FreeAgent Theater and GoFlexTV

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Gigabyte
playdude
Posts: 149
Registered: ‎12-28-2009

HOWTO: Roll Your Own Firmware

[ Edited ]
Options

‎01-02-2010 07:38 PM - edited ‎01-03-2010 04:17 PM


REQUIREMENTS

-Debian Lenny (or a Linux distribution of your choice).

-Stock firmware 1.26 (US version). You can use the EMEA or APAC version if you want.

-unyaffs

-mkyaffs2image

 

SETUP

You need a Linux operating system. If you're already using Linux, good. If not, install it. It will be good for you in the long run. There will be always a use for Linux. My Linux operating system of choice is Debian so of course I recommend Debian Lenny. It's simple and effective and has a strong community spirit. Whatever Linux distribution you choose, install it on a physical machine or set it up as a virtual machine on VMWare.

 

Got that Linux (hopefully Debian Lenny like me :smileywink: ) running? Good! Let's go! From now on we will work in Linux as root, which is very dangerous because we can cause some serious damage to our system, so be very careful!

 

#Enter password to become root

su

 

#Go to root directory and create a directory for our firmware

cd /root/

mkdir fatplus

cd fatplus

 

#Create a few directories

#tools to hold tools, previous to hold stock firmware files,

#current to hold our working files, FINAL to hold the final product

mkdir tools previous current FINAL

ls -al

 

#Download the stock firmware. Or the one for your region. Then extract it.

cd previous/

wget http://www.seagate.com/staticfiles/support/downloads/theater/FAT+_Firm_US_1.26.zip

ls -al

unzip FAT+_Firm_US_1.26.zip

ls -al

 

#We should see a file called install.img in there. It's a tarball containing the firmware files.

#Let's go to our current directory and extract the install.img contents there.

file install.img

cd ../current/

tar xvf ../previous/install.img

ls -al

 

#There should be 15 items extracted from the install.img file. It's a good check before packing the firmware

#The output is shown below

find

 

.
./video_firmware.install.bin
./nandwrite
./install_a
./mkfs.jffs2
./package2
./package2/bluecore.audio.aes
./package2/yaffs2_2.img
./package2/yaffs2_1.img
./package2/video_firmware.bin.aes
./package2/yaffs2_3.img
./package2/vmlinux.develop.avhdd.mars.nand.bin.aes
./flash_erase
./audio_firmware.install.bin
./configuration.xml
./arial.ttf

 

 

 

FIRMWARE ANALYSIS

 

Of the items extracted from install.img, one of the files we are interested in is configuration.xml. It holds the configurations for firmware installation and tells install_a where to flash what.

 

#Let's have a look at configuration.xml

more configuration.xml

 

Here's what it looks like:

 

<?xml version="1.0" encoding="ISO-8859-1" ?>
<packageFile>
    <info>
        <company>Cal-Comp E&amp;C Co.,Ltd.</company>
        <description>This image file contains 2 Mars packages. One is for AVHDD on NOR and the other is for AVHDD on NAND.</$
        <version>0.0.1</version>
        <releaseDate>11/11/09 19:09</releaseDate>
        <signature>MARS AVHDD on NOR or NAND</signature>
    </info>
    <installerAP>
        <fileName>install_a</fileName>
    </installerAP>
    <package secureboot="y">
        <info>
            <description>This is Mars AVHDD on NAND</description>
            <version>N/A</version>
        </info>
        <nand>
            <image type="linuxKernel">
                <fileName>package2/vmlinux.develop.avhdd.mars.nand.bin.aes</fileName>
                <targetAddress>0x80100000</targetAddress>
                <version>SVN:</version>
            </image>
            <image type="audioKernel">
                <fileName>package2/bluecore.audio.aes</fileName>
                <targetAddress>0x81b00000</targetAddress>
                <version>N/A</version>
            </image>
            <image type="videoKernel">
                <fileName>package2/video_firmware.bin.aes</fileName>
                <targetAddress>0x81d80000</targetAddress>
                <version>N/A</version>
            </image>
            <image type="yaffs2">
                <fileName>package2/yaffs2_1.img</fileName>
                <mountPoint>/</mountPoint>
                <hashValue>c8da4567270d0196dc1aa9d88f793245</hashValue>
            </image>
            <image type="yaffs2">
                <fileName>package2/yaffs2_2.img</fileName>
                <mountPoint>/usr/local/etc</mountPoint>
                <sizeBytesMin>0x2800000</sizeBytesMin>
            </image>
            <image type="yaffs2">
                <fileName>package2/yaffs2_3.img</fileName>
                <mountPoint>/usr/local/Resource</mountPoint>
            </image>
        </nand>
    </package>
</packageFile>

