• 1
  • 17
  • 18
  • 19(current)
  • 20
  • 21
  • 31
[RELEASE] veetle.com
https://raw.github.com/xbmc/xbmc/master/docs/README.ios

Those instructions will work for osx lion and xcode 4.3.2

Doesnt work for mountain lion and xcode 4.4 which is what i'm on.
The standard cocoa library wont build a shared library, only static
Reply
A quick bodge to get veetle working on an ATV2 again is patching the avformat-52-arm-osx.so file located at /Applications/XBMC.frappliance/XBMCData/XBMCHome/system/players/dvdplayer/avcodec-52-arm-osx.so .

Using Cyberduck, or your favourite client, connect to your ATV2 and copy the file to your local machine - don't have XBMC running at this point. Copy it again so you have a backup.

Then use a hex file editor, I used Hxd, to search for the code - mine appeared at location 0x1c28c
46 00 53 e3 01 30 d2 05 4c 00 53 03 01 00 00 0a 00 00 a0 e3 1e ff 2f e1 02 30 d2 e5 56 00 53 e3

and change it to
47 00 53 e3 01 30 d2 05 47 00 53 03 01 00 00 0a 00 00 a0 e3 1e ff 2f e1 02 30 d2 e5 47 00 53 e3

then save.

Copy the file back to the same place as before, overwriting the original.
Run XBMC and then try Veetle Smile

The code that string represents is:
Code:
ldr     r2, [r0,#4]
        ldrb    r3,[r2]
        cmp     r3,'F'
        ldreqb  r3,[r2,1]
        cmpeq   r3,'L'
        beq     check_next
err_code:  mov     r0,0
        bx      lr
check_next:
        ldrb    r3,[r2,2]
        cmp     r3,'V'
        bne     err_code
        ldrb    r3,[r2,3]
        cmp     r3, 4
        bhi     err_code
        ldrb    r3, [r2,5]
        cmp     r3, 0
        bne     err_code
        ldr     r3, [r2,5]      ; 32 bit operation
        rev     r3,r3
        cmp     r3, 8
        movhi   r0, 0x64
        bxhi    lr
        b       err_code

The byte changes just alter the check in the probe function to only check for GGG - it WILL mess up the usual FLV playback - so Youtube and Iplayer will not work.

This is a BODGE but it's a bit awkward fitting the full flv/ggg check into the 23 instructions allowed.

To restore normal playback just copy the original file back to the ATV2.
Reply
COOL!! an ARM hacker! Yeah!!

Quote:This is a BODGE but it's a bit awkward fitting the full flv/ggg check into the 23 instructions allowed.

Which is why my posted x86 patch just tests for a leading F or G ( or H - as a place holder). There are still plenty of additional conditionals to minimize misfires.

I do NOT know ARM assembly, so this is just an educated guess, but perhaps
Code:
ldr     r2, [r0,#4]
        ldrb    r3,[r2]
->       cmp     r3,'G'
->       beq     check_rest
->       cmp     r3,'F'
        beq     check_next
err_code:  mov     r0,0
        bx      lr
check_next:
        ldrb    r3,[r2,2]
        cmp     r3,'V'
        bne     err_code
check_rest:
        ldrb    r3,[r2,3]
Which would only mod 3 instructions and give "( (d[0] == 'G') || (d[0] == 'F' && d[2] == 'V') ) && ..." ?
Reply
Greetings to you to Smile

I've 'played' with ARM a bit over the years I must admit Wink

That sounds like a nice and easy way to do it - a check for Gxx and FxV as well as the usual 5, 0x8000000 and 0.

Code change is then
Code:
04 20 90 E5 00 30 D2 E5 46 00 53 E3 01 30 D2 05 4C 00 53 03 01 00 00 0A 00 00 A0 E3 1E FF 2F E1 02 30 D2 E5 56 00 53 E3 FA FF FF 1A 03 30 D2 E5 04 00 53 E3 F7 FF FF 8A 05 30 D2 E5 00 00 53 E3 F4 FF FF 1A 05 30 92 E5 33 3F BF E6 08 00 53 E3 64 00 A0 83 1E FF 2F 81 EE FF FF EA

to
Code:
04 20 90 E5 00 30 D2 E5 47 00 53 E3 05 00 00 0A 46 00 53 E3 02 30 D2 05 56 00 53 03 01 00 00 0A 00 00 A0 E3 1E FF 2F E1 00 F0 20 E3 03 30 D2 E5 04 00 53 E3 F9 FF FF 8A 05 30 D2 E5 00 00 53 E3 F6 FF FF 1A 05 30 92 E5 33 3F BF E6 08 00 53 E3 64 00 A0 83 1E FF 2F 81 F0 FF FF EA

That gets overwriten at address 0x1c284 onwards in the file.

Oh, and it works Smile - on both Flash and Veetle files.
Reply
Wink 
Here is a link to the modded version I've just uploaded to rapidshare.

I'm guessing I don't have attachment rights so if someone who does could download and attach here that would be nice. Smile

Download of modified ATV2 ARM file

Code change was a bit different as I freed up an instruction for future use.

Code:
;compare for Gxx as well as F?V
        ldr     r2, [r0,#4]            ; Get pointer to header
        ldrb    r3,[r2]                 ; get first byte
        cmp     r3,'G'                  ; check for .0 == 'G'
        beq     check_next              ; Pass  as Gxx checked
        cmp     r3,'F'                  ; check for .0== 'F'
        ldreqb  r3,[r2,2]               ; conditional load of byte .2
        cmpeq   r3,'V'                  ; conditional check .2=='V'
        beq     check_next              ; Matches F?V so check rest

err_code:                               ; If get here then return 0 to show error
        mov     r0,0                    ; return value = 0
        bx      lr

check_next:
        nop                             ; Just keep the padding right so we have to
        ldrb    r3,[r2,3]               ; change less bytes and we have a free space
        cmp     r3, 4                   ; for next mod required
        bhi     err_code                ;
        ldrb    r3, [r2,5]              ;
        cmp     r3, 0                   ;
        bne     err_code                ;
        ldr     r3, [r2,5]              ; 32 bit
        rev     r3,r3                   ; swap byte order so we can check high byte
        cmp     r3, 8                   ;
        movhi   r0, 0x64                ; all passed so return = 0x64
        bxhi    lr                      ;
        b       err_code                ;
Reply
An earlier edit of my post above also had a no-op, but then I opted to minimize patch size for our audience.

For my edification / education, would it have worked? i.e. change

46 00 53 e3 01 30 d2 05 4c 00 53 03
to
47 00 53 e3 06 00 00 0A 46 00 53 e3

In particular, is an ARM branch (PC+2)+displacement??


bitbotherer's patch of (I'm confused - Is ATV2 IOS or OSX??)
/Applications/XBMC.frappliance/XBMCData/XBMCHome/system/players/dvdplayer/avcodec-52-arm-osx.so
Reply
Does anyone know where the required file is stored on OpenElec? I'd like to try altering it but can not find the binary.

Thanks all

Edited: I think I found the file. libavformat.so.53

Now I am using HxD on my winxp system but can't locate the string I'm looking for using search. The ones posted here.

I have no idea what I'm doing but I am determined to learn!

Any ideas?
Reply
@plugh
Firstly - thanks for supplying the original fix for x86
1. Many thanks for uploading that and locally copying the file I put on RS.
2. The change you have suggested would have worked too and just as well. What I did was recompile the code I had been working on - it's a little thing you tend to do when working with uControllers in that every instruction/space is precious so you tend to minimize the instructions used, sometimes at the cost of readability. The code I used worked out at 1 instruction less - but used a few arm bits (conditional execution depending on test state - the instructions containing "eq" are executed if the previous test condition was passed).

This means instead of: read check, jump, read, check, jump, etc... you only have to make the one jump i.e. it would be read, check, read, check, jump....

But then I left the nop in to keep the same function length, if/when Veetle change again.

Jumps are relative in the Arm code - all the changes you detailed there would have worked and have the right values.

3. The file is for the Apple TV Gen 2 - so IOS.

It was a cut and paste of the hex values using HxD so I didn't worry too much about the length of the mod, guessing that people were going to want a modded file rather than do it themselves anyways Smile
Reply
(2012-09-06, 12:31)midiman Wrote: Now I am using HxD on my winxp system but can't locate the string I'm looking for using search. The ones posted here.

Any ideas?
(HxD does not have an x86 disassembler mode. Will be BIG help. Hex editors)

So you can't find either '80 38 46' or '80 3A 46'?

It's a bit more involved, as it may require more searching, but you can also look for '01 4c' and then check nearby for '46' preceding and '02 56' following. When you find that pattern, back up a couple bytes from the '46' (probably an '80') and disassemble at that point. You should see something similar to what I posted.
Reply
No fix yet eh? Is t0mm0 still maintaing this addon?
I DON'T DO CABLE.
Reply
(2012-09-06, 15:17)Pednick Wrote: No fix yet eh? Is t0mm0 still maintaing this addon?

Which fix are you after?

Plugh has the files for the pc version in one of his posts and about 4 posts above is the fixed file for Apple TV gen 2's. The openelec version will follow tonight I imagine Wink
Reply
(2012-09-06, 16:21)bitbotherer Wrote:
(2012-09-06, 15:17)Pednick Wrote: No fix yet eh? Is t0mm0 still maintaing this addon?

Which fix are you after?

Plugh has the files for the pc version in one of his posts and about 4 posts above is the fixed file for Apple TV gen 2's. The openelec version will follow tonight I imagine Wink

nm

I DON'T DO CABLE.
Reply
Any patch for OSX yet? The instructions on how to compile are in post #232, it just seems a bit over my head. Im sure there is someone capable in this forum who can compile for the OSX users. Thanks i advance
Reply
Not got a Linux ARM install here with me but this should be the fix for it - I used the libavformat.so.53.21.0 version for examination.

Search for:
Code:
04 30 90 E5 00 20 D3 E5 46 00 52 E3 01 00 00 0A 00 00 A0 E3 1E FF 2F E1 01 20 D3 E5 4C 00 52 E3 FA FF FF 1A 02 20 D3 E5 56 00 52 E3 F7 FF FF 1A 03 20 D3 E5 04 00 52 E3 F4 FF FF 8A 05 20 D3 E5 00 00 52 E3 0D 00 00 1A 07 10 D3 E5 06 00 D3 E5 08 20 D3 E5 01 18 A0 E1 00 34 81 E1 02 2C 83 E1 62 38 22 E0 23 34 A0 E1 FF 3C C3 E3 62 34 23 E0 08 00 53 E3 64 00 A0 83 00 00 A0 93 1E FF 2F E1 00 00 A0 E3 1E FF 2F E1

and replace with

Code:
04 30 90 E5 00 20 D3 E5 47 00 52 E3 07 00 00 0A 46 00 52 E3 19 00 00 1A 01 20 D3 E5 4C 00 52 E3 16 00 00 1A 02 20 D3 E5 56 00 52 E3 13 00 00 1A 03 20 D3 E5 04 00 52 E3 10 00 00 8A 05 20 D3 E5 00 00 52 E3 0D 00 00 1A 07 10 D3 E5 06 00 D3 E5 08 20 D3 E5 01 18 A0 E1 00 34 81 E1 02 2C 83 E1 62 38 22 E0 23 34 A0 E1 FF 3C C3 E3 62 34 23 E0 08 00 53 E3 64 00 A0 83 00 00 A0 93 1E FF 2F E1 00 00 A0 E3 1E FF 2F E1

And that 'should' change the flv check to one for FLV or Gxx.

Located about 0x30c60
Reply
(2012-09-06, 23:49)myteematt Wrote: Any patch for OSX yet? The instructions on how to compile are in post #232, it just seems a bit over my head. Im sure there is someone capable in this forum who can compile for the OSX users. Thanks i advance

If you upload the libavformat file somewhere I'll try and take a look.
Reply
  • 1
  • 17
  • 18
  • 19(current)
  • 20
  • 21
  • 31

Logout Mark Read Team Forum Stats Members Help
[RELEASE] veetle.com1