I know this is pretty self serving, but I keep seeing posts by people wanting to get this done and contemplating doing it themselves and this is something that should really not be attempted by someone that doesn't know what they are doing. It is very possible to render your TiVo totally worthless if you screw it up.

Unless you really know what you are doing with an iron, don't attempt it!

To remove the prom requires a special tip that can heat all pins on the prom at once so that it can be removed. Hot air can also be used to remove it. Last case is trying to use solder wick, but that would be very difficult to ensure all the solder is removed well enough that you don't damage the pads on the board when remove it.

Next the socket. Sockets in general are pretty hard, but PLCC (TiVO prom formfactor) sockets are much easier compared to TSOP sockets (xbox bios formfactor). There is still pretty much a requirement for a stereoscope or some other sort of magnification as the soldering is done on tiny points inside the socket itself and you have to be carefull not to bridge the legs or melt the pastic of the socket that is very close to the legs.

Flashing the prom also requires special equipment like a DATA I/O device that has PLCC sockets and is designed to flash chips. It may also be possible to flash the bios in motherboards that have a socketed PLCC bios chips in them. I have an ABIT BX2 that has this bios and socket, but I've not tried to flash non pc bios chips with it. I'm sure it's possible with the right software, I've just not looked for it.

If anyone is wanting to get this done, I have the facilities and the experience replacing and socketing the S2 TiVo proms. I can do both SA and DTiVo versions. Send me a PM if you are wanting to get it done, just don't screw up your TiVO cuz you don't know what you're doing.

---

UPDATE by alldeadhomiez, 7/24/2004:

KRavEN is no longer offering this service (http://www.dealdatabase.com/forum/showpost.php?p=157268&postcount=55).

Sleeper (http://www.dealdatabase.com/forum/showpost.php?p=165153&postcount=46) and MudShark (http://www.dealdatabase.com/forum/showpost.php?p=175270&postcount=67) will socket and reflash your PROM for $50 plus shipping. Or, keep reading this thread to learn how to do it on your own.

At the time of this writing, the only model which needs a compromised PROM in order to boot a hacked drive is the HR10-250 (HD TiVo). It is suspected but not confirmed that the upcoming "silver" Series2 standalones may also require this modification.

UPDATE by JJBliss, 12/21/2004:

Sleeper is no longer a member of this Forum. Mudshark is, and has visited the forums recently. I am unaware if Mudshark is still doing PROM mods.

The HR10-250 no longer requires a modified PROM in order to boot modified software. killhdinitrd supports this unit as well as other non Series 2.5 units. Series 2.5 (nightlight and R10) units still require PROM socketing or modifications as of this writing.

Kraven:

Is the PROM code publicly available?
Is the ONLY purpose of the prom code to allow Bash?
I have a series and have so far been able to d 120GB and Bash.


Thanks
Cali

Originally posted by cali
Kraven:

Is the PROM code publicly available?
Is the ONLY purpose of the prom code to allow Bash?
I have a series and have so far been able to d 120GB and Bash.

There are only two changes needed to the prom code. If you grab the code off of your drive, the needed changes via a hex editor are simple enough.

The purpose of the modified prom is to allow booting of unsigned kernels. Bash is a visible effect of that. Basically, the kernel has signatures for everything in the root partition thats worth messing with, and deletes anything without a good signature. this prom hack lets you modify the kernel, thus allowing you to compromise that check. once that is done, you can do whatever you want.

The patches I came up with are posted over on AVS in this post (http://www.tivocommunity.com/tivo-vb/showthread.php?postid=784253#post784253) . But yeah like Kraven said, knowing them and applying them are very different :)

By the way...I think at the time I was going for smallest patch possible. But with that version, it still computes the kernel and bootrom SHA hashes. Even though the comparison of final hash values is ignored, it still slows down the boot cycle. But I guess nobody has noticed :)

Originally posted by MuscleNerd
The patches I came up with are posted over on AVS in this post (http://www.tivocommunity.com/tivo-vb/showthread.php?postid=784253#post784253) . But yeah like Kraven said, knowing them and applying them are very different :)

By the way...I think at the time I was going for smallest patch possible. But with that version, it still computes the kernel and bootrom SHA hashes. Even though the comparison of final hash values is ignored, it still slows down the boot cycle. But I guess nobody has noticed :)

so this patch doesnt have the 'speed increases' that the s1 dtivo prom upgrade offered. ah well, while that would be nice, these have the needed effect.

thanks for your work btw

Thanks for the replies guys. I have lots of prom chips at work and a nice data i/o less than 10ft away.
Ill get around to it one day....


cali

cali> Is the ONLY purpose of the prom code to allow Bash? I have a series and have so far been able to d 120GB and Bash.

How are you BASHing wo/PROM hack? I dd an old 3.0.2 kernel and BASH_ENV it to get in. My TiVo has the '39 part; I'm investigating getting it to flash in place.

Im using the one version that allows you to do the hack...2.015 or something like that...

Look for mrblacks post on his hacking experience; everythign you need is in there.

Took me about a good hour to do it the first time.

>Im using the one version that allows you to do the hack...2.015 or something like that...

I'm using 3.0.2 which has USB network device support and also allows the BASH_ENV hack. v3.2 prevents the BASH_ENV hack.

I'll go read MrBlack's posts to see if there's something I missed. Thx. ;-)

Wouldn't another reason to do the PROM hack be that you can run any version of the software?


Kraven you still doing the mod?

Yeah I am. Primary reason for the new prom is to get in without the bash_env backdoor plus it's currently the only known way in with 3.2 software.

It's also very usefull if you want to compile and run your own kernel.

I now have the service in my webstore. Go here:


Prom Socketing Service under Hardware -> new in box -> accessories (http://www.dealsbyjerry.com)

Originally posted by KRavEN
Yplus it's currently the only known way in with 3.2 software.
That post was before monte was publicly released (still, having a modded prom simplifies the boot process).

what does PROM socketing do for the S2?

There are several links in the "chain" that keeps the S2 secure. By using a modded PROM, the very first link in that chain is broken, bypassing all the other links (BASH_ENV, the need for monte, etc).

so if i had a modded PROM on my HDVR2, what's the best software configuration for extracting, burning, and tivoweb?

You can just follow Stan's how-to on setting up with a prom mod. Basically, you do it just like the series 1. Kill the initrd, add the files you want, stir and enjoy.

You can just follow Stan's how-to on setting up with a prom mod. Basically, you do it just like the series 1. Kill the initrd, add the files you want, stir and enjoy.

does the prom hack "PROM Protection v1.0 by Taran" work for dvr40?
is there anything else i need to know? ie: what is flashing the chip?
so will i be able to get the bash prompt from an ethernet connection?
im using mac osx hoping that the terminal app will work. i am able to mount the drive using ext2fs (after rebooting the mac) from an external firewire case.

I'm not sure about the dvr's. But imagine it should work. I didn't use Taran's thingy. I just modded the bin file and reprogramed. (just make a back-up of the HD and the PROM *FIRST*. I know it sounds obvious, but many people don't and burn)

Do as Kraven says. killintrid is a must, and then add your software and hacks (rcsysinit.author, etc)

does the prom hack "PROM Protection v1.0 by Taran" work for dvr40?
is there anything else i need to know? ie: what is flashing the chip?
so will i be able to get the bash prompt from an ethernet connection?
im using mac osx hoping that the terminal app will work. i am able to mount the drive using ext2fs (after rebooting the mac) from an external firewire case.

There is no known need to lock down the S2 flash as the SST37 chip is not believed to be in-circuit programmable.

I think the Trinity/"RID" boards, DVR40 included, all use a different version of the firmware from what we see on the older models. I have confirmed this to be the case on a DSR704; here is the ID information I found:

0000000: 0bf0 0109 0000 0000 0001 23c0 84a1 0e60 ..........#....`
0000010: 3fff a383 267b 617b 893d 4a79 bb21 6594 ?...&{a{.=Jy.!e.
0000020: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0000030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
0000040: 5469 566f 2f6d 6970 732f 6272 636d 2f72 TiVo/mips/brcm/r
0000050: 656c 0032 2e35 0000 0000 0000 0000 0000 el.2.5..........

There is no known need to lock down the S2 flash as the SST37 chip is not believed to be in-circuit programmable.

I can affirm this!

I think the Trinity/"RID" boards, DVR40 included, all use a different version of the firmware from what we see on the older models. I have confirmed this to be the case on a DSR704; here is the ID information I found:

I'm curious if the "old" firmware will boot a newer DVR40. I wonder if the new firmware has some RID initialization stuff in it. Unfortunately, I don't have a DVR40 to play with.

I'm curious if the "old" firmware will boot a newer DVR40. I wonder if the new firmware has some RID initialization stuff in it. Unfortunately, I don't have a DVR40 to play with.

Firmware 1.18 will not boot a DSR704 properly. It seems that they rearranged the code a bit but oddly enough they did not bother to add checks to keep the compromised 3.1u5 kernel from booting.

So does this mean that the PROM mod is not yet figured out for SD-DVR40 or it cannot be done?

Does anyone know where to get the tools if I want to do the mod by myself? It seems I can not find sst39vf010 chip for sale anywhere, its only listed on SST web site without offer to buy it, have to call them? Also after the mod, is it possible to use homieflash rather than using special IO programers? Id hate to pull it out each time Id want to make change.

Also after the mod, is it possible to use homieflash rather than using special IO programers? Id hate to pull it out each time Id want to make change.

No, you don't have to pull it each time assuming that the change you made will still boot the tivo.

Also after the mod, is it possible to use homieflash rather than using special IO programers? Id hate to pull it out each time Id want to make change.
Do you mean: each time you make a change to the eeprom image? In any case, homieflash will work. Personally, I ran a version of homieflash that gave the process highest priority, to prevent possible complications. But otherwise it's the same.