 

See these lines that accompany yaffs2_1.img?

<package secureboot="y">

<hashValue>c8da4567270d0196dc1aa9d88f793245</hashValue>

 

That means if we modify yaffs2_1.img, the root file system, in any way, repack it and flash it, your FAT+ will refuse to boot. Looks like Seagate got paranoid and tried to discourage people like us from tinkering with their files. The reason my mod firmware bricked the FAT+ over and over again is because of these lines.

 

Another interesting line is this one. It specifies size of the flash partition where contents of yaffs2_2.img are extracted (/usr/local/etc).

<sizeBytesMin>0x2800000</sizeBytesMin>

 

The x means that 2800000 is a hexadecimal number (base 16). This means the size of that partition will be 2800000 bytes in hexadecimal notation. Let's try to convert it to a decimal number.

 

Using a scientific calculator or this conversion website and we'll discover the following.

2800000 Bytes (hexadecimal) = 41943040 Bytes (decimal, the number system we use)

41943040 Bytes (decimal) = 40 MegaBytes (decimal)

 

Hm, what will we do with 40MB of writable space in /usr/local/etc ? Custom GUI anyone? Actually, we need to reduce it by a few MB (36MB is a reasonable number) if we want to add more files to our root file system (yaffs2_1.img). I got caught by this myself because I crammed a few more files in yaffs2_1.img and it was reported by users that the FAT+ wouldn't boot, until I reduced this number down to 36MB (0x2400000 in hexadecimal notation).

 

Let's extract yaffs2_1.img, yaffs2_2.img and yaffs2_3.img to see what's inside those images. To do that, we need unyaffs to extract these images.

 

#Get the right tool for the job

cd /root/fatplus/tools/

wget http://fatplus.googlecode.com/files/unyaffs2.tar

 

#Extract unyaffs2.tar and make executable if it's not already so

ls -al

tar tf unyaffs2.tar

tar xvf unyaffs2.tar

chmod +x unyaffs2/unyaffs

 

#Test it. If it works correctly we should see the output below

./unyaffs2/unyaffs

 

No image file given. Aborting.

#Get to those images. Note the permissions (-rw-r--r--) and ownership (500 500) of the files.

cd ../current/package2/

ls -al

 

#Create a directory for the first image and extract files to it

mkdir yaffs2_1

ls -al

 

#Change ownership to match that of other firmware files

chown 500:500 yaffs2_1

ls -al

 

#Move and extract. unyaffs should report "end of image" after extraction

mv yaffs2_1.img yaffs2_1

cd yaffs2_1/

../../../tools/unyaffs2/unyaffs yaffs2_1.img

 

#Check the extracted file and remove yaffs2_1.img

#File timestamps, permissions and ownership should be like below

ls -al

 

total 58476
drwxr-xr-x 13 500 500     4096 2010-01-03 17:48 .
drwxr-xr-x  3 500 500     4096 2010-01-03 17:47 ..
drwxr-xr-x  2 500 500     4096 2009-11-09 14:07 bin
drwxr-xr-x  2 500 500     4096 2009-11-09 13:55 dev
drwxr-xr-x  5 500 500     4096 2009-11-11 21:39 etc
drwxr-xr-x  3 500 500     4096 2009-11-09 14:07 lib
lrwxrwxrwx  1 500 500       11 2009-11-11 21:39 linuxrc -> bin/busybox
drwxr-xr-x  7 500 500     4096 2009-11-09 13:55 mnt
drwxr-xr-x  2 500 500     4096 2009-11-09 13:55 proc
drwxr-xr-x  2 500 500     4096 2009-11-09 14:07 sbin
drwxr-xr-x  2 500 500     4096 2009-11-09 13:55 sys
-rwxr-xr-x  1 500 500    61440 2009-07-31 16:14 Test.fat
drwxr-xr-x  2 500 500     4096 2009-11-09 13:55 tmp
drwxr-xr-x  8 500 500     4096 2009-11-09 13:55 tmp_orig
drwxr-xr-x  5 500 500     4096 2009-11-09 13:55 usr
lrwxrwxrwx  1 500 500        4 2009-11-11 21:39 var -> tmp/
-rwxr-xr-x  1 500 500  4965509 2009-11-09 14:03 vmlinux
-rw-r--r--  1 500 500 54715584 2009-11-11 21:39 yaffs2_1.img

#Don't need yaffs2_1.img. Move it to previous directory

mv yaffs2_1.img ../../../previous/

ls -al

 

 

#Check size and scroll through file list to peek at the file system

du -h

find | more

 

#That's the root file system of the FAT+

#Let's check out the passwd file. nano should come with Debian Lenny. Not sure about other distributions.

cd etc/

ls -al

nano passwd

 

#What's in passwd

 

root:$1$CYIUjf8S$qmFTebTkQEEyoRreGEq4S/:0:0:root::/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:0:0:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
operator:x:37:37:Operator:/var:/bin/sh
sshd:x:103:99:Operator:/var:/bin/sh
nobody:$1$CYIUjf8S$qmFTebTkQEEyoRreGEq4S/:99:99:nobody:/:/bin/sh
default:$1$CYIUjf8S$qmFTebTkQEEyoRreGEq4S/:1000:1000:Default non-root user:/:/bin/sh

More paranoia. Users root, nobody and default need a password to enter, which we don't know. Let's change it then!

 

#After clearing the password for nobody and default, let's give root password debian and home directory /root

#in case we need to use pure-ftpd and ssh server dropbear later

#The result should be like this

 

root:T8569YeO3m0oQ:0:0:root:/root:/bin/sh
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:100:sync:/bin:/bin/sync
mail:x:8:8:mail:/var/spool/mail:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:0:0:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
operator:x:37:37:Operator:/var:/bin/sh
sshd:x:103:99:Operator:/var:/bin/sh
nobody::99:99:nobody:/:/bin/sh
default::1000:1000:Default non-root user:/:/bin/sh

Or you can generate your own password for root using this link:

http://www.xs4all.nl/~remcovz/htpasswd.html

#Let's see the workflow of the boot process

cd init.d/

ls -al

 

#The first file executed is rcS

cat rcS

 

#!/bin/sh

/etc/init.d/rcS1>/dev/console&

echo "Welcome to Realtek Linux"

#As we can see, rcS calls rcS1, does its welcome thing, and quits

 

#Next, rcS1

more rcS1

 

#rcS1 runs a lot of things, some of them are S50inetd and rcS2

 

#inetd is a daemon that starts and stops services on demands

#Now what does the inetd.conf have in there?

nano ../inetd.conf

 

#
# /etc/inetd.conf       A simple inetd.conf
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
# To re-read this file after changes, just do a 'killall -HUP inetd'
#
#
#ftp    stream  tcp     nowait  root    /usr/sbin/ftpd  ftpd -u 100
telnet  stream  tcp     nowait  root    /usr/sbin/telnetd  telnetd
#auth   stream  tcp     nowait  nobody  /usr/sbin/nullidentd nullidentd
www     stream  tcp     nowait  www-data        /usr/sbin/httpd httpd -h /var/www
#
# End of inetd.conf

#So httpd and telnet (using password login) are enabled.

