XML modification

[redband]

Hello,

Are modifications possible to the XML and configuration files stored on the HDD or is it necessary to relace the NK.bin with a custom version first?

I see reference in the forum to patched xml, but it is not clear (to me) whether this can be acheived without JTAG or similar...

I'm trying to get hold of a spare box for "experimentation", but wondered it any straight XML modification had been attempted already?

Rgds

Redband

[robert_s]

Are modifications possible to the XML and configuration files stored on the HDD or is it necessary to relace the NK.bin with a custom version first?

The way I understand it - NO. There is a file named "content.sig" which contains a digital signature (which you cannot forge unless you know how to crack 1024-bit keys), followed by a list of all "allowed" files with each file's length and hash. The configuration XML file is in there, too.

So if you change the configuration XML file, its length and hash will change. If you put the changes into the "content.sig" file, its digital signature will become invalid and BooterCE.exe will reject it. If you don't put the changes in there, BooterCE.exe will reject the configuration XML file, since it does not match the information stored in content.sig.

To remove the signature and hash checks from BooterCE.exe, you have to replace it (in NK.BIN) with the version provided in the Wiki. But NK.BIN is protected by BOOT.SIG, which is checked by the boot loader in the flash ROM - so you have to remove the signature checks from the boot loader, which is only possible via JTAG.

Unfortunately, it has now turned out that the JTAG connector has been disabled on all boxes but rather old ones (maybe from early 2006). So even the JTAG patch is only available on a few older boxes...

[redband]

Thanks for the explanation.  That is pretty clear.

[mce2222]

however for BTV users there is hope
because you can download a debug version from a special server at BT.
This contains a content.sig file that should allow you to make any modifications you want to the xml files, however the nk.bin or TV2Client.exe cannot be modified.
only downside is that this debug version is some months older than the current live version

[margadon]

Hello, robert_s
You say:

"To remove the signature and hash checks from BooterCE.exe, you have to replace it (in NK.BIN) with the version provided in the Wiki. But NK.BIN is protected by BOOT.SIG, which is checked by the boot loader in the flash ROM - so you have to remove the signature checks from the boot loader, which is only possible via JTAG.

Unfortunately, it has now turned out that the JTAG connector has been disabled on all boxes but rather old ones (maybe from early 2006). So even the JTAG patch is only available on a few older boxes..."

That's not a problem (I mean enabling JTAG). I've got a x300t made in june of 2007 (rev 0L, version 1051) which came with JTAG disabled.
As You know in WIKI there is an article with SMP layout. I've enabled JTAG using a normal soldering iron making a connection directly to CPU.
It's not that difficult like it seems. (Thanks to mce2222 for his help)

I would like to show a couple of letters:

1. I've sent to mce2222:

"The device revision is 0L, Bootloader Version 1051.
I made a connection directly to CPU and I've got JTAG enabled. I can patch, upload yamon, download dump using x300tdump. But the device is still without working. I've tried to use dumprom.exe to extract NK.BIN but the command syntaxis is not very clear. I couldn't find anything about it in WIKI but only the following:

1.you will need the nkbin tool available here
2.grab the NK.BIN from the x300t hard drive    ??
3.binmod.exe -i nk.bin -r BooterCE.exe (case-sensitive !)
4.put back the NK.BIN

The only thing I want is start DVB-T tuners with a possibility to record some stuff from air.

Is what I want a realistic?"

2. And a mce2222's answer:

"without a working T-Home subscription it is not possible at the moment.
to get DVB-T working, it is a requirement to have a fully working box ...

otherwise the software would have to be patched... that is possible but has not been done yet.



I mean there are a lot of material in a WIKI: you can do this and you can do that.
But the result is "otherwise the software would have to be patched... that is possible but has not been done yet"!!!!! Or maybe I'm wrong?
Can somebody answer this question.
And I'll be the first to make a step-by-step manual.

Regards,
Alexander

P.S. It's not a clear for me how I can grab the NK.BIN from the x300t hard drive and upoad it back to device

[asgard]

P.S. It's not a clear for me how I can grab the NK.BIN from the x300t hard drive and upoad it back to device

you've to hook up the drive to your computer. Also you can you an (USB)case ...so thats an easy way

After you hooked it to your PC, you can access the drive like any other (e.g. usb-stick).

thats all!

Asgard

[mikeprotts]

P.S. It's not a clear for me how I can grab the NK.BIN from the x300t hard drive and upoad it back to device

you've to hook up the drive to your computer. Also you can you an (USB)case ...so thats an easy way

After you hooked it to your PC, you can access the drive like any other (e.g. usb-stick).

So to make this simple (for people like me who are stll working out the jtag part):
1) Take disk out and copy new files, then put back.

2) Solder jtag connector (the stage I am at)

3) Start jtag on PC (Windows or Linux etc)

4) turn on box and interupt boot (Not sure how)

5) Turn of signature check

6) allow boot to continue with software from hard disk.

Is this correct - I'm not entirely sure.

Cheers
Mike

[margadon]

Asgard,

I've tried already to do what you say. I see the disk but it says that it is not formatted.

Anyway thank You.

Alexander

[margadon]

Hi, Mike!

JTAG connector is the easiest part  but activate it (if You have to solder directly to CPU) is quite difficult.
BUT! possible!!!

Good LUCK!