PDA

View Full Version : 11.0f sitting in MFS



Vegas
03-20-2010, 09:21 PM
Don't know if this is the final version of 11.0f, it's listed as 11.0f.N1 on my TivoHD.
Following patches were tested on the TivoHD


array set patch_11.0f {
0x005d3788 "104000aa 100000aa"
0x0077419c "00008021 24100001"
}

array set desc_11.0f {
0x005d3788 "noencrypt"
0x0077419c "backdoors"
}

tivo4mevo
03-21-2010, 09:36 AM
Post on TCF here: http://www.tivocommunity.com/tivo-vb/showthread.php?p=7833681#post7833681 indicates that 11.0f is intended to the fix the Tuning Adapter MRV bug. Not sure if any other fixes are included.

whitepelican
03-21-2010, 11:40 AM
Quick question from an S3 rookie: Is it necessary to always do every upgrade? I have a couple of prom modded S3's that are running just fine right now. Will I have the problems with losing guide data if I don't do the 11.0d -> 11.0f upgrade right away? How long do you usually have to upgrade before problems arise?

tivo4mevo
03-21-2010, 02:32 PM
See this thread (link (http://www.dealdatabase.com/forum/showthread.php?t=41782)) and this thread (link (http://www.dealdatabase.com/forum/showthread.php?t=50729)) for information. Typically, the guide data problems crop up between major releases but not always. One should also be aware not to continually download the new software (wasting server bandwidth). Given what's currently known about this release, you may not experience any problems holding back your unit at 11.0d.

Once downloaded, the unit will detect the new software during the daily call and schedule a reboot for installation--the so called "pending restart" problem. See this thread (link (http://www.dealdatabase.com/forum/showthread.php?p=206511#post206511)) for a patch to prevent this and my post here (link (http://www.dealdatabase.com/forum/showthread.php?p=300441#post300441)) for a more recent version of the patch (which can be more easily ported to 11.0x).

knutsoch
03-21-2010, 04:01 PM
Does anyone have the cci patches for 11.0f.N1?

jt1134
03-21-2010, 06:58 PM
Does anyone have the cci patches for 11.0f.N1?

I doubt tivoapp changed much, shouldn't be hard to port them. However, the 'N1' in the software version denotes a 'beta' release, and the true "11.0f" release will probably begin soon. There are often changes made to tivoapp in between these releases, which can result in the patch locations shifting yet again. Unless you're dying for a fix for the TA-MRV issues, or just really love the "early adopter" feeling, I wouldn't even bother with 11.0f-N1.

That said, I'll port 'em if someone sends me the new tivoapp :p

StanSimmons
03-24-2010, 05:02 PM
According to this post: http://www.tivocommunity.com/tivo-vb/showthread.php?p=7833681#post7833681 11.0f will be rolling out to everyone by the end of the month.

According to this post: http://www.tivocommunity.com/tivo-vb/showthread.php?p=7842134#post7842134 the rollout is still in the Customer Support Ramp phase and it won't be rolling out to anyone else until it is released.

It has fixes for the following:

* SDV pixelation issue
* S2 units couldn't browse the recordings of an HD model that had a TA attached
* Antenna stations with mismatched TVCT and PAT table entries have no video
* Online scheduling not showing current Now Playing and To Do Lists

lgkahn
03-25-2010, 04:11 PM
one of my boxes has upgraded to n1 and the patch is already in my tivoapp to try and stop reboots. .but it is still rebooting nightly to try and install the update.. unfort. that ffs up my caller id s/w which then needs to be rebooted on all the other boxes.. also i dont want to really bother doing the upgrade till i can get all the patches and i most likely will have to do it again when the final release comes out..

AlphaWolf
03-31-2010, 05:07 PM
Strange it looks as though my tivo isn't even downloading this upgrade:


bash-2.02# mfs_ls /SwSystem
dir: fsid=5141 count=2
fsid type name
-----------------------------------
74757 tyDb 11.0d-01-2-652
74757 tyDb ACTIVE


EDIT: Oh I see it is a phased rollout. Nevermind.

lgkahn
03-31-2010, 10:41 PM
i think the final release is out.. 11.0f is gone now it is g... but still only on one box
ie

Directory listing of /SwSystem Name Type Id Date Time Size
11.0d-01-2-648 tyDb 944371 07/16/09 13:43 908
11.0g-01-2-648 tyDb 1665789 03/31/10 11:24 884
ACTIVE tyDb 944371 07/16/09 13:43 908

jt1134
04-01-2010, 03:33 PM
11.0g
0x005d3788 "104000aa 100000aa" //noencryption
0x00656c14 "30b000ff 00008021" //cci1
0x00656c38 "00e08821 24110000" //cci2
0x0077419c "00008021 24100001" //backdoors
0x00868c44 "0d293985 00000000" //nopromos
0x009bcc54 "12400003 10000003" //deletethisrecording?
0x00b92f58 "14400026 10400026" //30secskip
0x00b9761c "0c2e60fe 00000000" //nopauseads
0x011478e0 "30b000ff 00008021" //cci3



set sys(11.0g) [list 0x115ade 0x1157aa 0x6c 0x1bd3e6 32224332 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]

lgkahn
04-01-2010, 03:54 PM
thanks anyone have it in dd format yet.. need to go find the offset to remember how to convert.

also it looks like the locations have changed a lot.. which probably means the buffer edit needs to be changed also?

whitepelican
04-01-2010, 04:48 PM
thanks anyone have it in dd format yet.. need to go find the offset to remember how to convert.

Why bother with that, when jt1134 provided it in the proper format for tvapppatch.tcl? That's a heckuva lot simpler than using dd.


also it looks like the locations have changed a lot.. which probably means the buffer edit needs to be changed also?

The last line in jt1134's post above is the patch to modify bufferhack.

lgkahn
04-01-2010, 04:57 PM
Why bother with that, when jt1134 provided it in the proper format for tvapppatch.tcl? That's a heckuva lot simpler than using dd.

not really for me.. i do in place upgrades and patch the new version of the tivoapp in the new partition b4 i ever reboot..

did not notice it was buffer hack thanks.. but it appears strange all my other buffer hack lines are longer see the old compared to new below? any ideas?

set sys(11.0b) [list 0x115e4e 0x115b1a 0x6c 0x1bd402 32140016 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set sys(11.0c) [list 0x115d82 0x115a4e 0x6c 0x1bd672 32207760 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set sys(11.0d) [list 0x115d82 0x115a4e 0x6c 0x1bd672 32207760 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set sys(11.0g) [list 0x115adc 0x1157a8 0x6c 0x1bd3e4 32224332 325F14DAA33CC105AD841D8]


ok the subtract value ix 0x400000
if i did my math right and i checked twice here are the dd lines


echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=tivoapp bs=1 seek=1914760
echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=tivoapp bs=1 seek=3621276
echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=tivoapp bs=1 seek=7941976
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=2452500
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=2452536
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=13924576

echo -ne "\x00\x00\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=7960092
echo -ne "\x00\x00\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=4623428

echo -ne "\x10\x00\x00\x03" | dd conv=notrunc of=tivoapp bs=1 seek=6016084


there are in order

no encr.
backdoor
30sec skip
cci1
cci2
cci3
nopause
nopromos
delete this recording?


I am not sure what "delete this recording" is i have never used it anyone enlighten me? ok figured this out too it is a hack to not have delete this recording pop up.. ok not usingthat ..

