PDA

View Full Version : 2.5 Avail For DTIVO For Beta, Should I Try IT......



CyberMop
07-11-2001, 07:11 PM
If you go to the "Direct TV Recieiver with Tivo" forum on the AVS site they are offering the chance to sign up to be put on the list for the 2.5 update.... I am thinkg about doing this - I know it is beta.... But I am worried about the ramifications.... I just got my direc tivo... All I have done is set up the bash prompt and (never let it dial in) told it that it was at service state 5 - I did that using only 1 command. So the first time it dials in it will over ride that setting... I am using it with an emulator, so i will have to clear the logs... Any ways - does anyone have any thoughts on this.... I want 2.5 so bad because of the duel tuners - but is it worth the risk... I was wandering if someone would be nice enough to post a 2.5 image somewhere on the web when it available.....

So type away :eek:

Vadim
07-11-2001, 10:14 PM
Remoce servicestate 5, take out EMU, sign up for beta, then get accepted. Then you could only get it,
Only 100 people got in and I know someone who got in..

KRavEN
07-12-2001, 10:43 AM
Vadim,

I am very interested in this 2.5 release. Maybe your contact could get us an backup image so we can all see what's in store. I have a fast site I can post it on so we can all share.

At the very least though, I would like to know if the TivoNet and ExtractStream will still work on the DTivo after the 2.5 update.

Vadim
07-12-2001, 11:14 AM
I'll see what I can do, however there are so many releases.

Some with dual drive some with single, some philips, sony or hughes.
It will be very hard to get all of them..

Fugg
07-15-2001, 02:08 PM
vadim,

your buddy w/2.5,
can he still get a bash prompt?
can he still look at the mfs region?
does tivonet still work?
does httpd.tcl still work?
does lightn's tivoweb still work?
does ExtractStream still work?

... all burning questions that will tell me if i keep a sub or not....

Fugg
07-18-2001, 06:20 PM
vadim?
have you heard from your buddy w/2.5?

pasha
07-20-2001, 01:15 AM
bad news...
can't get bash prompt
if you set imune bit for rc.sysinit system continuasly reboots
once you removing +i it's no longer keep your changes...
so can't get thru
sucks any ideas? where checking done? and how?

Toyman
07-20-2001, 06:38 AM
I heard the same thing from a friend, he knows someone that has 2.5. I guess we figured as much.

Vadim
07-20-2001, 09:15 AM
No bash :(
Very annoying.

Fugg
07-20-2001, 08:26 PM
AAaaaaa,
makes one look at the slice thread in a new light, eh?
;)

ejh
07-30-2001, 03:35 PM
The ability to easily get bash is most definitly gone in 2.5. In this version, the kernel is loaded into RAM along with a few utilities. Before it is allowed to boot, it does a md5 checksum on all the files under the current / partition, and compares them against known values that are loaded into RAM at the same time. If any of the checksums don't match, it automatically replaces the file with the original DIST version and reboots. This is actually a rather simple yet brilliant way of doing a filesystem verification, but extreamly hacker unfriendly. As a few people have already mentioned, chattr no longer works since it causes and endless reboot loop under this scenerio.

Until someone figures out exactly where these checksum files are located, and how to modify them, stay far far away from 2.5..

mrblack51
07-30-2001, 04:12 PM
does anyone have an idea as to whether these are standard md5 checksums, or derivatives which are tied in with the crypto chip somehow?

Lure
07-30-2001, 05:13 PM
I don't know what i'm talking about but here it comes:

could you make a virus like prog that start's working a minut or so after booting the TiVo. (bootsector virus)

let it fire up commands to get a bash prompt, remount.rw and that kind of stuf...
would something like this be a Idea instead of trying to alter the rc.sysinit? Or do you have to reboot the tivo after a command like that?

sorry, if my lack of knowledge irritates anyone.

"All men dream: but not equally. Those who dream
by night in the dusty recesses of their minds
wake in the day to find it was vanity, but the
dreamers of the day are dangerous men, for they
may act on their dream with open eyes, to make
it possible."
~ T. E. Lawrence - Seven Pillars of Wisdom ~

ejh
07-30-2001, 05:20 PM
eel-sushi:

I would love to see whats in the compressed image file you have, or better yet, how to actually gain access to it for myself. I've only been working on this for a few days now, but my own testing has led me to the kernel partitions as the next logical place to start sifting through. Right now I'm at the point where I know that I need to dump the data off of those partitions, but I still havn't figured out what the best way to do it is just yet. I was about to load the whole damn partition up in a hex editor just to get an idea of whats there, but thats just a PITA...

Lord Magnus
07-30-2001, 05:44 PM
Originally posted by Lure
I don't know what i'm talking about but here it comes:

could you make a virus like prog that start's working a minut or so after booting the TiVo. (bootsector virus)

let it fire up commands to get a bash prompt, remount.rw and that kind of stuf...
would something like this be a Idea instead of trying to alter the rc.sysinit? Or do you have to reboot the tivo after a command like that?

sorry, if my lack of knowledge irritates anyone.

[/I]

Couldn't we just modify the bootsector to boot the kernal directly? That way all the MD5 mess is bypassed. If it is the kernal that is doing this, isn't source available for it under GNU?

The only way this would an issue would be if the checksum operation was an atomic operation that performed some function crucial to normal operation, i.e. decrypted a file. Even then, all we need is one normal pass to get that info and save it.

It might hammer up the software upgrade process, but I think we know that would need to be done by us manually anyway.

KRavEN
07-30-2001, 05:58 PM
EelSushi

If you can tell me how to get the ramdisk image I can mount it, copy the files out, modify them, and then make the image again. This is actually quite easy and if you search on editing RedHat's ramdisk or initrd you find out step by step how it's done. It's very simple, your kernel has to support romfs, redhat 7 does, you mount the image with mount -t romfs filename /mnt then you can copy the files out to another directory. To put it back to an image you use genromfs.

KRavEN
07-31-2001, 12:10 AM
well, I don't have a 2.5 kernel to look at, but I tried what you said with a 2.0.1 kernel and was unable to ifnd the first 2 bytes in the dump. 1f 2b correct? Maybe it is different with 2.0.1. Please see your PM, I'm going to give you an email address so maybe we can work together on this.

ejh
07-31-2001, 02:43 AM
...........

pasha
07-31-2001, 07:24 AM
folks,

not to be rude to everybody may be we can move this discussion of public forum. but 2.5 is not released yet and any public knowledge may couse feautes changes in actual 2.5... so how about moving this discussions to PM or e-mail conversations?

ejh, good to know that you found everything now lets work toghether to get things done...

Kraven, check you PM