RFH: ARM/Thumb Programing

Discussion in 'Embedded' started by Ryton, Feb 1, 2007.

  1. Ryton

    Ryton Guest

    G'Day, I have a stand-alone Liteon 5115 DVD recorder that I purchased
    to transfer my VHS tape collection to DVD before VHS hardware becomes
    obsolete. Unfortunately, many tapes cannot be transferred as the
    recorder displays "Protected Content" (i.e. Macrovision) and recording
    will not proceed. Legally, under our fair-use law, we are allowed to
    make a personal copy.

    Therefore, I did a hex-dump of the firmware (a copy of the firmware is
    available at: http://pages.ca.inter.net/~ewatson/LNMPU030.zip ) and
    discovered the following:

    At 0x2DB9F1 a reference to Mediatek (Manufacturer of DVD Recorder
    chipsets who have also signed an agreement with ARM).

    At 0x361DC a reference to ARM

    At 0x2D78DD the following hex string: 55 53 00 00 00 00 00 01 00 00 00
    00 (This is the same string that a Liteon 5005 recorder uses for its
    Region Code and Copy Protection switches which can be modified to 55
    53 00 00 00 00 00 00 00 00 00 01 to make that recorder Region Free and
    Copy Protection disabled.

    Please advise, in layman terms if possible, the steps and tools
    required to fully reverse engineer (disassemble/decompile/debug) this
    firmware to discover checksums, etc. TIA!
    Ryton, Feb 1, 2007
  2. Ryton

    larwe Guest

    Legally, under the DMCA, all of us living in America cannot disclose
    to you a method of defeating copy protection, regardless of your fair-
    use laws (and for that matter, regardless of ours). This works both
    ways, too - if you work out how to do it, and let America know, you
    can be arrested if you visit here. Look up the case of Dmitry Sklyarov
    vs. Adobe. Remember that every time you buy an MPAA movie or RIAA
    audio recording, you are subsidizing this theft of freedom.
    This can't be made layman-friendly. Even if the structure you have
    found is in fact what you think it is [and the chances are very good
    that it is a mere coincidental run of bytes], substantial work will be
    necessary to locate the checksum routine and patch it out. A very
    useful time-saving tool for this sort of work is Ida Pro, but it is
    not a layman process.
    larwe, Feb 1, 2007
  3. Ryton

    larwe Guest

    By the way, the best way to get around your specific problem is to put
    a Macrovision scrubber between the VHS deck and the DVD recorder. Of
    course, these devices are not manufacturable legally (since
    Macrovision holds patents on most or all of the technologies required
    to build such a scrubber). However, they are readily available.
    larwe, Feb 1, 2007
  4. Ryton

    Mike Noone Guest

    I am not sure about your problem - but I can advise you that there are
    such things as "video clarifiers" (check Ebay) that take care of this

    Mike Noone, Feb 1, 2007
  5. Ryton

    Ryton Guest

    Thanks Mike, I know but I would prefer the firmware route.
    Ryton, Feb 1, 2007
  6. Ryton

    larwe Guest

    If the structure you're looking at is what you think it is, it will
    doubtless ONLY disable Macrovision on the video OUT of the device.

    Detecting Macrovision in an incoming analog video stream is a
    different task and you'll likely have to patch actual code to remove
    larwe, Feb 1, 2007
  7. Ryton

    Ryton Guest

    Thanks larwe, you might be correct, however, in Liteon's previous
    model (5005) modifying that string disables MV completely (changed to
    55 53 00 00 00 00 00 00 00 00 00 01) without having to modify the
    checksum as one is added and one is taken away. I'd try it blind but I
    don't want to mess the machine up as it is still new.
    Ryton, Feb 1, 2007
