solo2 clone

**digitaly** · 22 April, 2014, 14:41

A bit of reading there

Do not post links to other forums with similar content

Code:

[COLOR=#a9a9a9][FONT=helvetica]So for some technical background, just for those who care [/FONT][IMG]http://openpli.org/forums/public/style_emoticons/default/wink.png[/IMG]
[FONT=helvetica]About half a year or so ago i already made aware that there was added into the Vu drivers a 'time bomb', i don't know the exact thread by heart but pretty sure that the search function will bring it up..[/FONT]

[FONT=helvetica]The following driver releases where, apart for the usual bug fixes and improvements, trial runs for what has now gone 'live'.[/FONT]

[FONT=helvetica]Due to the fact the guys who cloned the security for the Chinese (and this was actually done in Europe, as many of you might know) made a pretty good copy of the alpu tpm chip (from neowine), which is used by many stb manufacturers and of course offers no real sense of clone protection what so ever [IMG]http://openpli.org/forums/public/style_emoticons/default/smile.png[/IMG] Vu had to look for another means of establishing the board authenticity.[/FONT]

[FONT=helvetica]So the logical second choice was the FPGA, hey, it was sitting on the board anyway and for the clone companies would for sure mean another $10/25K to read out and so that was of course the logical way to go.[/FONT]

[FONT=helvetica]So that brings us to the current situation, the best they can do is just wipe out the block in the nand where the SoC boots from, that would mean that the resellers will have to be equipped with at least BBS tools and software to 'revive' all boxes killed in the 19-4 attack.[/FONT]
[FONT=helvetica]Which is of course a good thing in more that one way,[/FONT]
[FONT=helvetica]First - the clones where shut off, even if it will be for a very short time. But this is giving a strong signal to the end user market never to buy a clone (of course, buying a clone is always a bad thing) as you can never be sure what will happen.[/FONT]
[FONT=helvetica]Second - this creates a market for the 'guy on the attic with a soldering station' (not that he will need one in this case) but you know the guy i am talking about, these are the same guys who helped out when ci modules and other stb where killed (a.k.a. erased) in the past.[/FONT]

[FONT=helvetica]So i guess the next thing that will happen is that the manufacturer of the clone boxes will start shipping BBS tools and so on to their resellers and they will 'fix' the problem in a jiffie any day soon now.[/FONT]

[FONT=helvetica]And now, just because we can, a quick rundown of what is exactly the 'authenticity check' and the 'counter measure' taken by Vu.[/FONT]
[FONT=helvetica]Let me first just state, i have no involvement in any cloning activities, i am just an independent researcher who likes to 'see what went down'.[/FONT]
[FONT=helvetica]And if i tell or not, it won't matter for the outcome, the current 'disabled' hardware will be revived, i am sure of this as there where too many sold already so it is imperative to the companies who made them that the 'problem' will be fixed, and so it will.[/FONT]

[FONT=helvetica]So, first what they have done is do some FPGA magic, to confirm to the drivers that they are in fact dealing with cloned hardware (i won't go into details on how they do this, its some challenge, some des crypto and some other stuff but not really relevant to be known exactly).[/FONT]
[FONT=helvetica]Then after they have established that it is in fact not a genuine board some counters start running in some critical places, like the tuning of the front end, vfd actions and a random one connected to the a/v input. So doing this they are pretty sure that at some point the counter limits are reached and then it is time to run 'the check'.[/FONT]
[FONT=helvetica]The check of course consist of a simple 'hello, what day are we at?' if this is in fact 19-4-2014 or later it is time to do some erasing to make sure that we are not happy that you cloned our board.[/FONT]
[FONT=helvetica]So now we start erasing, all they need to do is clean out the area where to SoC start reading from after it start up (a.k.a. the boot loader, a.k.a CFE). But for whatever reasons they chose to erase 64 pages, I guess to make sure it really won't start (not that it would matter at all, 1 would have been enough).[/FONT]
[FONT=helvetica]After that the erasing continues some more when the critical functions are called until the stb is rebooted and at that point the user will get a nice black screen and no reaction from the stb what so ever. All gpio will remain uninitialized after powering on, this for instance causes the LAN light to stay on continuously and so forth.[/FONT]