So does this mean that the PROM mod is not yet figured out for SD-DVR40 or it cannot be done?
If somebody were to post (or make available) the complete SD-DVR40 eeprom image, I'm sure the proper patch could be found.

It seems I can not find sst39vf010 chip for sale anywhere, its only listed on SST web site without offer to buy it, have to call them.

I understand that AMD's AM29LV010B is a direct replacement, so you mind find that easier to source.

I was told, but haven't verrified, that the AMD chips aren't exactly the same. I guess read the data sheets and see.

I understand that AMD's AM29LV010B is a direct replacement, so you mind find that easier to source.

I was told, but haven't verrified, that the AMD chips aren't exactly the same. I guess read the data sheets and see.

They're different but supported.

My good friend expat started a thread about the Trinity boards over at pvrhax0r:

http://www.pvrhax0r.com/forum/showthread.php?threadid=4

The patches for the 2.5 flash are included in his post.

[QUOTE=MuscleNerd]The patches I came up with are posted over on AVS in this post (http://www.tivocommunity.com/tivo-vb/showthread.php?postid=784253#post784253) . But yeah like Kraven said, knowing them and applying them are very different :)

Anyone care to repost the patches or send them to me? The thread at tivocommunity seems to have been deleted.

Thanks

[QUOTE=MuscleNerd]The patches I came up with are posted over on AVS in this post (http://www.tivocommunity.com/tivo-vb/showthread.php?postid=784253#post784253) . But yeah like Kraven said, knowing them and applying them are very different :)

Anyone care to repost the patches or send them to me? The thread at tivocommunity seems to have been deleted.

Thanks

patches for the 1.18 prom (not the 2.5 prom used on RID units): http://www.dealdatabase.com/forum/showthread.php?t=27474

Ive got SA S2 box which has 1.6 prom, is there patch for this one? Also any way to dump it? The getprom does not recognize -dump switch and /prom folder is empty.

I am not sure about this, but I think there might be an easy, cheap, and clean answer to prom socketing. Wolfson pointed me to something called chipquik (http://www.chipquikinc.com/), which claims to easily remove QFPs, PLCC's, and SOIC's.

Now, I don't know exactly how this stuff is supposed to work, but I did some research and found that the chipquik includes an alloy whose key element is bismuth. Of all metals, bismuth is the one with the second lowest melting point (mercury of course being the lowest.)

Bismuth melts at around ~140F afaik, and while I am just guessing here, I think the idea behind chipquik is that you melt the bismuth solder in with the regular lead solder (which melts at ~360F afaik) on all of the contact points, hence reducing their melting points. Once this is done, you can probably do like the website says and use hot air to easily pop the prom off of the motherboard....I think a hair dryer could even be used for this, because the melting point could easily go below 200F, depending on the material used to hold the prom to the motherboard. From there you can easily wick away the bismuth solder, then just add the socket to the board.

Any soldering pros care to comment on this? My S2 "RID enabled" receiver should arrive soon, and theres a local store here called circuit specialists (somewhere near southern and country club for you phoenix residents) that carries this chipquik kit for $18...I might have a look at trying this.

AlphaWolf, Chipquik works well. With luck, the solder / chipquik mix will retain heat long enough that you can simply lift the prom from the board. Cleaning up the residue does require care - it is possible to lift the pads if you aren't careful.

This still leaves the problem of soldering a replacement socket in place. Frankly, I've done a lot of soldering, including pulling surface mount ICs. When I looked at the HDVR2, I decided if I ever wanted to do it, I would send the board to Kraven and have him do it.

PlainBill

This still leaves the problem of soldering a replacement socket in place. Frankly, I've done a lot of soldering, including pulling surface mount ICs. When I looked at the HDVR2, I decided if I ever wanted to do it, I would send the board to Kraven and have him do it.

When I did socketed the prom, I took a small exacto knife and cut the plastic grid out of the bottom of the socket so when you look at the bottom of the socket (or thriough the socket from the top) all you see are the pins. It makes it a lot easier to solder (with an iron) without the plastic grid.

When I did socketed the prom, I took a small exacto knife and cut the plastic grid out of the bottom of the socket so when you look at the bottom of the socket (or thriough the socket from the top) all you see are the pins. It makes it a lot easier to solder (with an iron) without the plastic grid.

Yeah, but once you cut the grid you should probably not plan on removing and inserting multiple times since the grid is what holds it together. Socket will probably break pretty easily.

Another option is to just solder in an in-circuit programmable chip like that AMD chip and skip the socket all together.

Yeah, but once you cut the grid you should probably not plan on removing and inserting multiple times since the grid is what holds it together. Socket will probably break pretty easily.

Initially, I thought it was going to weaken the socket, but the socket seems just as durable without the bottom. I performed many insertions/removals without a hitch.

I dunno about that. If you look at how a PLCC extraction tool works, it really just uses the two opposite corners. It pulls the chip against the socket. It doesn't try to pull the socket off the board. In actuality its pushing the socket into the board. If you really feel scared, you could add a little epoxy to hold down the socket. Not to mention the life cycle of the socket isn't meant for hundreds of insertion/extraction cycles. I remember the ISA bus slots are rated for 10 insert/extract cycles.


Yeah, but once you cut the grid you should probably not plan on removing and inserting multiple times since the grid is what holds it together. Socket will probably break pretty easily.

Another option is to just solder in an in-circuit programmable chip like that AMD chip and skip the socket all together.

I was told, but haven't verrified, that the AMD chips aren't exactly the same. I guess read the data sheets and see.

Just a heads up, Mouser electronics has the ssts in stock (be fast, only about 20 left)...You can buy them individually for about 2$ each...Have fun!

jeboo

I'm not sure why I would buy them. If one has a programer, then they can copy the bin file and revert to the original program if needed. I just reprogramed mine and mashed it into the newly added socket.


Just a heads up, Mouser electronics has the ssts in stock (be fast, only about 20 left)...You can buy them individually for about 2$ each...Have fun!

jeboo

My good friend expat started a thread about the Trinity boards over at pvrhax0r:

http://www.pvrhax0r.com/forum/showthread.php?threadid=4

The patches for the 2.5 flash are included in his post.

We have located four interesting patches to the new 2.5 PROM:

24b0 = 10400014 -> 00000000 (enable debug msgs)
2cdc = 14830004 -> 14840004 (disable prom sha-160)
3a1c = 1043000c -> 1042000c (disable kernel check)
35f8 = 0c771940 00000000 0440ff97 -> 0c7718d7 00000000 24020000 (skip memchk)
Just had my PROM socketed by Kraven. Great work btw. Clean work,fast turnaround. Here is what I'm seeing on my serial output after killing the initrd.
PCI(13,0) DevVen= 351033 ClasRev= c0310 USB
PCI(13,1) DevVen= 351033 ClasRev= c0310 USB
PCI(13,2) DevVen= e01033 ClasRev= c0320 Unknown Device
PCI(14,0) DevVen= 1741 ClasRev= ff0000 TiVo ASIC
reset -
color_bars -
msw - [ -32 | -16 | -8 ] <address> <value>
msr - [ -32 | -16 | -8 ] <address>
help -
param - [ <new boot args> ]
netboot - [ -skip ] [ -f <file> ] [ <boot string> ]
boot - [ -skip ] [ -3 | -6 ] [ <boot string> ]
ememtest -
identify -
Hit two returns to stop autoboot
Attempting to disk load partition 6
Kernel signed by 'Kernel release key'
Hashing kernel... done
Hash mismatch
Hash mismatchLooks like the enabled messages worked ok. Not sure what the PROM SHA-160 check would look like, but no joy with the Hash mismatch. Anyone else have any sucess with editing 3a1c to 1042000c to kill the kernel check?

Looks like the enabled messages worked ok. Not sure what the PROM SHA-160 check would look like, but no joy with the Hash mismatch. Anyone else have any sucess with editing 3a1c to 1042000c to kill the kernel check?

The hash mismatch messages are normal. Try a known good kernel and make sure console output is enabled.

You were correct ADH it was an operator error. With a unmodified kernel I had Hit two returns to stop autoboot
Attempting to disk load partition 6
Kernel signed by 'Kernel release key'
Hashing kernel... done
Checking signature... done.
Signed, valid for release and with a properly killed initrdHit two returns to stop autoboot
Attempting to disk load partition 6
Kernel signed by 'Kernel release key'
Hashing kernel... done
Hash mismatch
Hash mismatch
Loading R5432 MMU routines.
..
booted just fineI was trying to use the killinitrd-s2-v3.x that I had with the monte files.

This chip works in my DSR7000:

NEWARK INONE PART #: 08C4182 ; ICs Flash Memory, CMOS, Parallel Interface, 1MB, 70 nS, 3 V Supply Voltage, 32-PLCC
QUANTITY: 2 @ $2.68 = $5.36

I think it's the AMD, but don't remember! I used the Chipquick method for removal and it worked like a charm. I also cut away the center web of the PLCC socket. Even with a very fine tip iron it was too hard to get to all the pins.

BTW - I was trying to netboot a kernel, it would read the file off my tftp/bootp server just fine, but since the kernel was DD'd off the disk the size is too large and the netboot pukes. Does someone have a utility to determine the exact # of blocks to make the kernel image so netboot works?

cheers - Yonk

I also cut away the center web of the PLCC socket. Even with a very fine tip iron it was too hard to get to all the pins.

That is definately the trick!


BTW - I was trying to netboot a kernel, it would read the file off my tftp/bootp server just fine, but since the kernel was DD'd off the disk the size is too large and the netboot pukes. Does someone have a utility to determine the exact # of blocks to make the kernel image so netboot works?


Please let me know if you are successful with the netboot. I have not attempted it but it is something that I always wanted to try - just haven't gotten to it.

This chip works in my DSR7000:

NEWARK INONE PART #: 08C4182 ; ICs Flash Memory, CMOS, Parallel Interface, 1MB, 70 nS, 3 V Supply Voltage, 32-PLCC
QUANTITY: 2 @ $2.68 = $5.36

I think it's the AMD, but don't remember! I used the Chipquick method for removal and it worked like a charm. I also cut away the center web of the PLCC socket. Even with a very fine tip iron it was too hard to get to all the pins.

BTW - I was trying to netboot a kernel, it would read the file off my tftp/bootp server just fine, but since the kernel was DD'd off the disk the size is too large and the netboot pukes. Does someone have a utility to determine the exact # of blocks to make the kernel image so netboot works?

cheers - Yonk


These are in-circuit flashable from what Im reading on the data sheet nice find. :p

NEWARK INONE PART #: 08C4182 ; ICs Flash Memory, CMOS, Parallel Interface, 1MB, 70 nS, 3 V Supply Voltage, 32-PLCC
QUANTITY: 2 @ $2.68 = $5.36

I think it's the AMD, but don't remember! I used the Chipquick method for removal and it worked like a charm. I also cut away the center web of the PLCC socket. Even with a very fine tip iron it was too hard to get to all the pins.


/me doesn't know how he missed this earlier.

Very interesting. I have been too much of a coward to try this (also lacking free time,) would you mind describing the process you went through with this whole thing? The main thing that scares me, is somebody said that its possible to lift the pads with the chipquik, but since it doesn't get very hot, I am not certain of what the odds of this happening are.

If it sounds easy enough, I might get around to doing this during spring break, and maybe publish a howto (w/pictures) for it. FWIW, the hardest soldering jobs I have ever done were for modding a PS2 (27 solder points) and an xbox (13 solder points) but neither of which involved removing any surface mount chips. (PLCC look easier than your average surface mount though)

/me doesn't know how he missed this earlier.

Very interesting. I have been too much of a coward to try this (also lacking free time,) would you mind describing the process you went through with this whole thing? The main thing that scares me, is somebody said that its possible to lift the pads with the chipquik, but since it doesn't get very hot, I am not certain of what the odds of this happening are.

If it sounds easy enough, I might get around to doing this during spring break, and maybe publish a howto (w/pictures) for it. FWIW, the hardest soldering jobs I have ever done were for modding a PS2 (27 solder points) and an xbox (13 solder points) but neither of which involved removing any surface mount chips. (PLCC look easier than your average surface mount though)

I posted previously that Mouser electronics has plenty of SSTs in stock...Still do btw. This was my first SMT experience as well, and heres a quick breakdown, including costs (If you are only going to do 1-2 units, this will not be worth it! Send it to Kraven).

Supplies:
1) I used the butane soldering iron from RatShack (15$). Sad, I know.

2) Chips and sockets ordered from Mouser/Digikey (2$ for a chip and socket).

3) Willem EEPROM programmer from ebay (including shipping and the plcc32 adapter, 50-70$). I bought this cause I was concerned the lack of real SMT equipment may fry the original chip during removal...And I didnt really care to try the hot-swap deadhomiez mentioned. This programmer really is worth the $, especially if you mess with other h/w :) Also, the SST39vf chips will program/erase fine at 5V (dont need the plcc32 adapter that has a 3.3V jumper).


Once you have everything, I would practice removing SMT chips and installing sockets on any old PC cards you have...Once you find the butane settings and method that works, its easy...My extraction went smoothly, but I've heard from others if a pad is lifted, you're in for some work. The socket was soldered in with a regular iron after punching out the bottom piece. Flash with programmer or deadhomiez prog.

It really is a nice improvement...It increases boot time a bit, which is nice for dev'ing and testing :)

jeboo

I posted previously that Mouser electronics has plenty of SSTs in stock...Still do btw. This was my first SMT experience as well, and heres a quick breakdown, including costs (If you are only going to do 1-2 units, this will not be worth it! Send it to Kraven).

Supplies:
1) I used the butane soldering iron from RatShack (15$). Sad, I know.

2) Chips and sockets ordered from Mouser/Digikey (2$ for a chip and socket).

3) Willem EEPROM programmer from ebay (including shipping and the plcc32 adapter, 50-70$). I bought this cause I was concerned the lack of real SMT equipment may fry the original chip during removal...And I didnt really care to try the hot-swap deadhomiez mentioned. This programmer really is worth the $, especially if you mess with other h/w :) Also, the SST39vf chips will program/erase fine at 5V (dont need the plcc32 adapter that has a 3.3V jumper).


Once you have everything, I would practice removing SMT chips and installing sockets on any old PC cards you have...Once you find the butane settings and method that works, its easy...My extraction went smoothly, but I've heard from others if a pad is lifted, you're in for some work. The socket was soldered in with a regular iron after punching out the bottom piece. Flash with programmer or deadhomiez prog.

It really is a nice improvement...It increases boot time a bit, which is nice for dev'ing and testing :)

jeboo

I am more interested in doing it myself than I am with saving money though.

The butane soldering iron you got, does that use hot air? or is it just a normal tip, only heated with butane gas?

BTW, I still want to try the chipquik method just for novelty sake though (it just sounds interesting)

Also, why did you buy a programmer if you installed the socket? Isn't it much easier just to have the tivo itself program it anyways?

I am more interested in doing it myself than I am with saving money though.

The butane soldering iron you got, does that use hot air? or is it just a normal tip, only heated with butane gas?

BTW, I still want to try the chipquik method just for novelty sake though (it just sounds interesting)

Also, why did you buy a programmer if you installed the socket? Isn't it much easier just to have the tivo itself program it anyways?

The soldering iron comes with two tips, one for "hot air" and one for normal soldering. The chipquik method sounds neat indeed, but with the hot air tip, you will have everything you need.

Call it paranoia, but I was worried the original PROM wouldnt survive the extraction. If that happens, you cannot boot to flash the new chip...So the programmer was basically an anti-brick purchase.

Nothing like doing it yourself :)

I did it with a SMD rework station. Only thing with reusing the chip, if adding a socket, is cleaning off all the solder from the 'pins' I had a tivo go belly up after a few months. Really didn't do much more then pull the chip out of the socket adn inspect the pins. looked good, put it back in and it is working again.

The soldering iron comes with two tips, one for "hot air" and one for normal soldering. The chipquik method sounds neat indeed, but with the hot air tip, you will have everything you need.

Call it paranoia, but I was worried the original PROM wouldnt survive the extraction. If that happens, you cannot boot to flash the new chip...So the programmer was basically an anti-brick purchase.

Nothing like doing it yourself :)

Help, i think that i burn the original sst37 while i was desoldering it using solder wick (need more practice), my tivo is a SD-DVR40, does any one have a virgin image of the prom, i think is firmware v2.5, am i rigth?

thanks for your help

I take a piece of aluminum foil and cut a square hole in it to make a heat shield. Then blast the prom with a heat gun while applying some prying pressure with a pick. Sucker pops right off every time without damaging pads.

Cut the bottom out of the prom socket and solder in place with a fine tip iron. A magnifier helps.

BTW, I'm not doing the sockets anymore. I just don't have enough time with my ever increasing job responsibilities.

I take a piece of aluminum foil and cut a square hole in it to make a heat shield. Then blast the prom with a heat gun while applying some prying pressure with a pick. Sucker pops right off every time without damaging pads.

Cut the bottom out of the prom socket and solder in place with a fine tip iron. A magnifier helps.

Sounds nice, can you be a bit more descriptive though? :D

Sounds nice, can you be a bit more descriptive though? :D

Not really, but here is a picture of the heat shield.

Sounds nice, can you be a bit more descriptive though? :D

I did the same thing as Sleeper...Literally cut a hole in a piece of alum. foil just large enough for the chip...Take either a pick or the smallest flathead screwdriver you have (kinda like the eyeglass kit ones) and insert under one of the corners...I chose to heat three sides of the chip and pry it up, leaving one row still attached...Then the last row is painless. BE conservative, its better to have to stop and start over than to lift pads.

Have fun :)

I chose to heat three sides of the chip and pry it up, leaving one row still attached...Then the last row is painless. BE conservative, its better to have to stop and start over than to lift pads.

I heat the whole chip EVENLY. You will feel/see it start to give. I don't necessairly agree with the stop and start over. Tourch the puppy until it pops right off. You will not damage the pads unless you really pry the chip real hard. Gentle pressure is all you need.

What kind of "heat gun" do you use? And how exactly did you apply the heat to the pins?

ChipQuik is so easy to use, I don't even bother with hot air on SMDs. The melting point is so low it makes removal of devices a breeze. All you have to do is get it on all the pins (make sure you use the flux) and then just keep going around the device with your iron a few times. The ChipQuik material retains heat for quite a while, so you can work it easily. After you've gone around the device a few times, you can literally just lift it off the board with almost no force, using either a small screwdriver or other implement (I use a precision awl that works well for this).

After you lift the device, remove as much of the ChipQuik as you can with a Q-Tip. The way to do this is to run the iron over the pads, then push all the material in one direction. The ChipQuik will "smoosh" right off of the pads under the pressure of the Q-Tip. Clean up any remainder with solder wick, and then remove all the crud from the flux with isopropyl alcohol and some more Q-Tips.

Use more flux on the pads (you can use the ChipQuik flux, if you want) and then solder on your socket. The additional flux will help immensely in soldering on the new part and helping to prevent solder bridges.

I don't like the idea of removing the bottom of the PLCC socket as some have suggested, mainly because it makes it easy to push the socketed part too far down into the socket. This makes for possible contact trouble and/or removal difficulty. It's not that hard to solder the socket correctly, and even if you melt a bit of the plastic, it's not going to hurt anything (just make sure there's no solder embedded in it).

