Page 1 of 17 12311 ... LastLast
Results 1 to 15 of 390

Thread: PROM socketing

Hybrid View

  1. #1
    Join Date
    Jun 2001
    Location
    Dallas
    Posts
    588

    PROM socketing

    I know this is pretty self serving, but I keep seeing posts by people wanting to get this done and contemplating doing it themselves and this is something that should really not be attempted by someone that doesn't know what they are doing. It is very possible to render your TiVo totally worthless if you screw it up.

    Unless you really know what you are doing with an iron, don't attempt it!

    To remove the prom requires a special tip that can heat all pins on the prom at once so that it can be removed. Hot air can also be used to remove it. Last case is trying to use solder wick, but that would be very difficult to ensure all the solder is removed well enough that you don't damage the pads on the board when remove it.

    Next the socket. Sockets in general are pretty hard, but PLCC (TiVO prom formfactor) sockets are much easier compared to TSOP sockets (xbox bios formfactor). There is still pretty much a requirement for a stereoscope or some other sort of magnification as the soldering is done on tiny points inside the socket itself and you have to be carefull not to bridge the legs or melt the pastic of the socket that is very close to the legs.

    Flashing the prom also requires special equipment like a DATA I/O device that has PLCC sockets and is designed to flash chips. It may also be possible to flash the bios in motherboards that have a socketed PLCC bios chips in them. I have an ABIT BX2 that has this bios and socket, but I've not tried to flash non pc bios chips with it. I'm sure it's possible with the right software, I've just not looked for it.

    If anyone is wanting to get this done, I have the facilities and the experience replacing and socketing the S2 TiVo proms. I can do both SA and DTiVo versions. Send me a PM if you are wanting to get it done, just don't screw up your TiVO cuz you don't know what you're doing.

    ---

    UPDATE by alldeadhomiez, 7/24/2004:

    KRavEN is no longer offering this service.

    Sleeper and MudShark will socket and reflash your PROM for $50 plus shipping. Or, keep reading this thread to learn how to do it on your own.

    At the time of this writing, the only model which needs a compromised PROM in order to boot a hacked drive is the HR10-250 (HD TiVo). It is suspected but not confirmed that the upcoming "silver" Series2 standalones may also require this modification.

    UPDATE by JJBliss, 12/21/2004:

    Sleeper is no longer a member of this Forum. Mudshark is, and has visited the forums recently. I am unaware if Mudshark is still doing PROM mods.

    The HR10-250 no longer requires a modified PROM in order to boot modified software. killhdinitrd supports this unit as well as other non Series 2.5 units. Series 2.5 (nightlight and R10) units still require PROM socketing or modifications as of this writing.
    Last edited by JJBliss; 12-21-2004 at 11:19 AM.
    Information wants to be free....

  2. #2
    Join Date
    Feb 2002
    Posts
    345

    Prom

    Kraven:

    Is the PROM code publicly available?
    Is the ONLY purpose of the prom code to allow Bash?
    I have a series and have so far been able to d 120GB and Bash.


    Thanks
    Cali

  3. #3
    Join Date
    Jun 2001
    Posts
    3,108

    Re: Prom

    Originally posted by cali
    Kraven:

    Is the PROM code publicly available?
    Is the ONLY purpose of the prom code to allow Bash?
    I have a series and have so far been able to d 120GB and Bash.
    There are only two changes needed to the prom code. If you grab the code off of your drive, the needed changes via a hex editor are simple enough.

    The purpose of the modified prom is to allow booting of unsigned kernels. Bash is a visible effect of that. Basically, the kernel has signatures for everything in the root partition thats worth messing with, and deletes anything without a good signature. this prom hack lets you modify the kernel, thus allowing you to compromise that check. once that is done, you can do whatever you want.

  4. #4
    Join Date
    May 2002
    Posts
    314

    Re: Prom

    The patches I came up with are posted over on AVS in this post . But yeah like Kraven said, knowing them and applying them are very different

    By the way...I think at the time I was going for smallest patch possible. But with that version, it still computes the kernel and bootrom SHA hashes. Even though the comparison of final hash values is ignored, it still slows down the boot cycle. But I guess nobody has noticed

  5. #5
    Join Date
    Jan 2004
    Posts
    1

    Patches gone from tivocommunity. Anyone want to post them again or send them to me?

    [QUOTE=MuscleNerd]The patches I came up with are posted over on AVS in this post . But yeah like Kraven said, knowing them and applying them are very different

    Anyone care to repost the patches or send them to me? The thread at tivocommunity seems to have been deleted.

    Thanks

  6. #6
    Join Date
    Jun 2001
    Posts
    3,108
    [QUOTE=sdguy]
    Quote Originally Posted by MuscleNerd
    The patches I came up with are posted over on AVS in this post . But yeah like Kraven said, knowing them and applying them are very different

    Anyone care to repost the patches or send them to me? The thread at tivocommunity seems to have been deleted.

    Thanks
    patches for the 1.18 prom (not the 2.5 prom used on RID units): http://www.dealdatabase.com/forum/sh...ad.php?t=27474
    Step one: search button!
    Silly Wabbit, guides are for kids

  7. #7
    Join Date
    Jan 2004
    Posts
    6
    Ive got SA S2 box which has 1.6 prom, is there patch for this one? Also any way to dump it? The getprom does not recognize -dump switch and /prom folder is empty.

  8. #8
    Join Date
    Jan 2002
    Location
    Sonoran Desert
    Posts
    2,823
    I am not sure about this, but I think there might be an easy, cheap, and clean answer to prom socketing. Wolfson pointed me to something called chipquik, which claims to easily remove QFPs, PLCC's, and SOIC's.

    Now, I don't know exactly how this stuff is supposed to work, but I did some research and found that the chipquik includes an alloy whose key element is bismuth. Of all metals, bismuth is the one with the second lowest melting point (mercury of course being the lowest.)

    Bismuth melts at around ~140F afaik, and while I am just guessing here, I think the idea behind chipquik is that you melt the bismuth solder in with the regular lead solder (which melts at ~360F afaik) on all of the contact points, hence reducing their melting points. Once this is done, you can probably do like the website says and use hot air to easily pop the prom off of the motherboard....I think a hair dryer could even be used for this, because the melting point could easily go below 200F, depending on the material used to hold the prom to the motherboard. From there you can easily wick away the bismuth solder, then just add the socket to the board.

    Any soldering pros care to comment on this? My S2 "RID enabled" receiver should arrive soon, and theres a local store here called circuit specialists (somewhere near southern and country club for you phoenix residents) that carries this chipquik kit for $18...I might have a look at trying this.
    Last edited by AlphaWolf; 01-21-2004 at 02:04 AM.
    Before PMing me: Iím not your personal tech support. If you have a question, ask in public so I don't have to repeat if somebody else asks. If you want images or slices, use emule. I will ignore all support PMs.

    Sponsor a vegetarian! I have taken the pledge, how about you?

  9. #9
    Join Date
    Jun 2001
    Posts
    3,108

    Re: Re: Prom

    Originally posted by MuscleNerd
    The patches I came up with are posted over on AVS in this post . But yeah like Kraven said, knowing them and applying them are very different

    By the way...I think at the time I was going for smallest patch possible. But with that version, it still computes the kernel and bootrom SHA hashes. Even though the comparison of final hash values is ignored, it still slows down the boot cycle. But I guess nobody has noticed
    so this patch doesnt have the 'speed increases' that the s1 dtivo prom upgrade offered. ah well, while that would be nice, these have the needed effect.

    thanks for your work btw

  10. #10
    Join Date
    Feb 2002
    Posts
    345
    Thanks for the replies guys. I have lots of prom chips at work and a nice data i/o less than 10ft away.
    Ill get around to it one day....


    cali

  11. #11
    Join Date
    Nov 2002
    Location
    Santa Clara (SF Bay area)
    Posts
    65

    BASHing without prom hack?

    cali> Is the ONLY purpose of the prom code to allow Bash? I have a series and have so far been able to d 120GB and Bash.

    How are you BASHing wo/PROM hack? I dd an old 3.0.2 kernel and BASH_ENV it to get in. My TiVo has the '39 part; I'm investigating getting it to flash in place.

  12. #12
    Join Date
    Feb 2002
    Posts
    345
    Im using the one version that allows you to do the hack...2.015 or something like that...

    Look for mrblacks post on his hacking experience; everythign you need is in there.

    Took me about a good hour to do it the first time.

  13. #13
    Join Date
    Nov 2002
    Location
    Santa Clara (SF Bay area)
    Posts
    65
    >Im using the one version that allows you to do the hack...2.015 or something like that...

    I'm using 3.0.2 which has USB network device support and also allows the BASH_ENV hack. v3.2 prevents the BASH_ENV hack.

    I'll go read MrBlack's posts to see if there's something I missed. Thx. ;-)

  14. #14
    Join Date
    Nov 2001
    Posts
    59
    Wouldn't another reason to do the PROM hack be that you can run any version of the software?


    Kraven you still doing the mod?

  15. #15
    Join Date
    Jun 2001
    Location
    Dallas
    Posts
    588
    Yeah I am. Primary reason for the new prom is to get in without the bash_env backdoor plus it's currently the only known way in with 3.2 software.

    It's also very usefull if you want to compile and run your own kernel.
    Information wants to be free....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •