Page 1 of 3 123 LastLast
Results 1 to 15 of 42

Thread: Tiny initrd replacement

  1. #1
    Join Date
    Jan 2002
    Posts
    1,777

    Tiny initrd replacement

    Attached please find a small, trivial linuxrc and initrd.

    The linuxrc is a MIPS assembly program that just calls exit(0). A successful linuxrc exit status is required by the Tivo kernel mods (init/main.c:768).

    The initrd is simply the output of mkcramfs on a directory containing the linuxrc. It is a pleasant 4096 bytes, mostly padding.

    Neither file has been tested since I do not have a hacked rom yet (although it has been verified that the linuxrc does not require any support files/libs, and does indeed return 0). Things that might cause this to break:

    1) the kernel might not like the cramfs - I think the original initrd may have been a different format?

    2) linuxrc may perform other operations to get the box ready or to make the kernel happy. (These could probably be observed by monitoring syscalls, however - it's hard to "hide" things on a unix system because the user/kernel boundary is well defined.)

  2. #2
    Join Date
    Jan 2002
    Posts
    1,777
    File is here:

  3. #3
    Join Date
    Jun 2001
    Posts
    3,108
    attached is a copy of alldeadhomiez's special linuxrc which has been turned into a romfs image and gziped. remove the .zip extension for use

  4. #4
    Join Date
    Jun 2001
    Posts
    3,108
    you can extract a .gz file with gunzip filename.gz

    but, you should understand why you are using something. this is a general message to all, and my final warning on this subject:

    the initrd replacement is only for those with a hacked prom. If you have not sent your unit to someone to have the prom replaced, or replaced it yourself, then you do not have a hacked prom. There is no way to hack the prom in place on most units, since they have a 37 series chip.

    If you apply the initrd hack to a unit with an unhacked prom, your unit will not boot. if you don't have a backup, then you are screwed. if you do not heed this warning, i will laugh in your face for not reading the blatant warnings.

  5. #5
    Join Date
    Jun 2001
    Posts
    3,108
    how do you move these files over to the tivo? via ftp, bash over serial, or by copying them to the hard drive.

    however, without a hacked prom, they are useless and pointless, and will cause your unit to not boot

  6. #6
    Join Date
    Jun 2001
    Posts
    3,108
    ok, for those with a hacked prom:

    you can use the file in its gziped form. look at a gzip file in a hex editor, the first 3 bytes or so are the same for every one, its the gzip signature. next, determine where the gzip signature is located for your given kernel. then you use dd to copy the file:

    dd if=null_initrd.img.gz of=my_kernel_file seek=<location where you found the gzip signature in the kernel> conv=notrunc

    you should be operating on a copy of your kernel, and have a backup just in case. if you don't know how to backup your kernel, you have major issues.

  7. #7
    Join Date
    Jun 2001
    Posts
    3,108
    Originally posted by orangejaylove
    the old faq I found said the kernel img is in partition 3 would that be the same for all?

    is it an image file how do I copy this to my harddrive so I can poke around in it and stuff?
    the kernel is either on partition 3 or partition 6

    if root is hda4, kernel is hda3
    if root is hda7, kernel is hda6

    you can use dd to pull a backup of the entire partition. lots of info available on that

  8. #8
    Join Date
    Jun 2001
    Posts
    3,108
    'man dd'

    that will give you lots of info on how dd works
    if = input file
    of = output file
    in unix, pretty much everything can be treated like a file, including disk partitions.

    so, dd if=/dev/hda6 of=/path/to/file
    that command will read the contents of hda6, or the second kernel partition, and dump it into the 'file' which /path/to points to.

    you can't just dump to hdd2...you need to mount your drive, then choose a directory on that mounted drive

  9. #9
    Join Date
    Jun 2001
    Posts
    3,108
    you are forgetting how 'of=' works. it writes to either a file or partition. if you say of=/dev/hdd2, then you are saying you want to replace your fat32 filesystem with the contents of the if= file/partition/etc. thats probably not what you want.

    remember, you want of=/path/to/mykernel. 'mykernel' doesnt have to exist, but /path/to needs to exist. also, if you did an of=/mnt/c/tivo, then you tried to copy the kernel onto a directory, which is also a no-no.

    1) figure out where you want the file, ie: /mnt/c/tivo
    2) figure out what you want the filename to be, ie: kernel_backup
    3) construct your of= command by using path/filename, ie: of=/mnt/c/tivo/kernel_backup

    now you know the of= part, you can try the dd command again

  10. #10
    Join Date
    Jun 2001
    Location
    Dallas
    Posts
    588
    If someone would be so kind as to post a dd image of a hacked kernel with the right initrd allready in it then you can use the steps below:

    Get the tivo boot disk

    put the hacked kernel file on a floppy

    put your tivo drive as slave and connect it to your pc

    boot from the tivo boot disk

    once you are up, go to the tivomad directory and type "bootpage hdb" (or hdd if your tivo is slave on the secondary ide controller)

    it will tell you what the current boot partition is hda4 or hda7.

    do the - to escape out of there without a change

    now take the floppy with the kernel image on it and put it in the a drive

    type "mount /dev/fd0 /mnt"

    now "cd /mnt" and do an "ls" to make sure the file is there.

    now copy the .gz file to / by typing "cp hacked-kernel.img.gz /"

    now "cd /"

    now "gzip -d hacked-kernel.img.gz"

    now you should have an img file in the /

    now do a "dd if=/hacked-kernel.img of=/dev/hdb3 bs=32k" if your boot partition was /dev/hda4 or "dd if=/hacked-kernel.img of=/dev/hdb6 bs=32k" if your boot partition was hda7

    the records in should equal the records out

    now you can power down and put the drive back in the tivo.

    If you guys see I missed any steps or misnamed programs like bootpage, let me know cuz I'm just winging it from memory here.
    Last edited by KRavEN; 03-25-2003 at 11:35 AM.
    Information wants to be free....

  11. #11
    Join Date
    Jun 2001
    Posts
    3,108

    a gift

    attached is a little program i threw together. it simply looks through the kernel image which you pass to it, and determines the location of the gziped initrd image by using the gzip signature. it prints the integer location if found, and will also return it for scripting purposes.

    once you have the location, you should be able to use dd to drop the nulled initrd onto the kernel image.

    editorial note: this code would have been simpler if there was a nice peekchar and peek2char function...bah, then i would have to do more work

  12. #12
    Join Date
    Jun 2001
    Posts
    3,108

    another gift

    man, im being generous today =)

    here is a program i threw together which will automatically replace your initrd with the initrd you indicate. a backup is made automatically.

    NOTE: this is c code. i shouldn't have to say this, but i will anyway. remove the .txt extension, compile and go. no warranties, expressed or implied. If you break it, you own both halves.

    Code:
    /*
    * replace_initrd.c 
    * 
    * Hacked by MrBlack51
    *
    * Takes a kernel image, finds the gziped initrd, then replaces
    * it with the one specefied by the user. A backup is made with
    * either the user specefied filename, or the inputfilename with
    * a ".bak" extension added if no backup filename specefied.
    * This program will also tell you the integer location of the 
    * gziped initrd.img located in a kernel image. I was too
    * lazy to do it from scratch, so I based it on Steve
    * White's extract-gzip.c
    *
    * USAGE: replace_initrd <kernel filename> <new initrd image> <backup filename>
    *
    */ 
    
    i.e: replace_initrd /dev/hda6 initrd.img.gz original_kernel.bak
    -or-  replace_initrd kernel_image initrd.img.gz
    if you use "replace_initrd /dev/hda# initrd.img.gz original_kernel.bak" (where # is either 3 or 6) and you have problems, you can restore the old kernel with the following command:
    dd if=original_kernel.bak of=/dev/hda#

    again, where # is either 3 or 6 as appropriate.

  13. #13
    Join Date
    Jun 2001
    Posts
    3,108
    ok, so hopefully we are past the traditional cycle of tool gets released, tool gets berated, various sides express their views...

    lets get this thread back on topic. initrd replacements, related tools, etc.

  14. #14
    Join Date
    Oct 2002
    Location
    USA
    Posts
    537
    how long should it take to dd null-linuxrc.img.gz to the copy of my kernel ?
    Ma l'italiano benissimo

    Ex-Cantidate John Kerry
    Its not what you want it's what the electorate wants.

  15. #15
    Join Date
    Jun 2001
    Posts
    3,108
    a few seconds. remember, you need a hacked prom, and this is designed for the s2 units only

    well, the c code is for any platform, but the null_initrd is for s2 units only.

    if you have compiled it on linux, what command are you trying to use when you run it?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •