i don't really know what's the sense of your procedure, if the problem is the software, it appears almost clear it is so, with your action you did not fixed the wrong files but only the file system structure, this is why your tv is correctly booting, ok it's at least a result... but as i always suspected, the delicate parts tended to fail are the apps and smart area, them failed to save data due to line problems or whatsoever.. have you de installed and reinstalled those apps? DHCP what? too much acronyms.. DHCP is not a key.. it's a net parameter.. RPMB never heard, what is?

Everything is correct, half of the applications will not work, since there is a connection to the hardware (processor, eMMC) its ID, and you will not be able to read the RPMB section (you can only write it, this section with a programmer), since it is encrypted with a key, this key knows only its native processor...

RPMB

How it works in more detail:

If the Key is missing, then the device (processor) programs the key into the chip.
The key is generated from the processor SN and eMMC CID, and thus the key is different for different processors and different eMMCs. Further work occurs in the same mode as with a programmed key. The programmed key cannot be changed.

If the Key already exists, then, as a rule, the counter has a value greater than 0.
With a chip that already has a key (16 bytes), the device (processor) can only work through data encoded by the key (Key) and the recording counter (Counter).

Read mode: the device (processor) receives the counter value from the eMMC, requests to read the data (256 byte blocks), receives the counter and key encoded data, decrypts it using the stored key and counter value, checks the validity of the data.

Write mode: The device (processor) receives the counter value from the eMMC, encodes the data using the key and counter (256 byte blocks) and sends it to the chip. The chip decrypts them using the stored key and counter value and checks the validity of the data. If the data is valid, the block is written, and the value of the write counter (Counter) is increased by 1.
Thus, the value of the write counter (Counter) shows how many blocks of 256 bytes (or how many times) were written to the RPMB area.

Important:
1) when writing Firmware to eMMC, the internal NAND memory of the eMMC is reinitialized, erasing the key, counter and RPMB data
2) it is impossible to remove the key from RPMB or change the counter in any other way, except for increasing the counter value by writing data encoded with a valid key.

Hi lotas.
Thank you for your response.

What i am trying to work out is this.

The lifetime counter of the original eMMC has been exceeded, 90 to 100% (MLC) Which causes the TV to Boot Loop. the lifetime counter of the (SLC) is only 10 to 20%. When a dump or a clone copy of the original eMMC is taken the Boot 1, Boot 2. Userdata. is the RPMB master key, the one programmed in factory that allows the processor to acess the DRM data held in the RPMB partion included in the clone/dump ?. if not were does this information reside on the eMMC.
My logical thought is this.
After resetting the MLC lifetime back to 0 to 10% on the original eMMC and rewriting the original dump, as the RPMB partition is still in the original state after the reset, and assuming that the original factory generated HAS256 key is copied with the dump, this should be written back to the eMMC, thus in theory every thing should work.

Such an eMMC will not last long after resetting the life cycle, it may be enough for a few days..., it is better to change it to a new one, if the RPMB partition is not damaged, try updating the software via USB.

Tried that lotas many times but fails, i think it fails because of the eMMC lifetime exceeded, i have done a few of the Sony's with the dying / dead eMMC's but fail to get Neflix and chromecast to work

t's more likely that the programmer itself does not correctly read this encrypted section (does not understand its encoding), and what it read and wrote down, you yourself tried to see this section in the hex editor that the programmer read.

I have the UFI and RT809H Programmers, to be honest i have not looked at the HEX of the dump, not sure how to read the buffer, I'm still leaning my way round lotas, so appologies if i seem to be making no sense at all

Standing on what Lotas says, programmer cannot read that key partition.. so what you will have is an empty rpmb partition, but Lotas also said that would make cpu write newly the key, if counter is not in the rpmb area there would not be a problem but probably it is.. what i have not understood, what is the host? An internet host? The app provider?? If yes there would be the possibility to contact that provider and ask to restart the counter due to tv restoration?

PontyPc, have you resetted the BBT, bad block table, before the rewrite? The BBT is stored in the dump so it cannot be restored onto the emmc..

Hi Davi
Sony are no help at all with this issue, their response is replace the main board at a huge cost of over £600 in most cases more than the TV is worth, the easy and cheaper option is to connect a firestick to the TV to restore netflix and casting, but that defeats the issue. A perfectly good TV in some cases going to landfill because of a software / firmware issue. It's my view Sony know of this issue and should make a fix available. i know some people have managed to get round this issue and are able to fix 100%.

I was not speaking about Sony, i was speaking of for example Netflix company.. anyway i have few experiences in the softwares fix.. for what i have read here today and few other times, the problem with some programmers is that them reads the memory in pieces or partitions, my doubt is why rt809h presents always the same 3 partitions when usually a tv has more than three? isn't there any "raw" read mode? is it limited by the emmc interface?? I have seen only rt809 interfaces.. it has something about bbt resetting, it's not easy nor clear, users forum is in chinese, some useful videos are there, but.. uff.. what a stress.. for me a way of modifying a problematic memory is to work on dump by mounting it under linux on a pc, making the corrections to the file system and then loading it to the erased emmc or a new one.. emmc are not intended only for smart tv, so is not really probable for me that it is not truly readable, maybe the limit of tv oriented programmers is that them reads the entity "partition" as how them are readable knowing its file system, but anything out of linux and fat partitions maybe are ignored??!! who knows?....

*Staff note: forum ignored my post editing two times.. and also in the message list i see last message is by another user but its mine and also appears my icon..

Yes, the site is running late...

Hi how do we find the corrupted part on a emmc ?
The Rt809h reads emmc in a different way so any dump from that won't work in other programmers

You can actually remove RPMB key on a emmc and program a new key if you know a new key which will reset the counter