[FONT=helvetica]So that's pretty much the background of the whole thing, clones are killed and now let's see what the next move will be [IMG]http://openpli.org/forums/public/style_emoticons/default/smile.png[/IMG][/FONT]

[FONT=helvetica]For those who want to investigate the matter for them selves,[/FONT]
[FONT=helvetica]the recent functions where added into the drivers from a file called brcm_fpga_secu.c,[/FONT]
[FONT=helvetica]find it and you will see what i was talking about [/FONT][IMG]http://openpli.org/forums/public/style_emoticons/default/wink.png[/IMG][/COLOR]

**sexysam** · 22 April, 2014, 21:52

Here is response from my Chinese supplier about the update of image

Very IMPORTANT NEWS:

Dear customers .
Please don't reflash your vu+ series to 2.0.9.1 (also OPENPLI\VTI\VIX ) ... don't update. till BH2.0.9.1(also OPENPLI\VTI\VIX ) . (all software release from 15th.March .2014 CAN NOT BE USE.)
During Easter day . that news says can use 2.0.9.1 it's not true .
The True it's when you going to reflash 2.0.9.1(OPENPLI\VTI\VIX ) will make your box just black ..
Because when your put 2.0.9.1 (also OPENPLI\VTI\VIX ) in box , this software will delete the "starting files " of flash . if starting program are missing in the box ,
That will make your box look black and can not use USB Port too , not booting up. JUST show you the light .
You better choice (BH 2.0.3 ) (BH 2.0.5 ) (BH 2.0.8 ) (BH 2.0.9 ) reflash back old software etc.

I am sorry to heard that your BOX like this situation .

please try this as possible.

we have saw the video you tooks . thanks for that .
Frow the video , we know the problem >> it's flash program error . mistake by reflash during wrong image program.

solve this problem .
1.you going to download vu SOLO2 BH 2.0.5 Black Hole Vu+ Solo2 2.0.5 galaxy | VuPlus Community or
Vu+ Solo2 Immagini Black Hole | VuPlus Community better choice (BH 2.0.5 )
(BH 2.0.3 ) (BH 2.0.8 )reflash back old software etc. try as possible as you can

2. please use the Rs232 cable connect with computer install a tools for the rs232 to reflash - restore VU+Tool | VuPlus Community (Remember RS232 cable use the real computer not Laptop.) you should use computer not a laptop .>>>> you click " DHCP" this should be open

3. install the vu SOLO2 BH 2.0.5 then finished .

4. http://we.tl/dD69UNd3EL (if you still don like 2.0.5 . and need BH 2.0.9 this link can give you image which is safe for sure )

**scottj130208** · 22 April, 2014, 23:19

Has anyone tried this fix yet ?

**digitaly** · 22 April, 2014, 23:23

Vu+ tool v0.9 hasn't got the com port support. therefore rs232 flash cannot be done... Those information looks wrong to me. Anyway it won't be so easy as far as I can read. I'm looking at many forums at the moment

**digicon** · 23 April, 2014, 01:25

The word is that the nandflash has been totally wiped Clean Bootloader as well which means presently PRC are offering to ship out new nandflash chips and you solder them in yourself, not an easy task from some of the Videos showing it.

**cunny** · 23 April, 2014, 08:37

No. Its not an easy task. Be better either sending board back or having someone else solder in a new nand.

