About 7 years ago, I wrote this post and at the very end I said:

Jun 01, 2017  Windows harman kardon avr 1700 software update context menu extension to include commands for file comparison. With right harman kardon avr 1700 software update on a file or two harman kardon avr 1700 software update starts. Harman Kardon AVR 1700 software update help - AVS. 2 When the screen changes.

I’ll hold of on the firmware update, if I dont encounter an issue, I’ll leave it alone.

Well I have finally found an issue! How exciting yes?

I recently purchased a (used) PS4, for the “soul” purpose of playing Bloodborne. But Mike, isn’t that really weird to get a PS4 for one game?

No, and maybe that could be a completely different article if I ever decide to update on a regular basis. I really like the “Soulsborne” games. A good friend of mine introduced me to Dark Souls a while ago, and I have not stopped enjoying this series since.

So yeah, it was worth it.

Here was the issue: HDMI audio would drop off if the receiver felt there wasn’t any incoming input.

However, there was incoming input. During gameplay, I would sit there quietly waiting for a good opportunity to attack. All of a sudden, the speakers would shut off and I would be “deaf” in game. This was creating a serious immersion issue, so I found the thread on avs-forums.com that discussed this issue, and where to get the firmware.

Before I go into the steps required, lets think back on a time when our home consumer electronics were not part of the internet. The great IoT has some pros and cons. The con’s are vendors like Samsung injecting Ads after a new TV software update. Or, when Sony’s smart tv traffic was routing through their servers instead of directly to Netflix or Amazon. Lets not forget the large scale DDoS to DynaDNS due to insecure IoT security cameras.

The pro is, they update as long as the vendor wants to support them.

This great receiver was made 7 whole years ago, when your receiver was not part of the internet. This system has a good ol RS-232 port for maintenance. It even has a maintenance mode button on the back you have to press and de-press 10 times during an update.

It also, and please brace yourselves, required a SPECIFIC USB to RS-232 adapter and Windows 2000 or XP.

The USB to Serial I get, because updating firmware should be carefully controller, and they only have so much they can support from 3rd parties.

The difficult part was getting a hold of XP. 7 years ago that might not have been so hard, but XP is EOL. I had to ask my buddies at Bay Photo (because the photo software industry lags behind as much as this firmware update does) for an ISO or even a VM Image.

So, the first task was creating an XP VM in virtualbox. I had access to an ISO, and thankfully I could perform this task with a 30 day trail and no updates.

Creating an XP VM is pretty trivial. I was almost a walk down memory lane when I say those classic “you’re almost ready!” installation messages:

After the VM was finished with its first boot, and I had the correct adapter ordered from Amazon, I configured the VM to pass the usb device through to the VM.

Then, I installed the drivers for the usb adapter, and ran the check utility

Download ezx2 keygen. I had to enlist the help of Caralyn while I sat behind the entertainment center. The USB to Serial cable was short, and the instructions cycle between two steps:

1. Placing the receicver in Maintenance Mode, which is a toggle push button on the back, next to the serial port, and pushing the standby button on the front.
2. Click next on the software to upload the firmware
3. After the upload is complete, you have to take the receiver out of standby, pressing the power button on the front again.

We did this about 10 times I think. So, I would wait for the update utility to finish the upload and then I would ask Caralyne to turn the receiver back on and then off when it was done.

I took a few screen shots, and Caralyne took pictures with her phone. I wanted to know what was going on, so I would ask her to take a photo when the state had changed.

Here are the screenshots I remebered to take. Please note how many steps there are, after you select the firmware files, and which serial device to use, its about 8 additional steps. Each one will have you upload new firmware and power-cycle. It is tedious, and there are stories out there of it failing mid way.

I had no issues, everything worked as expected, so I hope others can use the same resources I have listed below in the event this still is a thing.

Here are the screenshots up the update utility:

Results

Did it solve my issue?

YES! I am able to play the PS4 without any audio disruptions.

Have I noticed any other issues?

YES… The volume button on the remote does not work. Other fucntions and buttons on the remote work just fine, like getting into the menu and switching inputs, but the volume is a no go. Really funny, I have to walk over and adjust it manually.

Since this device is EoL, and I got the last firmware update ever, I won’t see a fix for my volume button.

That was my biggest concern with updating firmware unless you know you have a problem. There is no telling what you might introduce :)

Resources

• Startec USB to Serial cable
  • Working cable, I used this as a pass through usb device to the XP vm. The drivers come with a validation tool as well, very handy.
• AVR 254 - Software Version V0.98.3.1
  • I’ve mirrored the v0.98.3.1 update here, in case it goes away eventually
• Windows XP SP2
  • You’ll have to find a XP cd image or VM image, I can’t distribute that

A moderated community dedicated to all things reverse engineering.STICKIED THREADS.(or, 'why are there all of these papers about theoretical computer science and mathematics?' )QUESTIONS POLICYIf you have a question about how to use a reverse engineering tool, or what types of tools might be applicable to your project, or your question is specific to some particular target, ask it on the. Apart from that, self-posts severely degraded the quality of this subreddit when they were enabled, so they have been disabled in favor of a biweekly questions thread which is posted automatically by a robot (the latest of which is in the list of stickied threads above).SUBMISSION, COMMENTING, AND VOTINGWhen feasible, post direct links to content. Blogs and websites that re-host or merely link to content that was originally available on another site, and remains available on its original site, are not allowed.

Domains that do not produce original content of their own and only exist to re-host content will be banned on the grounds of being spam.If it's a non-HTML link (e.g., a PDF), please tag it (e.g., put PDF at the end of the title). Similarly for videos, please tag them with VIDEO. Don't post it if it's irrelevant or has no content: we have technical standards and might remove these posts.Please vote for no reason other than quality of content. When commenting, please discuss content and not presentation.

This is a technical community, so pointing out technical flaws is certainly within the realm of discourse, but please try not to be an asshole when you do. Imagine yourself speaking your comment in a public place to the person's face when you write it. It would be tragic if needlessly negative commentary discouraged participation in the already-microscopic world of reverse engineering. If the point of your comment is to put down someone else so as to demonstrate your superiority, please delete it without posting it, and then make an appointment with a psychotherapist regarding your inferiority complex.The legality of reverse engineering is a miasmic subject compounded by differing laws in differing jurisdictions. For basic legal information (not 'legal advice') surrounding reverse engineering in the United States, see the on the subject.

None of the moderators are trained lawyers, so please use your best discretion when submitting, and we shall do the same while moderating. Subjects such as stolen source code and pirated software are never acceptable and will always be removed. Please instead post these links to (not affiliated with or endorsed by the moderators of ).RELATED RESOURCES. sister subreddit for non-technical submissions and discussion. sister subreddit for mathematics related to program analysis. ##re on FreeNode IRC.

I'm trying to extract firmware for the Harman Kardon AVR 1700, with the eventual goal of modifying it but mostly just for fun. (This is a networked receiver and it has a remote app that can be used to control the device. Unfortunately, it's horribly unreliable, and I'd much prefer to get shell access to the device and write some basic software to be able to control it remotely from my computer.)There's a firmware update available (EU version is numbered 170 but otherwise identical), which I installed recently. This is a fairly small file (3MB unpacked), so I'm not sure whether it contains the full firmware or I'm just not used to the small size of embedded OS's. A file system?

Not where we're going!Browsing around using, looks like the image contains:. 0x000000 6kB bootloader. 0x010000 62kB main image. 0x100000 small mystery data section. 0x110000 large mystery data section. 0x200000 another small data section - looks kind of like image data?Opening the thing up and taking some nice photos of PCBs + chip part numbers will result in datasheets for whatever microprocessor + storage are on the device, and make reversing much easier. You could identify some things with just an image (bootloader has status print function at 0x63D4, main image printf at 0x56944) but why do it the time consuming way:).

Thanks for the suggestions! Hadn't run into bz before, looks useful. I'm obviously a bit out of my depth here. Would you mind explaining why knowing the microprocessor/storage would make it easier to identify/extract whatever is in the mystery data sections? As in, why would they affect the format?Also, how did you identify 0x63D4 and 0x56944 as print functions?

Looking at 0x63D4 I certainly agree it looks like a little loop to copy a null-terminated string off somewhere. 0x56944 appears to deal with varargs but is too short to actually do any printing (looks like it just increments the stack pointer by 12 bytes).Thanks for the help!. Part numbers to identify what exactly all the memory mapped peripheral stuff is; those are your libraries and syscalls. General component layout, too, to figure out what external components it's talking to via those libraries/syscalls.

If you want to do fun stuff to the device beyond editing strings/pictures, you'll need 'em.On closer look it looks like covers everything needed for the STM32 F4 line. Seems to at least partially match the firmware, so I guess the part number isn't too important. 3MB is a bit much for internal storage on an STM32, some of the firmware upgrade image probably gets written to something external. Hm, find comms interface used to do so, walk up to read/write code, then get lost in whatever the image/audio routines are? At a glance, code doesn't seem to be using the SPI registers, but is doing some bitbanging with unrolled nop-loops around 0x805674A. Ehh, this looks time consuming, fully reversing the boot process (especially communication with external stuff) may be a better first step. I wonder if there's a static standard library for this part's peripherals?The print functions were purely due to string arguments.

Huh - that printf is a bit weird. Implementation #ifdef'd out, but arguments got left in?. Hp pavilion g6 keyboard drivers for mac free. Does the demo work if you blindly throw the firmware in an ELF via something like the below command? Objcopy -B arm -I binary -O elf32-littlearm -adjust-vma $((0x08000000)) -strip-all -rename-section.data=.text,contents,alloc,load,readonly,code 'AVR170USB(V0305A).fw' AVR170.elfIf you get processor options when loading it in the IDA demo, choose cortex-m.The first 32bit value (at 0x08000000) is the initial SP, followed by a whole heap of 32bit exception vectors, the last being at +0x180.

If you follow the reset exception (@0x08000004 - value of 0x0800d0c9) and turn it into code (press c on 0x0800d0c8 - LSBit is set in the exception vector table because it's thumb code.) it should give you a starting point.From a very brief look, that code is just for the USB-firmware-upgrade stuff, and it later loads an exception vector table/etc for the main app from 0x08010000 (so you want to do similar with that table). I noticed the padding to 3MB too. Based on extrwi's post above noting the STM32 string, I figured it was likely a, although nothing in that series of chips has higher than 2MB flash or 256kB RAM.Any thoughts on where this thing might be hiding a filesystem? It has a web interface (running GoAhead web server), but I can't find any trace of the associated files in the firmware (at least, nothing that shows up in strings, and as I mentioned in OP binwalk finds no signatures for compressed files either).