Page 1 of 6 123 ... LastLast
Results 1 to 15 of 89

Thread: tivoapp patches and hacks

  1. #1
    Join Date
    May 2002
    Posts
    314

    tivoapp patches and hacks

    Now that AVS prohibits talk on just about every interesting hacking topic, this forum seems to be the ideal place to post the sort of hacks you can do directly to tivoapp (the main TiVo application).

    These hacks directly modify the tivoapp executable. Before applying any of them, you really should save away the original tivoapp so that you can go back to it should the need arise.

    Because of the way permissions work in Linux, you cannot modify the binary image of an executable if it's still running. Therefore, one suggested way of applying any hacks in this thread goes something like this:
    [list=1][*]Get the hack over to your TiVo somehow and then make sure it's executable: chmod +x /var/hack/bin/somehack [*]Shut down the tivoapp program: cd /tvbin ; ./switcherstart -k
    (Wait for the prompt to reappear. Sometimes you have to hit a remote control key to get that to happen).[*]Make the root filesystem writeable: mount -o remount,rw /[*]Save away the original tivoapp if you haven't already done so: cp tivoapp tivoapp.orig[*]Apply the hack: /var/hack/bin/somehack[*]Make the root filesystem read-only again and then reboot: mount -o remount,ro / ; reboot[/list=1]
    Keep in mind that hacks that alter tivoapp are *very* specific to both the type of TiVo you have and the software version you're running.

  2. #2
    Join Date
    May 2002
    Posts
    314

    Suggestions

    Also, feel free to make suggestions for hacks you'd like to see. I'll let you know how feasible they are.

  3. #3
    Join Date
    May 2002
    Posts
    314

    Default to 30-sec skip mode (S1 v3.1.0b)

    Here's a hack that patches the Series 1 tivoapp v3.1.0b such that 30-second skip mode is enabled by default. You can still toggle the mode using the normal backdoor; this patch just makes it so that it defaults to being enabled on reboot
    Attached Files Attached Files

  4. #4
    Join Date
    May 2002
    Posts
    314

    Permanently enable backdoors (S1 v3.1.0b)

    Here's a hack that patches the Series 1 tivoapp v3.1.0b such that backdoors are permanently enabled.
    Attached Files Attached Files

  5. #5
    Join Date
    May 2002
    Posts
    314

    Permanently disable yellow star promos (S1 v3.1.0b)

    Here's a hack that patches the Series 1 tivoapp v3.1.0b such that yellow star promo items are never shown in TiVo Central.

    If you'd still like to see the promos recorded (but not show up as a menu item), then put "Teleworld Paid Programming" and "Advanced Paid Programming" in your Season Pass list. Then they'll show up as normal recordings.
    Attached Files Attached Files

  6. #6
    Join Date
    Jun 2003
    Location
    Somerset, England
    Posts
    1,124

    Re: Default to 30-sec skip mode (S1 v3.1.0b)

    Originally posted by MuscleNerd
    Here's a hack that patches the Series 1 tivoapp v3.1.0b such that 30-second skip mode is enabled by default. You can still toggle the mode using the normal backdoor; this patch just makes it so that it defaults to being enabled on reboot
    Can you suggest how to modify this to work on 2.5.5?
    Stuart

    Newbies - see if your questions are answered here Experts - can you add to the knowledge stored here? Developers - are your hacks listed here?

  7. #7
    Join Date
    Jul 2003
    Posts
    522

    Re: tivoapp patches and hacks

    Originally posted by MuscleNerd
    Because of the way permissions work in Linux, you cannot modify the binary image of an executable if it's still running.
    Although you can't modify the original tivoapp while it's running, you can rename it ("mv"). Here's what I did when making 30-sec skip the default:

    1. FTP tivoapp to my PC.
    2. Hexedit it.
    3. Rename it "tivoapp.new".
    4. (remount tivo root as read-write)
    5. FTP tivoapp.new to tivo.
    6. Telnet to tivo and do:
    7. "mv tivoapp tivoapp.org"
    8. "mv tivoapp.new tivoapp"
    9. (remount as read-only)
    10. restart

    After renaming, the original tivoapp will still be used until a restart, or it's killed.
    Last edited by TheWickedPriest; 11-19-2003 at 02:02 PM.

  8. #8
    Join Date
    May 2002
    Posts
    314

    Re: Re: Default to 30-sec skip mode (S1 v3.1.0b)

    Originally posted by sanderton
    Can you suggest how to modify this to work on 2.5.5?
    If you can somehow get me a copy of the 2.5.5 tivoapp, I can take a look at it and see if I find similar code to patch.

  9. #9
    Join Date
    May 2002
    Posts
    314
    Yeah, TheWickedPriest makes two good points: you don't have to run these hacks directly if you're comfortable hex-editing (see the source code for the location to hex-edit), and you can use "mv" instead of "cp" if you want, in which case you don't need to shut down the switcher (but you'll still need to reboot afterwards (and don't forget to make that partition read-only before you reboot)).

  10. #10
    Join Date
    Feb 2003
    Posts
    411

    A Request, a Suggestion, and a few Questions

    Greetings,
    Let me apologize in advance for the long post.

    A Request:

    If you get a few minutes could you post your permanent backdoor hack for a 3.0 SA Phillips HDR. I've already gotten it, but that was because a nice person emailed it to me, thanks again. I noticed that a few other people had posted that they too were a few days to late to download it and your other hacks at "the other forum"

    One suggestion:

    A choice of how to sort the now playing list at boot would be a great hack in my opinion.

    A Few Hex Editing Questions:

    When hex editing, please be nice as I am a complete newbie at this, with Hex Workshop or UltraEdit, how do know where to find the location of some of these settings? I know I can look at your source code and find the location that way, but I see garbled or meaningless, at least to me, text, on the right had side of the addresses. Is there a setting I’m missing in both programs or is this a “programmers only” area.

    Will the Tivo boot to serial bash with an incorrectly edited tivoapp? In other words if I screw it up will I have to pull the drives to restore the old tivoapp or will I have to completely restore from a backup?


    Thanks for the great hacks,
    Mikey

  11. #11
    Join Date
    May 2002
    Posts
    314

    Permanently enable backdoors (S1 v3.0)

    This is the Series 1 v3.0 version of the backdoor hack described earlier.
    Attached Files Attached Files

  12. #12
    Join Date
    May 2002
    Posts
    314

    Re: A Request, a Suggestion, and a few Questions

    Originally posted by mikey
    If you get a few minutes could you post your permanent backdoor hack for a 3.0 SA Phillips HDR.
    No problem...I just posted it above.
    One suggestion: A choice of how to sort the now playing list at boot would be a great hack in my opinion.
    Okay I'll look into that when I can.

    And as for hex editing...most hex editors show the hex value in the left columns as ASCII characters in the right columns, so that you can easily identify strings. But the section of the program these patches affect don't usually contain strings..they're all PowerPC or MIPS instructions. Those instructions just look like gibberish on the right hand side.

    If you want to actually decode the values as instructions, you'd use a disassembler, not a hex editor. A disassembler would show the values around that backdoor patch as:
    Code:
     1b8ed38:       7f 64 db 78     mr      r4,r27
     1b8ed3c:       48 00 02 41     bl      0x1b8ef7c
     1b8ed40:       83 9f 00 08     lwz     r28,8(r31)

  13. #13
    Join Date
    Aug 2003
    Posts
    2,149

    Re: Re: A Request, a Suggestion, and a few Questions

    Originally posted by MuscleNerd
    You'd use a disassembler,
    What disassembler do you use? Olly is win32 only. Haven't tried IDA.

    [EDIT] IDA 4.3.0 works fine.

    NutKase
    Last edited by NutKase; 12-13-2003 at 05:31 AM.
    "God, and DealDataBase, help those that help themselves." --Shamelessly stolen from psxboy
    ------------------------------------------------
    2 each, SA S2 287hr 7.2.1a's with Lifetime.
    Hacks: 1 Manually Monte'd -140, Bash,Telnet,FTP,TivoWebPlus,
    Superpatch-67all Unscrambled/HMO,MFS_FTP Ver. N,TyTools, tivoserver
    Fully hacked SA S1

  14. #14
    Join Date
    Jun 2001
    Posts
    3,108

    Re: Re: Re: A Request, a Suggestion, and a few Questions

    Originally posted by NutKase
    What disassembler do you use? Olly is win32 only. Haven't tried IDA.

    NutKase
    um, i dont think olly supports mips or ppc, regardless of whether its windows only or not.
    Step one: search button!
    Silly Wabbit, guides are for kids

  15. #15
    Join Date
    Aug 2003
    Posts
    2,149

    Re: Re: Re: Re: A Request, a Suggestion, and a few Questions

    Originally posted by mrblack51
    um, i dont think olly supports mips or ppc, regardless of whether its windows only or not.
    I guess I wasn't clear I meant x86. Anyway, IDA has several options for mips:

    mipsb=Little endian
    mipsl =Big endian (I think this one.)
    and mipsr=Didn't find much on this one.

    Which do I use? I've tried them all and I get:

    IDA kernel and IDP module mips.w32 are not compatible. There are tons of other setup options that I may be missing for IDA though. Any ideas.

    NutKase
    "God, and DealDataBase, help those that help themselves." --Shamelessly stolen from psxboy
    ------------------------------------------------
    2 each, SA S2 287hr 7.2.1a's with Lifetime.
    Hacks: 1 Manually Monte'd -140, Bash,Telnet,FTP,TivoWebPlus,
    Superpatch-67all Unscrambled/HMO,MFS_FTP Ver. N,TyTools, tivoserver
    Fully hacked SA S1

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •