Page 10 of 26 FirstFirst ... 8910111220 ... LastLast
Results 136 to 150 of 389

Thread: Overview of Hacking an S3

  1. #136
    Join Date
    Dec 2004
    Posts
    831
    Quote Originally Posted by sanjonny View Post
    looks like i am close, wondering if I can keep the replace_initrd.x86 as the gzip since it has busybox and other stuff I think I would eventually use
    I am not entirely sure what you mean. The replace_initrd.x86 binary must be extracted from the archive in order to run. If you wish to keep the archive sitting around for future reference, that's entirely up to you. All the script uses is the replace_initrd.x86 binary and the null-linuxrc.img.gz, which is the image of a null initrd used to replace the chain of trust enabled initrd the stock TiVo uses to prevent alien software from running on the unit.

    On a note not related to the TiVo, if you will enclose items such as the following in code tags when posing them, it makes them a lot easier to read.
    Code:
    jon@server:/hack$ ls -l
    total 9192
    -rwxrwxr-x 1 jon  jon   593260 2011-11-29 14:44 bootpage
    -rwxr-xr-x 1 root root     329 2011-11-29 13:39 hacks.fil
    -rwxr-xr-x 1 root root    3214 2011-11-29 14:15 hack_tivo
    -rwxr-xr-x 1 root root    2277 2011-11-29 14:17 hack_tivoapp
    -rwxr-xr-x 1 root root     432 2011-11-15 14:58 null-linuxrc.img.gz
    drwxr-xr-x 2 root root    4096 2011-12-01 17:39 other
    -rwxrwxr-x 1  500  501    6573 2007-02-02 12:46 replace_initrd.x86
    -rwxr-xr-x 1 root root   12128 2011-11-15 14:45 replace_initrd.x86.tar.gz
    -r-xr-xr-x 1 jon  jon  8294400 2011-11-29 14:53 tivohacks64.tar
    -r-xr-xr-x 1 root root  475996 2011-11-15 14:42 tivopart
    drwxrwxrwx 4 root root    4096 2011-11-15 14:42 tivopartdir
    That bootpage is a lot larger than the one on my drive. Are you sure it is the correct binary? The tivopart binary is not the same size, either. Everything else seems fine.

    Quote Originally Posted by sanjonny View Post
    So can I remove replace_initrd.x86 and the script will use the gzipped version or should I remove the gzipped version and just use the .x86 (extracted) version.
    All binaries have to be extracted to be used. The replace_initrd.x86 binary makes use of null-linuxrc.img.gz directly, so it must remain compressed, but the only compressed file of which the script itself makes any use is the tarball, and the script can make use of it whether it is gzipped or not. See lines 113 - 122 in the script:

    Code:
    if [[ -a /hack/tivohacks$tivo_type.tar ]];
    then
         tar -xvf /hack/tivohacks$tivo_type.tar;
    elif [[ -a /hack/tivohacks$tivo_type.tar.gz ]];
    then
         tar -xzvf /hack/tivohacks$tivo_type.tar.gz;
    else
         echo /hack/tivohacks$tivo_type.tar not found.  Exiting...
         exit 1;
    fi
    Quote Originally Posted by sanjonny View Post
    I do not have the saved apps or saved kernels folders but I believe the script generates them itself.
    Yes.

    Quote Originally Posted by sanjonny View Post
    On the permissions front, does it matter that some are root and some are jon as the owner or will sudo fix that anyway? I used either chmod 755 or 555 on the applicable files, is it a huge issue if I used 555 where 755 was supposed to be used? I cannot remember which numbers mean what.
    It's an octal bitmap. For each user spec,

    Read=4
    Write=2
    Execute=1

    7 = 4 + 2 + 1 =Read/Write/Execute
    5 = 4 + 1 = Read/Execute

    The fields are Directory/SUID - Owner - Group - Anyone

    755 = RWE for owner and RE for everyone
    555 = world readable and executable

    If a script is world executable, then su or sudo is not required as far as permissions are concerned. There can be other restrictions requiring the code to be run as root.


    Quote Originally Posted by sanjonny View Post
    Assuming the script doesnt work because tivopart has not been run, (I will try the script first), but just in case it fails, then I need to run tivopart -r /dev/sdb to make the script work? (assuming I check and dev/sdb is the proper drive when I reboot with the drive in place. While i am on that
    Unless there is still a conflict between the name or location on the drive and what is in the script, then it should not be any better out of the script than in.

    Quote Originally Posted by sanjonny View Post
    , what is the best command to use to check to make sure I have the right drive letter? I am sure I know but double checking is always good.
    If tivopart works on the drive to expose all the partitions on the drive then it is the right drive.

    Quote Originally Posted by sanjonny View Post
    Something else interesting, and again a doublecheck. When I tried to just run tivopart to get the commands, it would not run unless I used /hack/tivopart. I thought if I was in the directory it would but just plain tivopart
    Unless the directory containing the bimary or script is specified by the $PATH variable, then the path to the file must be specified. If one is in the directory with the file, then ./<filename> will work. Otherwise, the fully qualified path name is required.

    Quote Originally Posted by sanjonny View Post
    One last thought, as I mentioned, this is on a two drive system (2nd being esata wd) any issues with doing the hack and still getting recordings and such? I think it is okay, but triplechecking to make sure I am not forgetting anything.
    I'm not quite sure of the question. Are you asking if anything needs to be done to the secondary drive when hacking the TiVo? The answer is, "No".
    Having trouble with TyTool? Try TyTool Documentation
    Need to hack an S3 / THD? Try S3 Hacking Script

  2. #137
    Join Date
    Oct 2011
    Posts
    75
    Success, got it going and booting up right now. Much more learnings to add, will clean up my posts and such tomorrow, going to bed right now to recover. Since I already had my computer opened and amazon had great deals on drives I decided to upgrade my pc boot drive which normally isn't a problem but have never done a dual boot upgrade system disk before so that just added to the tech madness. But once I ran the script it all worked fine. Tomorrow I will get it all set up.

    Thanks again for the intense help and like I said, I will add my thoughts and clean up my posts tomorrow.

    Thanks for your help

  3. #138
    Join Date
    Oct 2011
    Posts
    75
    Okay, going to clean up this thread today as much as I can and try and provide my learnings. Couple quick questions, 30 sec skip now just goes to the end. Do I gave to re enable it or is the functionality different? What does no pause ads do? Did this put tivowebplus on or do I have to start and do that later. I spent about a half hour trying to search for what //nopauseads does onthis and other sites but could not come up withthe right search phrase to actually find what it does, all my searches just showed it as a hack, same with one or more of the others. Two other quick questions. I currently use kmttg to get files off the TiVo, new recording that were (or I guess would have been) copy protected now show up as being available to transfer. Since we turned encryption off, are those now in unencrypted state or do I still need to run the decrypt stage of kmttg to make them functional. Asking because I have not had much time to just try and see, but it helps to understand also.

    I seem to see all over that on series 2, and in the past, old copy protected recordings required some major work to extract. Is that still the case? I just want to extract them and delete them off the TiVo, it sound like I might be able to do this using a tool called (mfsftp) or something like that,( sorry at work, iPad only again and can't scroll back to other pages to find what the tool is) that runs on the TiVo to send the copy protected ones off, I might be wrong but I read many threads and it sounded like that might be a possibility. If not it sounds like I have to patch the kernel, etc extract and change the shows on disc and then tar sfer and then put the TiVo back to pre extracted state.

    I have a couple other questions that would probably be answered by an expert in seconds and they would help in my soon to be produced rookies-true rookie guide but will probably just add too much muddling to this thread, so if some expert want to pm me with email address, we can do that offline and I can provide a good summary here for future rookies or myself in six months to reference (years in quality control give me good documentation and repeatability explanation skills that should help the next guy or gal or even forgetful me.)

    Again, thanks all for getting me this far.

  4. #139
    Join Date
    Dec 2004
    Posts
    831
    Quote Originally Posted by sanjonny View Post
    Okay, going to clean up this thread today as much as I can and try and provide my learnings. Couple quick questions, 30 sec skip now just goes to the end.
    You'll need to ask someone else. I've never used it.

    Quote Originally Posted by sanjonny View Post
    What does no pause ads do?
    It gets rid of the annoying ads that pop up when the user presses the <Pause> button.

    Quote Originally Posted by sanjonny View Post
    Did this put tivowebplus on or do I have to start and do that later.
    It should have been in the tarball, unless you removed it. It may need to be enabled. It definitely needs to be configured. The defaut port (80) will interfere with TiVo-To-Go (pyTivo, kmtg, etc.)

