PDA

View Full Version : Prom & Software versions..



milhouse
09-12-2001, 10:37 AM
I thought it might be useful to start a thread discussing Prom versions versus software. I am guessing that there are 3 locations in the unit where software resides. Please correct me if I am wrong.

Disk - The Tivo software
Prom - Initial loader for the Linux/tivo software
Flash - Directv, low level, tuner software

We know that a 2.0.1 prom will not work with 2.5. Has anyone had any success mixing other prom versions with other software versions?

Has anyone been able to mount the TiVoProm.bin as a rom file system.

Do we know if 2.5 does a flash upgrade as well?

Milhouse.

KRavEN
09-12-2001, 11:40 AM
Okay, I've done quite a bit of experimentation with this.

There are 4 prom versions that I have been able to get for the DTivo.

1.84b, 1.01, 2.03, and 2.05.

1.84b does not support dual tuners and looks more like a SA prom. It does not load the ramdisk. It will work with 2.0 and 2.0.1, but you must edit the rc.sysinit becasue it will cause the kernel to panic when the irprog program is run. With 2.5, it does not work correctlly because it does not support the dual tuners.

1.01 is the prom that is located in the prom directory on the 2.0 software. It does kernel checking and loads the ramdisk. It also supports the dual tuners and the beta version of 2.5 will work with it. I don't have the final 2.5 yet.

2.03 and 2.05 seem to be very similar. I have found no differences in the boot menu on either of these. They both work just fine with 2.0, 2.01, and the beta 2.5 that I have. They both do kernel checking and load the ramdisk. They also both support dual tuners.

milhouse
09-12-2001, 11:50 AM
KRavEN, have you been able to:

- re-write the prom in you Dtivo?
- Get 2.5beta working on a hacked Dtivo?

From reviewing the rc.sysinit it looks like writing to the prom is no big deal.

Milhouse.

KRavEN
09-12-2001, 11:58 AM
no, its no bigdeal at all "getprom -Update prom.bin"

The getprom on 2.0 will not write the 2.03 or 2.05 proms, but you can get the getprom from 2.5 and it will.

2.5 beta works on my DTivo, but I still have not been able to get a bash prompt from it unless I use the 1.84b prom, comment out the irprog portion of the rc.sysinit, and add handcraft=true to the bootparams. Myworld will crash if started and cause the box to reboot. This is because the module that loads the tuner will not load correctly becasue the prom does not support dual tuners.

milhouse
09-12-2001, 12:10 PM
How about 1.84b prom with 2.0.1-011 software. This would eliminate the need to chattr +i on everything you add and change.

Milhouse.

KRavEN
09-12-2001, 12:12 PM
True, it works fine with that version, just make sure to comment out the irprog portion in the rc.sysinit.

milhouse
09-12-2001, 12:27 PM
Have you tried diss-assembling the Prom. I loaded 2.0.1 into IDA and can't find a starting point. I can pick out all kinds of "Hashing kernal" messages but that is about it. Do you think the prom is mountable a a rom file system?

Milhouse.

KRavEN
09-12-2001, 01:37 PM
No it's not mountable. It's basically a binary that enables the box to boot at a hardware level and stores hardware configuration information. It's pretty similar to a bios on a PC.


As far as dis-assembling it, I'm sure that would be very difficult and I don't have the knowledge of the powerpc platform to attempt it.

surgeon
09-12-2001, 09:38 PM
KRavEN,

Please help me understand a little better what's going on with the various proms and the file checking...

First point of my confusion is the "kernel checking" by the prom and the "file checking" by the software loaded into the initial ramdisk. It's my understanding that under Linux there are two seperate files, the "kernel" and the bin image of a ramdisk processed as the "initrd"? Is this the case on the TiVo and, if so, doesn't the prom load the kernel and then the kernel itself load-then-transfer to the "initrd" image?

Second, can't the "initrd" image be mounted under Linux as a loopback device as one could examine the files it contains?

Thanks
-Surgeon-

gman
09-18-2001, 09:13 AM
Is there an easy way to tell what prom version is currently running on a box?

KRavEN
09-18-2001, 11:21 AM
Originally posted by surgeon
KRavEN,

Please help me understand a little better what's going on with the various proms and the file checking...

First point of my confusion is the "kernel checking" by the prom and the "file checking" by the software loaded into the initial ramdisk. It's my understanding that under Linux there are two seperate files, the "kernel" and the bin image of a ramdisk processed as the "initrd"? Is this the case on the TiVo and, if so, doesn't the prom load the kernel and then the kernel itself load-then-transfer to the "initrd" image?

Second, can't the "initrd" image be mounted under Linux as a loopback device as one could examine the files it contains?

Thanks
-Surgeon-

Basically the process goes like this for 2.5:

Prom boots, does a crc check on itself then does a check on the kernel partiton, this checksum is located at the end of the kernel partition. The kernel is written to memory and booted. The initrd is also contained in the kernel partition. The kernel loads the initrd and runs linuxrc. linuxrc checks all the designated files on the root partition, deletes the one that are added or changed and then reboots. Once linuxrc checking boots and finds no additions or changes of the root partition files, it will switch root the the root partition and then run rc.sysinit.

BubbaJ
09-19-2001, 03:39 PM
Do you know if the CRC check is a standard 16bit CRC? (or any other standard crc) if it is, then we can mount and modify the initrd, then rebuild the checksum, allowing the boot and preventing the annoyance of protected files... :)

KRavEN
09-27-2001, 05:55 PM
I believe I mis-spoke. I'm not sure what type of check it is. It may be crc, it may be md5, or it's probably something proprietary. Take a look for yourself. dd the kernel partition to a file and then open the files with a hex editor. The checksum will be at the end.

You can get the initrd out by looking at a gziped file with your hex editor and noting the first few bytes. This is the same for all gz files. Search the partition image with your hex editor for that string and then cut from the beginning to there and then save it. Now name it something with a .gz extension and gzip -d it. It will say something about trailing garbage, that's the checksum and will be thrown out. Now use losetup to mount the image.

BubbaJ
09-28-2001, 01:52 PM
unfortunately, I do not yet have permission from my significant other to tamper with the DTivo.. As such I have no good way of aquiring the kernal partition image.. As you seem to have it, you could send it to me, and I'd appreciate it, as well as maybe solving a little problem for us all..