I've done a zillion SMDs and sockets just this way, and it works very well.

-Pink

(I'll help you with your soldering technique if y'all will help me with my stupid hack questions!)

Since Kraven no longer has time to do the prom socket mod, is anyone else offering this service for a HD-Tivo?

I'm inclined to try this hardware mod on my own (It's only a $1000 unit, right? :) ), but I'm sure there are others out here too nervous to try modding their unit themselves.

I've done both of mine, no probs so far. Been running for close to a year now. I did use a SMD reworkstation. Took about an hour, from start to watching shows. I think its a cleaner/easier method then the monte. but them I'm more a hardware guy then software (at least when it comes to Linux)

Since Kraven no longer has time to do the prom socket mod, is anyone else offering this service for a HD-Tivo?

I'm inclined to try this hardware mod on my own (It's only a $1000 unit, right? :) ), but I'm sure there are others out here too nervous to try modding their unit themselves.

I would also be interested in having my prom socketed as surgery makes me squemish. PM me if interested.

I would also be interested in having my prom socketed as surgery makes me squemish. PM me if interested.

Same here. HR10-250

Me too! I have a HD 10-250 Tivo.

Ok, from the rumor mill Kraven has stopped doing them? If so, I'm game to pick up where he left off. Have SMD reworkstaion and not affraid to use it. :)

If Kraven is still doing them, I have *NO* intentions of stepping on his feet!!

I currently only have the SA-2's firmware. So for the Direct Tivo people, and the HD Tivo people I need at least links to the 'enhanced' firmwares.

need a cheap prom mod?

check out this thread (http://www.dealdatabase.com/forum/showthread.php?t=36610&page=1&pp=5) out & donate $25

Ok, from the rumor mill Kraven has stopped doing them? If so, I'm game to pick up where he left off. Have SMD reworkstaion and not affraid to use it. :)

If Kraven is still doing them, I have *NO* intentions of stepping on his feet!!

I currently only have the SA-2's firmware. So for the Direct Tivo people, and the HD Tivo people I need at least links to the 'enhanced' firmwares.
http://www.dealdatabase.com/forum/showpost.php?p=157268&postcount=55

I suppose the R10 need a prom hack also? Is anybody providing this service at this time (so I can ship my unit to be modified/returned).

Thanks

or wait about 6 months until there are enough people with 2.5's to make a sw exploit bounty feasable ;)

I am no longer offering any PROM services. Sorry.

I would love to take you up on your offer, but I guess the hack still does work with the R10 ...

I would love to take you up on your offer, but I guess the hack still does work with the R10 ...

I can definetly do a PROM mod on a R10. AFAIK, there are no software only options to upgrade those units now.

But the prom cannot be reprogrammed yet for the R10 right ?

But the prom cannot be reprogrammed yet for the R10 right ?

That is false, the PROM can be reprogrammed for the R10, but it requires you to desolder it from the motherboard, reprogram it in a chip programmer and then solder it back to the motherboard.

In case people have not seen so in the For Sale section of this board, I am now offering a PROM modification service with three options:

$40 - Simply reprogram PROM chip and solder it back onto the board (No socket)
$50 - Reprogram the PROM chip and install a standard PLCC32 socket onto the TiVo motherboard
$5 - purchase a preprogrammed hacked PROM chip, perfect for those who might have good soldering skills, but don't wish to pay $50 or more for a programmer


Please PM or e-mail me if you are interested.

Justin


Anyone gone this route?

Anyone gone this route?Justin's doing 1) for me on a 540 SA S2.5. I should have the box back next week. Ask me then if it works ;-)

jamie, just curious, why not option 2) for only $10 more?

ronny

jamie, just curious, why not option 2) for only $10 more? no particular reason. I'm assuming I'm unlikely to want to change the prom code again. Maybe that's foolish, but its a done deal now.

$5 - purchase a preprogrammed hacked PROM chip, perfect for those who might have good soldering skills, but don't wish to pay $50 or more for a programmerWhat series 2 DirecTivos is this prom good for? I have both HDVR2s and an SD-DVR40.

What series 2 DirecTivos is this prom good for? I have both HDVR2s and an SD-DVR40.

A PROM mod is not needed for those model units, use killhdinitrd instead.

A PROM modificiation/socket is only needed for the following models (IIRC):
* Tivo Model # TCD540040
* TiVo Model # TCD540080
* TiVo Model # TCD540140
* Humax T800
* Humax DRT400
* Humax DRT800
* Humax DRT2500
* Toshiba RS-TX20
* Toshiba RS-TX60
* DirecTV TiVo (Directivo) R10


Justin

A PROM mod is not needed for those model units, use killhdinitrd instead.
<snip>Thank you very much!

Unfortunetly I will not be offering my service until March for those interested as I will be traveling for three weeks next month for college music auditions. Sorry.

Thanks,
Justin

Received your email, thanks. Received the unit on Friday, came DOA.


Unfortunetly I will not be offering my service until March for those interested as I will be traveling for three weeks next month for college music auditions. Sorry.

Thanks,
Justin

I have an old Phillips HDR212 that I modified and it has served me well.

I never found a need to subscribe to the Tivo service and just used it for timed recordings on a daily/weekly basis. I loved it!

With hopes of upgrading to some newer technology,
I jumped in without doing my homework and bought a Humax DRT800.

It seems that I can't do timed recordings (daily/weekly) without subscribing to Tivo :eek:

I would like to do the prom upgrade to my DRT800 so I can add the extra software mods for telnet, ftping and web tivo.

In the end, is my DRT800 usless unless I subscribe to Tivo?
I am a little embarassed that I didn't do my homework before buying it :confused: :rolleyes:

It seems that I can't do timed recordings (daily/weekly) without subscribing to Tivo :eek:

Only (really old) Series 1 can do that. At that Time TIVO service was optional, and when TiVo service changed form optional to required, the old units were grandfathered.

The only way to get around the service these days, is to purchase a DVD unit, which has TiVo Basic for free (you have a 3-day guide, you have time-based recordings, but no season passes).

In the end, is my DRT800 usless unless I subscribe to Tivo?

pretty much. if you've got the skills to make it work your time is worth a lot more than the monthy fee...

http://www.tivo.com/2.1.4.asp
http://www.weaknees.com/burner_faq.php#compare

I think the reference to the SD-H400 is a mistake, as it is a (Series2.0) DVD player, not recorder. The RS-TX* recorders cost about $100 more than the DRT800, and include lifetime TiVo Basic service.

They might even get upgraded to 7.x someday. :rolleyes:

Has anyone had this done to their R10 unit and any pictures of the hack, any unforeseen side effects, good or bad?

Lastly and I've been reading lots of post both current and out of date and they all seam to waver on weather DTV is or isn't going to activate the HMO. Realistically will they ever do this or is the prom the only way to go?

Thanks for any information,
Robert

I want to place an order for a few of the SST39s from mouser.com - and also want to get the correct socket.

Here's the SST39 I'm looking at: http://www.mouser.com/index.cfm?handler=displayproduct&lstdispproductid=503799

But I have no idea what type of socket to buy - surface mount? through-the-board? low-profile? fine pitch?

What sockets have others bought?

Thanks!

Kevin

you want a surface mount PLCC32 socket, and your sst39 chip should also be plcc32

A PROM mod is not needed for those model units, use killhdinitrd instead.

A PROM modificiation/socket is only needed for the following models (IIRC):
* Tivo Model # TCD540040
* TiVo Model # TCD540080
* TiVo Model # TCD540140
* Humax DRT800
* Humax DRT2500
* Toshiba RS-TX20
* Toshiba RS-TX60


Justin

How about the Humax T800? Does this unit require a PROM mod, or can killhdinitrd be used instead?

How about the Humax T800? Does this unit require a PROM mod, or can killhdinitrd be used instead?

i updated the post above

I have an eprom programer (Wilem).
Can someone provide a modified prom image
test with for an S2 Dtivo?

I have the programmer, and plcc32 chip, what is the next step for prom-ing my r10? Thanks in advance.

I have a programmer and everything i need to socket my 50040 where can i get the prom image and or modz

So is anyone out there offering this service (flashing the promm on an R10)?

I have the new R10, like the speed, but bummed that I can't get network - telnet/ftp/tivoweb on it.

It it just easier to buy a Philips 708 and do the hacking myself -- or send my box to someone to have it promm'd?

Thanks,

Rick
R10 -- with an old Philips Series 1 sitting in the garage.

So is anyone out there offering this service (flashing the promm on an R10)?

Unfortunately no one. I even offered $50 for a R10 programmed promm several weeks ago. (just the chip, no need to install) without any takers on my offer

I have a programmer and everything i need to socket my 50040 where can i get the prom image and or modz

From a previous post by ADH about PROM Release 2.25:

These are the changes I made:

958c = 14830004 -> 14840004 (disable prom sha-160)
a4c0 = 1043000a -> 1042000a (disable kernel check)
9f88 = 0c771ac1 00000000 0440ff95 -> 0c771a83 00000000 24020000 (skip memchk)
8974 = 10400011 -> 00000000 (enable debug msgs)

(yadda yadda, 1201(f) notice goes here, don't violate any copyrights)

Note that the debug message hack isn't necessarily a good idea on an SA, since it will be transmitting "junk" on the serial cable box control line.


I made these changes on a TCD540 over the weekend and they work as advertised with PROM Release 2.25. Let me know if you need help beyond this. This week I plan on finishing documenting what I have done, and putting all of the utilities used into a bootable CD along with the documentation.



I even offered $50 for a R10 programmed promm several weeks ago. (just the chip, no need to install) without any takers on my offer

I bought extra PROMs and I am willing to sell what I have left. However, I don't know if PROM Release 2.25 will work in the R10.