#How about doing something naughty like bypassing telnet authentication :smileywink: ?

 

#
# /etc/inetd.conf       A simple inetd.conf
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
# To re-read this file after changes, just do a 'killall -HUP inetd'
#
#
#ftp    stream  tcp     nowait  root    /usr/sbin/ftpd  ftpd -u 100
telnet  stream  tcp     nowait  root    /usr/sbin/telnetd  telnetd -l /bin/sh
#auth   stream  tcp     nowait  nobody  /usr/sbin/nullidentd nullidentd
www     stream  tcp     nowait  www-data        /usr/sbin/httpd httpd -h /var/www
#
# End of inetd.conf

 

#Now, rcS2

nano rcS2

 

#rcS2 runs more things, one of them is DvdPlayer, which is responsible for what you see and hear

#Let's slip in a few lines to make rcS2 run our own custom script too!

#After doing that, the end of the file rcS2 should look like this

 

echo 2 /tmp/hdd/volumes/HDD1/ > /sys/realtek_boards/misc_operations

#run pmp custom script
/usr/local/etc/runPMP.sh>/dev/console&

#Enough editing startup scripts for now. We need to add /root home directory and /opt for Optware later

cd ../../

mkdir opt root

ls -al

 

drwxr-xr-x 15  500  500    4096 2010-01-03 19:14 .
drwxr-xr-x  3  500  500    4096 2010-01-03 17:47 ..
drwxr-xr-x  2  500  500    4096 2009-11-09 14:07 bin
drwxr-xr-x  2  500  500    4096 2009-11-09 13:55 dev
drwxr-xr-x  5  500  500    4096 2009-11-11 21:39 etc
drwxr-xr-x  3  500  500    4096 2009-11-09 14:07 lib
lrwxrwxrwx  1  500  500      11 2009-11-11 21:39 linuxrc -> bin/busybox
drwxr-xr-x  7  500  500    4096 2009-11-09 13:55 mnt
drwxr-xr-x  2 root root    4096 2010-01-03 19:14 opt
drwxr-xr-x  2  500  500    4096 2009-11-09 13:55 proc
drwxr-xr-x  2 root root    4096 2010-01-03 19:14 root
drwxr-xr-x  2  500  500    4096 2009-11-09 14:07 sbin
drwxr-xr-x  2  500  500    4096 2009-11-09 13:55 sys
-rwxr-xr-x  1  500  500   61440 2009-07-31 16:14 Test.fat
drwxr-xr-x  2  500  500    4096 2009-11-09 13:55 tmp
drwxr-xr-x  8  500  500    4096 2009-11-09 13:55 tmp_orig
drwxr-xr-x  5  500  500    4096 2009-11-09 13:55 usr
lrwxrwxrwx  1  500  500       4 2009-11-11 21:39 var -> tmp/
-rwxr-xr-x  1  500  500 4965509 2009-11-09 14:03 vmlinux

#Remember permissions and ownership have to match

#Let's fix ownership (root root to 500 500)

chown 500:500 opt/ root/

ls -al

 

#Now we are ready to pack yaffs2_1 directory to yaffs2_1.img

#The tool for the job this time is mkyaffs2image

cd /root/fatplus/tools/

wget http://fatplus.googlecode.com/files/yaffs2-binary.tar

tar tf yaffs2-binary.tar

tar xvf yaffs2-binary.tar

 

#Test mkyaffs2image

./yaffs2/utils/mkyaffs2image

 

mkyaffs2image: image building tool for YAFFS2 built Jan  3 2010
usage: mkyaffs2image dir image_file [convert]
           dir        the directory tree to be converted
           image_file the output file to hold the image
           'convert'  produce a big-endian image from a little-endian machine

#As always, check that permissions and ownership match

cd ../current/package2/

ls -al

 

#They match? We're packing!

../../tools/yaffs2/utils/mkyaffs2image yaffs2_1 yaffs2_1.img

 

#Provided we did it correctly, a lot of text should fly by

#The end should look something like this

 

Operation complete.
1081 objects in 139 directories
25909 NAND pages

#ownership and permissions!

ls -al

chmod 644 yaffs2_1.img

ls -al

chown 500:500 yaffs2_1.img

ls -al

 

#And they match perfectly!

 

-rw-r--r--  1  500  500  1890192 2009-11-11 21:39 bluecore.audio.aes
-rw-r--r--  1  500  500  2415880 2009-11-11 21:39 video_firmware.bin.aes
-rw-r--r--  1  500  500  4210822 2009-11-11 21:39 vmlinux.develop.avhdd.mars.nand.bin.aes
drwxr-xr-x 15  500  500     4096 2010-01-03 19:14 yaffs2_1
-rw-r--r--  1  500  500 54719808 2010-01-03 19:52 yaffs2_1.img
-rw-r--r--  1  500  500    29568 2009-11-11 21:39 yaffs2_2.img
-rw-r--r--  1  500  500 26374656 2009-11-11 21:39 yaffs2_3.img
Message Edited by playdude on 01-04-2010 03:13 AM
Message Edited by playdude on 01-04-2010 10:47 AM
FAT+ Mod Firmware 1.45 Mod
Project Files
Chat to playdude and FAT+ users (channel: fatplus)
Cold upgrade! Cold upgrade! Cold upgrade!
Report Inappropriate Content
Message 1 of 25 (25,168 Views)
 
Reply
Gigabyte
playdude
Posts: 149
Registered: ‎12-28-2009

Re: HOWTO: Roll Your Own Firmware

[ Edited ]
Options

‎01-03-2010 01:41 AM - edited ‎01-03-2010 02:55 AM

Continued from the last part...

 

#Let's see about that yaffs2_2.img

#Permissions, ownership! Permissions, ownership!

mkdir yaffs2_2

ls -al

chown 500:500 yaffs2_2

ls -al

 

#Move and extract

mv yaffs2_2.img yaffs2_2

cd yaffs2_2/

../../../tools/unyaffs2/unyaffs yaffs2_2.img

ls -al

 

drwxr-xr-x 4 500 500  4096 2010-01-03 20:19 .
drwxr-xr-x 3 500 500  4096 2010-01-03 20:18 ..
drwxr-xr-x 2 500 500  4096 2009-11-09 13:55 dvdplayer
lrwxrwxrwx 1 500 500     8 2009-11-11 21:39 hdd -> /tmp/hdd
drwxr-xr-x 6 500 500  4096 2009-11-09 13:55 hdd.old
-rw-r--r-- 1 500 500     4 2009-07-31 16:14 magic
-rw-r--r-- 1 500 500 29568 2009-11-11 21:39 yaffs2_2.img

#Move yaffs2_2.img to directory previous

mv yaffs2_2.img ../../../previous/

 

#Remember that /usr/local/etc/runPMP.sh script we added to rcS2 earlier

#This is what goes to /usr/local/etc and where we make runPMP.sh for rcS2 to run at boot

nano runPMP.sh

 

#!/bin/sh

echo "Playdude was here! Just a test message to check if runPMP.sh works." > /tmp/pmp.txt

#Save runPMP.sh and make it executable

ls -al

chmod +x runPMP.sh

ls -al

 

#Let's hammer it in again: permissions and ownership!

chown 500:500 runPMP.sh

ls -al

 

#Packing yaffs2_2

cd ..

ls -al

../../tools/yaffs2/utils/mkyaffs2image yaffs2_2 yaffs2_2.img

 

Operation complete.
12 objects in 9 directories
16 NAND pages

 

#Fix the you-know-what!

ls -al

chmod 644 yaffs2_2.img

ls -al

chown 500:500 yaffs2_2.img

ls -al

 

#Move yaffs2_2 away

mv yaffs2_2 ../../

 

#You can try to extract yaffs2_3.img if you want

#It's just a bunch of pictures. If you want to modify the GUI, you may want have a look at what's inside

#For now we'll leave yaffs2_3 as it is

 

#Good news. We're almost there!

#Just one thing to fix

 

#Remember the safety measures put in the configuration.xml file to prevent booting?

#Now's the time to fix them

cd ..

nano configuration.xml

 

<?xml version="1.0" encoding="ISO-8859-1" ?>
<packageFile>
    <info>
        <company>Cal-Comp E&amp;C Co.,Ltd.</company>
        <description>This image file contains 2 Mars packages. One is for AVHDD on NOR and the other is for AVHDD on NAND.</description>
        <version>0.0.1</version>
        <releaseDate>11/11/09 19:09</releaseDate>
        <signature>MARS AVHDD on NOR or NAND</signature>
    </info>
    <installerAP>
        <fileName>install_a</fileName>
    </installerAP>
    <package secureboot="y">
        <info>
            <description>This is Mars AVHDD on NAND</description>
            <version>N/A</version>
        </info>
        <nand>
            <image type="linuxKernel">
                <fileName>package2/vmlinux.develop.avhdd.mars.nand.bin.aes</fileName>
                <targetAddress>0x80100000</targetAddress>
                <version>SVN:</version>
            </image>
            <image type="audioKernel">
                <fileName>package2/bluecore.audio.aes</fileName>
                <targetAddress>0x81b00000</targetAddress>
                <version>N/A</version>
            </image>
            <image type="videoKernel">
                <fileName>package2/video_firmware.bin.aes</fileName>
                <targetAddress>0x81d80000</targetAddress>
                <version>N/A</version>
            </image>
            <image type="yaffs2">
                <fileName>package2/yaffs2_1.img</fileName>
                <mountPoint>/</mountPoint>
                <hashValue>c8da4567270d0196dc1aa9d88f793245</hashValue>
            </image>
            <image type="yaffs2">
                <fileName>package2/yaffs2_2.img</fileName>
                <mountPoint>/usr/local/etc</mountPoint>
                <sizeBytesMin>0x2800000</sizeBytesMin>
            </image>
            <image type="yaffs2">
                <fileName>package2/yaffs2_3.img</fileName>
                <mountPoint>/usr/local/Resource</mountPoint>
            </image>
        </nand>
    </package>
</packageFile>

 

#Make sure

<package secureboot="y">

#becomes

<package>

#Also delete the line

<hashValue>c8da4567270d0196dc1aa9d88f793245</hashValue>

#And change

<sizeBytesMin>0x2800000</sizeBytesMin>

#to

<sizeBytesMin>0x2400000</sizeBytesMin>

 

#Now, the moment of truth. It's time to pack our firmware!

#Final checks

ls -al

find

 

.
./video_firmware.install.bin
./nandwrite
./install_a
./mkfs.jffs2
./package2
./package2/bluecore.audio.aes
./package2/yaffs2_2.img
./package2/yaffs2_1.img
./package2/video_firmware.bin.aes
./package2/yaffs2_3.img
./package2/vmlinux.develop.avhdd.mars.nand.bin.aes
./flash_erase
./audio_firmware.install.bin
./configuration.xml
./arial.ttf

#All the needed files there? Good. Pack it up!

tar cvf ../FINAL/install.img *

 

#Here's the output if we do it correctly

 

arial.ttf
audio_firmware.install.bin
configuration.xml
flash_erase
install_a
mkfs.jffs2
nandwrite
package2/
package2/bluecore.audio.aes
package2/yaffs2_2.img
package2/yaffs2_1.img
package2/video_firmware.bin.aes
package2/yaffs2_3.img
package2/vmlinux.develop.avhdd.mars.nand.bin.aes
video_firmware.install.bin

#See our final product. install.img is our newly modified firmware.

../FINAL/

ls -al

du -h install.img

 

#Check the files inside our firmware

tar tf install.img

 

#If you see 15 files on the list, all the needed files for the firmware are there

 

arial.ttf
audio_firmware.install.bin
configuration.xml
flash_erase
install_a
mkfs.jffs2
nandwrite
package2/
package2/bluecore.audio.aes
package2/yaffs2_2.img
package2/yaffs2_1.img
package2/video_firmware.bin.aes
package2/yaffs2_3.img
package2/vmlinux.develop.avhdd.mars.nand.bin.aes
video_firmware.install.bin

#Now flash install.img and see if it makes or breaks your device!

 

Good luck!

Message Edited by playdude on 01-03-2010 09:25 PM
FAT+ Mod Firmware 1.45 Mod
Project Files
Chat to playdude and FAT+ users (channel: fatplus)
Cold upgrade! Cold upgrade! Cold upgrade!
Report Inappropriate Content
Message 2 of 25 (25,091 Views)
 
Reply
Gigabyte
playdude
Posts: 149
Registered: ‎12-28-2009
0

Re: HOWTO: Roll Your Own Firmware

[ Edited ]
Options

‎01-03-2010 01:51 AM - edited ‎01-03-2010 02:56 AM

That's how I create custom firmware for the FAT+. You may need a lot of trials and errors to get it right. Have fun!
Message Edited by playdude on 01-03-2010 09:26 PM
FAT+ Mod Firmware 1.45 Mod
Project Files
Chat to playdude and FAT+ users (channel: fatplus)
Cold upgrade! Cold upgrade! Cold upgrade!
Report Inappropriate Content
Message 3 of 25 (25,089 Views)
 
Reply
Yottabyte
fzabkar
Posts: 4,656
Registered: ‎01-27-2009
0

Re: HOWTO: Roll Your Own Firmware

Options

‎01-03-2010 12:43 PM

I don't understand the purpose of yaffs2_2.img.

AFAICS, it mounts at /usr/local/etc and duplicates the code and directories that are already included in yaffs2_1.img.

Report Inappropriate Content
Message 4 of 25 (24,999 Views)
 
Reply
Yottabyte
fzabkar
Posts: 4,656
Registered: ‎01-27-2009
0

Re: HOWTO: Roll Your Own Firmware

Options

‎01-03-2010 01:00 PM

playdude, I very much appreciate you work and documentation and your willingness to share. Thanks.

Just a nit ...

The following line ...

41943040 Bytes (hexadecimal) = 41943040 Bytes (decimal ...)

... should read ...

2800000 Bytes (hexadecimal) = 41943040 Bytes (decimal ...)

Some questions:

(1) Do you have a link for a password generator to generate 34-byte passwords? (so that I can guess at the original password?)

(2) I'm a diehard Win98SE user. I notice that when I unpack the yaffs2 images, the software generates LNK files with absolute addresses that refer to my Windows box. You say elsewhere that you will be doing the same F/W mods on your own Windows box ... just for fun. I would be most grateful if you could.

Report Inappropriate Content
Message 5 of 25 (24,990 Views)
 
Reply
Gigabyte
playdude
Posts: 149
Registered: ‎12-28-2009
0

Re: HOWTO: Roll Your Own Firmware

[ Edited ]
Options

‎01-03-2010 04:06 PM - edited ‎01-03-2010 05:52 PM

Thanks fzabkar. Just fixed the hex number. I don't have an answer to question 1. About question 2, I think only NTFS understands symlinks, and Windows 98 uses FAT32. You could have more success with XP.

 

First I extracted the files from install.img using 7zip in XP. Symlinks appeared as small files, so I knew 7zip and NTFS understood them. Then I used unyaffs to extract the files from the yaffs2_ files XP. After that I repacked those files using mkyaffs2image (dependent on a cygwin dll file). Finally I packed all the firmware files using 7zip into install.img with option tar and storage. It was just a proof of concept that I wanted to test out. I'm still waiting for the confirmation to see if it works. I'm still not sure how to go about editing Linux compatible text files and permission handling for Linux binaries yet. Maybe install cygwin in XP?

 

I'll post all the files I used so you can do your own investigation.

 

It's cool to have someone else interested in this. Good luck getting it working. 2 people knowing the same thing = 1/2 the work for each and twice the knowledge.

yaffs2_1.img, the root file system, will be mounted first at / . At this point you will see the contents of usr/local/etc in yaffs2_1.img. However, probably a few seconds later the contents of yaffs2_2.img will be mounted at /usr/local/etc. Now what you see in /usr/local/etc will be what's in yaffs2_2.img. This means if we could have deleted everything under usr/local/etc/ in yaffs2_1.img and it wouldn't matter because something will be mounted over it anyway. But since it's only a few KB, I didn't bother doing it. 
Message Edited by playdude on 01-04-2010 12:22 PM
FAT+ Mod Firmware 1.45 Mod
Project Files
Chat to playdude and FAT+ users (channel: fatplus)
Cold upgrade! Cold upgrade! Cold upgrade!
Report Inappropriate Content
Message 6 of 25 (24,974 Views)
 
Reply
Byte
maiky007
Posts: 11
Registered: ‎12-29-2009
0

Re: HOWTO: Roll Your Own Firmware

Options

‎01-06-2010 12:49 PM

Hi Playdude,

your guide is perfect! I've just create on a OSX :smileytongue:my first firmware.:smileyvery-happy:

Report Inappropriate Content
Message 7 of 25 (24,832 Views)
 
Reply
Gigabyte
playdude
Posts: 149
Registered: ‎12-28-2009
0

Re: HOWTO: Roll Your Own Firmware

[ Edited ]
Options

‎01-06-2010 12:56 PM - edited ‎01-06-2010 12:58 PM

Feels good to create doesn't it? All that power lol. 3 and hopefully counting :smileyhappy:. Erario's just let me know he managed to create it too.

 

So far it's possible on Linux, XP and Mac. Come on BSD people! Surely there must be some around!

Message Edited by playdude on 01-07-2010 07:27 AM
Message Edited by playdude on 01-07-2010 07:28 AM
FAT+ Mod Firmware 1.45 Mod
Project Files
Chat to playdude and FAT+ users (channel: fatplus)
Cold upgrade! Cold upgrade! Cold upgrade!
Report Inappropriate Content
Message 8 of 25 (24,828 Views)
 
Reply
Kilobyte
d2epak
Posts: 16
Registered: ‎12-30-2009
0

Re: HOWTO: Roll Your Own Firmware

Options

‎01-12-2010 07:15 PM

maiky007,

 

I was trying to build the firmware on OSX but am failing miserably. Can you tell me how you created the image. I was trying to compile mkyaffs2image to work with OSX.

 

Did you compile it from source or did you use the binary tool to create the image.

 

Appriciate your input.

 

thanks

d2pak 

Report Inappropriate Content
Message 9 of 25 (24,551 Views)
 
Reply
Gigabyte
playdude
Posts: 149
Registered: ‎12-28-2009
0

Re: HOWTO: Roll Your Own Firmware

[ Edited ]
Options

‎01-13-2010 03:20 AM - edited ‎01-13-2010 03:25 AM

There's no need to compile the whole thing. You just need to compile the modules inside the utils directory.

 

#How I compiled the yaffs2 tools

wget http://fatplus.googlecode.com/files/yaffs2-source.tar

tar tf yaffs2-source.tar

tar xvf yaffs2-source.tar

cd yaffs2/

ls -al utils/

cd utils

make

 

#If compilation doesn't work then you probably don't have gcc compiler. You need to install xcode.

 

#mkyaffs2image should have been created if compilation worked

#test it

./mkyaffs2image

 

The instructions above should apply after that.

Message Edited by playdude on 01-13-2010 09:55 PM
FAT+ Mod Firmware 1.45 Mod
Project Files
Chat to playdude and FAT+ users (channel: fatplus)
Cold upgrade! Cold upgrade! Cold upgrade!
Report Inappropriate Content
Message 10 of 25 (24,512 Views)
 
Reply