Author Topic: Phatbox pwn'd  (Read 10681 times)

0 Members and 1 Guest are viewing this topic.

Offline sbingner

  • Administrator
  • Veteran.
  • *****
  • Posts: 1301
Phatbox pwn'd
« on: July 12, 2005, 02:31:29 pm »
I managed to hack away at bushing's shoehorn loader until I have it happily loading and booting any kernel I stick on it via BOOT_ROM and the serial port...  I'm packaging up the tarball and I'll post it momentarily

Offline sbingner

  • Administrator
  • Veteran.
  • *****
  • Posts: 1301
Re: Phatbox pwn'd
« Reply #1 on: July 12, 2005, 02:32:07 pm »
oh yea, in the process I had to disable all the signature checking since it didnt like something, so should run off any hard drive that way too

Offline sbingner

  • Administrator
  • Veteran.
  • *****
  • Posts: 1301
Re: Phatbox pwn'd
« Reply #2 on: July 12, 2005, 03:19:17 pm »
http://downloads.phathack.com/sbingner/shoehorn-patchnload.tgz

just compile it and run ./shoehorn --port SERIALPORTCONNECTEDTOPHATBOX then short jp2 and boot up your kernel compiled with ROM_BOOT enabled...

I posted one on http://downloads.phathack.com/sbingner/linux.bz2 -- it'll show up in 45 minutes, but there's one as just "linux" thats already visible -- it just doesn't have the console logging enabled -- I also re-enabled console logging so you'll be able to see the boot messages even if you don't have a shell set up....  feel free to replace/modify the ramdisk image, I think I managed to disable any and all checking by the bootloader.... just don't try to replace anything BESIDES linux, ramdisk, initrd, or rc.sh with an unsigned copy ;)

of course if you have plsign you can just sign the other stuff yourself

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: Phatbox pwn'd
« Reply #3 on: July 12, 2005, 11:54:16 pm »
kickass!

Still cant find a way to load the firmware?

Offline sbingner

  • Administrator
  • Veteran.
  • *****
  • Posts: 1301
Re: Phatbox pwn'd
« Reply #4 on: July 13, 2005, 01:10:40 am »
Quote
kickass!

Still cant find a way to load the firmware?


I'm pretty sure we'll be able to use MTD once I or somebody else gets a newer kernel ported for it, or gets the correct stuff on to load MTD... it does support this chip.  I got my 1.5 hours of sleep after getting it working last night and haven't had the chance to do anything more yet

Offline sbingner

  • Administrator
  • Veteran.
  • *****
  • Posts: 1301
Re: Phatbox pwn'd
« Reply #5 on: July 13, 2005, 05:46:58 am »
BTW I just booted up off an unsigned drive... worst case we could probably make a mod chip this way.  Still working on getting a way to rewrite the flash

Offline RobM

  • Senior Member
  • A few posts under my belt.
  • *****
  • Posts: 48
Re: Phatbox pwn'd
« Reply #6 on: July 13, 2005, 03:09:32 pm »
I'm almost done with my bootloader that copies the flash to RAM and patches it.  I haven't had a lot of time to work on it, but it's pretty simple.

If that works, and we can't flash it otherwise, then I've already got most of the design for a mod chip to plug into the serial port and download the code.  Pretty much just a PIC and a serial EEPROM with the code in it (I've mocked it up on my eval board).

If we can't get flash working, I'll get cracking on a board design for a mod chip to plug into that serial port.

Offline sbingner

  • Administrator
  • Veteran.
  • *****
  • Posts: 1301
Re: Phatbox pwn'd
« Reply #7 on: July 13, 2005, 06:19:30 pm »
Quote
I'm almost done with my bootloader that copies the flash to RAM and patches it.  I haven't had a lot of time to work on it, but it's pretty simple.

If that works, and we can't flash it otherwise, then I've already got most of the design for a mod chip to plug into the serial port and download the code.  Pretty much just a PIC and a serial EEPROM with the code in it (I've mocked it up on my eval board).

If we can't get flash working, I'll get cracking on a board design for a mod chip to plug into that serial port.



lol did you not read what I posted?  http://downloads.phathack.com/sbingner/shoehorn-patchnload.tgz <-- that loads it, patches it and boots a kernel

Offline sbingner

  • Administrator
  • Veteran.
  • *****
  • Posts: 1301
Re: Phatbox pwn'd
« Reply #8 on: July 13, 2005, 06:20:50 pm »
there's a loader.c file, that generates a binary loader that does exactly that.... just needs a little cleanup to remove the crap that shoehorn had in there that I didnt remove but it works perfectly

Offline RobM

  • Senior Member
  • A few posts under my belt.
  • *****
  • Posts: 48
Re: Phatbox pwn'd
« Reply #9 on: July 13, 2005, 08:05:55 pm »
Quote


lol did you not read what I posted?  http://downloads.phathack.com/sbingner/shoehorn-patchnload.tgz <-- that loads it, patches it and boots a kernel


I read it, but I misunderstood you. :)

I guess I'll start working on a mod chip then.  ;)

Offline zero cool

  • Getting the hang of things.
  • **
  • Posts: 52
  • PhatHacker
Re: Phatbox pwn'd
« Reply #10 on: July 16, 2006, 06:50:32 pm »
This looks like a year ago, anything happen on this???

Offline judb

  • Administrator
  • Veteran.
  • *****
  • Posts: 1329
  • ph4t l3wtz
Re: Phatbox pwn'd
« Reply #11 on: July 17, 2006, 02:17:52 am »
this thread died because we got a firmware patcher built after this that ran on the box.  this was before (if I recall the timing of things) we could patch the box off the DMS.