There is an active conversation about resocketing series 2.5 over here (http://www.dealdatabase.com/forum/showthread.php?p=229598&posted=1#post229598)

Can anyone explain the type of heat gun used, I can imagine it was not a hair drier but a Thermal Gun. I have a Thermal Gun and it reaches Max 700F.

I understand you make a heat shield out of foil and apply heat until and mild presure to the chip until it pops off. Just curious about how long the thermal gun should be on the chip. I imagine it has a maximum storage temperature, probably a lot less than 700F.

Thanks,
Joe

Can anyone explain the type of heat gun used, I can imagine it was not a hair drier but a Thermal Gun. I have a Thermal Gun and it reaches Max 700F.

I understand you make a heat shield out of foil and apply heat until and mild presure to the chip until it pops off. Just curious about how long the thermal gun should be on the chip. I imagine it has a maximum storage temperature, probably a lot less than 700F.

Thanks,
Joe

A heat gun used for removing paint (Harbor Freight Tools has them this week for under $10.00) will do the job.

There's a story about a guy carrying a violin case who asked a policeman how to get to Cagnegie Hall. The policeman answered "Practice, practice, practice!"

Get some scrap pc boards and practice on them. Any computer repair place should have plenty of dead boards. The 'texture' of the solder will change when it melts. Only when this happens should you try to move the chip. 'Mild presure' (sic) will result in lifted traces, and 'weeping and gnashing of teeth'.

PlainBill

Can anyone explain the type of heat gun used, I can imagine it was not a hair drier but a Thermal Gun. I have a Thermal Gun and it reaches Max 700F.


From the PROM datasheet:


Absolute Maximum Stress Ratings
…
Surface Mount Solder Reflow Temperature:………”with-Pb” units: 240°C for 3 seconds
…

Well I completed the PROM Socketing without any problems.

I used a piece of foil with a hole cut enough to expose the PROM chip leads and applied a heat gun for about 45 seconds. You can see the solder change and that was my indication to pull it off. It did not stick at all.

I then knocked down the few solder bumps on the pads and tinned the socket ever so lightly.

I placed the socket over the pads and using my trusty fine point soldering iron (set at 750F) I pressed down from the top of each lead.

The next step was to verify isolation from adjacent pins with a multimeter. Two of the contacts had a brief low resistance but it appeared to be a capacitance item and I'm surprised I only found two of those. I suspect they were for power.

I plugged the original PROM back in and turned on the unit and it was operational. I was very please that not only did I install the socket properly but the PROM survived the heat.

I did install the new PROM but I got the flashing power light action. I was under the impression that I could drop the modded PROM in and it would run just fine but I think I'll go back and do some reading. I probably need to modify the files on the hard drive, after I create a backup of course and restore the image to a new 160 Gig drive.

The original PROM is back in the machine and my wife is telling me to leave it alone, so I will until next week. Should take that long to set a plan of attack for the software mods. My end goal is to share recordings between my two DTiVos. My other is a DVR40 that was hacked just after 6.2 came out. I ended up placing the original 6.2 on the drive after the last drive died.

Joe

The modified prom should work transparently. I mean, your TiVo would boot with either one. With the added benefit that you can hack the files on the TiVo if you have the hacked prom.

But other than that, the modded prom should let you use your TiVo even if you haven't modified any files on it.

The modified prom should work transparently. I mean, your TiVo would boot with either one. With the added benefit that you can hack the files on the TiVo if you have the hacked prom.

But other than that, the modded prom should let you use your TiVo even if you haven't modified any files on it.

Well I thought that too so I've been searching the threads and I didn't find anything that said it would run by it'self although looing at what the mods do I would thing it should run fine. I started thinking I needed to mod my drive files, specifically initrd and I was headed in that direction until I got your reply.

I will put the new modded PROM chip in tomorrow, right now the unit is recording SG1 and then some program for my wife.

Thanks for the feedback, saved me hours on the internet tonight.

Joe

Well. That's why we are here for. At least you showed initiative, and searched in the forums before asking a question blindly

OK all, I have done the mod and made an attempt at modifying the code to no avail. I have searched and searched around, but have yet to find the actual file to put back on as mine obviously does not work. Does ANYONE have the 2.25 bin file to program the SST PROM with for the TCD5400 series TiVo? Any sort of direction to a good file would help. I will be happy to post results. Is it bad form to ask for this file? It isnt illegal, is it? If it is, I am VERY sorry and embarrassed. If it isnt, then please send me a PM with the file and/or a link. Thanks in advance.

OK all, I have done the mod and made an attempt at modifying the code to no avail. I have searched and searched around, but have yet to find the actual file to put back on as mine obviously does not work. Does ANYONE have the 2.25 bin file to program the SST PROM with for the TCD5400 series TiVo? Any sort of direction to a good file would help. I will be happy to post results. Is it bad form to ask for this file? It isnt illegal, is it? If it is, I am VERY sorry and embarrassed. If it isnt, then please send me a PM with the file and/or a link. Thanks in advance.

Check here:

http://www.dealdatabase.com/forum/showpost.php?p=197867&postcount=1

Just wanted to say thanks to tbielawa for the prom upgrade kit.
With the knowledge I've gained here and TWC I was able to install the prom and hacks to get my R10 unit running with ftp, telnet, MVR, and TWP.

Thanks all.

I'd like to get a hacked prom for a directv r10 and install myself. You still producing these?

A PROM mod is not needed for those model units, use killhdinitrd instead.

A PROM modificiation/socket is only needed for the following models (IIRC):
* Tivo Model # TCD540040
* TiVo Model # TCD540080
* TiVo Model # TCD540140
* Humax T800
* Humax DRT400
* Humax DRT800
* Humax DRT2500
* Toshiba RS-TX20
* Toshiba RS-TX60
* DirecTV TiVo (Directivo) R10


Justin

I ditto solidblu's request. I sleepered my DirectTV S2 a couple years ago and would like to take advantage of some of the newer images. If no one is still doing this, then I would appreciate any other pointers that would help me get unmonte'ed and a bit more up to date...without comprimising the ability to execute hacks of course.

- bonafide

I ditto solidblu's request. I sleepered my DirectTV S2 a couple years ago and would like to take advantage of some of the newer images. If no one is still doing this, then I would appreciate any other pointers that would help me get unmonte'ed and a bit more up to date...without comprimising the ability to execute hacks of course.

- bonafide
Here (http://dealdatabase.com/forum/showthread.php?p=196162&postcount=3), then here (http://www.dealdatabase.com/forum/showthread.php?t=43599).

PlainBill

A PROM modificiation/socket is only needed for the following models (IIRC):
* Tivo Model # TCD540040
* TiVo Model # TCD540080
* TiVo Model # TCD540140
* Humax T800
* Humax DRT400
* Humax DRT800
* Humax DRT2500
* Toshiba RS-TX20
* Toshiba RS-TX60
* DirecTV TiVo (Directivo) R10

ok i am assumeing the tcd540040 still requires a prom mod..... does any one still offer the sockting service?

also im thinking about buying a 2nd tivo, is there a list of modle numbers that are beter then the rest, or mabee a list of model numbers to stay away from...... oviously the ones listed here requiring the prom mod, but other that are good or not good.

also im thinking about buying a 2nd tivo, is there a list of modle numbers that are beter then the rest, or mabee a list of model numbers to stay away from......

Since you mention the TCD540 (Series2.5 or nightlite model) I assume you mean standalone cableTV units. I'd personally recommend getting a decent used TCD240 model. These would specifically be TCD240040, TCD24004A, TCD240080, TCD24008A which are the common ones.

They're software moddable and seem to be fairly hardy. Be sure to get the remote control with it, too.

I've TCD540040... Need to hack and I need PROM MOD KIT.. GOT it PM Me...

Heeeeeeeeeeee Haaaaaaaaaaaaaaaaa

Hacked my TIVO Series 2.5 (TCD540040) with MOD PROM.....


Thanks ........... Everyone for the wonderful journey....

Where did you get the PROM kit and how much was it. I got the cursed TCD540040. Agh.... :(



EDIT: Git er done!!! I did mine today, and I didn't get burnt once.

I've got an R10 and am interested in purchasing a non-r10 prom. Plz msg me.

I have Series 2.5 (TCD540080), please email me at xxxxx anybody who can do the prom-socketing service.

Thanks.

EDT: I got the offer, thanks

I have a: TCD540040.

Anyone still doing the PROM socket service?

PM please


Matt

good program

Anyone in NYC who could do the prom-socketing service for a Toshiba rs-tx20?

Anyone offering Prom socket Mod service for a Humax DRT400 please PM me

Ive got one of dem TCD540040 boxes modded with a 2nd 120GB HDD via MFStools, but now that my initial 1month's worth of trial TV guide ran out, I got no abilty to use the box in any way shape or form. Would the modded prom allow me to use the box again? (even for just manual recordings)?
It sucks having a $99 TIVO boat anchor

PROM modding just allows you to add your own software without being overwritten by the initrd process.

To continue to get Tivo service, you need a subscription like the rest of us.

I've TCD540040... Need to hack and I need PROM MOD KIT..

could you please help and PM me.

Thanks

or wait about 6 months until there are enough people with 2.5's to make a sw exploit bounty feasable ;)

I for one would be willing to cough up some dough for this. Any plans for it in the near future?

I think everybody's holding their breath waiting to see what the cablecard-hd-s3's look like

Not directly TiVo-related, but I'm guessing someone can help me out and maybe some future hackers out at the same time...

Any suggestions on a decent surface mount rework station for prototyping and custom development? Most of my soldering revolves around art projects and I've started getting into embedded controllers and making my own PC boards. I'd love to be able to "borrow" chips and re-use them on my boards or socket chips that I'm worried I might fry on hardware that I'm experimenting with.

eBay is full of things that look pretty impressive to me, but I don't know which ones are crap and which ones are fine for occasional use.

thx.

