Difference between revisions of "Private: implementing esg"
Line 1: | Line 1: | ||
+ | ===Crack Nokia S60 OS to see all system files=== | ||
+ | N92: S60 3rd edition (crack successfully) | ||
+ | |||
+ | N96: S60 3rd edition with FP2 (not yet) | ||
+ | |||
+ | Steps: (all files are available on network shared drive, under students\yliu\testbed\s60crack ) | ||
+ | 1) Install X-plore: this tool is a powerful file browser and can help us view all the system files and hidden files. | ||
+ | 2) Install HelloCarbide.sisx : this tool can be used to temporarily disable the root certificate on the cell phone | ||
+ | 3) Upload installServer.exe and CProfDriver_SISX.ldd to the C:\sys\ on cell phone : this is to replace root certificate and gain system access | ||
+ | 4) Install CapsOn,sisx and CapsOff.sis : the switch to control the cracking. | ||
+ | |||
+ | On N92, now we have full control of all the files. On N96, we can access all files except system protected files (C:\sys and C:\private). | ||
+ | |||
+ | |||
+ | ===DVB-H related info found on N92=== | ||
+ | C:\dvbh.ini (N92 only has a C drive) | ||
+ | |||
+ | ScheduleItemRemovalInterval=7 | ||
+ | AutoScanNwTimeRetryDelay=5 | ||
+ | ESGRootPort=9214 | ||
+ | IpdcNumberOfLogFiles=3 | ||
+ | IpdcLogFile=ipdc.txt | ||
+ | IpdcLogDir=ipdc | ||
+ | IpdcLogLevel=1 | ||
+ | IpdcLogLevelRDebug=9 | ||
+ | IpdcLoggingEnabled=1 | ||
+ | NifFwdToStackInterval=500 | ||
+ | NifReadInterval=500 | ||
+ | SocketRecvBufSize=800000 | ||
+ | TerminalMaximumBandwidth=500000 | ||
+ | RequiredDiskFreeSpacePercentage=5 | ||
+ | AllowUsageTracking=1 | ||
+ | SignalScanFreqLow=472000000 | ||
+ | SignalScanFreqHigh=702000000 | ||
+ | SignalScanBW=8000000 | ||
+ | SignalScanType=1 | ||
+ | AutoScanEnabled=1 | ||
+ | AutoScanStartDelayAfterBoot=5 | ||
+ | AutoScanInterval=10800 | ||
+ | AutoScanPreferredPlatformId=-1 | ||
+ | AutoScanPlatformSetRetryDelay=120 | ||
+ | PlatformSetUniversalTimeout=60 | ||
+ | ScanUniversalTimeout=600 | ||
+ | NetworkTimeUpdateUniversalTimeout=35 | ||
+ | BootUniversalTimeout=20 | ||
+ | InactivityPowerOffTime=300 | ||
+ | ER4BootImageFile=z:\spi_boot.img | ||
+ | ER4SWImageFile=z:\enginer4.img | ||
+ | ER4AntennaSetup=z:\ER4AntennaSetup.dat | ||
+ | ER4SetPlatformRetryTimeout=25000 | ||
+ | ER4SetPlatformRetryCount=10 | ||
+ | ESGMgrUpdTime=120 | ||
+ | ESGMgrUpdTimeAfterErr=10 | ||
+ | ESGMgrUpdInterval=180 | ||
+ | ESGMgrUpdRestartCount=3 | ||
+ | ESGMgrRxInitTime=30 | ||
+ | ESGMgrRxPeriodChkTime=20 | ||
+ | ESGMgrUpdateEnabled=1 | ||
+ | ESGMgrFCastRestartCount=3 | ||
+ | ESGMgrUpkeepCleaningDelay=20160 | ||
+ | ESGMgrCarouselDeltaStartTimeInHours=48 | ||
+ | UsageTrackerRetryInterval=1 | ||
+ | UsageTrackerRetryCounts=5 | ||
+ | ECRenewalTime=1800000000 | ||
+ | ECRenewalOffset=1 | ||
+ | ECRemovalTimeInHours=48 | ||
+ | AutoScanPlatformSetRetries=1 | ||
+ | NwTimeUpdateRetries=2 | ||
+ | PowerOffDelayAfterNwDiscovery=3 | ||
+ | ReplayBuffer=30 | ||
+ | UsageTrackerDbUpperLimit=1000000 | ||
+ | DRMClockUpdateInterval=30 | ||
+ | |||
+ | |||
+ | ===Error message found on N96=== | ||
+ | |||
+ | Based on N92 dvbh.ini config file, I guess on N96, DVBH.img is either ER4BootImageFile=z:\spi_boot.img | ||
+ | or ER4SWImageFile=z:\enginer4.img on N92. And it sounds more like the complete image, not just the boot image. | ||
+ | |||
+ | And even though N96's dvbh.ini file is short, it seems like some parameters still follows the N92's example, for example | ||
+ | the log files on N96 matched with N92's config file | ||
+ | |||
