navigation, search

C200 Deeper thoughts

This is not an attempt to hide information, it is just too early/dangerous for people to attempt to use. If you break your player, you get to keep both parts. I can not be held responsible, and Syabas is unlikely to want to help you

The /tmp/setting.txt file has the following:


Can we change that directly and it'll work (for the session)? Can we use the pflash tool to write it to nvram?

C200 has Remote control codes:

slow+1683 : Set bluray region
slow+1663 : Set DVD region

Are there more?

Ah not in lib_syabas_framework.so there is not. If you want to look for them, the sequence is:

54 F0 00 00  31 00 00 00  36 00 00 00  36 00 00 00  33 00 00 00
Slow          1            6            6            3

Actually, running this perl script:

# find . -type f -print | xargs -n 1 perl -e '$file=@ARGV[0] ; $A=`cat $file` ; while ($A =~ /\x54\xf0\x00\x00/g) { $pos = length $`; $pos += 0; printf "$file: %X\n", $pos; }' 
./sigma/lib/libdcchd_brd.so: 1410BC
./sigma/lib/libdirect-1.0.so.0.0: 6853C
./sigma/lib/libamp_test.so: 4277C
./sigma/lib/libamp_test.so: 45EC8
./sigma/lib/libamp_test.so: 46C98
./sigma/lib/libamp_test.so: 477F8
./sigma/lib/libamp_test.so: 4782C
./sigma/lib/libamp_test.so: 47964
./sigma/lib/libamp_test.so: 49504
./sigma/lib/libamp_test.so: 49538
./sigma/lib/libamp_test.so: 49670
./sigma/lib/libamp_test.so: 4A19C
./sigma/lib/libamp_test.so: 4A1D0
./sigma/lib/libamp_test.so: 4A238
./sigma/lib/libamp_test.so: 4BB98
./sigma/lib/libamp_test.so: 4BC00
./sigma/bdj/jvm/lib/libdirectfbawt.so: 16764
./app/lib/libsyabas_framework_lib.so: 9530
./app/lib/libsyabas_framework_lib.so: 9544

Checked all, false positives except for the final two entries.

Region Free

For DVDs, the region is set using:


However, no real need to poke in there, since if your drive is rpc1, it doesn't matter. If your drive ISN'T rpc1, you will have only 5 changes enforced by the drive.

Your first task is to make sure your drive is rpc-1, OR, rpc-2 with autoreset.

Bluray region is handled by:


If you wanted to do it the tedious way:

▒│.text:00003CC0                 lw      $t9, (xosd_command_stub - 0x215A0)($gp)
▒│.text:00003CC4                 li      $a3, 0x2000
▒│.text:00003CC8                 sw      $v0, 0x208+var_1F4($sp)
▒│.text:00003CCC                 move    $a0, $0   
▒│.text:00003CD0                 move    $a1, $s7
▒│.text:00003CD4                 sw      $s3, 0x208+var_1F0($sp)
▒│.text:00003CD8                 jalr    $t9
▒│.text:00003CDC                 sw      $0, 0x208+var_1F8($sp)
▒│.text:00003CE0                 lw      $gp, 0x208+var_1E8($sp)
▒│.text:00003CE4                 addiu   $a1, $sp, 0x208+var_1E0
▒│.text:00003CE8                 lw      $v0, (CreateDialog - 0x215A0)($gp)
▒│.text:00003CEC                 lw      $t9, (xwrite_str_stub - 0x215A0)($gp)
▒│.text:00003CF0                 addiu   $a0, $v0, 0x89B4  # "bluray region"
▒│.text:00003CF4                 lw      $v0, 0x208+var_1D8_bluray_cnt($sp)
▒│.text:00003CF8                 addiu   $v0, 1           # Might want to NOT increase me
▒│.text:00003CFC                 jalr    $t9
▒│.text:00003D00                 sw      $v0, 0x208+var_1D8_bluray_cnt($sp)
▒│.text:00003D04                 lw      $gp, 0x208+var_1E8($sp)
▒│.text:00003D08                 addiu   $a0, $fp, 0x208+var_7844
▒│.text:00003D0C                 lw      $t9, (off_196C8 - 0x215A0)($gp)  # sub_79d0
▒│.text:00003D10                 jalr    $t9
▒│.text:00003D14                 addiu   $a1, $sp, 0x208+var_1D8_bluray_cnt
▒│.text:00003D18                 lw      $gp, 0x208+var_1E8($sp)
▒│.text:00003D1C                 lw      $t9, (xsave_commit_stub - 0x215A0)($gp)
▒│.text:00003D20                 jalr    $t9
▒│.text:00003D24                 nop
▒│.text:00003D28                 li      $v0, 1
▒│.text:00003D2C                 xori    $v0, 1
▒│.text:00003D30                 lw      $gp, 0x208+var_1E8($sp)
▒│.text:00003D34                 b       bluray_cancelORerror
▒│.text:00003D38                 sltu    $s1, $0, $v0

.text:00003CF0 B4 89 44 24 30 00 A2 8F 01 00 42 24 09 F8 20 03

▒│.text:00004030                 lw      $v0, (CreateDialog - 0x215A0)($gp)
▒│.text:00004034                 lw      $a2, (CreateDialog - 0x215A0)($gp)
▒│.text:00004038                 lw      $t9, (xsnprintf_stub - 0x215A0)($gp)
▒│.text:0000403C                 addiu   $v0, 0x8D1C      # "/dev/sr0" 
▒│.text:00004040                 addiu   $a2, 0x8D00      # "drive_ops setregion %d %s"
▒│.text:00004044                 li      $a1, 0x23 
▒│.text:00004048                 jalr    $t9   
▒│.text:0000404C                 sw      $v0, 0x208+var_1F8($sp)  
▒│.text:00004050                 lw      $gp, 0x208+var_1E8($sp) 
▒│.text:00004054                 lw      $t9, (xsystem_stub - 0x215A0)($gp)
▒│.text:00004058                 jalr    $t9 
▒│.text:0000405C                 move    $a0, $s0 
▒│.text:00004060                 bnez    $v0, dvd_systemfailed  
▒│.text:00004064                 lw      $gp, 0x208+var_1E8($sp) 
▒│.text:00004068                 lw      $v0, 0x208+var_1D8_DVD_cnt($sp) 
▒│.text:0000406C                 lw      $a0, (CreateDialog - 0x215A0)($gp) 
▒│.text:00004070                 lw      $t9, (xsub_79d0 - 0x215A0)($gp)
▒│.text:00004074                 addiu   $v0, 1           # Might want to NOT increase here  
▒│.text:00004078                 addiu   $a0, 0x8D28      # "dvd_region" 
▒│.text:0000407C                 addiu   $a1, $sp, 0x208+var_1DC 
▒│.text:00004080                 jalr    $t9 

.text:00004070 28 81 99 8F 01 00 42 24 28 8D 82 24 2C 00 A5 27


To appcontrol.sh shell script restarts syb_framework, in case of crashes, so you need to kill that first. Now since the area where the original library resides is read-only, we can't write out patched library, so we copy it to /lib, and then set the LIBRARY PATH.

Assuming you upload your patched file to root of HDD:

killall appcontrol
killall syb_framework
cd /opt/syb/sigma/bdj/jvm/bin
export PATH
./syb_framework &

I can confirm I can change Bluray region without the counter updating. As I have re-flashed my drive with rpc-2 autoreset firmware, I can confirm that changing DVD region also works without increasing the counter.