Phatbox pwn'd

[sbingner]

I managed to hack away at bushing's shoehorn loader until I have it happily loading and booting any kernel I stick on it via BOOT_ROM and the serial port...  I'm packaging up the tarball and I'll post it momentarily

[sbingner]

oh yea, in the process I had to disable all the signature checking since it didnt like something, so should run off any hard drive that way too

[sbingner]

http://downloads.phathack.com/sbingner/shoehorn-patchnload.tgz

just compile it and run ./shoehorn --port SERIALPORTCONNECTEDTOPHATBOX then short jp2 and boot up your kernel compiled with ROM_BOOT enabled...

I posted one on http://downloads.phathack.com/sbingner/linux.bz2 -- it'll show up in 45 minutes, but there's one as just "linux" thats already visible -- it just doesn't have the console logging enabled -- I also re-enabled console logging so you'll be able to see the boot messages even if you don't have a shell set up....  feel free to replace/modify the ramdisk image, I think I managed to disable any and all checking by the bootloader.... just don't try to replace anything BESIDES linux, ramdisk, initrd, or rc.sh with an unsigned copy

of course if you have plsign you can just sign the other stuff yourself

[judb]

kickass!

Still cant find a way to load the firmware?

[sbingner]

kickass!

Still cant find a way to load the firmware?

I'm pretty sure we'll be able to use MTD once I or somebody else gets a newer kernel ported for it, or gets the correct stuff on to load MTD... it does support this chip.  I got my 1.5 hours of sleep after getting it working last night and haven't had the chance to do anything more yet

[sbingner]

BTW I just booted up off an unsigned drive... worst case we could probably make a mod chip this way.  Still working on getting a way to rewrite the flash

[RobM]

I'm almost done with my bootloader that copies the flash to RAM and patches it.  I haven't had a lot of time to work on it, but it's pretty simple.

If that works, and we can't flash it otherwise, then I've already got most of the design for a mod chip to plug into the serial port and download the code.  Pretty much just a PIC and a serial EEPROM with the code in it (I've mocked it up on my eval board).

If we can't get flash working, I'll get cracking on a board design for a mod chip to plug into that serial port.

[sbingner]

I'm almost done with my bootloader that copies the flash to RAM and patches it.  I haven't had a lot of time to work on it, but it's pretty simple.

If that works, and we can't flash it otherwise, then I've already got most of the design for a mod chip to plug into the serial port and download the code.  Pretty much just a PIC and a serial EEPROM with the code in it (I've mocked it up on my eval board).

If we can't get flash working, I'll get cracking on a board design for a mod chip to plug into that serial port.

lol did you not read what I posted?  http://downloads.phathack.com/sbingner/shoehorn-patchnload.tgz <-- that loads it, patches it and boots a kernel

[sbingner]

there's a loader.c file, that generates a binary loader that does exactly that.... just needs a little cleanup to remove the crap that shoehorn had in there that I didnt remove but it works perfectly

[RobM]

lol did you not read what I posted?  http://downloads.phathack.com/sbingner/shoehorn-patchnload.tgz <-- that loads it, patches it and boots a kernel

I read it, but I misunderstood you.

I guess I'll start working on a mod chip then.  

[zero cool]

This looks like a year ago, anything happen on this???

[judb]

this thread died because we got a firmware patcher built after this that ran on the box.  this was before (if I recall the timing of things) we could patch the box off the DMS.