+ | IpdcNumberOfLogFiles=3 | ||
+ | IpdcLogFile=ipdc.txt | ||
+ | IpdcLogDir=ipdc | ||
+ | IpdcLogLevel=1 | ||
+ | IpdcLogLevelRDebug=9 | ||
+ | IpdcLoggingEnabled=1 | ||
+ | |||
+ | In DVBH.img we find the following readable error message: | ||
+ | PSI_Processor PSI_patpmt PSI_nitint | ||
+ | |||
+ | ThreadX API error: The event group is already created. Threadx API error: Invalid event group pointer. The pointer is NULL. System timer thread obj\dvbh\dtv1000_dbg | ||
+ | |||
+ | |||
+ | As the above error message happens after the PSI/SI info section, It is the next step--ESG Bootstrap on Cell phone that cause the above error lines. The cell phone tried to receive something and the application crashed. So on N96 the Subsystem ESG Manage did not get anything and leads to timeout. | ||
+ | |||
+ | |||
=== TS files for various ESG versions available on-line (Mon Oct 13 09:30:11 PDT 2008) === | === TS files for various ESG versions available on-line (Mon Oct 13 09:30:11 PDT 2008) === | ||
Revision as of 11:56, 17 October 2008
Crack Nokia S60 OS to see all system files
N92: S60 3rd edition (crack successfully)
N96: S60 3rd edition with FP2 (not yet)
Steps: (all files are available on network shared drive, under students\yliu\testbed\s60crack ) 1) Install X-plore: this tool is a powerful file browser and can help us view all the system files and hidden files. 2) Install HelloCarbide.sisx : this tool can be used to temporarily disable the root certificate on the cell phone 3) Upload installServer.exe and CProfDriver_SISX.ldd to the C:\sys\ on cell phone : this is to replace root certificate and gain system access 4) Install CapsOn,sisx and CapsOff.sis : the switch to control the cracking.
On N92, now we have full control of all the files. On N96, we can access all files except system protected files (C:\sys and C:\private).
C:\dvbh.ini (N92 only has a C drive)
ScheduleItemRemovalInterval=7 AutoScanNwTimeRetryDelay=5 ESGRootPort=9214 IpdcNumberOfLogFiles=3 IpdcLogFile=ipdc.txt IpdcLogDir=ipdc IpdcLogLevel=1 IpdcLogLevelRDebug=9 IpdcLoggingEnabled=1 NifFwdToStackInterval=500 NifReadInterval=500 SocketRecvBufSize=800000 TerminalMaximumBandwidth=500000 RequiredDiskFreeSpacePercentage=5 AllowUsageTracking=1 SignalScanFreqLow=472000000 SignalScanFreqHigh=702000000 SignalScanBW=8000000 SignalScanType=1 AutoScanEnabled=1 AutoScanStartDelayAfterBoot=5 AutoScanInterval=10800 AutoScanPreferredPlatformId=-1 AutoScanPlatformSetRetryDelay=120 PlatformSetUniversalTimeout=60 ScanUniversalTimeout=600 NetworkTimeUpdateUniversalTimeout=35 BootUniversalTimeout=20 InactivityPowerOffTime=300 ER4BootImageFile=z:\spi_boot.img ER4SWImageFile=z:\enginer4.img ER4AntennaSetup=z:\ER4AntennaSetup.dat ER4SetPlatformRetryTimeout=25000 ER4SetPlatformRetryCount=10 ESGMgrUpdTime=120 ESGMgrUpdTimeAfterErr=10 ESGMgrUpdInterval=180 ESGMgrUpdRestartCount=3 ESGMgrRxInitTime=30 ESGMgrRxPeriodChkTime=20 ESGMgrUpdateEnabled=1 ESGMgrFCastRestartCount=3 ESGMgrUpkeepCleaningDelay=20160 ESGMgrCarouselDeltaStartTimeInHours=48 UsageTrackerRetryInterval=1 UsageTrackerRetryCounts=5 ECRenewalTime=1800000000 ECRenewalOffset=1 ECRemovalTimeInHours=48 AutoScanPlatformSetRetries=1 NwTimeUpdateRetries=2 PowerOffDelayAfterNwDiscovery=3 ReplayBuffer=30 UsageTrackerDbUpperLimit=1000000 DRMClockUpdateInterval=30
Error message found on N96
Based on N92 dvbh.ini config file, I guess on N96, DVBH.img is either ER4BootImageFile=z:\spi_boot.img or ER4SWImageFile=z:\enginer4.img on N92. And it sounds more like the complete image, not just the boot image.
And even though N96's dvbh.ini file is short, it seems like some parameters still follows the N92's example, for example the log files on N96 matched with N92's config file
IpdcNumberOfLogFiles=3 IpdcLogFile=ipdc.txt IpdcLogDir=ipdc IpdcLogLevel=1 IpdcLogLevelRDebug=9 IpdcLoggingEnabled=1
In DVBH.img we find the following readable error message:
PSI_Processor PSI_patpmt PSI_nitint
ThreadX API error: The event group is already created. Threadx API error: Invalid event group pointer. The pointer is NULL. System timer thread obj\dvbh\dtv1000_dbg
As the above error message happens after the PSI/SI info section, It is the next step--ESG Bootstrap on Cell phone that cause the above error lines. The cell phone tried to receive something and the application crashed. So on N96 the Subsystem ESG Manage did not get anything and leads to timeout.
TS files for various ESG versions available on-line (Mon Oct 13 09:30:11 PDT 2008)
There is a recent DVB-H trial that adopts multiple ESG versions. A final report can be found at here. In this trial, two types of Nokia ESG platforms are used: OAI and OMA BCAST. They also made some ts files available on an ftp site (see pp.18 in the above report).
To reverse engineer the requirements of Nokia's OMA BCAST ESG implementation, we can download and analyze the ts files of Nokia BCAST platform. We can use the channel parameters listed in the report to identify the right ts stream.
To debug buffer overflow problems (Sun Oct 5 14:57:03 PDT 2008)
There have been quite a few nasty buffer overflow bugs in dataaggregator and timeslicer, which cannot be easily found by reviewing the code. To trace the problem, we may use the memory checking feature of the valgrind tool. Valgrind can be installed through apt-get.
To use it, compile your code with CC flags: -g and -O0. Then run the timeslicer (for example) as follows:
valgrind --leak-check=yes ./timeslicer -n 1024 -g 8 -b 8 -d 400 -c 3 -o qpsk -p esgbt:/tmp/fatcapsesgbt:0x555 -p esg:/tmp/fatcapsesg:0x666 -p prog1:/tmp/fatcapsinput1:0x771 -p prog2:/tmp/fatcapsinput2:0x772 -p prog3:/tmp/fatcapsinput3:0x773 -p prog4:/tmp/fatcapsinput4:0x774 -p prog5:/tmp/fatcapsinput5:0x775 -p prog6:/tmp/fatcapsinput6:0x776 -p prog7:/tmp/fatcapsinput7:0x777 -p prog8:/tmp/fatcapsinput8:0x778 -f /tmp/fatcapsfifo
The output of valgrind is descriptive, see their webpage for details.
There are a few DVB-H related files in the N96 ROM (z:\) and flash (c:\):
z:\dvbhsetup.dat z:\DVBH.img z:\System\data\dvbh\dvbh.ini <--- readable c:\System\data\esg c:\System\data\ipdc c:\logs\ipdc <--- readable
Some error files from N96 (Wed Oct 1 17:26:50 PDT 2008)
The log indicates that the esg receiver fails to receive some file. Unfortunately, we cannot be sure which stage did it fail. Little can be done beyond this point without Nokia's supports, e.g., putting the logger into development/verbose mode.
Therefore, I decided to put N96 aside until we get some supports from Nokia.
2008/10/01 2:15:01 2008/10/01 2:15:01 2008/10/01 2:15:01 ------- Subsystem DVBH Manager error ------- 2008/10/01 2:15:01 Emitting module: c\cdvbhmgrinactivityobserver.cpp line: 231 2008/10/01 2:15:01 Error code: -2497 2008/10/01 2:15:01 Description: Cutting_power_in_NoPlatform_state_due_to_inactivity 2008/10/01 2:15:01 Additional info: (none) 2008/10/01 2:20:30 2008/10/01 2:20:30 2008/10/01 2:20:30 ------- Subsystem ESG Manager error ------- 2008/10/01 2:20:30 Emitting module: \common\src\cesgfilereceiver.cpp line: 548 2008/10/01 2:20:30 Error code: 0 2008/10/01 2:20:30 Description: TimerTimeout NoBlocksReceived 2008/10/01 2:20:30 Additional info: (none) 2008/10/01 2:25:30
Comments from Mr. Hanel, who is an engineer at Decontis (the company who makes dvbSAM)
Nokia is a special case. It is correct that Nokia moves from its own proprietary OAI ESG toward OMA BCAST ESG, but the transport streams created with Nokia ESG server I saw so far in the near past were not fully compatible yet with OMA BCAST. So handhelds from vendors != Nokia have problems with broadcasts where Nokia ESG is inside. And the other way is often also blocked - Nokia handhelds mostly could not receive ESGs provided by ESG servers from other vendors. Mostly only the combination Nokia ESG server + Nokia handheld worked properly. Of course, this behavior may change with every new software version Nokia releases for its handhelds. Since nobody except Nokia itself knows what's going on within their handhelds, finding the problem could be difficult. Could be that your ESG is fully compliant to the standard and nevertheless the Nokia handheld cannot handle it. I'd recommend to update the N96 firmware to the latest version and to try at least one more DVB-H handheld, e.g. a recent one from LG or Samsung.