2 of my 3 series 3 boxes are sucessfully upgraded in place and everything seems to work... 3rd box doesnt have new version on it yet.

lgkahn
04-01-2010, 09:41 PM
more info the buffer hack seemed to not work the box would hang as soon as i tried to pause live tv... backed it out and it seems to be working ok.. will try again on other box.

also video on demand screen not working.. told me to force a call in the error message so trying that right now.. will let you know the outcome.

call to tivo did not resolve the video on demand screen issue.. anyone else have this. maybe new rules in my firewall.. or a call to support is in order.


rebooted still no go with video on demand screen... box still on old s/w works fine.

just double checked on the other box and the bufferhack patch is definately bad.. after applying it same as on other box.. when going to live tv and trying to pause it hangs for like minutes.. and even telnet session is hung.
eventually after about 5 minutes i can get it back to main menu. and telnet in and back out the tivoapp changes and restore the other one and reboot.

call to tivo (not box calling, but a phone call to support) didnt resolve anything.. wil try again tomarrow but it appears to be a bug.. under music/videos i can stream you tube videos fine.. but the video on demand screen comes up with an error.

as a side note i have verified that the encryption, 30 sec skip, and back doors hacks are working fine.

jt1134
04-01-2010, 10:11 PM
heh, probably should have posted a disclaimer

the nopromos patch above is ported from the one I posted here (http://dealdatabase.com/forum/showthread.php?p=303974&postcount=20), and unfortunately will mess with the Netflix/VoD stuff

the deletethisrecording? patch above is ported from the one tivo4mevo posted here (http://dealdatabase.com/forum/showthread.php?p=300411&postcount=103)

fixed the bufferhack line above also, as it got truncated in the copy 'n paste haste

lgkahn
04-01-2010, 10:56 PM
thanks for the heads up on the no promo patch.. will back that one out..
as for the bufferhack line dont think that is the issue as i did fix it and tried wih the entire string and it still hangs the box..

here are the relavent sections of my bufferhack11.tcl file that dont work

# Version addrA addrB addrC addrD filesize SHA1
# DirecTivo (length) (center) (brf) (filepart)
set sys(6.2) [list 0x66684a 0x666426 0x6d 0x8c8426 18123880 B78BB8DAD4925748AA5E8C974D2E66C635D2E5D8]
set sys(6.2a) [list 0x667b5a 0x667736 0x6d 0x8ca392 18149528 B78BB8DAD4925748AA5E8C974D2E66C635D2E5D8]
# Standalone
set sys(7.1) [list 0x1db122 0x1dad36 0x71 0x13ea5e 22051388 A9846DD76AEF86CEA6B3E69CE3758227598991A0]
set sys(7.1a) [list 0x1daf62 0x1dab76 0x71 0x13ea5e 22051388 A9846DD76AEF86CEA6B3E69CE3758227598991A0]
set sys(7.1b) [list 0x1daf6e 0x1dab82 0x71 0x13ea5e 22051388 A9846DD76AEF86CEA6B3E69CE3758227598991A0]
set sys(7.2.1-oth) [list 0x0d6e9e 0x0d6cb6 0x71 0x1a04da 21732904 A9846DD76AEF86CEA6B3E69CE3758227598991A0]
set sys(7.2.1-elm) [list 0x0d7c5a 0x0d7a72 0x71 0x1a5e4a 22761416 A9846DD76AEF86CEA6B3E69CE3758227598991A0]
set sys(7.2.1-tak) [list 0x114572 0x11438a 0x71 0x1e662a 23281729 A9846DD76AEF86CEA6B3E69CE3758227598991A0]
set sys(9.3) [list 0x10d0ee 0x10cdba 0x6c 0x06458e 27575632 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set sys(9.4) [list 0x10ebaa 0x10e876 0x6c 0x064bc2 28053712 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set sys(11.0) [list 0x114cf2 0x1149be 0x6c 0x1bc2fe 32115184 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set sys(11.0b) [list 0x115e4e 0x115b1a 0x6c 0x1bd402 32140016 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set sys(11.0c) [list 0x115d82 0x115a4e 0x6c 0x1bd672 32207760 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set sys(11.0d) [list 0x115d82 0x115a4e 0x6c 0x1bd672 32207760 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set sys(11.0g) [list 0x115adc 0x1157a8 0x6c 0x1bd3e4 32224332 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set addrA 0
set addrB 0
set addrC 0
set addrD 0
set brfsha 0
set tvapp 0



backed out the promo patch and vod now works thanks.

also verified that the pause patch is working.

so now the only issue is bufferhack

whitepelican
04-02-2010, 05:15 PM
deleted...

jt1134
04-02-2010, 06:32 PM
sorry bout bufferhack, used disassembly to port the patches, but forgot to add 2 bytes to each patch location to make sure the value is patched and not the actual instruction. fixed above. gotta love lunchbreak patch porting :P

lgkahn
04-02-2010, 06:57 PM
verified new bufferhack works thanks.

3rd and last box updated in place sucessfully.

. if anyone needs a copy of my instructions an cannot find them on the site let me know..

now i have to pull one of the drives this weekend and do an image backup on my pc in case i loose a hard drive (which with 3 boxes usually happens once every year or two)

tomhayes
04-02-2010, 11:38 PM
I'd really like to say this made sense to me, but even with this good information and all the "newbie" guides, I'm still lost.

I have the PROM and a 11.0d with tenet access and CCI patch. 11.0F got pushed to me and wiped my modifications. I restored from a backup and did the bootpage -P softwareupgrade=false thing, but otherwise I'm totally lost.
(I guess I could have flipped the bootpage switch and got back up and running in 10 minutes - but I didn't know that was an option until I read about 50 posts here.)

Does anyone have a "real" newbie guide? Because I be new :

(And thanks in advance - I mean it.)



11.0g
0x005d3788 "104000aa 100000aa" //noencryption
0x00656c14 "30b000ff 00008021" //cci1
0x00656c38 "00e08821 24110000" //cci2
0x0077419c "00008021 24100001" //backdoors
0x00868c44 "0d293985 00000000" //nopromos
0x009bcc54 "12400003 10000003" //deletethisrecording?
0x00b92f58 "14400026 10400026" //30secskip
0x00b9761c "0c2e60fe 00000000" //nopauseads
0x011478e0 "30b000ff 00008021" //cci3



set sys(11.0g) [list 0x115ade 0x1157aa 0x6c 0x1bd3e6 32224332 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]

AlphaWolf
04-03-2010, 04:29 AM
In case anybody missed their master key, or hasn't been "selected" yet and wants to upgrade early:



11.0g-01-2 SWE_STA-14 bf decrypt key: 0x54488D360B38FF59

//static/SwSystem/11.0g-01-2/utils-162433048-1.slice.gz
//static/SwSystem/11.0g-01-2/GZcore-162433050-1.slice.gz
//static/SwSystem/11.0g-01-2/GZkernel-Gen06-162433056-1.slice.gz
//static/SwSystem/11.0g-01-2/GZhpk-Gen06-162433058-1.slice.gz
//static/SwSystem/11.0g-01-2/GZlocale-en_US-162433062-1.slice.gz
//static/SwSystem/11.0g-01-2/GZeiger-162433060-1.slice.gz
//static/SwSystem/11.0g-01-2/swsystem-162433066-2.slice.gz.bnd

ScanMan
04-03-2010, 08:24 AM
I'd really like to say this made sense to me, but even with this good information and all the "newbie" guides, I'm still lost.

Does anyone have a "real" newbie guide? Because I be new :You'll have to do a manual or in-place upgrade to preserve your hacks without pulling your drive. Everyone has their own way to do it.

There is an "installSw.itcl" script on the tivo that does the upgrade; essentially you edit that file to prevent the automatic reboot at the end of upgrade process which would otherwise wipe your hacks. The you re-hack your tivo, i.e., replacing the kernel, copying over hacks and rc.sysinit.author, fix the iptables firewall, patch tivoapp if you want at that point; then reboot.

One more thing, you can either patch tivoapp using the 'dd' method lgkahn illustrates or use the 'tvapppatch.tcl' method. tvapppatch is sort of the successor to the old superpatch.

There are a couple of gotchas so you should read and understand the process if you want to avoid pulling the drive. Check the "manual upgrade" link in my signature for my notes on this; although my notes were for an older version/tivo, the process is the same. I also have a automated script in that thread but you need to do a little setup to use it.

whitepelican
04-03-2010, 08:25 AM
Nevermind. Scanman provided all the info you need above.

ScanMan
04-03-2010, 08:28 AM
Posted a new "tvapppatches-11.0g.tcl" file (just nocso, backdoors) in the support thread (http://www.dealdatabase.com/forum/showpost.php?p=306780&postcount=28) to save people some time.

lgkahn
04-03-2010, 08:46 AM
here are my notes hope it helps this is for in place upgrade..,

1. backup /var and tvbin and bin etc.. as you need to via ftp to a pc b4
doing the install

first got both kernels to make sure i have a hacked one saved
dd if=/dev/hda3 of=hda3vmlinux.px
dd if=/dev/hda6 of=hda6vmlinux.px

no diff on tivo so put them on pc


2. bootpage -p

root=/dev/hda4 dsscon=true console=1,115200 upgradesoftware=false

so new will be installed on 7 ...