Anybody offering a modded PROM (and a socket if you have one)? TCD 540... I can do the installation here but I have no access to a programmer. Please PM me. Thanks!

Can someone PM me with info on Prom Mod services?
Thank You

--

Is anybody doing PROM modding?? Preferably in the Los Angeles area. Please PM me.

Want to add another hard drive and also transfer recordings to PC. I have a DTV Tivo R10, TSN=521-0001 (Is that series 2 or 2.5?).

I’ve also got an R10 but I want to do the mod myself. I can get access to a burner (it would take some time ) and can do the socketing also.

I have a few questions:

1) The chip: I’ve seen some people reference this one:
SST39LF010
And some this one:
AM29LV010B-70JC (AMD)
So, which is the preferred? I’ve seen more references to the SST, but some recent posts about the AMD.

2) Alternate burning process?
Some of the messages and other threads that I’ve read seem to hint that there is a way of burning a new chip while it’s in the unit. Do you simply boot from the existing prom and pop the new one in (system running, this sounds dangerous?), and login via serial port? If so, can someone point me to the code that I would need to run? Can this be done on the R10, or do I need an older model to support this?
If this were to be done without the burner, I would need an image, and the only one I can find is this one:

http://www.dealdatabase.com/forum/attachment.php?attachmentid=4129&d=1102223963

This appears to be for the standalone, not the Dtivo,

This looks like the right flash utility correct?
http://www.dealdatabase.com/forum/attachment.php?attachmentid=1703&d=1055428577

3) The tbielawa Kit:
It seems that tbielawa has done some excellent work putting this kit together. If so, would someone mind PMing a link to me? If this is taboo, please accept my apologies but it seems like a waste :o .


Thanks for your help,

Mark

Probably a dumb question but here goes:

After I soldered the socket in and cleaned up a bit, was testing with an analog multimeter - got a little confused. If I'm checking adjacent (next to each other) points, there should be infinite resistance, i.e, the needle shouldn't move? And if the needle moves to 0 ohms, that means there is continuity b/w the pins (this is bad?) and I have a short/bad joint/bridge which needs correcting? Or do I have this backwards? Do I want 0 ohms or infinite resistance (no needle movement) between the points? Most adjacent points have infinite resistance; a couple have 0 ohms and 1 is in the middle...

Related question(s)

1. Do I need to have a replace_initrd kernel in place for the tivo to boot or will it boot the mod chip w/ stock kernel?

2. Also, assuming I didn't fry my original chip, could I stick that in the socket and boot up stock - or would that not work?

I'm just thinking in terms of testing and diagnosing problems, I would like to test boot the machine before I make kernel changes, etc., making things more difficult to troubleshoot. Basically, I just want to make sure my socket solder job is OK before I go ahead and make kernel/script changes.

Mr ScanMan

While some connections would read infinty, some may not. This is only going to depend on the components in the circuit between the pins.

I don't have all my parts yet but like you suggest, I plan to use the existing package to test the socket installation. This should give you a good idea if you were sucsessful or not. You may want to use a lupe or magnifier to inspect each pin.

I believe that the unit will boot with the modded chip and no further modifications.

Probably a dumb question but here goes:

After I soldered the socket in and cleaned up a bit, was testing with an analog multimeter - got a little confused. If I'm checking adjacent (next to each other) points, there should be infinite resistance, i.e, the needle shouldn't move? And if the needle moves to 0 ohms, that means there is continuity b/w the pins (this is bad?) and I have a short/bad joint/bridge which needs correcting? Or do I have this backwards? Do I want 0 ohms or infinite resistance (no needle movement) between the points? Most adjacent points have infinite resistance; a couple have 0 ohms and 1 is in the middle...

Related question(s)

1. Do I need to have a replace_initrd kernel in place for the tivo to boot or will it boot the mod chip w/ stock kernel?

2. Also, assuming I didn't fry my original chip, could I stick that in the socket and boot up stock - or would that not work?

I'm just thinking in terms of testing and diagnosing problems, I would like to test boot the machine before I make kernel changes, etc., making things more difficult to troubleshoot. Basically, I just want to make sure my socket solder job is OK before I go ahead and make kernel/script changes.

I'm just thinking in terms of testing and diagnosing problems, I would like to test boot the machine before I make kernel changes, etc., making things more difficult to troubleshoot. Basically, I just want to make sure my socket solder job is OK before I go ahead and make kernel/script changes.

The volt meter could read anything, depending on what components are in the path between the pins.

Here is what I did when I added the socket to my Tivo:

1. Used a good magnifying glass to check for solder bridges (found one) and cold joints.
2. Place the original chip in the socket. Tivo should boot. If not, recheck for bridges and cold joints. (or you fried the chip during removal.)
3. Place the modified chip in the socket. Tivo should boot. If not and you got past step 2, then there is a problem with the programing of the new chip.
4. Hack as desired.

Use a BIG magnifying glass and take your time with the soldering job.

Good luck, hope it works the first time.:)

Vegas

1. Do I need to have a replace_initrd kernel in place for the tivo to boot or will it boot the mod chip w/ stock kernel?
I think it will boot, but it will nuke your hacks. Might as well try a replace_initrd kernel anyway.
2. Also, assuming I didn't fry my original chip, could I stick that in the socket and boot up stock - or would that not work?
That should work fine.

Since you mention the TCD540 (Series2.5 or nightlite model) I assume you mean standalone cableTV units. I'd personally recommend getting a decent used TCD240 model. These would specifically be TCD240040, TCD24004A, TCD240080, TCD24008A which are the common ones.

They're software moddable and seem to be fairly hardy. Be sure to get the remote control with it, too.

I have a 540, 40GB model that I hacked to put in a 120GB drive but It seems like these puppies are going to take some time before they can be software hackable. I wouldn't mind sending it off for sombody to do the PROM mod but it appears nobody is doing it anymore. So here is my question, since I have a lifetime subscription, is that sub married to my 540 model? Or can I transfer that lifetime sub to a 240 model that I can find on fleabay? Thanks

I have a 540, 40GB model that I hacked to put in a 120GB drive but It seems like these puppies are going to take some time before they can be software hackable. I wouldn't mind sending it off for sombody to do the PROM mod but it appears nobody is doing it anymore.Check the for sale/trade forum. Someone posted there recently offering prom mod services.So here is my question, since I have a lifetime subscription, is that sub married to my 540 model? Or can I transfer that lifetime sub to a 240 model that I can find on fleabay? ThanksIt's tied to your TSN. You can't transfer it, with a very few exceptions.

Ok, thanks for the tip on the PROM service.

Let me prefrace this next question by reiterating that I do have a lifetime sub to tivo. I can't help but be curious about the following question. If you can hack a series-2 which has internet functionality (and perhaps series 1 does as well), then why do you need a subscription at all? If you have full control over the tivo, and all you need is the guide info I would be very surprised if that information was not freely available. Even if the Tivo guide servers had some sort of subscription check before allowing access, surely that check could be fooled with full access to the box or worst-case this information could be intercepted and made public by those like me who do have paid access. Is there more to tivo beyond the hardware than Im not giving it credit for?

Let me prefrace this next question by reiterating that I do have a lifetime sub to tivo. I can't help but be curious about the following question. If you can hack a series-2 which has internet functionality (and perhaps series 1 does as well), then why do you need a subscription at all? If you have full control over the tivo, and all you need is the guide info I would be very surprised if that information was not freely available. Even if the Tivo guide servers had some sort of subscription check before allowing access, surely that check could be fooled with full access to the box or worst-case this information could be intercepted and made public by those like me who do have paid access. Is there more to tivo beyond the hardware than Im not giving it credit for?
Dunno, but as this is not a permitted subject you'll need to go elsewhere to explore it.

I’ve got two R-10’s and have read through all of the threads eagerly looking for as much information that I could absorb on the process. I felt that since I was going to do two of them that it was worthwhile buying a Willem programmer and doing it right.

As usual, I ordered more than enough SST-39s and have extras. I don’t want to make any money at this and just want to give back to the forum that helped me get started in this endeavor. If you are interested, PM me, you can pay for the chip, socket and postage.

Understand that If you want to socket the board yourself, it can be done with practice, ChipQuik (for removal) and the right soldering technique (I've been practicing). If you don’t know which end of the soldering iron to pick up :confused: :D, this project might not be for you to attempt personally, but I do know that there are folks offering this as a service. Also, your local EE should be able to help out or point you to the right person.

I’ve already tested the new programmer and it seems to be in working order. I’m looking forward to this weekend when I can spend some time working on socketing and replacement.

One question I do have: Has anyone managed to get 6.2 running on an R10? I'm thinking about trying AlphaWolf's 62small.mfs.

Thanks,

Mark

One question I do have: Has anyone managed to get 6.2 running on an R10? I'm thinking about trying AlphaWolf's 62small.mfs.
Unlikely. Series 2.5's have different hardware, and therefore different kernel and kernel modules. It might be you could get a Frankenstein version of 6.2 (e.g. 6.2. with 6.1 kernel and modules), but it is not clear to me why you would want to go that route. Are there things you can do with 6.2 that don't work in 6.1?

AFAIK 6.1 is practically identical to 6.2. Except one is for R10's, the other for the rest of them

Unlikely. Series 2.5's have different hardware, and therefore different kernel and kernel modules. It might be you could get a Frankenstein version of 6.2 (e.g. 6.2. with 6.1 kernel and modules), but it is not clear to me why you would want to go that route. Are there things you can do with 6.2 that don't work in 6.1?

Point taken, For some reason I thought that 6.2 enabled some of the newer features like HMO... After checking around these features are only available natively in the SA. Thanks for straightening me out.

Mark

Point taken, For some reason I thought that 6.2 enabled some of the newer features like HMO... After checking around these features are only available natively in the SA. Thanks for straightening me out.

MarkActually HMO is available in both 6.2 and 6.1 with the superpatch. It's HME that is SA only.

Actually HMO is available in both 6.2 and 6.1 with the superpatch. It's HME that is SA only.

Thanks Jamie, it's all starting to fall into place.

Mark

So after some trial and error on an old motherboard, I’ve got some advice for those who wish to replace the PROM chip with a socket. Some of this advice is stated elsewhere in this thread by various people, I’m just letting you know what worked for me. I’ve been working on small electronics projects off and on for many years but am by no means a professional with a soldering iron.

I’ve managed to remove and re-install several sockets on the same motherboard and same pads with increasing quality and speed every time I do this.

Removal:
When removing the old chip, use Chipquick (http://www.chipquick.com). It has been discussed on this forum (thanks AlphaWolf) and uses an alloy to lower the melting point of the solder. This makes the removal of SMDs and thru-hole devices quite easy. You can order it from their website but if you have a Fry’s Electronics nearby, you can pick this up for about half what you would from the website (including shipping). This is probably the most important piece of advice about chip removal that I can offer. Without it, don’t even try unless you do SMD re-work for a living.

The soldering iron that you use for removal should be different (or at least a different tip) than the one that you use to replace the socket. For removal, I used my trusty Snap-On butane iron with a chisel tip. The wider the tip for removal, the better.

If you have to use solder braid for removal at any point, make sure that you coat it in flux first. This seems to speed the heat transfer and minimizes damage.

Speaking of flux, this is one thing that you can’t have too much of. Chipquick comes with a hypodermic filled with liquid flux. It also works well for the installation portion of the project. Mouser sells a flux pen that is also supposed to be good for this purpose.

Socketing:
Without the right iron, this can be quite tricky. I played around with different configurations and ended up buying a new Velleman 50W variable temperature soldering station. What’s surprising about this iron aside from the $20 price tag is that it works extremely well. I talked to the salesperson before I bought mine and he told me that the manufacturer was reputable for finding good tool designs and mass-manufacturing them to hit the low price point. I’ve found these on ebay under model number VTSS5U for about the same price including shipping.

The thing about the iron for this part of the job is just the opposite of removal. You need a very fine tip in order to minimize (or eliminate) collateral damage. You should be able to hit each pad one at a time.

BDMICRO (http://www.bdmicro.com/smt/) has a video of someone that has a serious technique, click on the first image for the video. :eek:

In my opinion, there are only 32 pins and they are on the inside of a socket, the best approach here is to hit each and every pin one at a time. rather than trying to zip across them.

I’ve read that you are better off with a small diameter solder. I’m currently using .035” which is the smallest that I’ve been able to find locally. It seems that .015” might be better for this.

The surface mount PLCC32 socket will normally come with a plastic bottom like the one shown:

http://vvsoft.fi/cm/prodpic180/PLCC32_Socket_SMD.jpg

It’s been said on this forum that it’s hard enough reaching the pins with the extra plastic in the way and you should trim out the bottom piece and I agree that it should be removed. I found that it’s much easier just to knock out the plastic by putting the socket upside down on a flat surface, placing a small screwdriver in the center and knocking it out in one blow.

After I got started on this project, I found this on Engadget: How-To: Make a surface mount soldering iron (http://www.engadget.com/2006/03/07/how-to-make-a-surface-mount-soldering-iron/). Not quite sure how well it works. Looks interesting :rolleyes:

Hope this helps,

Mark

So im very interested in getting my series 2.5/nightlight PROM modded either by services here or a local electronics store. In either case, my question is once its modded, what directions do I follow in order to "hack" it? A link would be much appreciated.

Are there any compatability issues between the directions I should follow and the fact that this a series 2.5?

Finally, will doing this make it so that further updates/upgrades from Tivo will no longer work? I guess if worse comes to worse I can always put back the original PROM.

Thanks

Edited to prevent confusion and fustration this post has been mmmmh?

Mark

Once you start modding your box, you should no longer let it phone home as this may hose up your unit, undo your changes, alert D* that you are creative, cause your tivo to start recording random episodes of Matlock, or any combination of the above.This particular bit of advice is applicable to dtivo's, but not SA tivos. SA's must call in to tivo, unless you have some other way to get keys, certs + guide data.

This particular bit of advice is applicable to dtivo's, but not SA tivos. SA's must call in to tivo, unless you have some other way to get keys, certs + guide data.

My bad, I thought he was talking about a dTivo, not an SA.

Once the PROM is modified the easiest thing to do is to change out the Kernel with one available at PTVupgrade.com ($5 for the CD). Then you can make whatever changes that you want. Is that right? I always thought that a PROM-modded Tivo required a kernel that's had initrd neutered via replace_initrd or somesuch and not one of the killhdinitrd'd kernels. But I've never had one, so maybe I am misremembering.

(It is at this point in our story that Jamie will waltz in, correct all of Chris's erroneous statements, educate thousands, and then wander off and produce another ty-ffmpeg patch as he assists bcc.)

Is that right? I always thought that a PROM-modded Tivo required a kernel that's had initrd neutered via replace_initrd or somesuch and not one of the killhdinitrd'd kernels. But I've never had one, so maybe I am misremembering.

(It is at this point in our story that Jamie will waltz in, correct all of Chris's erroneous statements, educate thousands, and then wander off and produce another ty-ffmpeg patch as he assists bcc.)No, you're right. I missed that. AFAIK, none of the S2 kernels on the ptvupgrade disk will work on a S2.5. The best bet is a custom built kernel (see this (http://www.dealdatabase.com/forum/showthread.php?t=46361)) or the stock kernel that has had the initrd replaced with replace_initrd. The nice thing about a prom mod is that you don't have to mointe to run a custom kernel.

Sorry about not clairifying that I indeed do have a Stand Alone 2.5 unit. I'll definitely read more about the replace_initrd method. As for not allowing tivo to phone home, Ive actually networked Tivo to my Linux firewall via a USB wireless adapter and it gets its guide data through the internet. I'm hoping that I can still continue to do this. I have already done the harddrive upgrade from 40Gb to 120gb but im pretty sure this is a non-issue as far as PROM modding goes.

Ive actually networked Tivo to my Linux firewall via a USB wireless adapter and it gets its guide data through the internet. I'm hoping that I can still continue to do this.Yep, sure can!I have already done the harddrive upgrade from 40Gb to 120gb but im pretty sure this is a non-issue as far as PROM modding goes.Yep, sure is!

No, you're right. I missed that. AFAIK, none of the S2 kernels on the ptvupgrade disk will work on a S2.5. The best bet is a custom built kernel (see this (http://www.dealdatabase.com/forum/showthread.php?t=46361)) or the stock kernel that has had the initrd replaced with replace_initrd. The nice thing about a prom mod is that you don't have to mointe to run a custom kernel.

http://www.ptvupgrade.com/products/software/lba48/index.html

This link says that the LBA48 CD supports Series 2 including the following models:

[
Pioneer 810H and 57H DVR with DVD
Toshiba RS/TX models with DVD
TiVo Series2 TCD540 Models (the newest Series2 standalone units)
HUMAX Series2 standalone units
DirecTV/Hughes HR10-250 DVR with HDTV
DirecTV R10 (the newest Series2 DirecTV systems edit:6/30/06 File system is supported but the 6.1 kernel is not
Any Series2 Standalone Unit running version 7.X or newer of the TiVo OS
Any Series2 DirecTV Unit running version 6.X or newer of the TiVo OS


I've not tried it yet but I was planning on it this weekend.

Mark

http://www.ptvupgrade.com/products/software/lba48/index.html

This link says that the LBA48 CD supports Series 2 including the following models:

[
Pioneer 810H and 57H DVR with DVD
Toshiba RS/TX models with DVD
TiVo Series2 TCD540 Models (the newest Series2 standalone units)
HUMAX Series2 standalone units
DirecTV/Hughes HR10-250 DVR with HDTV
DirecTV R10 (the newest Series2 DirecTV systems
Any Series2 Standalone Unit running version 7.X or newer of the TiVo OS
Any Series2 DirecTV Unit running version 6.X or newer of the TiVo OS


I've not tried it yet but I was planning on it this weekend.

Mark
Yes, the boot CD will work just fine. That is not the same thing as saying it has a compatible kernel included.

I'm interested in an R10 PROM if someone is interested in selling me one. Plz PM.

Dave

Yes, the boot CD will work just fine. That is not the same thing as saying it has a compatible kernel included.

Ouch, I bought the LBA48 CD thinking that it had the 6.1 kernel on it just looking at the page I referenced above :mad:

I did manage to update a Philips DSR-704 with kernel 3.1.5 so it was not a total loss.

Just for reference, here are the S2 kernels that are included on the LBA48 CD:

3.1.1C
3.1.5
4.0.1A
7.2.2

Thanks for the note.

Mark

After Getting a new R10 from DirecTV Tonight, my old RCA DVR80 Died.
I read several posts, including this one, looking for a way to get my HMO back up and running. Now I feel a bit lost.
Is there a way to add Telnet, FTP, MFS_FTP, and tivo web to my system without moding the prom?
Seems Monte might be the way. correct?
If I must go the Prom route could someone point me in the direction of some more detailed directions and maybe even a copy of the moded prom code.
I have the skills to do the soldering so all I need is direction to locate the correct chip to remove and the code that need to be applied.

Thanks,
Rap

You WILL need to flash the prom to add all those things, no software hack for Series2.5s.

I don't have a link/know any search terms you should use because I never looked into it but I know the code/info you need to flash your prom is here at ddb.

