I'm suprised no one has come up with a modchip or something similar for the SA series2 Tivo. They were out quick for the XBOX, and even quicker after they changed their encryption. Anyone heard about such a thing?

Buttwidget

well, there is no real need for a "modchip" of sorts. if you have the 3.1 non-updated software, you can obtain bash via the BASH_ENV hack.

you can replace the prom if you want...i guess that is kinda like a "modchip." in the series 1 units, we could use a hackable version (2.0) to flash the prom with code which allowed us to use unsigned kernels (which had their initrd removed).

in the s2 units, the prom chip they use isnt flashable by the unit based on the way it was wired. if you want to pull the prom, and then replace it with a hacked set of prom code, then you can kill the initrd and get bash just like the s1 dtivos. otherwise, you can stick with the current version and the BASH_ENV hack

That's a little bit beyond me... I can solder though ;-)

Basically what I was thinking is that someone (who would have to be much brighter than I am...) could come up with a modchip that would allow most of the hacks to run on the Tivo, while allowing folks to do some extraction... Hopefully going around the encryption rather than through it. I love my SA Series 2 Tivo, it really has changed the way I watch TV, but I wish that I could extract the stream itself rather than having to use my AIW card... Actually, the AIW card allowed me to record the shows that I wanted, but I lost a bit of quality in doing so, and thought that maybe the Tivo could help me. But alas, I didn't do enough research to figure out that the model that I bought wouldn't allow me to get the stream out.

Oh well, as with everything, time should help solve the problem.

Buttwidget

essentially, by replacing the prom with a "modchip" (hacked prom) you can modify the software on the tivo however you want.

now that i have my hdvr2, i will be attempting to figure out where patch needs to be made to disable scrambling. once the scrambling has been turned off, most of the standard tools should work. however, in order to use a modified kernel, you will need a hacked prom.

if what you mean by modchip is being able to tap points A-F and Q-S (not actual points, just using them for the illustration) and then attaching the other end of the wires to a new chip...well, i suppose you could. basically, you would need to clip the lead that gave the onboard chip power, then essentially piggyback the new prom on top of the old one. no, i haven't done this myself. at some point I plan on having my prom socketed so i can replace it easily with a properly flashed chip.

I figured jumpering pins to a specially coded prom would be the way to do it, that way you could set the encryption key to whatever you wanted (in theory) so you could then load whatever you wanted on the Tivo (or take it off) without worrying about the fate of the distributed hack project that is going on. I'm sure the person that did that could make a lot of money, but of course I assume there would be DMCA issues there as well...

Buttwidget

well, im not sure you really get it. the tivo security is like the security on the xbox, not like the security on the PS2. on the PS2, you patch in the proper code on the fly, because we cant get new chips to replace the old ones.

on the xbox, you replace the bios image completely. the prom on the tivo contains the bios. on the xbox, there were some test pads you could use on the back, or you could reflash the tsop on the motherboard, or you could use LPC. well, the tivo doesnt have the needed test points, and it doesnt have LPC. so that leaves replacing or reflashing the chip thats there.

if you were to add a "modchip," the only reason it would be easier is that you wouldnt have to remove the current chip, but you still would need to disable the onboard chip somehow.

the bottom line is that we already have the modified code needed to flash the prom so it wont check the kernel signature, its just a matter of getting it onto the chip thats in the unit. in theory, JTAG might be an option, but i havent done much checking yet

You're right when you say I don't get it :-)

I am grasping at straws hoping to get at the video stream on the Tivo and be able to burn it for posterity. I wish you the best at your attempts to get in there, unfortunately I won't be able to offer any real help; having such a low level of knowledge as to what it takes... *sigh*

Good luck!

Buttwidget