Tiny initrd replacement

[alldeadhomiez]

Attached please find a small, trivial linuxrc and initrd.

The linuxrc is a MIPS assembly program that just calls exit(0). A successful linuxrc exit status is required by the Tivo kernel mods (init/main.c:768).

The initrd is simply the output of mkcramfs on a directory containing the linuxrc. It is a pleasant 4096 bytes, mostly padding.

Neither file has been tested since I do not have a hacked rom yet (although it has been verified that the linuxrc does not require any support files/libs, and does indeed return 0). Things that might cause this to break:

1) the kernel might not like the cramfs - I think the original initrd may have been a different format?

2) linuxrc may perform other operations to get the box ready or to make the kernel happy. (These could probably be observed by monitoring syscalls, however - it's hard to "hide" things on a unix system because the user/kernel boundary is well defined.)

[alldeadhomiez]

File is here:

[mrblack51]

attached is a copy of alldeadhomiez's special linuxrc which has been turned into a romfs image and gziped. remove the .zip extension for use

[mrblack51]

you can extract a .gz file with gunzip filename.gz

but, you should understand why you are using something. this is a general message to all, and my final warning on this subject:

the initrd replacement is only for those with a hacked prom. If you have not sent your unit to someone to have the prom replaced, or replaced it yourself, then you do not have a hacked prom. There is no way to hack the prom in place on most units, since they have a 37 series chip.

If you apply the initrd hack to a unit with an unhacked prom, your unit will not boot. if you don't have a backup, then you are screwed. if you do not heed this warning, i will laugh in your face for not reading the blatant warnings.

[mrblack51]

how do you move these files over to the tivo? via ftp, bash over serial, or by copying them to the hard drive.

however, without a hacked prom, they are useless and pointless, and will cause your unit to not boot

[mrblack51]

ok, for those with a hacked prom:

you can use the file in its gziped form. look at a gzip file in a hex editor, the first 3 bytes or so are the same for every one, its the gzip signature. next, determine where the gzip signature is located for your given kernel. then you use dd to copy the file:

dd if=null_initrd.img.gz of=my_kernel_file seek=<location where you found the gzip signature in the kernel> conv=notrunc

you should be operating on a copy of your kernel, and have a backup just in case. if you don't know how to backup your kernel, you have major issues.

[mrblack51]

Originally posted by orangejaylove
the old faq I found said the kernel img is in partition 3 would that be the same for all?

is it an image file how do I copy this to my harddrive so I can poke around in it and stuff?

the kernel is either on partition 3 or partition 6

if root is hda4, kernel is hda3
if root is hda7, kernel is hda6

you can use dd to pull a backup of the entire partition. lots of info available on that

[mrblack51]

'man dd'

that will give you lots of info on how dd works
if = input file
of = output file
in unix, pretty much everything can be treated like a file, including disk partitions.

so, dd if=/dev/hda6 of=/path/to/file
that command will read the contents of hda6, or the second kernel partition, and dump it into the 'file' which /path/to points to.

you can't just dump to hdd2...you need to mount your drive, then choose a directory on that mounted drive

[mrblack51]

you are forgetting how 'of=' works. it writes to either a file or partition. if you say of=/dev/hdd2, then you are saying you want to replace your fat32 filesystem with the contents of the if= file/partition/etc. thats probably not what you want.

remember, you want of=/path/to/mykernel. 'mykernel' doesnt have to exist, but /path/to needs to exist. also, if you did an of=/mnt/c/tivo, then you tried to copy the kernel onto a directory, which is also a no-no.

1) figure out where you want the file, ie: /mnt/c/tivo
2) figure out what you want the filename to be, ie: kernel_backup
3) construct your of= command by using path/filename, ie: of=/mnt/c/tivo/kernel_backup

now you know the of= part, you can try the dd command again

[KRavEN]

If someone would be so kind as to post a dd image of a hacked kernel with the right initrd allready in it then you can use the steps below:

Get the tivo boot disk

put the hacked kernel file on a floppy

put your tivo drive as slave and connect it to your pc

boot from the tivo boot disk

once you are up, go to the tivomad directory and type "bootpage hdb" (or hdd if your tivo is slave on the secondary ide controller)

it will tell you what the current boot partition is hda4 or hda7.

do the - to escape out of there without a change

now take the floppy with the kernel image on it and put it in the a drive

type "mount /dev/fd0 /mnt"

now "cd /mnt" and do an "ls" to make sure the file is there.

now copy the .gz file to / by typing "cp hacked-kernel.img.gz /"

now "cd /"

now "gzip -d hacked-kernel.img.gz"

now you should have an img file in the /

now do a "dd if=/hacked-kernel.img of=/dev/hdb3 bs=32k" if your boot partition was /dev/hda4 or "dd if=/hacked-kernel.img of=/dev/hdb6 bs=32k" if your boot partition was hda7

the records in should equal the records out

now you can power down and put the drive back in the tivo.

If you guys see I missed any steps or misnamed programs like bootpage, let me know cuz I'm just winging it from memory here.

[mrblack51]

attached is a little program i threw together. it simply looks through the kernel image which you pass to it, and determines the location of the gziped initrd image by using the gzip signature. it prints the integer location if found, and will also return it for scripting purposes.

once you have the location, you should be able to use dd to drop the nulled initrd onto the kernel image.

editorial note: this code would have been simpler if there was a nice peekchar and peek2char function...bah, then i would have to do more work

[mrblack51]

man, im being generous today =)

here is a program i threw together which will automatically replace your initrd with the initrd you indicate. a backup is made automatically.

NOTE: this is c code. i shouldn't have to say this, but i will anyway. remove the .txt extension, compile and go. no warranties, expressed or implied. If you break it, you own both halves.

Code:

/*
* replace_initrd.c 
* 
* Hacked by MrBlack51
*
* Takes a kernel image, finds the gziped initrd, then replaces
* it with the one specefied by the user. A backup is made with
* either the user specefied filename, or the inputfilename with
* a ".bak" extension added if no backup filename specefied.
* This program will also tell you the integer location of the 
* gziped initrd.img located in a kernel image. I was too
* lazy to do it from scratch, so I based it on Steve
* White's extract-gzip.c
*
* USAGE: replace_initrd <kernel filename> <new initrd image> <backup filename>
*
*/ 

i.e: replace_initrd /dev/hda6 initrd.img.gz original_kernel.bak
-or-  replace_initrd kernel_image initrd.img.gz

if you use "replace_initrd /dev/hda# initrd.img.gz original_kernel.bak" (where # is either 3 or 6) and you have problems, you can restore the old kernel with the following command:
dd if=original_kernel.bak of=/dev/hda#

again, where # is either 3 or 6 as appropriate.

[mrblack51]

ok, so hopefully we are past the traditional cycle of tool gets released, tool gets berated, various sides express their views...

lets get this thread back on topic. initrd replacements, related tools, etc.

[tytyty]

how long should it take to dd null-linuxrc.img.gz to the copy of my kernel ?

[mrblack51]

a few seconds. remember, you need a hacked prom, and this is designed for the s2 units only

well, the c code is for any platform, but the null_initrd is for s2 units only.

if you have compiled it on linux, what command are you trying to use when you run it?