Cheer, PlainBill, Jamie,etc should be able to find a link or give you some terms.


Also, are you sure you have a compatible programmer for the PROM?

A Willem is usually what I see recommended around here.

Drez,
Thanks for the info.
I will wait on links or terms from the senior members.
Compatable Programer. Nope I will have to buy one along with the chip and scoket.

Rap

I will wait on links or terms from the senior members.Why don't you try searching? If you did you might have found this (http://www.dealdatabase.com/forum/showthread.php?p=257650&highlight=r10+prom+mod#post257650) post (hint it's right in this thread - you might want to read the "Prom Socketing" thread before you actually do it :)). Just using the search term "r10 prom mod" would have led to this (http://www.dealdatabase.com/forum/showthread.php?t=36801&highlight=r10+prom+mod) gem as well...you've got some searching and reading to do!!!

Why don't you try searching?
I did just didn't seem to get the right combo of terms.
Searching is how I found the tread we are in now.

You might want to read the "Prom Socketing" thread before you actually do it :)). Just using the search term "r10 prom mod" would have led to this gem as well...you've got some searching and reading to do!!!
Thanks for the Help.
I found the first Post. Thanks for clearing up that the prom there is also for the R10.
The second post I did not find and will read in its' entirety before I make any changes.

Thanks Again,
Rap

I just did my R10 and used the 'Piggy-Back' method of stacking the new PROM over the OLD one, from what I have read lots of people have damaged or destroyed their boards from trying to remove the old PROM but most people do have the skills to do the soldering. This method may provide a solution for them.

I have attached a Step-by-Step How-to describing how to do it.
I hope it helps!
Jmayes

I just did my R10 and used the 'Piggy-Back' method of stacking the new PROM over the OLD one, from what I have read lots of people have damaged or destroyed their boards from trying to remove the old PROM but most people do have the skills to do the soldering. This method may provide a solution for them.

I have attached a Step-by-Step How-to describing how to do it.
I hope it helps!
Jmayes

Nice work. I can appreciate this as removing the old chip can cause some tense :eek: moments. I've found that using ChipQuik as AlphaWolf has pointed out does work well though.

Noticed that you are using the 2MB 90ns chip. I was wondering if the larger chips would work.

Mark

I just did my R10 and used the 'Piggy-Back' method of stacking the new PROM over the OLD one, from what I have read lots of people have damaged or destroyed their boards from trying to remove the old PROM but most people do have the skills to do the soldering. This method may provide a solution for them.

I have attached a Step-by-Step How-to describing how to do it.
I hope it helps!
JmayesInstead of your method, have you tried soldering 2 low-profile surface-mount PLCC sockets back to back?

You would still have to modify the pin 24 connection, but I would think that this would work.

Yes, the larger chips work just fine, that 2m chip was the only one I could find on the fly that fit the bill, since it's a double size chip I load the program twice (back-to-back) which allows the extra address pin to be high or low and things still work. I measured it to be low in the tivo but just to be safe I loaded the pgm twice.


I like the back-to-back socket idea! That could even be a item that could be sold to people with limited soldering skills. I will expore that idea. I did solder a socket piggy-back to the first unit I did and found it was extreamly hard to get up under the lip of the socket to do the soldering so I decided that job was not for the Nubies at all but the double socket idea just might work, will report back on that one.

Jmayes

As I said before I love the idea of the back-to-back socket method, it will allow even a novice to upgrade their TIVO with only one trace cut and one solder connection. I spent today making up a few proto-types of the back-to-back socket assembly and drew up some instructions for building it and installation.

I did run into some issues, first- the socket used on the bottom needs to have it’s notch dug-out, using it backwards and upside down leaves the notch on the wrong corner and it won’t fit over the original prom with out the modification. 2nd, I built two proto’s today, it turns out one would not work at all, the socket fit very loose over the original prom as it was a higher profile type, thankfully the 2nd one fit tight and worked great so you will need to test the socket you choose carefully, not all of them work.

Here are the full instructions,
Enjoy- Tivo Community,
Jmayes:)

Even though I don't have a Series 2.5, I'm grateful you've taken the time to outline your approach.

I actually feel I can do the piggyback method if I ever need to (if S2s ever become scarce)... I don't think I would have ever been confident enough to do actual soldering/send it off to anyone.

Good job! My only suggestion - list the socket brand that works, and the one that didn't fit tight.

PlainBill

I Will post the info on the sockets as soon as I can.


Enjoy,
JM
;)

Jmayes, very cool!

It looks like this Mill-Max socket from Digikey (Digikey part number# ED80009-ND) should work nicely.

You can read about it here: http://dkc3.digikey.com/PDF/T062/0333.pdf

Good info. I've been wondering why nobody has tried this before. Something else that might be worth looking into as a community project would be to identify a software exploit, no matter how obscure or difficult to pull off, that would allow arbitrary code execution.

Then add a switch to be able to switch to the new prom after the tivo has already booted, and then do an in-circuit flash.

:cool: A switch is no problem, just toggle the OE signal between the two proms with 1k pull-up resistors installed to each, I will post a hookup diagram when I get some time. I am on the road until Monday so I won't be able to do any quality work until then.

The rom is read one time on boot then there is no activity so making the switch will not cause any trouble, if the 37x original prom can be flashed then my socket jig would only be needed to do the first-hack-boot then flash the original prom then no additional prom would be needed any more. Many people say the 37x can't be in-circuit programmed but the datasheet says is can so this might be a feasible thing to try.


Also I looked at the sockets I used under the microscope today, no markings at all to tell who's they are, I can only tell you that they came from old motherboards so they are Taiwan or China made, we will have to order samples from a few manf's to figure out which sockets will work. The ones that work for sure are the lowest profile kind that the chip actually sticks out a little (when used correctly). If the chip goes into the socket and ends up lower then the sides of the socket then it will not work.


Hope that all helps!
Jmayes

nice pics jmayes


Good info. I've been wondering why nobody has tried this before.
oh, I imagine a couple of people have... (http://www.dealdatabase.com/forum/showthread.php?t=49499&highlight=modchip)
at this point you're very close to being able to implement a clip-on modchip


Something else that might be worth looking into as a community project would be to identify a software exploit, no matter how obscure or difficult to pull off, that would allow arbitrary code execution.
Then add a switch to be able to switch to the new prom after the tivo has already booted, and then do an in-circuit flash.
er, if you can switch between mb & clip on proms why flash at all?

as for sw explolits, see the modchip thread (http://www.dealdatabase.com/forum/showthread.php?t=49499&highlight=modchip) for why they're kept quiet


it's possible to flash 37's in-circuit but it's hazardous to mb health. if you're willing to cut a trace or three then that's not an issue



if memory serves the whole piggyback-flash process can be this simple

cut 4 pins (or traces)

piggyback modded prom

boot tivo with flashing utils

switch to mb prom, apply erase voltage, flash prom & verify

reboot to double check mb prom

remove piggyback prom & restore original pins


with a prepped disk image, piggyback clip and tools the whole process is less than 10 mins (which is why I don't think it's worth antagonizing TiVo by offering *****-friendly modchips)

Sonicos was offering to perform prom replacements in the "for sale" section however he has been less than responsive. I was all set to send him my 540's to be upgraded and asked him a couple of questions prior to shipping and I haven't heard from him since 7/7/06. Nonetheless, I didn't send my tivos to him. Is there anyone offering legit prom modding?

Where is the program to flash on the new chips? Or can I buy preprogrammed chips?

Does anyone know if the AMD eeprom Am29LV040B-120JD would work for the R10 DTivo? I have 2 of these and the eeprom in my R10 is currently the SST 37VF010 70-3C-NH.

Thanks.

I know the AMD AM29LV010B-70JC will work but not sure about the Am29LV040B-120JD although I can't see why not. They are basicly the same chip but the 40B has 4 megabytes of memory vs. the 1 megabyte in the 10B and is a lot faster @ 120nS vs. 70nS.

The one thing I question is the "D" at the end. This is unknown to me....
"C" indicates commercial, "I" industrial and "E" extended. What "D" means might be found by reading the data sheet for that chip.

In any event, if your unit has a socket, go for it. You can always reinsert the old chip if it doesn't boot. Maybe someone else on the forum can explain the "D" designation

Wouldn't 120ns be SLOWER than 70ns?

According to the data sheet here (http://download.siliconexpert.com/pdfs/2005/08/09/semi_ap/1/amd/flash%20memory/21354e2.pdf) the "D" designation is commercial with a Pb-free package. Can't help with compatability though, I've only used SST37's & 39's.

my bad, guess age is getting to me, - faster @ 70nS vs. 120nS

My tests are showing that 120ns chips will NOT work, could be just me but I ordered some 29bv10-120s and no joy, the only thing I can figure out is that 120ns is too slow, by the spec they should work otherwise.

Still looking for low-cost blanks, anyone know some that digikey carries?

JM

IIRC, others have found Mouser Electronics (www.mouser.com) has a good supply of the parts.

PlainBill

Many thanks to the member who sent me a flashed PROM and socket!

I found a local place that removed the old PROM and soldered in a new socket for $25 with a couple hours' turnaround time.

I followed the instructions to hack the kernel and replace the initrd. When I boot, it goes into a "Welcome" screen loop, never getting past it. Serial output just shows a couple of random characters before it reboots.

I put the original PROM and drive back in, and it boots up fine, so I know it's not the soldering job. Is the new PROM not working? Or did I mess something up in the kernel patch?

Try the hacked drive with the original Prom and see if it boots up....

Try the hacked drive with the original Prom and see if it boots up....
I put the original PROM and drive back in, and it boots up fine, so I know it's not the soldering job.
Sure sounds like the new PROM is suspect.

Still looking for low-cost blanks

W