3. now do upgrade
after copying installSw.sav back to installSw.tcl

cd /tvbin
remount
cp installSw.sav instalSw.tcl

./installSw.tcl 11.0-01-2-648

here was the output
(note make sure whatever installSw you run has the reboot line commented out.. this is key)


12/07:17:18:13: ./installSw.tcl: Installing "11.0-01-2-648".
Installing module utils
12/07:17:18:14: ./installSw.tcl: Executing updateroot /dev/hda /install /var/pa
ckages 11.0-01-2-648
Path prefix is /var/utils/
Sha1hash passed for updatekernel
Sha1hash passed for checkkernel.tcl
Sha1hash passed for messagelib.tcl
Sha1hash passed for buildskeleton
Sha1hash passed for SwInstall.tcl
Sha1hash passed for builddev

Searching /etc/fstab for current root

Old root is on /dev/hda4, new one goes on /dev/hda7

Creating new filesystem on /dev/hda7

Mounting new root filesystem on /install

Installing module core
Installing module hpk-Gen05
Installing module locale-en_US
Installing module eiger
Installing module kernel-Gen05
Building basic filesystem skeleton on /install


Checking /install/etc/fstab

newroot is 7, copying fstab from fstab.alternate
Creating symlinks for /install/etc files
Dismounting /install and checking its integrity


Initializing First Activation Date


Modifying bootparams to point to /dev/hda7

Creating upgrade messages
processing message file: /var/utils//messages/upgrade_73_ptcm.msg
found message
From = The TiVo Team
DateStr =
Date = 14220
Time = 62529
Subject = You have a new service update!
ExpireStr =
Expire = 14280
Priority = 1
Destination = 2
Frequency = 3600
MaxCount = 1
Body = Congrats! You've just received the Fall 2008 TiVo Service Update for your
TiVo DVR. This release reorganizes the TiVo Central menu, making it easier to
access Video on Demand content from TiVo and its partners. If your DVR is conne
cted to broadband, you'll be able to enjoy the latest movies, television shows,
and web videos directly from this menu.

Enjoy!

- The TiVo Team
creating message object...
processing message file: /var/utils//messages/upgrade_73_mb.msg
found message
From = The TiVo Team
DateStr =
Date = 14220
Time = 62529
Subject = You have a new service update!
ExpireStr =
Expire = 14280
Priority = 3
Destination = 1
Frequency = 8640000
MaxCount = 1
Body = Congrats! You've just received the Fall 2008 TiVo Service Update for your
TiVo DVR. This release reorganizes the TiVo Central menu, making it easier to
access Video on Demand content from TiVo and its partners. If your DVR is conne
cted to broadband, you'll be able to enjoy the latest movies, television shows,
and web videos directly from this menu.

There are many more changes 'under the hood' to support new features and service
s in the future. At TiVo we're always working to make your home media experienc
e the very best it can be!

Enjoy!

- The TiVo Team
creating message object...
Flipping root, setting boot parameters to 'root=/dev/hda7 dsscon=true console=1,
115200 upgradesoftware=false'

OK, reboot the system to use the new root filesystem

12/07:17:22:10: ./installSw.tcl: not Attempting reboot...
hdbrtivo:/tvbin$
hdbrtivo:/tvbin$



-------

4. now check boot stuff

hdbrtivo:/tvbin$ bootpage -p
No device name given, assuming /dev/hda
root=/dev/hda7 dsscon=true console=1,115200 upgradesoftware=false

seems ok


5. first put hacked kernel back to both partitions for good measure

hdbrtivo:/tvbin$ cd /var/hdkernel
hdbrtivo:/var/hdkernel$
hdbrtivo:/var/hdkernel$ ls
94hackedhdkernel
hdbrtivo:/var/hdkernel$
hdbrtivo:/var/hdkernel$ dd if=94hackedhdkernel of=/dev/hda6
8192+0 records in
8192+0 records out
hdbrtivo:/var/hdkernel$
hdbrtivo:/var/hdkernel$ dd if=94hackedhdkernel of=/dev/hda3
8192+0 records in
8192+0 records out
hdbrtivo:/var/hdkernel$
hdbrtivo:/var/hdkernel$

6. now put hacks


hdbrtivo:/tvbin$ mkdir /new
hdbrtivo:/tvbin$

hdbrtivo:/var/hdkernel$ mount /dev/hda7 /new
hdbrtivo:/var/hdkernel$


7. rc.sysinit.author

hdbrtivo:/new/etc/rc.d$
hdbrtivo:/new/etc/rc.d$ cp rc.sysinit rc.sysinit.sav
hdbrtivo:/new/etc/rc.d$
hdbrtivo:/new/etc/rc.d$ cp /etc/rc.d/rc.sysinit.author .
hdbrtivo:/new/etc/rc.d$
hdbrtivo:/new/etc/rc.d$

8. busybox or your tivo tools

hdbrtivo:/new$ tar -xvf BUSYBOX_1_00_PRE3.tar
busybox/
busybox/[
busybox/addgroup
busybox/adduser
busybox/ar
busybox/ash
busybox/awk
busybox/basename
busybox/bunzip2
busybox/busybox
busybox/bzcat
busybox/cal
busybox/cat
busybox/chgrp
busybox/chmod
busybox/chown
busybox/chroot
busybox/clear
busybox/cmp
busybox/cp
busybox/cpio
busybox/crond
busybox/crontab
busybox/cut
busybox/date
busybox/dd
busybox/delgroup
busybox/deluser
busybox/df
busybox/dirname
busybox/dmesg
busybox/dos2unix
busybox/du
busybox/echo
busybox/egrep
busybox/env
busybox/expr
busybox/false
busybox/fdisk

...

hdbrtivo:/new$
hdbrtivo:/new$

9. tivoftpd on other bin
hdbrtivo:/new/bin$
hdbrtivo:/new/bin$ cp /bin/mfs_uberexport .
hdbrtivo:/new/bin$
hdbrtivo:/new/bin$ cp /bin/remount .
hdbrtivo:/new/bin$
hdbrtivo:/new/bin$ cp /bin/s3tots .
hdbrtivo:/new/bin$
hdbrtivo:/new/bin$ cp /bin/tar .
hdbrtivo:/new/bin$
hdbrtivo:/new/bin$ cp /bin/tivoftpd .
hdbrtivo:/new/bin$
hdbrtivo:/new/bin$ ls


10. resolv.conf

hdbrtivo:/new/etc$ cp /etc/resolv.conf .


11. install sw... comment out the reboot in /tvbin and copy to installSw.tcl

hdbrtivo:/new/tvbin$ cp /tvbin/installSw.sav .


make sure you check permissions on executables also in /bin

ie

-rwxr-xr-x 1 0 0 95668 Dec 4 18:51 sz
-rwxr-xr-x 1 0 0 219248 Dec 7 17:31 tar
-rwxr-xr-x 1 0 0 66152 Dec 7 17:31 tivoftpd
-rwxr-xr-x 1 0 0 13960 Dec 4 18:51 top
-rwxr-xr-x 1 0 0 39336 Dec 4 18:51 umount


12. also one final check to make sure rc.sysinit.author is sound
ie cat /new/etc/rc.d/rc.sysinit.author


13. cp tivoapp and hack it

hdbrtivo:/new/sbin$ cd /new/tvbin
hdbrtivo:/new/tvbin$
hdbrtivo:/new/tvbin$ ls -al tivo*
-rwxr-xr-x 1 0 0 32115184 Dec 4 18:52 tivoapp
lrwxrwxrwx 1 0 0 7 Dec 7 17:19 tivosh -> tivoapp
hdbrtivo:/new/tvbin$
hdbrtivo:/new/tvbin$ cp tivoapp tivoapp.sav
hdbrtivo:/new/tvbin$

first 2 sare nocso and back door

next 3 are nocso
last is 30 sec
StageE_PreApplication

echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=tivoapp bs=1 seek=1895284 // no cso
echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=tivoapp bs=1 seek=3598688 //backdoor
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=2433020
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=2433056
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=14123600
echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=tivoapp bs=1 seek=7912076 // 30 sec skip


above is for 11.0
below is for 11.0b
echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=tivoapp bs=1 seek=1915420 // no cso
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=2451664 //following 3 are cci
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=2451700
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=14115792

echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=tivoapp bs=1 seek=3619700

above is backdoors

echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=tivoapp bs=1 seek=7934352

above is 30 sec



11.0c
disable enc
echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=tivoapp bs=1 seek=1915412

backdoors

echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=tivoapp bs=1 seek=3619640

30 sec

echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=tivoapp bs=1 seek=7941092

cci
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=2453056
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=2453092
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=14147616


11.0d

echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=tivoapp bs=1 seek=1915412
echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=tivoapp bs=1 seek=3619640
echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=tivoapp bs=1 seek=7941060
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=2453056
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=2453092
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=14139296

11.0g

echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=tivoapp bs=1 seek=1914760
echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=tivoapp bs=1 seek=3621276
echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=tivoapp bs=1 seek=7941976
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=2452500
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=2452536
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=13924576
echo -ne "\x00\x00\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=7960092

echo -ne "\x00\x00\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=4623428
echo -ne "\x10\x00\x00\x03" | dd conv=notrunc of=tivoapp bs=1 seek=6016084

note i only do the first 7 not the nopromos which screws up the video on
demand
and not the last one cause i dont care about delete

there are in order

no encr.
backdoor
30sec skip
cci1
cci2
cci3
nopause
nopromos
delete this recording?

problem with no promos kills video on demand
the delete this .. gets rid of delete this recording message after
stopping near end

(subtract 0x400000 from patch file to get dd offsets)

14. remove bad reboot in busybox

dbrtivo:/busybox$ cd /new/busybox
dbrtivo:/new/busybox$
dbrtivo:/new/busybox$ ls re*
eadlink realpath reboot renice reset
dbrtivo:/new/busybox$
dbrtivo:/new/busybox$ rm reboot


15. as good measure comment out the installsw in
/new/etc/rc.d/StageE_PreApplication/rc.Sequence_500.CheckForSoftwareUpgrade.sh
(I dont bother with this anymore)

16. tytools


bash-2.02#
bash-2.02# cd /new
bash-2.02#
bash-2.02# mkdir usr
bash-2.02#
bash-2.02# cd usr
bash-2.02#
bash-2.02# cd /usr
bash-2.02#
bash-2.02# ls
tytools
bash-2.02#
bash-2.02# cd /new/usr
bash-2.02#
bash-2.02# mkdir tytools
bash-2.02#
bash-2.02# cd tytools
bash-2.02#
bash-2.02# cp /usr/tytools/* .
bash-2.02#
bash-2.02# ls
NowShowing mfs_stream tserver_mfs7_mips
NowShowing.tcl tserver
bash-2.02#
bash-2.02# ls -al
total 346
drwxr-xr-x 2 0 0 1024 Jan 6 17:49 .
drwxr-xr-x 3 0 0 1024 Jan 6 17:49 ..
-rwxr-xr-x 1 0 0 111784 Jan 6 17:49 NowShowing
-rwxr-xr-x 1 0 0 15162 Jan 6 17:49 NowShowing.tcl
-rwxr-xr-x 1 0 0 44380 Jan 6 17:49 mfs_stream
-rwxr-xr-x 1 0 0 124616 Jan 6 17:49 tserver
-rwxr-xr-x 1 0 0 48324 Jan 6 17:49 tserver_mfs7_mips
bash-2.02#
bash-2.02#
bash-2.02#
bash-2.02# pwd
/new/usr/tytools
bash-2.02#


THAT should be it and reboot and test and make sure /var is still there
after
reboot etc..


hdbrtivo:/new/etc/rc.d/StageE_PreApplication$
hdbrtivo:/new/etc/rc.d/StageE_PreApplication$ remount
Remount by AlphaWolf_HK
Root FS is now in read only mode.
hdbrtivo:/new/etc/rc.d/StageE_PreApplication$
hdbrtivo:/new/etc/rc.d/StageE_PreApplication$ reboot


after reboot run bufferhack11.tcl to reset buffer size and reboot again
remove old tivoapp to save space

ScanMan
04-03-2010, 09:05 AM
here are my notes hope it helps this is for in place upgrade..,Good explanation of the process; but IMHO that is a lot of typing and a lot of work. I literally run two scripts and reboot once. 95% of the 10 minutes this takes me I spend watching a script run, not typing. But as I said, to each his own; I know some people actually find it easier to pull the drive each time. :eek:

mike_s
04-03-2010, 09:10 AM
not really for me.. i do in place upgrades and patch the new version of the tivoapp in the new partition b4 i ever reboot..tvapppatch.tcl was designed to support that. You can point it to the binary you want to patch, specify the patch version to look for, and use it as part of an automated process.

Something like:
tvapppatch.tcl -v $(tail -n 1 /mnt/etc/build-version | awk '{print $2}') -t /mnt/tvbin/tivoapp -confirm noI use a script to do upgrades, and just have to put the proper version patches in tvapppatches.tcl before running it.

ScanMan
04-03-2010, 10:34 AM
tvapppatch.tcl was designed to support that. You can point it to the binary you want to patch, specify the patch version to look for, and use it as part of an automated process.Exactly. After I do the in-place upgrade (via script), I just do

./tvapppatch.tcl -p ./tvapppatches-11.0g.tcl -t /mnt/tvbin/tivoappAnd then reboot; done. Same thing, just more explicit for those who don't understand the unix (tail, awk) stuff. ;)

lgkahn
04-03-2010, 11:07 AM
thanks post your scripts i will take a look .. but i like to have control in case it craps out.. it only takes me 5 minutes to doit.. except waiting for the 2 reboots.

mike_s
04-03-2010, 02:12 PM
thanks post your scripts i will take a look ..
Started a new thread...here (http://www.dealdatabase.com/forum/showthread.php?t=62603).

psxboy
04-03-2010, 03:55 PM
11.0g
0x00b92f58 "14400026 10400026" //30secskip



Is the 30secskip patch even necessary any more? I've been through several software upgrades without applying it & my 30 second skip has survived all of them. I suspect the state is stored in MFS now so once you enable it, it stays enabled regardless of reboots or software upgrades.

-psxboy

AlphaWolf
04-03-2010, 06:55 PM
Good explanation of the process; but IMHO that is a lot of typing and a lot of work. I literally run two scripts and reboot once. 95% of the 10 minutes this takes me I spend watching a script run, not typing. But as I said, to each his own; I know some people actually find it easier to pull the drive each time. :eek:

Sometimes I prefer to open the tivo without pulling the drive, or even rebooting my computer for that matter :D

Below is a pic of my computer running windows 7 connected via usb to the tivo hard disk while its still in the tivo (tivo powered down of course) with the tivo partitions mounted via ubuntu 9.1 running in virtualbox. Normally I'd just do it without ever taking the cover off of the tivo but in my infinite wisdom I forgot to replace iptables when I did this. Needless to say, the tivo just went into a reboot loop. Ergo, extra steps were necessary.

http://www.dealdatabase.com/forum/attachment.php?attachmentid=7109&stc=1&d=1270335320

AlphaWolf
04-03-2010, 06:59 PM
Is the 30secskip patch even necessary any more? I've been through several software upgrades without applying it & my 30 second skip has survived all of them. I suspect the state is stored in MFS now so once you enable it, it stays enabled regardless of reboots or software upgrades.

-psxboy

Nope, its definitely no longer needed. 30 second skip now survives reboots.

I personally just use these:


echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=2452500 # CCI1
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=2452536 # CCI2
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=13924576 # CCI3
echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=tivoapp bs=1 seek=1914760 # disable DRM
echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=tivoapp bs=1 seek=3621276 # backdoors
echo -ne "\x00\x00\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=7960092 # disable pause "more about" ads

Along with bufferhack.

psxboy
04-03-2010, 08:56 PM
Sometimes I prefer to open the tivo without pulling the drive, or even rebooting my computer for that matter :D


Lol! Sounds like you could benefit from one of Omikron's TTL to RS232 adapters. ;)

-psxboy

AlphaWolf
04-03-2010, 09:02 PM
I sent a PM to him asking about one of those but never got a response so I'm not sure he sells them anymore.

whitepelican
04-05-2010, 09:17 AM
but in my infinite wisdom I forgot to replace iptables when I did this. Needless to say, the tivo just went into a reboot loop. Ergo, extra steps were necessary.

I'm thinking of buying a flashing LED sign to hang on the front of my Tivos that says "REMEMBER TO NEUTER IPTABLES!!!". I think this was probably about my tenth consecutive upgrade where I forgot to do so.

reltubman
04-05-2010, 11:14 AM
Hey Guys - Got a question. I have a TiVo HD with the 11.0d firmware on it. I have telnet access and the CCI hacks. I also modified the bootpage to no update, but every my TiVo is stuck at the Powering Up Screen. I can unplug the power and plug it back in and it boots back into my 11.0d just fine. Anybody have a suggestion on a fix for this? I am fine staying on 11.0d btw, I just don't want to constant freezing every morning...

Jamie
04-05-2010, 11:29 AM
... but every my TiVo is stuck at the Powering Up Screen. ...Huh? Did you mean "every morning my TiVo is stuck at the Powering Up screen"?

Sounds to me like you may have the "soft boot" problem with WD drives. See item 29 here (http://tivocommunity.com/tivo-vb/showthread.php?t=370784). If that is your problem, that should take care of the frozen tivo.

If you want to avoid the nightly "pending restart" boots, you either need to take the upgrade (and rehack, if you choose to), or find the "no thanks" patch that prevents the reboot. Taking the upgrade to the latest software is generally recommended for standalone units. I don't think the "no thanks" patches have been ported forward in a long while.

reltubman
04-05-2010, 11:32 AM
Huh? Did you mean "every morning my TiVo is stuck at the Powering Up screen"?

Sounds to me like you may have the "soft boot" problem with WD drives. See item 23 here (http://tivocommunity.com/tivo-vb/showthread.php?t=370784). If that is your problem, that should take care of the frozen tivo.

If you want to avoid the nightly "pending restart" boots, you either need to take the upgrade (and rehack, if you choose to), or find the "no thanks" patch that prevents the reboot. Taking the upgrade to the latest software is generally recommended for standalone units. I don't think the "no thanks" patches have been ported forward in a long while.

Thanks Jamie!

Yeah - sorry - morning...coffee has taken effect yet. I don't have an external drive, so I don't think it's the WD issue...I guess I'll try doing the update and see what happens!
Thanks!

Jamie
04-05-2010, 11:47 AM
Thanks Jamie!

Yeah - sorry - morning...coffee has taken effect yet. I don't have an external drive, so I don't think it's the WD issue...I guess I'll try doing the update and see what happens!
Thanks!The soft reboot problem happens with internal WD drives too -- even factory drives can have the problem.

I had the item # from the FAQ wrong -- it's #29.

tivo4mevo
04-05-2010, 12:25 PM
If you want to avoid the nightly "pending restart" boots, you either need to take the upgrade (and rehack, if you choose to), or find the "no thanks" patch that prevents the reboot. Taking the upgrade to the latest software is generally recommended for standalone units. I don't think the "no thanks" patches have been ported forward in a long while.More recent port of the patch in this thread here: link (http://www.dealdatabase.com/forum/showthread.php?p=300441#post300441). The code structure between 9.4 and 11.0x should be largely the same (it was a much bigger jump porting the patch from 4.x to 9.4, which still wasn't hard).

pdd
04-06-2010, 01:07 AM
Nope, its definitely no longer needed. 30 second skip now survives reboots.


30 second skip is still relevant in Australia as they have disabled the feature completely. We cannot use the remote sequence to activate it. However the patch translated to our software 11.3b3 works perfectly.

philhu
04-06-2010, 09:35 AM
11.0g
0x005d3788 "104000aa 100000aa" //noencryption
0x00656c14 "30b000ff 00008021" //cci1
0x00656c38 "00e08821 24110000" //cci2
0x0077419c "00008021 24100001" //backdoors
0x00868c44 "0d293985 00000000" //nopromos
0x009bcc54 "12400003 10000003" //deletethisrecording?
0x00b92f58 "14400026 10400026" //30secskip
0x00b9761c "0c2e60fe 00000000" //nopauseads
0x011478e0 "30b000ff 00008021" //cci3



set sys(11.0g) [list 0x115ade 0x1157aa 0x6c 0x1bd3e6 32224332 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]

Can someone also do the MEK patches from 11.0d? (Patches to allow playing of encrypted content already on your tivo HD on the Tivo, these came out a few months ago)

tivo4mevo
04-06-2010, 01:34 PM
Do those patches actually work? I saw you posted that they were causing reboots? But wasn't sure where it went from there.

philhu
04-06-2010, 02:09 PM
Yes, the patch at the top was fixed by Deux Machina. It had 1 errant location patch

I am hoping he will do a 11.0g version

psxboy
04-06-2010, 02:14 PM
I'm working on the port now. I found the new addresses - just making sure everything's kosher before posting (assuming no one beats me to it).

-psxboy

philhu
04-06-2010, 02:47 PM
I'm working on the port now. I found the new addresses - just making sure everything's kosher before posting (assuming no one beats me to it).

-psxboy

Very good!!!

psxboy
04-06-2010, 04:34 PM
Ok... here's the NoMEK patch ported to 11.0g. It replaces the generic "No Encryption" patch to allow MRV of encrypted recordings.


11.0g
0x005d3784 "92220024 27a40028"
0x005d3788 "104000aa 0c156f2f"
0x005d378c "27a40028 00000000"
0x005d3790 "0c156f2f 0c4644ec"
0x005d3798 "8fa20020 106000aa"
0x01191388 "27bdfec8 03e00008"
0x0119138c "afb40128 24020001"
0x011913b0 "00a0a021 8e230040"
0x011913b4 "0c1b6082 10600002"
0x011913b8 "00602821 00000000"
0x011913bc "00408021 8c630000"
0x011913c0 "1200000a 03e00008"
0x011913c4 "00001021 8fa20020"


DISCLAIMER: I HAVE NOT TESTED THESE. The code in these two sections of tivoapp hasn't changed between 11.0d and 11.0g - I merely ported the addresses and tweaked the jump instructions to reflect the new locations, so it should work just fine. But make a backup copy of your tivoapp just to be safe.

-psxboy

tomhayes
04-07-2010, 06:02 AM
ScanMan:

Thanks for the reply. I've been trying to do it following this guide: http://john-time.com/?p=162

I'm fine until it's time to patch and I get lost at Step 4 item 2, because I don't have a ./replace_initrd.mips command. (Edit: I found it, upped to my tivobin - but I don't have the other support files.)

I'll read your guide now - but since someone else originally put the tools on here I'm flying half-blind.

What's really confusing about this all is that the binaries are so scattered. When I figure this out I'm going to write a "brain-dead newbie" guide.

P.S> I'm doing a S3 HD with replaced PROM and most of the instructions I see are for S2. So I don't think I need to do any of the Monte stuff.

Edit:I'm reading you post but your scripts are specific to your unit and you never detail what exactly is in /hacks I'm still struggling.

(I'm not complaining - I just didn't realize that this hobby would be so confusing at the start.) :)



You'll have to do a manual or in-place upgrade to preserve your hacks without pulling your drive. Everyone has their own way to do it.

There is an "installSw.itcl" script on the tivo that does the upgrade; essentially you edit that file to prevent the automatic reboot at the end of upgrade process which would otherwise wipe your hacks. The you re-hack your tivo, i.e., replacing the kernel, copying over hacks and rc.sysinit.author, fix the iptables firewall, patch tivoapp if you want at that point; then reboot.

One more thing, you can either patch tivoapp using the 'dd' method lgkahn illustrates or use the 'tvapppatch.tcl' method. tvapppatch is sort of the successor to the old superpatch.

There are a couple of gotchas so you should read and understand the process if you want to avoid pulling the drive. Check the "manual upgrade" link in my signature for my notes on this; although my notes were for an older version/tivo, the process is the same. I also have a automated script in that thread but you need to do a little setup to use it.

ScanMan
04-07-2010, 09:27 PM
<snip>
P.S> I'm doing a S3 HD with replaced PROM and most of the instructions I see are for S2. So I don't think I need to do any of the Monte stuff.

Edit:I'm reading you post but your scripts are specific to your unit and you never detail what exactly is in /hacks I'm still struggling.
You don't need monte (unless maybe if you are using wireless adapter?). I was using my script as a generic upgrade script for my series 2's and series 3 so there is generation specific stuff in there for both series.

Simply put, you edit the 'installSw.itcl' to prevent the reboot and then run it. Make note of the 'old' and 'new' partitions being set. Then use replace_initrd on the newly installed kernel to nuke it. Then mount the 'new' root and copy over all of your 'hacks' meaning binaries like the tivotools collection, tivoftpd, the 'rc.sysinit.author' anything else from the 'old' that you need. You can patch tivoapp at this time or save it until after you reboot into the upgraded system.

As an aside, if you are using a custom (i.e., Jamie) kernel then you don't need replace_initrd but you will need the custom 'bcmenet.o' network driver replaced and the 'iptables' nuked (not necessary if you replace the initrd on a stock kernel although you need the 'iptables -F' flush in your .author file). Not to add to your confusion but that is another alternative for replacing the kernel.

Perhaps if you detail which method you are planning (i.e., neuter stock kernel or custom) - we can validate your process.

tomhayes
04-09-2010, 06:03 AM
You don't need monte (unless maybe if you are using wireless adapter?). I was using my script as a generic upgrade script for my series 2's and series 3 so there is generation specific stuff in there for both series.

Simply put, you edit the 'installSw.itcl' to prevent the reboot and then run it. Make note of the 'old' and 'new' partitions being set. Then use replace_initrd on the newly installed kernel to nuke it. Then mount the 'new' root and copy over all of your 'hacks' meaning binaries like the tivotools collection, tivoftpd, the 'rc.sysinit.author' anything else from the 'old' that you need. You can patch tivoapp at this time or save it until after you reboot into the upgraded system.

As an aside, if you are using a custom (i.e., Jamie) kernel then you don't need replace_initrd but you will need the custom 'bcmenet.o' network driver replaced and the 'iptables' nuked (not necessary if you replace the initrd on a stock kernel although you need the 'iptables -F' flush in your .author file). Not to add to your confusion but that is another alternative for replacing the kernel.

Perhaps if you detail which method you are planning (i.e., neuter stock kernel or custom) - we can validate your process.

Here's what I want to accomplish: Remove the copy protection a la the CCI bit .

That's it - no other stuff. I hate not being able to move my shows onto my computer/iphone and my cable company has turned almost all channels to copy protected for no "good" reason.


The biggest obstacle is that the posts on here, while very helpful and appreciated, can be cryptic, and many are years old and I'm unsure how they apply.

My equipment: A PROM modified Series 3 Tivo HD with a 1TB drive installed.

Here's the way I understand the process in general terms:

1)Put some UNIX tools on the drive.
*I am unclear exactly which files I need. I know it'll at least be an FTP server* I just don't know which files to download and where to install them.

2)Enable those tools to be executable.

3)Invoke those tools at startup.

4)Mount inactive partitions and work with the files on it

5)Edit some config files and scripts, like .rcs , the SWupdate, etc

6)Install SWupdate on "inactive" partition

7)Mount updated HDA and edit Tivo kernel with DD or Tivopatcher, or install custom kernel. (whichever method is the easiest/most painless.)

8)Set bootpage -P and -B to the update partitions, and set iptables -f, etc

9)Stop automatic updates.

10)Be ready for when it all happens again

What would help me are specific instructions for each step :)

Sorry for the long post and the thread hijack.

mike_s
04-09-2010, 01:58 PM
What would help me are specific instructions for each step :)Probably not going to get that here. Because, if you did, then you'd just be back asking again when the next update breaks everything.

Hacked TiVos are high maintenance. If you want one, you need to learn, not be told.

tomhayes
04-09-2010, 04:16 PM
Probably not going to get that here. Because, if you did, then you'd just be back asking again when the next update breaks everything.

Hacked TiVos are high maintenance. If you want one, you need to learn, not be told.

Well, can we agree that a middle ground might be helpful for beginners?? :)

ScanMan
04-10-2010, 01:30 PM
Well, can we agree that a middle ground might be helpful for beginners?? :)
Since I just hacked/re-hacked a refurb original Series 3 [Gen05], I'll give you a little outline. If you can't fill in the gaps, you're not ready.

Connected the drive to my laptop via USB->SATA adapter.
Booted with MFSLive CD
I had an external USB hard drive with my hack tools that MFSLive recognized as /dev/sda
Tivo drive was recognized by MFSLive as /dev/sdb
Check the bootpage
bootpage -p /dev/sdb
root=/dev/hda7Write new bootpage
bootpage -P "root=/dev/hda7 dsscon=true console=1,115200 upgradesoftware=false" -C /dev/sdbMount external USB and tivo drive
mount /dev/sda1 /dos
mount /dev/sdb7 /tivoMake a 'hacks' and 'bin' directory
mkdir /tivo/hacks
mkdir /tivo/hacks/binuntar tivotools.tar to 'bin'
tar -xvf /dos/tivotools.tar -C /tivo/hacks/bincreate rc.sysinit.author in /tivo/etc/rc.d

#!/bin/bash
export PATH=$PATH:/hacks:/hacks/bin
tnlited 23 /bin/bash -login &
/hacks/bin/tivoftpd &

chmod 755 /tivo/etc/rc.d/rc.sysinit.author
Install Jamie's Gen05 custom kernel

dd if=/dos/vmlinux-Gen05-netopt-ext3.px of=/dev/sdb6Neuter iptables [back it up first]

mv /tivo/sbin/iptables /tivo/sbin/iptables.oldNew iptables should look like:

#!/bin/bash
exit 0

chmod 755 /tivo/sbin/iptablesSince using a custom kernel, replace 'bcmenet.o' per Jamie's instructions; back it up first.

mv /tivo/platform/lib/modules/bcmenet.o /tivo/platform/lib/modules/bcmenet.bak
cp /dos/bcmenet.o /tivo/platform/lib/modules
chmod 644 /tivo/platform/lib/modules/bcmenet.oThis is a pretty basic shell; the minimal .author file will give you telnet and ftpd to finish up. If you prep these files offline, make sure your text editor can save as unix type (don't use notepad).

I've also attached a log session from the manual upgrade process I performed after the initial hacked filesystem was upgraded to the latest software. By reading my 'ManualUpgrade.tcl' script and comparing it to the log session, you should be able to translate what's going on. The upgrade process is basically the same as rehacking. Hope it helps...good luck!

macrho
04-10-2010, 04:13 PM
Looks like I managed to hose myself: I just received 11g and was applying the patches to tivoapp and looks like I made a typo or two. My TiVo boots to a waiting screen and never progresses. Oddly, /tivo/tvbin/tivoapp does not exist - can someone point me to some resources on how I can recover - I killed my TiVo! [south park voice]

ScanMan
04-10-2010, 04:33 PM
Looks like I managed to hose myself: I just received 11g and was applying the patches to tivoapp and looks like I made a typo or two. My TiVo boots to a waiting screen and never progresses. Oddly, /tivo/tvbin/tivoapp does not exist - can someone point me to some resources on how I can recover - I killed my TiVo! [south park voice]Did you make a backup copy of tivoapp before you started patching? Just mount the drive in a PC and restore the virgin tivoapp; reinstall and boot the tivo. If your only mistake was in butchering the tivoapp (and you had the foresight to back it up) it should boot fine.

macrho
04-10-2010, 04:41 PM
I did back it up but in /tivo/tvbin, not on an external drive
when i rebooted, the backup along with the original app file are gone



Did you make a backup copy of tivoapp before you started patching? Just mount the drive in a PC and restore the virgin tivoapp; reinstall and boot the tivo. If your only mistake was in butchering the tivoapp (and you had the foresight to back it up) it should boot fine.

ScanMan
04-10-2010, 04:54 PM
I did back it up but in /tivo/tvbin, not on an external drive
when i rebooted, the backup along with the original app file are gone
The initial /tivo directory was just the mount point used when mounting the drive via PC; it could be any directory you specify. Describe how you are mounting the drive. Also, if you rebooted after the software upgrade, tivo may have flipped the partitions. You need to fill in some details of what you were doing.

macrho
04-10-2010, 05:00 PM
Here is what I did:

I was running 11g as of sometime earlier this week [noticed restricted recordings on my whs]

I yanked the drive and hooked it up to my mac
fired up virtualbox and ran msflive
found out the live partition via bootpage b /dev/sda [after I figured out it was sda that the drive was mounted as]

mount -t ext2 /dev/sda4 /tivo

then went into /tivo/tvbin and proceeded to dd the tivoapp file [where i made my mistake]

then umount /tivo

hooked up the tivo and it stays at the starting screen

reattached to my mac and see nothing in /tivo/tvbin as far as tivoapp program

I do not know if the tivo rebooted itself after receiving 11g - i saw no notice on my machine

perhaps i can switch the active partition and force tivo to update itself again?

I guess part of my mistake might have been simply editing the tivoapp and not using busybox.. perhaps a number of mistakes.


The initial /tivo directory was just the mount point used when mounting the drive via PC; it could be any directory you specify. Describe how you are mounting the drive. Also, if you rebooted after the software upgrade, tivo may have flipped the partitions. You need to fill in some details of what you were doing.

ScanMan
04-10-2010, 05:10 PM
I assume you did the 'mount -t ext2 /dev/sda4 /tivo' again. If you were already running 11.0g then was the filesystem hacked? Did you rehack it? You can't just edit the tivoapp without first compromising the chain of trust. Otherwise, the tivo security checks will scan the filesystem and delete offending files whose checksums don't match. If that's the case, you might be able to do an emergency reinstall to the alternate partition via kickstart 52.

macrho
04-10-2010, 05:13 PM
Yes, I did
No, I seem that I didn't hack the filesystem after getting 11.0g -- not sure why I would have thought that the data would have copied from the previous partition..

I think I have to the reinstall - I'll search on kickstart 52 .. feel a bit like a tool




I assume you did the 'mount -t ext2 /dev/sda4 /tivo' again. If you were already running 11.0g then was the filesystem hacked? Did you rehack it? You can't just edit the tivoapp without first compromising the chain of trust. Otherwise, the tivo security checks will scan the filesystem and delete offending files whose checksums don't match. If that's the case, you might be able to do an emergency reinstall to the alternate partition via kickstart 52.

ScanMan
04-10-2010, 05:17 PM
It happens to the best of us. Sounds like that's exactly what happened. Check this out for the Kickstarts. (http://www.weaknees.com/tivo-kickstart-codes.php)

macrho
04-10-2010, 06:55 PM
interesting, nothing in my other partition for kickstart to save me..
did the new update wipe out tivoapp in the main partition and the old one?
what are my choices now?

ScanMan
04-10-2010, 08:20 PM
interesting, nothing in my other partition for kickstart to save me..
did the new update wipe out tivoapp in the main partition and the old one?
what are my choices now?
The Emergency Software Reinstall (Kickstart 52) should reinstall the software which is resident in the MFS database; shouldn't matter what's in the alternate.
The timing of the keypad presses can be tricky; are you sure you got it right? You might have to try it a couple of times to get the timing right. Did you see the "Installing a Service Update" screen?

macrho
04-10-2010, 08:35 PM
Definitely a challenge; I've rebooted it, held pause and have gotten it to flash green and then show solid red and amber at which point i plug in 52

it then flashes (not sure if it reboots) and stays at: "Almost there, Just a few minutes more..."

I've been alternating the timing on pressing the 52, a first as close to the solid red and amber coming up and then waiting a few seconds - same thing.. just a few minutes more

I'll keep trying...



The Emergency Software Reinstall (Kickstart 52) should reinstall the software which is resident in the MFS database; shouldn't matter what's in the alternate.
The timing of the keypad presses can be tricky; are you sure you got it right? You might have to try it a couple of times to get the timing right. Did you see the "Installing a Service Update" screen?

macrho
04-11-2010, 05:36 AM
I've literally tried 20 times or so now
Each time I get to the "Almost there.." screen and it just stays there
I have left it there for 20 mins to see if it gets anywhere and nada




Definitely a challenge; I've rebooted it, held pause and have gotten it to flash green and then show solid red and amber at which point i plug in 52

it then flashes (not sure if it reboots) and stays at: "Almost there, Just a few minutes more..."

I've been alternating the timing on pressing the 52, a first as close to the solid red and amber coming up and then waiting a few seconds - same thing.. just a few minutes more

I'll keep trying...

tomhayes
04-11-2010, 10:12 PM
Since I just hacked/re-hacked a refurb original Series 3 [Gen05], I'll give you a little outline. If you can't fill in the gaps, you're not ready.
I've also attached a log session from the manual upgrade process I performed after the initial hacked filesystem was upgraded to the latest software. By reading my 'ManualUpgrade.tcl' script and comparing it to the log session, you should be able to translate what's going on. The upgrade process is basically the same as rehacking. Hope it helps...good luck!

I'm pretty close to being ready. I found all the files in your /hack directory on this board except for chksw.sh.

I copied the files onto a USB stick, booted MFSLIVE with the Tivo drive in it and was able to do everything in your post- except actually get the TIVO to boot :)

I just switched back to the "old" software for now until I can experiment more. I'm going to go buy an extra HD so I can always have a backup.

Tomorrow I'll try again.

ScanMan
04-11-2010, 10:36 PM
I found all the files in your /hack directory on this board except for chksw.sh.chksw.sh is just a shell script that does this:
#!/bin/bash
echo mls /SwSystem | tivosh
I just got tired of typing 'echo mls /SwSystem | tivosh' every time. :D

Watching console boot messages via a serial cable can be an invaluable troubleshooting tool. It's just a PITA with Series 3's because it requires making special cables/adapters. What happens at bootup? Does it stay at a specific screen or do you get a "rolling" reboot? Rolling reboots are very typical of iptables errors. Check the file permissions carefully (ls -l). And make sure you don't have DOS-style line endings (look like ^M) in any of your files. Sounds like your almost there.

Although in all this fun, I've lost track of which model you are trying to hack. Remember for the original Series 3 you want the Gen05 kernel/bcmenet.o. For the TivoHD you want the Gen06.

tomhayes
04-12-2010, 07:42 PM
chksw.sh is just a shell script that does this:
#!/bin/bash
echo mls /SwSystem | tivosh


Although in all this fun, I've lost track of which model you are trying to hack. Remember for the original Series 3 you want the Gen05 kernel/bcmenet.o. For the TivoHD you want the Gen06.
Yes, it's a Tivo Series 3 HD.

Basically I get to the "Almost There" screen and it reboots. I pulled the drive, set it to boot from the old software and I hope to try again later.

I either made a mistake or missed a step in preparing the/hacks directory or the rc file or something else.

tomhayes
04-14-2010, 07:25 PM
Update: The patch applied fine, but no guide data was on the Tivo. So I redid the Guided set-up using Tivo but I am stuck at the "Getting Program Info" "preparing..." step. I gave it an hour but it didn't budge.

I telneted back to the machine, renamed the patched tivoapp to tivoapp.bak2 and renamed tivoapp.foo back to tivoapp. Rebooted, still the same problem (it starts at Guided Setupo at power-on.) I can still ftp and telnet in.

Any ideas?

philhu
04-15-2010, 12:32 PM
Look at the log files in /var/log

Something is probably in there

ScanMan
04-15-2010, 02:24 PM
Update: The patch applied fine, but no guide data was on the Tivo. So I redid the Guided set-up using Tivo but I am stuck at the "Getting Program Info" "preparing..." step. I gave it an hour but it didn't budge.

I telneted back to the machine, renamed the patched tivoapp to tivoapp.bak2 and renamed tivoapp.foo back to tivoapp. Rebooted, still the same problem (it starts at Guided Setupo at power-on.) I can still ftp and telnet in.

Any ideas?Agree with Phil; look at the logs. Also, the example you posted (and have since edited) you said something about booting back into the old software at one point. Remember that when you do that you need to change both the bootpage partition boot sequence as well as the bootpage parameters (i.e., root=/dev/hda7) so that you maintain the integrity of the kernel and root filesystem with the MFS database.

tomhayes
04-15-2010, 03:56 PM
Agree with Phil; look at the logs. Also, the example you posted (and have since edited) you said something about booting back into the old software at one point. Remember that when you do that you need to change both the bootpage partition boot sequence as well as the bootpage parameters (i.e., root=/dev/hda7) so that you maintain the integrity of the kernel and root filesystem with the MFS database.

I think i did it right this time.

To fix the issues from last night I:
1)Changed the bootpage back to the old software (bootpage -P "root=/dev/hda4 dsscon=true console1,115200 upgradesoftware=true")
2)Rebooted the machine, connected to Tivo and received a software update (from 11.0d to 11.0g) and allowed it to install.
3)After the Tivo rebooted with the new (fresh) software I connected to Tivo again and got the updated program guide info.
4)I went to bed and awoke 5 hours later
4)I yanked the drive and mounted it using MFSLIVE linux distro

6)I followed the instructions in Scan Man's post http://www.dealdatabase.com/forum/showpost.php?p=306906&postcount=55 .

7)I put the drive back into the tivo and rebooted

8)I teleneted into the Tivo and made the file system rewrite-able: mount -o remount,rw /

9)I ftp'd ftp tvapppatch.tcl and tvapppatches-11.0g.tcl into /hacks (Making sure files were saved as UNIX and transfferred as BINARY.)

10)Ran the patch with ./tvapppatch.tcl -p tvapppatches-11.0g.tcl

11)Rebooted

12)Telneted back in to see if everything is okay.

13)I recorded a traditionally "copyrighted" program and made sure I could transfer it to my PC. I was successful.

There are a few issues I have run into (See the "issues" section below.)

What i did not do is run the ManualUpgradescript that ScanMan posted. I don't know if there are steps in the script that have to be applied by hand. The script has several sections that aren't in the "by hand" guide.

Stuff i didn't do by hand:
1)Set some variables: killhd "vmlinux-7.2.2-oth.k1.px.gz", set drivers "./drivers", set myNIC "usbnet.o", set mntpt "/mnt"
2)Edit the installSw.tcl file to remove the reboot
6)Copy backport drivers (I think this does not apply to Tivo Series 3 HD.)
7)Copy usb.map (I think this does not apply to Tivo Series 3 HD.)
8)Copy group,passwd for cron setup (Not sure why I'd do that. Does a CRON job run that I need to do this for?)

I also didn't copy some of the files listed in the Upgrade output Scan man posted:
ManualUpgrade.tcl ,replace_initrd.mips, TivoWebPlus (Directory), null-linuxrc.img.gz
I think those files are for older models.

Issues:
1)The "Swivel Search" function in "Find Programs" doesn't work. Previously "Swivel Search" would be "Tivo Search". When I try to use it it says "Network Unavailable."
2)The tivo seems slower now. Maybe this will fix itself? (Maybe it's loading guide data??)

Let me again thank everyone for the help. I've attached my tvapppatches-11.0g.tcl file to this post for a sanity check.

If anyone can shed light on the "Swivel Search" issue I'd appreciate it.

Update:
1)The "Wishlist Search" works."
2)I am no longer seeing the channel logos next to the program names in "now Playing" - is this something I forgot to install??

ScanMan
04-15-2010, 09:40 PM
I think i did it right this time.

To fix the issues from last night I:
1)Changed the bootpage back to the old software (bootpage -P "root=/dev/hda4 dsscon=true console1,115200 upgradesoftware=true")
<snip>What i did not do is run the ManualUpgradescript that ScanMan posted. I don't know if there are steps in the script that have to be applied by hand. The script has several sections that aren't in the "by hand" guide.
<snip>Issues:
1)The "Swivel Search" function in "Find Programs" doesn't work. Previously "Swivel Search" would be "Tivo Search". When I try to use it it says "Network Unavailable."
2)The tivo seems slower now. Maybe this will fix itself? (Maybe it's loading guide data??)

Let me again thank everyone for the help. I've attached my tvapppatches-11.0g.tcl file to this post for a sanity check.

If anyone can shed light on the "Swivel Search" issue I'd appreciate it.

Update:
1)The "Wishlist Search" works."
2)I am no longer seeing the channel logos next to the program names in "now Playing" - is this something I forgot to install??The 'ManualUpgrade' is just my automated script for the re-hack after software upgrades. If you did it "by hand" that's all you need.

As to your issues, some discussion earlier in the thread that one of the patches messes up NetFlix/VOD stuff; perhaps SwivelSearch is a byproduct of that as well?

One other thing you should check is when you changed the bootpage back to the old software. Not only do you have to change the parameters but also tell it to boot from partition 3 via the 'bootpage -B 3' switch. Check out this man page (http://www.gratisoft.us/tivo/bootpage.html). Since you've flipped back and forth, you should just be sure your loading the right (6,7 now?) partitions by checking it.
bash-2.02# bootpage -b
No device name given, assuming /dev/hda
3
bash-2.02# bootpage -p
No device name given, assuming /dev/hda
root=/dev/hda4 dsscon=true console=1,115200 upgradesoftware=false
bash-2.02#
I don't think it affects your issues but it could screw up your next software update or confuse you. The slow load and the logos issues could be a re-indexing or a byproduct of re-running guided setup earlier. See if it persists.

tomhayes
04-16-2010, 12:18 AM
As to your issues, some discussion earlier in the thread that one of the patches messes up NetFlix/VOD stuff; perhaps SwivelSearch is a byproduct of that as well?
The VOD doesn't work either, so I'll bet that's it.

I should be able to:

mv tivoapp tivoapp2.foo
mv tivoapp.foo tivoapp

Then repatch tivoapp without the NoPromos and reboot. (Does that sound sane?)



One other thing you should check is when you changed the bootpage back to the old software. Not only do you have to change the parameters but also tell it to boot from partition 3 via the 'bootpage -B 3' switch. Check out this man page (http://www.gratisoft.us/tivo/bootpage.html). Since you've flipped back and forth, you should just be sure your loading the right (6,7 now?) partitions by checking it.
bash-2.02# bootpage -b
No device name given, assuming /dev/hda
3
bash-2.02# bootpage -p
No device name given, assuming /dev/hda
root=/dev/hda4 dsscon=true console=1,115200 upgradesoftware=false
bash-2.02#


My bootpages are as follows:

bash-2.02# bootpage -b
No device name given, assuming /dev/hda
6
bash-2.02# bootpage -p
No device name given, assuming /dev/hda
root=/dev/hda7 dsscon=true console=1,115200 upgradesoftware=false




I don't think it affects your issues but it could screw up your next software update or confuse you. The slow load and the logos issues could be a re-indexing or a byproduct of re-running guided setup earlier. See if it persists.

Some of the logos showed up and some of my online request are bouncing. I think that tomorrow (I have two things taping tonight I don't want to miss) I'll re-patch without NoPromos and redo guided set-up.

If this all works properly (and works for a few days) I'm going to write a "New newbie" guide on this (and give credit to everyone who has helped me here, if that's okay.)

UPDATE:I reverted to the original Tivoapp and patched without the NoPromos code and Tivo Search is working again!!!!

simmonsjeffreya
06-04-2010, 11:14 PM
Anyone else have a problem with the delete this recording? edit below? Whenever I get to the end of a recording, my TiVo freezes. Nothing I do short of pulling the power cord out fixes this. Reverting back to original tivoapp and reapplying all edits except that one fixed the problem, but I want that annoying "delete this recording" thing gone! Any help would be appreciated.


not really for me.. i do in place upgrades and patch the new version of the tivoapp in the new partition b4 i ever reboot..

did not notice it was buffer hack thanks.. but it appears strange all my other buffer hack lines are longer see the old compared to new below? any ideas?

set sys(11.0b) [list 0x115e4e 0x115b1a 0x6c 0x1bd402 32140016 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set sys(11.0c) [list 0x115d82 0x115a4e 0x6c 0x1bd672 32207760 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set sys(11.0d) [list 0x115d82 0x115a4e 0x6c 0x1bd672 32207760 325F14DAA33CC105AD841D8F73E3E67B7A85EDBF]
set sys(11.0g) [list 0x115adc 0x1157a8 0x6c 0x1bd3e4 32224332 325F14DAA33CC105AD841D8]


ok the subtract value ix 0x400000
if i did my math right and i checked twice here are the dd lines


echo -ne "\x10\x00\x00\xaa" | dd conv=notrunc of=tivoapp bs=1 seek=1914760
echo -ne "\x24\x10\x00\x01" | dd conv=notrunc of=tivoapp bs=1 seek=3621276
echo -ne "\x10\x40\x00\x26" | dd conv=notrunc of=tivoapp bs=1 seek=7941976
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=2452500
echo -ne "\x24\x11\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=2452536
echo -ne "\x00\x00\x80\x21" | dd conv=notrunc of=tivoapp bs=1 seek=13924576

echo -ne "\x00\x00\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=7960092
echo -ne "\x00\x00\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=4623428

echo -ne "\x10\x00\x00\x03" | dd conv=notrunc of=tivoapp bs=1 seek=6016084


there are in order

no encr.
backdoor
30sec skip
cci1
cci2
cci3
nopause
nopromos
delete this recording?


I am not sure what "delete this recording" is i have never used it anyone enlighten me? ok figured this out too it is a hack to not have delete this recording pop up.. ok not usingthat ..

2 of my 3 series 3 boxes are sucessfully upgraded in place and everything seems to work... 3rd box doesnt have new version on it yet.

Soapm
11-28-2011, 02:07 PM
Sometimes I prefer to open the tivo without pulling the drive, or even rebooting my computer for that matter :D

Below is a pic of my computer running windows 7 connected via usb to the tivo hard disk while its still in the tivo (tivo powered down of course) with the tivo partitions mounted via ubuntu 9.1 running in virtualbox. Normally I'd just do it without ever taking the cover off of the tivo but in my infinite wisdom I forgot to replace iptables when I did this. Needless to say, the tivo just went into a reboot loop. Ergo, extra steps were necessary.

I would never have thought to do this. This really beats removing the drive, removing the holder then mounting it in a USB enclosure then having to reverse those steps to put it back.

You one smart feller...

lrhorer
11-28-2011, 07:25 PM
Back in the day when I was hacking my THD by pulling the drive, what I did was just swap the drive cables inside the THD so that the primary drive was external. I then put the drive in an Antec MX-51 eSATA enclosure. Hacking the drive is then just a matter of shutting down the TiVo, taking the enclosure over to the PC, and plugging in the enclosure into an eSATA port in the computer. I did the same with my S3, but with the S3, one has to cut holes in the case and install a pair of SATA / eSATA adapters.