View Full Version : What can i do with this?????
dutchmatrix
23-07-2009, 08:25 PM
I managed to extract the compressed romfs from the latest firmware and mounted it in ubuntu.
But now i need the clever ones here...what can i do with it???????
Is it usefull to make my own firmware.....or is this a dead end.
this is how I did it.
dd if=patch.bin of=patch.out bs=1 skip=56
mount -o loop, ro ./patch.out /mnt
kanber_kav
23-07-2009, 11:46 PM
dd if=patch.bin of=patch.out bs=1 skip=56
mount -o loop ./patch.out /mnt
ok mount
..thanks friend
satstarter
24-07-2009, 03:35 AM
I think it's a dead end
because you have no source of anything and what you now have
is the same things you see on the box :redface:
dutchmatrix
24-07-2009, 06:26 AM
Almost its the same.
But what about the flash.bin, haven't seen it on the box?
The differences between whats on the box and whats in here are the interesting parts.
Think i will do a directory diff to get al the changes, and also between the latest 2 firmwares, becuase this one looks internally like 2371.
After all this is why i bought this box, to play with it, watching tv is so boring... ;-)
dutchmatrix
24-07-2009, 11:00 AM
in previous post flash.bin should be loader.bin
Some information i retrieved from loader.bin
XENV structure size: 0x000006a8
Stored SHA1 signature: 8b d7 0f 54 9b 7b 13 9c 7b a9 79 23 ce 67 94 9d 09 6a 9b ea
Calculated SHA1 signature: 8b d7 0f 54 9b 7b 13 9c 7b a9 79 23 ce 67 94 9d 09 6a 9b ea
Print the XENV records ([y]/n)? y
Stored XENV records:
[01] a.avclk_mux = 0x00000000
[02] a.board_id = "852-E2"
[03] a.cd2_freq = 0x05b8d800
[04] a.cd4_freq = 0x01fca055
[05] a.cd5_freq = 0x017d7840
[06] a.cd6_freq = 0x01312d00
[07] a.cd7_freq = 0x01312d00
[08] a.chip_rev = 0x86340086
[09] a.enable_devices = 0x00021ace
[10] a.gpio_data = 0x76000000
[11] a.gpio_dir = 0x76000038
[12] a.gpio_irq_map = 0x20090820
[13] a.hostclk_mux = 0x00000100
[14] a.irq_fall_edge_hi = 0x00000000
[15] a.irq_fall_edge_lo = 0x0000c000
[16] a.irq_rise_edge_hi = 0x0000009f
[17] a.irq_rise_edge_lo = 0xff28ca00
[18] a.linux_cmd = "mem=108m console=ttyS0,115200"
[19] a.pb_cs_config = 0x000e0040
[20] a.pb_def_timing = 0x10101010
[21] a.pb_timing0 = 0x10101010
[22] a.pb_timing1 = 0x00110101
[23] a.pb_timing2 = 0x105f1010
[24] a.pb_use_timing0 = 0x000003f4
[25] a.pb_use_timing1 = 0x000003f3
[26] a.pb_use_timing2 = 0x000003f8
[27] a.pcidev1_irq_route = 0x01010101
[28] a.pcidev2_irq_route = 0x01010101
[29] a.pcidev3_irq_route = 0x02020202
[30] a.pcidev4_irq_route = 0x02020202
[31] a.scard_5v_pin = 0x00000001
[32] a.scard_cmd_pin = 0x00000002
[33] a.scard_off_pin = 0x00000000
[34] a.uart0_baudrate = 0x0001c200
[35] a.uart0_gpio_data = 0x00000000
[36] a.uart0_gpio_dir = 0x00000000
[37] a.uart0_gpio_mode = 0x00007f6e
[38] a.uart1_baudrate = 0x00002580
[39] a.uart1_gpio_data = 0x00000000
[40] a.uart1_gpio_dir = 0x00000000
[41] a.uart1_gpio_mode = 0x00007f6e
[42] a.uart_console_port = 0x00000000
[43] a.uart_used_ports = 0x00000002
[44] l.cs0_size = 0x00000000
[45] l.cs1_size = 0x00000000
[46] l.cs2_part1_offset = 0x00000000
[47] l.cs2_part1_size = 0x00020000
[48] l.cs2_part2_offset = 0x00020000
[49] l.cs2_part2_size = 0x00020000
[50] l.cs2_part3_offset = 0x00040000
[51] l.cs2_part3_size = 0x00040000
[52] l.cs2_part4_offset = 0x00080000
[53] l.cs2_part4_size = 0x00680000
[54] l.cs2_part5_offset = 0x00700000
[55] l.cs2_part5_size = 0x00100000
[56] l.cs2_parts = 0x00000005
[57] l.cs2_size = 0x00800000
[58] l.cs3_size = 0x00000000
[59] x.boot = 0x00020000
[60] x.csf = 0x00000002
[61] x.d0.cfg = 0xf34111ba
[62] x.d0.dl0 = 0x000a4444
[63] x.d1.cfg = 0xf34111ba
[64] x.d1.dl0 = 0x000a4444
[65] x.ds = 0x00020080
[66] x.dt = 0x00000001
[67] x.mux = 0x00000701
[68] x.pll3 = 0x01020057
[69] y.gateway = "10.0.1.1"
[70] y.ipaddr = "10.0.1.199"
[71] y.start = "xrpc 0xac080090; load zbf 0xb3000000; go"
[72] y.startdelay = "1"
[73] y.subnetmask = "255.255.0.0"
[74] z.boot0 = 0x00040000
[75] z.boot1 = 0x00080000
[76] z.boot2 = 0x00040000
[77] z.boot3 = 0x00080000
[78] a.eth_mac = "00:02:14:13:C7:B0"
[79] a.build_date = "TD210:20090123"
kanber_kav
24-07-2009, 01:15 PM
how to create nfsroot ?
_http://forum.azbox.to/wbb3/index.php?page=Thread&postID=1205&highlight=audios#post1205
dutchmatrix
24-07-2009, 02:23 PM
Can this be interesting:
[69] y.gateway = "10.0.1.1"
[70] y.ipaddr = "10.0.1.199"
It looks like it sets the ip-adress to 10.0.1.199 while flashing.
What would happen if we connected it to in internal network in the same range?
Damn im at work right now, cann't try it.
[71] y.start = "xrpc 0xac080090; load zbf 0xb3000000; go"
this looks like offsets in the loader.bin
Im going to investigate those sections
kanber_kav
24-07-2009, 02:33 PM
nochmal aus loader.bin
Quote
a.linux_cmd."mem=108m console=ttyS0,115200"
Wenn man eine serielle Schnittstelle an der azbox hinbekommt, sollte man schonmal ein paar hilfreiche bootmeldungen sehen können.
Hat jemand mal was mit der serielen verbindung hinbekommen?
Hier sollte man per NFS booten können mit:
Quote
1
setxenv a.linux_cmd "console=ttyS0 root=/dev/nfs nfsroot=(nfs_server_ip):/some/dir/nfsroot ip=(my_ip_addr):(server_ip_addr): (gateway):(netmask):(hostname)"
_http://blog.chinaunix.net/u2/62451/showart_1193078.html
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.