Volvo DMS patch fails

[heinrichnak]

Tried the patched patch, but no luck yet.

patch.log:

Code Select Expand


PhatPatch v0.6 - original code by bushing, additional patches by sbingner
Verifying:
Patch 1 @ 0d90: make drive signature check always succeed: [bne verify_sig_failed -> bne PC+1]
Expected: 0000 1a00    Actual: 0033 1a00
Unverified!
Patch 2 @ 0dc4: make rc.sh signature check always succeed: [bne verify_sig_failed -> bne PC+1]
Expected: 0000 1a00    Actual: 0026 1a00
Unverified!
Patch 3 @ 0df8: make phatd signature check always succeed: [bne verify_sig_failed -> bne PC+1]
Expected: 0000 1a00    Actual: 0019 1a00
Unverified!
Patch 4 @ 0e2c: make linux signature check always succeed: [bne verify_sig_failed -> bne PC+1]
Expected: 0000 1a00    Actual: 000c 1a00
Unverified!
Patch 5 @ 051c: make ramdisk invalid signature return 0 instead of 0xFFFFFFFF: [movlne r0, 0xFFFFFFFF -> movlne r0, #0]
Expected: 0000 13a0    Actual: 0000 13e0
Unverified!
Patch 6 @ 0e58: make ramdisk signature check verify 0 instead of 1: [cmp r0, #1 -> cmp r0, #0]
Expected: 0000 e350    Actual: 0001 e350
Unverified!
Patch 7 @ 0520: make ramdisk valid signature return 0 instead of 1: [moveq r0, #1 -> moveq r0, #0]
Expected: 0000 03a0    Actual: 0001 03a0
Unverified!
Patch 8 @ 04f4: don't try to read ramdisk.sig (boot without any .sig files): [bl sector_read_suzy -> bl PC+1]
Expected: 0000 eb00    Actual: 02e0 eb00
Unverified!
Patch 9 @ 0460: don't try to read linux.sig (boot without any .sig files): [bl sector_read_suzy -> bl PC+1]
Expected: 0000 eb00    Actual: 0305 eb00
Unverified!
/dos/backup/patch.sh: cannot create /dos: Is a directory
PhatPatch v0.6 - origin                                                                                                                                                                                                                                                                                                                                                                                                                          


There seems to be a problem with /dos. I'll look into that.

There's no a PatchWrite.log, but there is a PatchVerify.log:

Code Select Expand


Starting Patch Process
PhatPatch v0.6 - original code by bushing, additional patches by sbingner
Verifying:
Patch 1 @ 0d90: make drive signature check always succeed: [bne verify_sig_failed -> bne PC+1]
Expected: 0000 1a00    Actual: 0033 1a00
Unverified!
Patch 2 @ 0dc4: make rc.sh signature check always succeed: [bne verify_sig_failed -> bne PC+1]
Expected: 0000 1a00    Actual: 0026 1a00
Unverified!
Patch 3 @ 0df8: make phatd signature check always succeed: [bne verify_sig_failed -> bne PC+1]
Expected: 0000 1a00    Actual: 0019 1a00
Unverified!
Patch 4 @ 0e2c: make linux signature check always succeed: [bne verify_sig_failed -> bne PC+1]
Expected: 0000 1a00    Actual: 000c 1a00
Unverified!
Patch 5 @ 051c: make ramdisk invalid signature return 0 instead of 0xFFFFFFFF: [movlne r0, 0xFFFFFFFF -> movlne r0, #0]
Expected: 0000 13a0    Actual: 0000 13e0
Unverified!
Patch 6 @ 0e58: make ramdisk signature check verify 0 instead of 1: [cmp r0, #1 -> cmp r0, #0]
Expected: 0000 e350    Actual: 0001 e350
Unverified!
Patch 7 @ 0520: make ramdisk valid signature return 0 instead of 1: [moveq r0, #1 -> moveq r0, #0]
Expected: 0000 03a0    Actual: 0001 03a0
Unverified!
Patch 8 @ 04f4: don't try to read ramdisk.sig (boot without any .sig files): [bl sector_read_suzy -> bl PC+1]
Expected: 0000 eb00    Actual: 02e0 eb00
Unverified!
Patch 9 @ 0460: don't try to read linux.sig (boot without any .sig files): [bl sector_read_suzy -> bl PC+1]
Expected: 0000 eb00    Actual: 0305 eb00
Unverified!


Looks like phatpatch didn't find the right code...

[sbingner]

That's strange -- do you have from where it tried to patch?  Expected won't have all 00's on the left in that on

[sbingner]

Looking closer, looks like all my offsets are right -- but it didn't patch it for some reason, possibly the unlock codes didn't work... can you post the whole log?

[heinrichnak]

Here you go:

http://heinrichnak.tripod.com/patch_logs.zip

                                                                                                                                                                                                                                                                                                   

[sbingner]

That's strange - it never TRIED to patch, all it's doing is try to verify it over and over again....  make sure patch.sh calls it as "phatpatch patch" or "phatpatch p" although if it's called without an option it should say "invalid option"

Sam

[sbingner]

You'll be able to tell when it actually tried to patch because you will get something similar to the following:

Code Select Expand

first 2 words of flash=%04x %04x
testing offsets 0x555 and 0x2aa
writing auto-id command (AA, 55, 90)

[heinrichnak]

My patch.sh (it's from the patch cd ISO):

Code Select Expand


#!/bin/sh
# Scripts created for www.phathack.com
#
# Copyright 2005 Jud Barron jud.barron@gmail.com
#
# Released under the GPL: http://www.gnu.org/licenses/licenses.html
#
#
# This script will patch your music keg or phatbox firmware to allow
#  any hard drive to be used provided it has been properly prepared.
# Proper preperation of a DMS drive includes having the first 1 megabyte
#  of the drive copied from an working phatnoise original DMS.
#
# The first partition must start AFTER the first 1 megabyte of the drive
#  so that the signature area is undisturbed.  Also an MSDOS boot sector
#  must be present on the drive.

/bin/dd if=/dev/hda of=/dos/backup/drive-sig-1mb.bin bs=512 count=2048

/dos/hdparm -q > /dos/backup/dms-serialnumber.txt

echo Starting Patch Process > /dos/log/PatchVerify.log
/dos/backup/phatpatch v >> /dos/log/PatchVerify.log 2>&1

while ! /dos/backup/phatpatch v;
do
       /dos/backup/phatpatch p >> /dos/log/PatchWrite.log 2>&1
       sleep 2
done

/dos/nmp3 /dos/backup/patchcomplete.mp3

/dos/backup/phatpatch v >> /dos/log/PatchVerify.log 2>&1

/bin/dmesg > /dos/log/dmesg.log


[sbingner]

Your problem (strangely) is here:

Code Select Expand

       /dos/backup/phatpatch p >> /dos/log/PatchWrite.log 2>&1

try changing it to:

Code Select Expand

       /dos/backup/phatpatch p >> /dos/backup/PatchWrite.log 2>&1
or, if that doesn't work

Code Select Expand

       /dos/backup/phatpatch p

It seems like it's probably some sort of issue with a null character or something else strange in patch.sh since it worked for the verify output, are you sure you didn't do anything that could have modified or 'translated' patch.sh?

[sbingner]

Oh yes, be careful what you use to edit it... I reccomend getting a copy of WinVI http://www.winvi.de/en/ ( http://www.winvi.de/winvi32.zip ) to do it, that way you won't introduce any other strange formatting problems

[heinrichnak]

I really wonder how this could have happened (I mean the option "v" instead of "p", and the log location).
Again, I'm not with the car. I'll let you know the results later...

Thanks for the editor tip (I 've used SimpleText for these sort of jobs)!

[sbingner]

It's nothing wrong with the options or the location, it's just not running for some reason

Thats where the "/dos" error is coming from

[sbingner]

did you ever get this working?

[heinrichnak]

Still didn't get the chance to try it. It's not my car and the owner is out a lot. Sorry to let you wait...

[heinrichnak]

Whoohoooo! Spoke to the owner today, and he told me he was hearing a woman's voice from his radio saying that the hack is succesful. Payed him a visit, and completed the DMS swap (replaced the 20 GB by a 80 GB Toshiba drive), and all is fine now!

Thanks a lot for all your help. Volvo branded Phatbox can be added to your list.

[sbingner]

I'll try to put the support for this into a single binary with detection of the two flashes this evening...  thanks for the feedback