DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

#26 2006-12-12 09:55:26

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

Yes, I'm looking at pivot_root, unfortunately it is not part of the supplied busybox and there is no room in the ramdisk image, so I'll need to do something non-standard. It is not possible to add any functionailty to u-boot as it already fills the flash partition allocated to it.

I think I know what I need to do to use pivot_root to use a usbkey as a root device.  I still need to come up with a scheme that will reliably identify such a key, probably a file name that would be hard to create by chance.  Something like ".BootThisFlashDrive" and only set the rootdrive if that file exists and is excutable.  I'm not sure if the file should be hidden (start with a ".") or not.

Offline

 

#27 2006-12-12 21:53:29

BertrandB
Member
From: Dijon (France)
Registered: 2006-09-16
Posts: 119
Website

Re: New Firmware instead of Fun_Plug

beattie wrote:

Yes, I'm looking at pivot_root, unfortunately it is not part of the supplied busybox and there is no room in the ramdisk image, so I'll need to do something non-standard. It is not possible to add any functionailty to u-boot as it already fills the flash partition allocated to it.

If you rebuild the busybox from source found on dlink ftp with -Os and pivot_root activate you get a smaler exec than one on firmware so there isn't a realy room problem

busybox firmware 10.2eu

Code:

[bertrand@serber ~/dsm]$ ls -l busybox.ori
-rwxr-xr-x  1 bertrand user 309564 2006-12-12 20:43 busybox.ori
[bertrand@serber ~/dsm]$ file busybox.ori
busybox.ori: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), dynamically linked (uses shared libs), stripped

busybox build directly from source with -O2 and without pivot_root

Code:

[bertrand@serber ~/dsm/busybox-1.00-pre1]$ ls -l busybox.old
-rwxr-xr-x  1 bertrand user 296232 2006-12-12 19:50 busybox.old
[bertrand@serber ~/dsm/busybox-1.00-pre1]$ file busybox.old
busybox.old: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), dynamically linked (uses shared libs), stripped

Buybox build directly from source with -Os and pivot_root activate

Code:

[bertrand@serber ~/dsm/busybox-1.00-pre1]$ ls -l busybox
-rwxr-xr-x  1 bertrand user 273304 2006-12-12 20:42 busybox
[bertrand@serber ~/dsm/busybox-1.00-pre1]$ file busybox
busybox: ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), dynamically linked (uses shared libs), stripped

Offline

 

#28 2006-12-12 22:50:37

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

I rebult busybox and if it was bigger than the one currently there is was not by much, I think it was smaller, but for some reason, when gzipped the ramdisk was bigger, and too big to fit in flash.  I'll try it again and verify that -Os is on, but the real issue is not the size of busybox, but the size of the compressed ramdisk image. Hmmmmm, I wonder what would happen if I gziped the running ramdisk...

BTW if anybody wants to play with ramdisk images, the gziped image needs to be <= (0x2e0000 - 64)

Well I tried -Os and yes the busybox was smaller, but the gziped image was still too large, To check for a problem in gzip I gziped the ungziped original and it gives the the same size within a few bytes, but when I gzip the image with the new buzybox it is too large (3133606 bytes).

Last edited by beattie (2006-12-13 05:43:29)

Offline

 

#29 2006-12-13 08:42:05

sala
Member / Site Admin
From: Estonia
Registered: 2006-07-28
Posts: 731
Website

Re: New Firmware instead of Fun_Plug

Why just strip unneeded stuff out of ramdisk. Here's kevin's ramdisk with pretty much only busybox in it. It also have linuxrc to pivot_root into sda3.
As I see the ideal solution would be, to get rid of ramdisk at all, so as result we have more free memory and all file systems in hard disk (of course except kernel, till we can port aec62xx module to u-boot).


DSM-G600 - NetBSD hdd-boot - 80GB Samsung SP0802N
NSA-220 - Gentoo armv5tel 20110121 hdd-boot - 2x 2TB WD WD20EADS

Offline

 

#30 2006-12-13 08:46:38

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

My goal is to leave the existing functionality in place.

Though I'm starting to think about completely redoing the flash layout, which means a new u-boot.

probably cut the ramdisk to 2MB an up the kernel flash to 1 full MB.  It will be a while before I get to that.

Last edited by beattie (2006-12-13 08:52:45)

Offline

 

#31 2006-12-13 18:18:55

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

I think I know why the modified ramdisk is bigger, dirty blocks,

The blocks freed by deleting the old busybox are put back on the free list but no contain "random" data and thus are now much less compressible.  I tried to make a new filesystem but that was even larger so I need to figure out what parameters were used to build the filesystem, I suspect it has a smaler than standard inode list.  possibly other things as well.

Offline

 

#32 2006-12-13 18:35:40

sala
Member / Site Admin
From: Estonia
Registered: 2006-07-28
Posts: 731
Website

Re: New Firmware instead of Fun_Plug

beattie wrote:

I think I know why the modified ramdisk is bigger, dirty blocks,

The blocks freed by deleting the old busybox are put back on the free list but no contain "random" data and thus are now much less compressible.  I tried to make a new filesystem but that was even larger so I need to figure out what parameters were used to build the filesystem, I suspect it has a smaler than standard inode list.  possibly other things as well.

After you have done modifying your ramdisk, run

Code:

cat /dev/zero > data

This should write one big file with zeros and it should fill all free space that you have left on ramdisk. And if it's done then delete data file and unmount ramdisk smile
Alternatively you may also use dd to fill all free space with dummy file.
I haven't tested neither one but I guess they should work.


DSM-G600 - NetBSD hdd-boot - 80GB Samsung SP0802N
NSA-220 - Gentoo armv5tel 20110121 hdd-boot - 2x 2TB WD WD20EADS

Offline

 

#33 2006-12-13 19:29:29

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

"cat /dev/zero > data" Good idea.
I also realized that my attempt make a new filesystem was not done correctly, so I'll try that again tonight.

Offline

 

#34 2006-12-14 10:02:16

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

Some progress to report, by zeroing out the ramdisk image before doing mkfs I was able to buld a ramdisk image that fits with pivot_root and vi plus a few other functions in busybox.  I put together a fwbuild that builds a firmware file give a ubootable kernel and ramdisk.

Thus I built and uploaded a firmware image, the ramdisk has some problems (telnetd does not come up), but it a lot faster to upload fw that way.

Source for the utilities (still prety rough) http://www.beattie-home.net/beattie/DSM … re-0.2.tgz

Looking at the firmware a bit, it is appears to be failing to mount the harddrive or usb drives for some reason.

Last edited by beattie (2006-12-14 17:42:25)

Offline

 

#35 2006-12-14 17:39:56

qn1234
Member
Registered: 2006-08-18
Posts: 94

Re: New Firmware instead of Fun_Plug

That's good news.  Are you planning on creating a firmware image for those who want to flash using the existing web interface?

--
Quang

Offline

 

#36 2006-12-14 17:54:23

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

qn1234 wrote:

That's good news.  Are you planning on creating a firmware image for those who want to flash using the existing web interface?

--
Quang

Long term I have some plans, but testing is going to be an issue, since I don't want to be blamed for bricking other peoples hardware.  There is not way to unbrick a dsm without a serial port if the web interface is hosed.

On a different question, does anybody here know how to get busybox to give a shell prompt on the console?

Offline

 

#37 2006-12-14 22:06:17

BertrandB
Member
From: Dijon (France)
Registered: 2006-09-16
Posts: 119
Website

Re: New Firmware instead of Fun_Plug

beattie wrote:

On a different question, does anybody here know how to get busybox to give a shell prompt on the console?

What's exacly the problem you don't have shell on console ? or the shel don't print prompt ?
For the fist case i look in the /etc/inittab it seems me ok
on second case did you never get prompt ?

Offline

 

#38 2006-12-14 22:33:14

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

BertrandB wrote:

What's exacly the problem you don't have shell on console ? or the shel don't print prompt ?
For the fist case i look in the /etc/inittab it seems me ok
on second case did you never get prompt ?

I have never gotten a prompt, inittab does start /bin/ash on the console and busybox prints out it's banner but no prompt.  Characters are echoed and <ctl>c cause the shell to restart, but nothing else seems to have an effect.  This is what I see:

Code:

BusyBox v1.00-pre1 (2005.10.27-08:04+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

Offline

 

#39 2006-12-15 09:12:13

BertrandB
Member
From: Dijon (France)
Registered: 2006-09-16
Posts: 119
Website

Re: New Firmware instead of Fun_Plug

I think that this version of busybox is realy broken whe had probems with telnetd etc etc ...
Sbdy on this forum report on a thread about telnetd that busybox don't work fine when it is call /bin/sh may be changing /bin/sh by /bin/ash in the ramdisk's /etc/inittab.

may be changing busybox by a newer version wourd be a better solution but "don't brick the box"

Offline

 

#40 2006-12-15 11:03:22

sala
Member / Site Admin
From: Estonia
Registered: 2006-07-28
Posts: 731
Website

Re: New Firmware instead of Fun_Plug

beattie wrote:

I have never gotten a prompt, inittab does start /bin/ash on the console and busybox prints out it's banner but no prompt.  Characters are echoed and <ctl>c cause the shell to restart, but nothing else seems to have an effect.  This is what I see:

Code:

BusyBox v1.00-pre1 (2005.10.27-08:04+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.

Here's a tested patch to fix this.


DSM-G600 - NetBSD hdd-boot - 80GB Samsung SP0802N
NSA-220 - Gentoo armv5tel 20110121 hdd-boot - 2x 2TB WD WD20EADS

Offline

 

#41 2006-12-15 11:17:54

sala
Member / Site Admin
From: Estonia
Registered: 2006-07-28
Posts: 731
Website

Re: New Firmware instead of Fun_Plug

And here is a full patchset that D-Link has applied to busybox-1.00-pre1, including with lines that make ash to stop after banner.
When I got some more time I might try to port this patch for busybox-1.30 smile


DSM-G600 - NetBSD hdd-boot - 80GB Samsung SP0802N
NSA-220 - Gentoo armv5tel 20110121 hdd-boot - 2x 2TB WD WD20EADS

Offline

 

#42 2006-12-16 05:59:04

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

sala wrote:

Here's a tested patch to fix this.

Great, thanks!  I now have built a firmware image that, brings up a shell and now mounts the hard-drive, which was the problem I wanted the shell to debug.

Of course I still have the problem that my unit seems to lock up after sitting idle  for a day or so.  I haven't been able to categorize it better yet, but if this sounds familar...

Offline

 

#43 2006-12-16 08:30:40

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

I hope none of the developers from D-Link read this, because:

I've been digging around in rc.sh a bit, and it is a real hack (in the bad sense of the word) job.  A real frankenstein's monster.  I have not seen such a stinking heap of scraps in a long time.

Offline

 

#44 2006-12-18 09:27:14

BertrandB
Member
From: Dijon (France)
Registered: 2006-09-16
Posts: 119
Website

Re: New Firmware instead of Fun_Plug

beattie wrote:

I hope none of the developers from D-Link read this,

I hope some d-link developper read this forum wink

May be then they would make better firmware ...  ;-)

Offline

 

#45 2006-12-18 20:09:58

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

BertrandB wrote:

I hope some d-link developper read this forum wink

May be then they would make better firmware ...  ;-)

The only way to get better firmware, is to do it ourselves smile

On that note as a progress report: I have a firmware load, that will look for a USB storage device (I'm using a USB flash device) with a filesystem labeled DSMG600_BK and if there is an executable file with a particular name it will exec that file interrupting the boot process.  Next I'll try to do a pivot root from the USB device.

There are a number of executables in /usr/sbin that I want to reverse engineer (reading buttons, turning leds on and off restarting the device).

In any case once I get pivot root working maybe somebody will tell us how to install debian on a DSM-G600 smile

Offline

 

#46 2006-12-19 09:15:51

sala
Member / Site Admin
From: Estonia
Registered: 2006-07-28
Posts: 731
Website

Re: New Firmware instead of Fun_Plug

beattie wrote:

In any case once I get pivot root working maybe somebody will tell us how to install debian on a DSM-G600 smile

Sort of webinstaller would be nice tongue just kidding big_smile
Meanwhile here is basic topic about debian.
Also here is good guide to bootstrap, just replace arm with powerpc.


DSM-G600 - NetBSD hdd-boot - 80GB Samsung SP0802N
NSA-220 - Gentoo armv5tel 20110121 hdd-boot - 2x 2TB WD WD20EADS

Offline

 

#47 2006-12-19 17:37:16

qn1234
Member
Registered: 2006-08-18
Posts: 94

Re: New Firmware instead of Fun_Plug

Better yet, leverage some of the features and design from DD-WRT (www.dd-wrt.com)'s web user interface. smile

Offline

 

#48 2006-12-19 18:31:27

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

qn1234 wrote:

Better yet, leverage some of the features and design from DD-WRT (www.dd-wrt.com)'s web user interface. smile

Web design is not my forte,  I'm sort of thinking about an Access Point, with local contant and Mesh networking.  The Mesh networking will probably require a different radio, maybe even a different (2.6) kernel.  If anybody wants to do some web design I'd be happy to work with them.

Offline

 

#49 2006-12-20 15:29:58

sala
Member / Site Admin
From: Estonia
Registered: 2006-07-28
Posts: 731
Website

Re: New Firmware instead of Fun_Plug

qn1234 wrote:

Better yet, leverage some of the features and design from DD-WRT (www.dd-wrt.com)'s web user interface. smile

Web user interface is not the priority, but eventually it is good idea to throw webs away and replace it with cgi compatible web server (eg. busybox httpd, fnord) and haserl scripts smile


DSM-G600 - NetBSD hdd-boot - 80GB Samsung SP0802N
NSA-220 - Gentoo armv5tel 20110121 hdd-boot - 2x 2TB WD WD20EADS

Offline

 

#50 2006-12-21 00:11:49

beattie
Member / Developer
From: West Coast, USA
Registered: 2006-11-17
Posts: 92
Website

Re: New Firmware instead of Fun_Plug

sala wrote:

[
Web user interface is not the priority, but eventually it is good idea to throw webs away and replace it with cgi compatible web server (eg. busybox httpd, fnord) and haserl scripts smile

Yeah, I sort of agree about getting rid of goahead (webs) I'd probably used the httpd in busybox, but my first priority after getting pivot_root working, is figureing out how to read the switches and blink the lights.  I've tried strings on the executables that seem to do that, and looked at the kernel diffs, with no clues, I suppose the next step is to compile strace and see what system calls it's making.

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB