Author Topic: Windows based DMS / Phatbox Hack (HackCD replacement thread)  (Read 121258 times)

0 Members and 1 Guest are viewing this topic.

Offline beckfield

  • A few posts under my belt.
  • *
  • Posts: 35
  • PhatHacker
Re: Windows based HackCD replacement thread!
« Reply #20 on: January 24, 2007, 12:56:14 am »
Okay, here's what I found out:

Diskpart is apparently not included with Win2k Pro.  It is part of the Windows Resource Kit.  I downloaded diskpart from Microsoft and installed it.  It installed to C:\Program Files\Resource Kit.

Me being the crafty little bugger that I am, I copied diskpart.exe to C:\WINNT\System 32.

I had not extracted your kit to C:\dmsutils, so I moved it there.  Ran backupdms.bat from the Command prompt (which I HAD done before), and it worked perfectly.  

A couple of questions:

1. Can I assume that this backup is a complete backup of a "pristine" DMS?  I don't intend to test this, but if my original DMS tangled with a big huge magnet and got completely erased, this backup can be used to rebuild it (sans music, of course)?

2. So I understand that your process actually irrevocably modifies the firmware on the Phatbox, is that correct?  I haven't found a post yet that tells me exactly what is changed in the firmware, or if I have found it, I didn't get that particular piece from it.  Can you point me to it?

Thanks for your help,
Ken

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: Windows based HackCD replacement thread!
« Reply #21 on: January 24, 2007, 01:37:19 am »
I don't know if there is a specific post that shows you exactly what is changed, but the source code to the flash program utility called phathack is available on sam's download site at downloads.phathack.com if you want to look at it.

Yes it is a non reversible change, at least for us, because currently we can only flip specific bits to disable checks, we are not writing the whole flash image again due to issues with the box crashing when we write data to flash.  We haven't figured out exactly WHY it locks up but this process we settled on works pretty darn well.. some people have to run the hack script (the one on the dms by restarting the phatbox twice) to make sure it is all patched up.. but thats what the patchverify.log is for in the log folder on the phatsys partition.  

I think a quick summary is it changes the check in the flash based boot loader code to issue a positive pass of:
phatnoise encryption key check (on the hidden area of the first 1 meg of the physical disk, not in a partition)
checks for the ramdisk.sig / ramdisk file matching
checks for the linux / linux.sig matching
etc  most of the files in phtsys that have .sig are checked by the bootloader and we patched it to always pass those checks.

Offline sbingner

  • Administrator
  • Veteran.
  • *****
  • Posts: 1301
Re: Windows based HackCD replacement thread!
« Reply #22 on: January 24, 2007, 09:42:11 am »
Quote
2. So I understand that your process actually irrevocably modifies the firmware on the Phatbox, is that correct?  I haven't found a post yet that tells me exactly what is changed in the firmware, or if I have found it, I didn't get that particular piece from it.  Can you point me to it?

from my source code (http://downloads.phathack.com/sbingner/phatpatch-0.5.c):
Code: [Select]
struct patch_struct patches[] = {
  {"make drive signature check always succeed: [bne verify_sig_failed -> bne PC+1]",
   0x0BB8, 0x0033, 0x1A00, 0x0000, 0x1A00},
  {"make rc.sh signature check always succeed: [bne verify_sig_failed -> bne PC+1]",
   0x0BEC, 0x0026, 0x1A00, 0x0000, 0x1A00},
  {"make phatd signature check always succeed: [bne verify_sig_failed -> bne PC+1]",
   0x0C20, 0x0019, 0x1A00, 0x0000, 0x1A00},
  {"make linux signature check always succeed: [bne verify_sig_failed -> bne PC+1]",
   0x0C54, 0x000C, 0x1A00, 0x0000, 0x1A00},
  {"make ramdisk invalid signature return 0 instead of 0xFFFFFFFF: [movlne r0, 0xFFFFFFFF -> movlne r0, #0]",
   0x0354, 0x0000, 0x13E0, 0x0000, 0x13A0},
  {"make ramdisk signature check verify 0 instead of 1: [cmp r0, #1 -> cmp r0, #0]",
   0x0C80, 0x0001, 0xE350, 0x0000, 0xE350},
  {"make ramdisk valid signature return 0 instead of 1: [moveq r0, #1 -> moveq r0, #0]",
   0x0358, 0x0001, 0x03A0, 0x0000, 0x03A0}
};

That shows exactly what is changed if you understand it...  it is, as judb said, for all intents and purposes irreversible, but it is innately benign.  I personally could reprogram a chip back to factory settings but it would not be fun since it would be constantly locking up on me as I did it.   I did this once because I executed a chip erase on my chip to attempt my original programming and had to put everything back on.

« Last Edit: January 24, 2007, 09:42:34 am by sbingner »

Offline beckfield

  • A few posts under my belt.
  • *
  • Posts: 35
  • PhatHacker
Re: Windows based HackCD replacement thread!
« Reply #23 on: January 24, 2007, 06:04:07 pm »
Thanks, sbingner.

The code is beyond me, but the explanation offered by you and judb was clear.

Would a future firmware update from Phatnoise undo all this?

Offline gorgon5

  • Newbie
  • Posts: 4
Re: Windows based HackCD replacement thread!
« Reply #24 on: February 04, 2007, 02:53:54 am »
How are we supposed to run the Flash Bootloader Patch? The script is not changing my playlists and after running DMShack it just plays music.

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: Windows based HackCD replacement thread!
« Reply #25 on: February 04, 2007, 03:57:50 pm »
it should be using the startup sound entry in the profiles.ini on the phtdta partition under the profiles directory.  we swap out that file with a standard hack profile.ini


Offline thematrixz

  • Newbie
  • Posts: 0
  • PhatHacker
Re: Windows based HackCD replacement thread!
« Reply #26 on: February 12, 2007, 06:55:16 pm »
Sorry for this newbie question, but since the original HackCD scripts and images are no longer valid, I'm a bit lost.

Should I run these procedure in order listed:

1. backupdms.bat - Does a Backup of your DMS prior to running a hack or building a new DMS.
2. DMShack.bat - applies the hack files to your original phatnoise DMS.  Only good for a working drive.
3. patchclean.bat - removes the hack files from your original DMS and returns it to normal.
4. DMSfilecopy.bat - run after you do a patchclean.bat if you want to put some updated tools and kernel on your drive.  also works on hacked DMS drives.


I have a feeling that I should run DMShack.bat on the orginal DMS before runing BackupDMS.bat

Would some guru here write up a simple doc please.  And sorry if it's available somewhere already, I've searched but didn't find anything.

Thanks

Tan


Offline sbingner

  • Administrator
  • Veteran.
  • *****
  • Posts: 1301
Re: Windows based HackCD replacement thread!
« Reply #27 on: February 13, 2007, 06:55:54 am »
You should run it in the order listed, which is why it is listed in that order

Offline S80_UK

  • Global Moderator
  • Veteran.
  • *****
  • Posts: 392
  • Volvo S80 D5 with VW Phatbox
    • Volvo Phatbox Installation
Re: Windows based HackCD replacement thread!
« Reply #28 on: February 13, 2007, 09:16:22 am »
I have a feeling that I should run DMShack.bat on the orginal DMS before runing BackupDMS.bat

Why would you want to do that? The purpose in taking a backup is to protect you in case something goes wrong.  If you run the DMShack first, then changes will be made to the DMS and you won't have a backup available if you should need it.

Offline thematrixz

  • Newbie
  • Posts: 0
  • PhatHacker
Re: Windows based HackCD replacement thread!
« Reply #29 on: February 13, 2007, 12:05:54 pm »
Why would you want to do that? The purpose in taking a backup is to protect you in case something goes wrong.  If you run the DMShack first, then changes will be made to the DMS and you won't have a backup available if you should need it.

The reason why I thought DMShack should be run before backup is that it'll put some sort of modified sig on the original drive then run Backup to save it to the PC before transferring to the new drive.


Again, I wish someone would write a simple instruction sheet that lists the steps in order. I'll do that if I can get this working.

Thanks for the tips.

Tan

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: Windows based HackCD replacement thread!
« Reply #30 on: February 13, 2007, 02:09:34 pm »
Actually, the backupdms script is really not needed but there for safety purposes if someone feels overly worried.

The dmshack script makes copies of every file into the backup folder on phtsys before it copies the modified files in place so there are no changes that are not quickly recovered with the patchclean batch file.  I thought it was laid out pretty simply in my original posts about what scripts do what things.

You run dmshack to hack the DMS and you then put the DMS into your phatbox and let the hack run.  There are some issues with the hack process that are well documented on the forums if you run into trouble with the hack not finishing.

the newdms script is to make your new hard drive work as a DMS AFTER you've hacked your phatbox with the dmshack script..

you can run the patchclean script to put your old DMS back to original settings.

How much more plain and simple can I spell out the functions of the scripts?

Offline jizay

  • Newbie
  • Posts: 9
  • PhatHacker
Re: Windows based DMS / Phatbox Hack (HackCD replacement thread)
« Reply #31 on: February 18, 2007, 06:46:36 pm »
We have replaced the hackCD with a new set of scripts, linked below, for you to use on your PC (windows 2000 or XP should work)

If you have a Linux / UNIX system these scripts will work for you too we expect with very little change since they are based on shell scripts front ended by bat files for windows... please open a separate thread on Linux usage if you want support, don't clutter this thread up with that.

The steps to hack your phatbox are:
extract the files into c:\dmsutils

  • run DMSHack.bat to modify your DMS to apply the changes to your DMS for hacking the flashed based bootloader in your Phatbox / Keg
  • insert the DMS into your box, follow the normal process of allowing the hack to run.  check the phtsys\log\patchverify.log afterward to make sure everything says verified.  if it doesn't, run the DMS in your box again until it does.  if the DMS does not boot up you need to corrupt ramdisk.sig.. search for how.
  • after your box is hacked you can run patchclean.bat to remove the hack files from your original DMS
  • when you want to build a new larger DMS you can run NEWDMS.bat.  this will prep the drive.  After the drive is prepped, load your firmware on it via PMM or via downloads.phathack.com and copy your music onto it.  enjoy!
  • BackupDMS,bat is not required, it is there for folks who are paranoid.
  • after you have finished running the hack scripts I STRONGLY suggest making a backup copy of all the files in the c:\dmsutils directory and saving it just in case.

***I STRONGLY SUGGEST EVERYONE HACK THEIR PHATBOX ASAP***
This is so that WHEN your DMS fails you can just create a new one instead of paying for one from phatnoise.

Making the new DMS appears to have worked. The patch.log shows that the patch was successfully applied, but when I bring up Media Manager, it says 'error retrieving DMS id' . How do I get Media Manager to recognize my new (hacked) DMS now?

« Last Edit: February 18, 2007, 07:22:36 pm by jizay »

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: Windows based DMS / Phatbox Hack (HackCD replacement thread)
« Reply #32 on: February 18, 2007, 10:43:41 pm »
depending on which version of PMM you are using, a hacked DMS may not work properly.  What version of PMM are you using?

Offline jizay

  • Newbie
  • Posts: 9
  • PhatHacker
Re: Windows based DMS / Phatbox Hack (HackCD replacement thread)
« Reply #33 on: February 19, 2007, 12:21:28 am »
It's the latest version from the phatbox website, 3.92 I think. Is there an earlier version that will work, if so, is there a link to it? It would suck to be stuck with the Music Manager. Media Manager seems to be alot better.

Offline jizay

  • Newbie
  • Posts: 9
  • PhatHacker
Re: Windows based DMS / Phatbox Hack (HackCD replacement thread)
« Reply #34 on: February 22, 2007, 01:00:42 am »
Any suggestions for getting a hacked DMS to work with Media Manager 3.92 software?

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: Windows based DMS / Phatbox Hack (HackCD replacement thread)
« Reply #35 on: February 22, 2007, 02:48:20 pm »
Sam, I think we will need to update the scripts (i'll try and work on it later today) so that it still copies the keys to the drive so this wont be an issue.. what do you think?


I don't have a link to an older version of PMM handy but I know there was a link to 2.30 somewhere on the forums at one point. 

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: Windows based DMS / Phatbox Hack (HackCD replacement thread)
« Reply #36 on: February 22, 2007, 02:49:44 pm »

Offline sbingner

  • Administrator
  • Veteran.
  • *****
  • Posts: 1301
Re: Windows based DMS / Phatbox Hack (HackCD replacement thread)
« Reply #37 on: February 22, 2007, 08:47:26 pm »
The thing is I think I've seen that NOT happen without keys... and happen WITH keys... *shrug*

it's just a stupid program! :b

Offline jizay

  • Newbie
  • Posts: 9
  • PhatHacker
Re: Windows based DMS / Phatbox Hack (HackCD replacement thread)
« Reply #38 on: February 23, 2007, 01:19:35 am »
I didnt see any interface issues on the forum with a hacked DMS, so it was a surprise that the drive actually worked in the car, and not with the software. I'll try the old version and see if it works. What is the difference between 2.30 and 3.92?

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: Windows based DMS / Phatbox Hack (HackCD replacement thread)
« Reply #39 on: February 23, 2007, 02:38:45 pm »
lots of stuff.. mostly to do with mCD support and video support for the GM phatboxes if I recall correctly.