Sign up here and you can log into the forum!

[Hub] with Felix's mod... or downflash!

The place for n00b questions, anything goes...no n00b too n00bish.

[Hub] with Felix's mod... or downflash!   

Postby zcot » Sun Dec 20, 2015 6:55 pm

Hi guys,

I'm wanting to work with the wdlxtv mod, I'm sure that's easier, but I have the [Hub] so I'll have to try to hack my way through some features on my own with Felix's method.

Is it possible that I can use some of the functionality from here though. Like, plugins, or app.bin stuff? Does anybody already know enough about the general concept of what's going on to know what I'm up against?

Or..... downflash!! :shock: What do you think about ripping the hard drive out(I'm not using its functionality anyway) and turning this thing into a [Live] or [Plus](I'm sure this is likely not even plausible, and I'm mostly joking, unless it's known that the boards have enough similarity that it might be possible with existing firmware)... lol

any information would be appreciated.

thanks guys,
-zcot
zcot
n00b
 
Posts: 2
Joined: Sun Dec 20, 2015 6:14 pm

Re: [Hub] with Felix's mod... or downflash!   

Postby mad_ady » Tue Jan 05, 2016 12:56 am

You have a few options:

1. By using Felix's method you get root and you can poke around. With root you can start "porting" features you want/need, such as app.bin support (note, not all apps will work - some depend on specific kernel modules that won't work on Hub). With Felix's method you don't have the risk of losing your network keys, but the root comes late after the unit has booted, so I doubt you can boot an alternative firmware (and it will be difficult to restart the OSD without reboot). You can add apps, xmount support, possibly UMSP and webend support (though you'd need to change ports). You'd have to figure out how to load them automatically after system boot + root happens. To extract the necessary bits, look into the svn and concentrate on a feature at a time. Look at what /init does, then move on to what /etc/init.d/* do and see what the scripts call. You can understand what's going on if you can read bash scripts and have at least basic linux admin skills. So, it's doable but it will take time to analyse.

2. Since Gen3 came after Hub you could look into how Gen3 is rootable by WDLXTV (check the scripts that are run on the PC) and read and try to understand what's going on in Gen3's stock /init). There's an oversight there by WD that allows you to execute arbitrary code on init and the firmware takes advantage and switches root partition and continues execution from a USB drive. I think that you have a chance to exploit the same vulnerability (e.g. toggle a bit with Felix's root and then use a specific usb drive to load an alternate root filesystem), but I don't know if Gen3's firmare will run on Hub. You need to check first if it's the same kernel on both devices. If it is, you have a high chance of running Gen3 firmware (probably without HDD support - I don't know).

3. There was a different project (check the wiki) that compiled a firmware from GPL code from Hub. This means you'll lose your decryption keys and should be your last attempt.

Anyway, to do this you need:
1. time and motivation :)
2. a USB to Serial adapter to catch early boot process and maybe play with the bootloader (you could load the Gen3 kernel from TFTP for example).
3. A similar device (eg Gen3) to understand what's going on (you could add extra debugging - like #!/bin/sh -x and see what's going on over serial console when the code runs)

If #3 is not an option, increment #1.

I can try and help, but I haven't worked with Gen3 so I don't have first hand knowledge. Anyway, PM KAD, maybe he can help you.

And share your progress with the community :)
User avatar
mad_ady
Developer
 
Posts: 4561
Joined: Fri Nov 05, 2010 9:08 am
Location: Bucharest, Romania

Re: [Hub] with Felix's mod... or downflash!   

Postby KAD » Tue Jan 05, 2016 6:17 pm

FYI I reached my limits on the hub, but I did a little digging some time ago

I figured out how to manually read and write value's to nand using the tools available
as well as how to access cmd line via telnet after boot

but I either
1. could not find the correct value to initiate sisi test
or
2. the hub just does not check for this value at boot time


for more info http://forum.wdlxtv.com/viewtopic.php?f=43&t=8987&start=10
If you like my work please consider a Donation. Donate
Please read the appropriate documentation before posting questions! READ ME FAQ WIKI
PM's are for private matters. Post support questions to the appropriate forum, or they will be ignored.
User avatar
KAD
Global Moderator
 
Posts: 5103
Joined: Mon Apr 12, 2010 4:59 pm
Location: Seattle, WA USA


Return to n00b central

Who is online

Users browsing this forum: No registered users and 4 guests