    Quote Originally Posted by sanjonny View Post
    I currently use kmttg to get files off the TiVo, new recording that were (or I guess would have been) copy protected now show up as being available to transfer. Since we turned encryption off, are those now in unencrypted state or do I still need to run the decrypt stage of kmttg to make them functional.
    New recordings will no longer be encrypted on the TiVo if you impletmented the nocso hack. This means the programs can be transferred using a utility such as tserver or MFS_FTP. It has nothing to do with TTG. The CCI byte hack allows new programs that would not ordinarily transfer via TTG or MRV to be transferred via TGG or MRV. When transferred to an external device using TTG, they still are encoded as .TiVo files, so you still will have to decode them after transferring via kmttg if you want to do something with them other than serve them back to a TiVo.

    Quote Originally Posted by sanjonny View Post
    I seem to see all over that on series 2, and in the past, old copy protected recordings required some major work to extract. Is that still the case?
    Not so much, but they still require a special hack. See this thread.

    Quote Originally Posted by sanjonny View Post
    I just want to extract them and delete them off the TiVo, it sound like I might be able to do this using a tool called (mfsftp) or something like that,( sorry at work, iPad only again and can't scroll back to other pages to find what the tool is) that runs on the TiVo to send the copy protected ones off
    No. Since they were recorded before the unit was hacked, they not only have the CCI byte set, they are also encrypted. Because they are encrypted, third party utilities cannot transfer them off the TiVo (well, they can, but the result is an encrypted file on the external device wiith no way to decrypt it.) This hack fools the TiVo into thinking the CCI byte is not set on the old recordings so the regualr TTG and MRV protocols can transfer them. Be careful. Incorect handling of the DRM utilities can result in the program's becoming permanently corrupted.

    Quote Originally Posted by sanjonny View Post
    I might be wrong but I read many threads and it sounded like that might be a possibility.
    No.

    Quote Originally Posted by sanjonny View Post
    If not it sounds like I have to patch the kernel, etc extract and change the shows on disc and then tar sfer and then put the TiVo back to pre extracted state.
    No, not that, either. The DRM status must be spoofed on the TiVo. Once that is done, the shows can be transferred. Again, though, this is only true of existing recordings. If you have the CCI byte hack in place, then all new recordings can be transferred at will using the built-in protocols. If you have nocso in place, then 3rd party apps can transfer the new recordings without respect to the CCI byte setting.

    Quote Originally Posted by sanjonny View Post
    Again, thanks all for getting me this far.
    You're welcome.
    Having trouble with TyTool? Try TyTool Documentation
    Need to hack an S3 / THD? Try S3 Hacking Script

  5. #140
    Join Date
    Oct 2011
    Posts
    75
    Wow, I mean wow, now that I am coming out of the sick cloud, I am realizing how cool this script operation is. Telnet and FTP are already running which is great. I spent some time cleaning up my old posts and reading more and such, so to this post at least, it looks much more standard and easier to read. Couple quick ones for today with more to follow.
    1-
    I read thru the referenced thread in regard to extraction the shows that have copy protection (cp) set. It appears I can either do it one by one or run the special script to clear them all at once. My question in regard to that is, it says make sure you have run the hacks already referenced in another thread (sorry posting from iPad again as not at home). Are those already done due to lrhorer's script or do I also need to do those before running the all cp remove script.

    2-
    telnetted in fine and FTP too but just poked around a little bit. Is there an editor(Joe or vi?) installed on thetivo now or do I have to add that. I have just explored a bit so I just might not have run across it yet.
    3-
    Haven't played with tivowebplus yet, but found the configuration file. Can I just FTP that file to my pc, edit the port setting to change from port 80 to something else save and the FTP it back on the TiVo before running? Or can I just run it on port 80 and then change it thru the tivowebplus interface to a different port? scratch that, thinking that because ttg runs on 80, that is a bad idea to just start it up without changing the port.
    4-
    How can I now remotely delete a recording should I want to do that, do twp have to be running to do that or did the hack allow it to happen some other way?
    5-
    Without changing the kernel at this point, is it faster to use another program like maybe tytool, FTP, or something to transfer recordings to my pc? Again, haven't tried any transfers other than thru the regular tivotogo web interface or kmttg yet. I used filezilla to FTP to the box, but didn't explore to find recordings or their format.

    Loved the more info provided by the backdoors on system info and all that. Any cool standard hacker tricks I should know or look into at this point? I know that all kinds of remote codes and such are available and have read a couple good threads on them, just any glaring daily use hack that has not been talked about yet? Also the 30sec skip problem was remedied by just using the remote code again. I am guessing when they did the software update where it didn't revert back to standard function after reboot, that hack was not needed anymore and so setting it via the script just toggles it to standard behavior.

    Thanks, I am really impressed and probably going to learn lots more quickly now.....I started writing my learnings for the next user, I think when done they will help the next guy.

  6. #141
    Join Date
    Oct 2011
    Posts
    75
    I can answer parts of two of my questions. First of all tivowebplus was already running on port 8080 and as such, delete using kmttg works (highlight and press delete key). Loving the script more and more as less to configure as a result. Awesome. My other questions I still need answers.

  7. #142
    Join Date
    May 2007
    Posts
    456
    do the 30 second skip manually. Mines does work via the Tivoapp patch either but it stays once you do it once.

    You have to be watching a recorded show then do, "Select-Play-Select-3-0-Select (SPS30S) on the remote."

  8. #143
    Join Date
    May 2007
    Posts
    456
    Quote Originally Posted by sanjonny View Post
    2- telnetted in fine and FTP too but just poked around a little bit. Is there an editor(Joe or vi?) installed on the tivo now or do I have to add that. I have just explored a bit so I just might not have run across it yet.
    I would recommend installing joe. vi is there but it's a heck of a tool to use. I can never remember all the steps and commands.

    Here are my suggestions for joe, extract it in your root directory and there will be two files. .joerc and joe. You may not see the .joerc because it will be hidden because it has the "." in front. Move the joe file to your utilities directory mv /joe /utils/ and it is installed. You may have to chmod 755 them just to make sure they're executable.

    To open a file just type "joe path and file name.

    so to open your author file you would type "joe /etc/rc.d/rc.sysinit.author"

    With Joe there are two commands to remember.

    cntrl k then x to save
    cntrl c to close (no changes to save)

    Joes Text Editor.rar
    joe.tgz
    Attached Files Attached Files
    Last edited by Soapm; 12-04-2011 at 05:03 PM. Reason: add attachments

  9. #144
    Join Date
    Feb 2007
    Posts
    23

    4 years later, need to look stuff up and here it is!

    It worked!

    4.5 years after I created this thread, I needed to look up some information and here it is better than I left it. If I had written this and left on my own computer I would have only the first bits of information.

    lrhorer has made the process vastly simpler to replicate. Thanks.

    I am wondering if the thread has gotten at bit ungainly. Should I edit the first post to become an index to help people find the key information? Thoughts?

  10. #145
    Join Date
    Dec 2004
    Posts
    831
    Quote Originally Posted by sanjonny View Post
    I read thru the referenced thread in regard to extraction the shows that have copy protection (cp) set. It appears I can either do it one by one or run the special script to clear them all at once. My question in regard to that is, it says make sure you have run the hacks already referenced in another thread (sorry posting from iPad again as not at home). Are those already done due to lrhorer's script or do I also need to do those before running the all cp remove script.
    The 8 bytes referenced in the ignoredrmsig hack must be changed. Those two lines were not in the sample hack file I put in poet #39. If you added them, then they are there. If not, then you need to clear the contents of hacks.fil and put those two lines in before running the script again. Once again I stress the main body script is designed to run on an external PC. In order for the script to run installed on a TiVo, the five lines I reference must be replaced with the three lines below them. The hack_tivoapp script itself does not care what hacks or how many are in the script. All it does is check for the expected values at the referenced locations in tivoapp, and if correct, replaces the old value with the new.

    Quote Originally Posted by sanjonny View Post
    Haven't played with tivowebplus yet, but found the configuration file. Can I just FTP that file to my pc, edit the port setting to change from port 80 to something else save and the FTP it back on the TiVo before running?
    Yes.

    Quote Originally Posted by sanjonny View Post
    How can I now remotely delete a recording should I want to do that, do twp have to be running to do that or did the hack allow it to happen some other way?
    The tserver binary allows one to use TyTool to delete programs. I believe MFS_FTP does, too.

    Quote Originally Posted by sanjonny View Post
    Without changing the kernel at this point, is it faster to use another program like maybe tytool, FTP, or something to transfer recordings to my pc?
    TyTool amd MFS_FTP are much, much faster than the TiVo-To-Go protocol, but when you are done, you have to convert the .ty file using something like s3tots. I used to do that very thing, but the kmttg interface is so much more useful that I abandoned TyTool despite its much greater speed.
    Having trouble with TyTool? Try TyTool Documentation
    Need to hack an S3 / THD? Try S3 Hacking Script

  11. #146
    Join Date
    Dec 2004
    Posts
    831
    Quote Originally Posted by buechel View Post
    It worked!

    4.5 years after I created this thread
    Welcome back.

    Quote Originally Posted by buechel View Post
    lrhorer has made the process vastly simpler to replicate. Thanks.
    No, I think the thanks are due more to you. I just prattled on in your absence.

    Quote Originally Posted by buechel View Post
    I am wondering if the thread has gotten at bit ungainly.
    I was thinking the same thing myself.

    Quote Originally Posted by buechel View Post
    Should I edit the first post to become an index to help people find the key information? Thoughts?
    It surely couldn't hurt. At some point it might be time for a new thread. As you yourself mentioned, this one has begun to meander a bit.
    Having trouble with TyTool? Try TyTool Documentation
    Need to hack an S3 / THD? Try S3 Hacking Script

  12. #147
    Join Date
    Jun 2003
    Posts
    611
    Quote Originally Posted by sanjonny View Post
    30 sec skip now just goes to the end. Do I gave to re enable it or is the functionality different?
    I can clear this up: The 30-sec-skip patch for tivoapp simply changes the default state of 30-sec-skip to "ON". But if you've already performed the SPS30S remote shortcut to enable it, the patch turns it back off. It basically sets it to the opposite of whatever it is currently. However, for a long time now the SPS30S shortcut has survived reboots and software upgrades (the state is stored in MFS now) whereas previously you had to re-enable it every time you rebooted the Tivo. So the patch is really no longer necessary except in the case of the Australian Tivo software where it's intentionally disabled & the only way to enable it is with this patch.

    -psxboy
    TCD652160 TivoHD
    1TB
    11.0n.J1-01-2-652

  13. #148
    Join Date
    Oct 2011
    Posts
    75
    Awesome. I think the best way to throw out this info would be a new post/sticky that includes most of the info that has been talked about up to this point. Since I am already writing up my learnings and I am new to this level of tiro hacking if you guys want to help put together a wiki style post, I am freely able to take charge of it if nobody else wants to assuming some guiding hands can help with any other questions and double checking that might come up. If bueschel would rather run it that's fine too, I can just share my newbie viewpoint of what was missing in my understanding.

  14. #149
    Join Date
    Oct 2011
    Posts
    75
    Quote Originally Posted by psxboy View Post
    I can clear this up: The 30-sec-skip patch for tivoapp simply changes the default state of 30-sec-skip to "ON". But if you've already performed the SPS30S remote shortcut to enable it, the patch turns it back off. It basically sets it to the opposite of whatever it is currently. However, for a long time now the SPS30S shortcut has survived reboots and software upgrades (the state is stored in MFS now) whereas previously you had to re-enable it every time you rebooted the Tivo. So the patch is really no longer necessary except in the case of the Australian Tivo software where it's intentionally disabled & the only way to enable it is with this patch.

    -psxboy
    Somehow my post didn't post, but I did answer that I thought that was what was going on since I did exactly that and 30sec skip came back up. Thanks for the more in depth info.

  15. #150
    Join Date
    May 2007
    Posts
    456
    Quote Originally Posted by psxboy View Post
    I can clear this up: The 30-sec-skip patch for tivoapp simply changes the default state of 30-sec-skip to "ON". But if you've already performed the SPS30S remote shortcut to enable it, the patch turns it back off. It basically sets it to the opposite of whatever it is currently. However, for a long time now the SPS30S shortcut has survived reboots and software upgrades (the state is stored in MFS now) whereas previously you had to re-enable it every time you rebooted the Tivo. So the patch is really no longer necessary except in the case of the Australian Tivo software where it's intentionally disabled & the only way to enable it is with this patch.

    -psxboy
    This explains it... I think I have it enabled via the remote on my stock drive so once I copy it over its still active. What I was doing was turning it off with the patch...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •