I managed to hack away at bushing's shoehorn loader until I have it happily loading and booting any kernel I stick on it via BOOT_ROM and the serial port... I'm packaging up the tarball and I'll post it momentarily
oh yea, in the process I had to disable all the signature checking since it didnt like something, so should run off any hard drive that way too
http://downloads.phathack.com/sbingner/shoehorn-patchnload.tgz
just compile it and run ./shoehorn --port SERIALPORTCONNECTEDTOPHATBOX then short jp2 and boot up your kernel compiled with ROM_BOOT enabled...
I posted one on http://downloads.phathack.com/sbingner/linux.bz2 -- it'll show up in 45 minutes, but there's one as just "linux" thats already visible -- it just doesn't have the console logging enabled -- I also re-enabled console logging so you'll be able to see the boot messages even if you don't have a shell set up.... feel free to replace/modify the ramdisk image, I think I managed to disable any and all checking by the bootloader.... just don't try to replace anything BESIDES linux, ramdisk, initrd, or rc.sh with an unsigned copy ;)
of course if you have plsign you can just sign the other stuff yourself
kickass!
Still cant find a way to load the firmware?
Quotekickass!
Still cant find a way to load the firmware?
I'm pretty sure we'll be able to use MTD once I or somebody else gets a newer kernel ported for it, or gets the correct stuff on to load MTD... it does support this chip. I got my 1.5 hours of sleep after getting it working last night and haven't had the chance to do anything more yet
BTW I just booted up off an unsigned drive... worst case we could probably make a mod chip this way. Still working on getting a way to rewrite the flash
I'm almost done with my bootloader that copies the flash to RAM and patches it. I haven't had a lot of time to work on it, but it's pretty simple.
If that works, and we can't flash it otherwise, then I've already got most of the design for a mod chip to plug into the serial port and download the code. Pretty much just a PIC and a serial EEPROM with the code in it (I've mocked it up on my eval board).
If we can't get flash working, I'll get cracking on a board design for a mod chip to plug into that serial port.
QuoteI'm almost done with my bootloader that copies the flash to RAM and patches it. I haven't had a lot of time to work on it, but it's pretty simple.
If that works, and we can't flash it otherwise, then I've already got most of the design for a mod chip to plug into the serial port and download the code. Pretty much just a PIC and a serial EEPROM with the code in it (I've mocked it up on my eval board).
If we can't get flash working, I'll get cracking on a board design for a mod chip to plug into that serial port.
lol did you not read what I posted? http://downloads.phathack.com/sbingner/shoehorn-patchnload.tgz <-- that loads it, patches it and boots a kernel
there's a loader.c file, that generates a binary loader that does exactly that.... just needs a little cleanup to remove the crap that shoehorn had in there that I didnt remove but it works perfectly
Quote
lol did you not read what I posted? http://downloads.phathack.com/sbingner/shoehorn-patchnload.tgz <-- that loads it, patches it and boots a kernel
I read it, but I misunderstood you. :)
I guess I'll start working on a mod chip then. ;)
This looks like a year ago, anything happen on this???
this thread died because we got a firmware patcher built after this that ran on the box. this was before (if I recall the timing of things) we could patch the box off the DMS.