Unsupported input file format SHARP LC-32hg5342e

[vido89]

I have SHARP TV LC-32hg5342e, but it seams that epk2extract does not support my firmware image. So is there any chance to get my firmware supported ?

binwalk -W ./20171214_161749_X1.bin 

OFFSET      ./20171214_161749_X1.bin
--------------------------------------------------------------------------------
0x00000000  96 08 CE EF C5 62 F3 6F 98 4E 22 B6 D1 DA 68 F1 |.....b.o.N"...h.|
0x00000010  AF 28 1D 52 41 8B C6 B8 6E 80 59 C2 5A 00 5F 54 |.(.RA...n.Y.Z._T|
0x00000020  06 05 DE EE 26 A2 B3 F5 2D 55 4F FD C3 80 B4 A7 |....&...-UO.....|
0x00000030  16 C5 F2 57 B0 CD 45 67 19 06 54 07 DF AE 1C 3C |...W..Eg..T....<|
0x00000040  BB CF D7 DC F9 0A 0E AA 86 E0 70 32 09 64 63 A5 |..........p2.dc.|
0x00000050  B0 2F EC 97 77 39 82 75 D6 D1 5A 88 B7 5A 41 64 |./..w9.u..Z..ZAd|
0x00000060  00 E8 4E 29 3E 9B 2C 3C 7D 36 54 60 E9 01 F0 75 |..N)>.,<}6T`...u|
0x00000070  E3 BE A2 DB 26 AD 78 61 B0 4E DC 6D 62 D2 68 35 |....&.xa.N.mb.h5|
0x00000080  4E E2 FF 63 D1 30 34 84 41 CF 2C 37 70 0E 50 F4 |N..c.04.A.,7p.P.|
0x00000090  81 FA D4 B3 B2 0B 8B 91 68 B1 BD AF 4A 88 50 BF |........h...J.P.|
0x000000A0  B3 71 D6 1D E4 F0 27 68 71 DC 16 0E B8 55 70 04 |.q....'hq....Up.|
0x000000B0  16 26 2F 9B 6E F6 36 78 79 E0 84 E1 44 A4 18 E1 |.&/.n.6xy...D...|
0x000000C0  41 9B 16 1A 5D 50 9F E9 C0 1D 65 7D 90 2D C0 54 |A...]P....e}.-.T|
0x000000D0  E3 BE A2 DB 26 AD 78 61 B0 4E DC 6D 62 D2 68 35 |....&.xa.N.mb.h5|
0x000000E0  9F B1 91 A3 FF 86 59 98 A6 61 40 21 65 5C CB 1B |......Y..a@!e\..|
0x000000F0  39 7C AB 79 6D 63 4D C7 E4 91 FF D4 08 CB F4 DB |9|.ymcM.........|

Firmware

[smx-smx]

epk2extract supports Sharp TVs with a Mediatek chip. Chances are your TV is either not Mediatek or it's a different binary format. To know more about the format you would need to get shell access to your TV, to at least extract the AES key. I would guess the key used is AES ECB (look at 0x08C52620, you wouldn't see those patterns if the blocks were chained with CBC)

[vido89]

I see, so where I should look for AES ECB keys, are they part of some config, in memory or stand alone files ? Also on TV I have 3,5 mm jack on which says "service" could this be ttl port ?

[smx-smx]

You can either find a serial access through the service port (they are usually RS232 ports) or you can dump the flash by hardware means if it's unencrypted (it usually is). The usual course of action is to check if you get something on the RS232 port (be it the service port on the back or the UART TTL port on the mobo) The voltage level can vary. I've seen ones with a MAX232 onboard (and thus using a PC-compatible serial interface) and others using TTL. Normally the ones with a DB-9 serial connector are PC compatibles and the others are not.

If you don't get anything on the serial port you try some combinations to see if the bootloader has a key/key combo to interrupt the boot process. If nothing is succesful the device is locking down the serial port and you need to find either a software flaw that gives you access or a hardware modification (like rewriting the flash manually with an unlocked software).

You'll be able to get the key by observing the update binary / update process once you're logged in

You can join #openlgtv on Freenode if you need further assistance

[vido89]

@smx-smx Great tnx I will check my "service" port to see is it any good Edit: Its not 3,5 mm jack, its a bit smaller, yeah :)

[vido89]

I opened it and there is no additional ttl port on board like I hoped, need to modify 2,5 mm jack, not sure which one do I need with 3 or 4 "segments" version

[smx-smx]

Closing this for now. Feel free to reopen if you have news