Thats if they dont release a rs232 method. Which by the lenght of timw its taking im not holding my breath

Sent from my GT-I9305 using Tapatalk

**eattheliving** · 23 April, 2014, 21:11

hi All,

update from l&W

Dear eattheliving
Because the latest software damaged machines flash, we now have two solutions:
1, our engineers to record a video detailing how to replace flash, if you can repair the machine, I can send you two flash by china post, as long as you pay $ 5 for shipping, flash is free for you, then you follow the video steps to repair the machine
Please confirm you can fix the IC(flash ) , follow it ‘s Video , please do it if you can :
Download ??QQ??_20140407140931(1).mp4 from Sendspace.com - send big files the easy way
Download ??QQ??_20140411215518(1).mp4 from Sendspace.com - send big files the easy way
Please not falsh the from 15th March image , it not really image , it’s only a kill Chinese box iamge .
After you fix the IC (flash , you can falsh below image )

1. Blackhole 2.0.9 : http://we.tl/dD69UNd3EL
2. vix 3.0 build 808 is safe looks like dates 21st Dec 13

Be careful this are the steps:
get it out of the box...get a old original image like : BEFORE 15/12/2013 per exmple Blackhole 2.06,or Pli or Vix or whatever as long its a image before 15/12/2013....Format a USB with Fat32,copie the image on this USB....put it in your box ...VERRY IMPORTANT:ONLY PLUGIN POWER CABLE!!!
So no HDMI,No Ethernet AND ESPECIALY NO SATELITE CABLE!!!!!
Power up the unit,make the Update (in this case downgrade) and after this,plug the HDMI and the ethernet and start.

2, if you can not repair the machine, set the machine's motherboard via regular mail to me, our engineers will help you to repair, and then send you
Please tell me your choice, waiting for your answer, thank you
Sincerely wendy

my board is going back tomorrow.

**pugwas** · 23 April, 2014, 21:26

This was all going so well last week
Ive had no update from L&W as of yet but I imagine there quite busy there is rumour of a software fix coming via another site but I don't hold out much hope
eattheliving please let me know who you use to send board back and costs please

**pugwas** · 23 April, 2014, 21:33

seems to be afew issues here at mo sorry about the repeat post

**DOUGALMCD** · 23 April, 2014, 21:34

Read on other forums it's about ?12-?15 to send it back. Assuming it arrives safely. There's no guarantee the flash will work if you solder it and bodge it or pay someone else they wouldn't replace the board after that. From what I've read and as Digicon and Digitaly say above Nand knackered and no rs232 fix yet they will try to fix the problem but will have to come up with a better solution and that will take time. Logistically it's a nightmare for them all those boards getting returned.

**cunny** · 23 April, 2014, 21:38

Well just had my 2 boxes replaced. After a chat with him, boards going back to china for new nands fitting.

He also told me that not only were the nands wiped, but also locked, making any recovery impossible. Not sure if thats correct on the locked part but if it is, the chinese going to be very busy replacing these nands

Sent from my GT-P5110 using Tapatalk HD

**DOUGALMCD** · 23 April, 2014, 21:45

I thought that's why they were offering free nandflash not good news for a lot of people.

**cunny** · 23 April, 2014, 21:51

The way i understood it. The nands were wiped clean along with bootloader. If it was possible to somehow wrte to the nand, restore the bootloader etc viia null modem, the Locking of the nand has now made that impossible, if the locking part is correct as im not seen any other posts regarding the locking of the nand, just what the guy i bought them from told me

**digicon** · 24 April, 2014, 01:25

The NandFlash was Wiped Clean and Locked at the same time with the Timebomb drivers, So as posted No Jtag Fix is possible and so that is why PRC are sending out new chips or send the board back for repair.

**eattheliving** · 24 April, 2014, 16:06

Originally posted by pugwas

This was all going so well last week
Ive had no update from L&W as of yet but I imagine there quite busy there is rumour of a software fix coming via another site but I don't hold out much hope
eattheliving please let me know who you use to send board back and costs please

Hi Pugwas,

?15.50 tracked via royal mail matey.

solo2 clone

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment