DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

Pages: 1

 

#1 2012-02-19 23:31:54

yoshi57
Member
Registered: 2012-02-19
Posts: 5

FFP Reloaded Module

hello everyone,

I'm here to ask if anyone already tried (with success) to use the reloaded module from fonz?
I took this one:
http://www.inreto.de/dns325/reloaded/dn … 115.tar.gz

I compiled again kernel source for DNS-320 as per here:
http://nas-tweaks.net/249/building-an-a … 0-dns-325/

Compiled Fine, both module and kernel.
To start simple, I simply want to run same kernel as Dlink (without modification)
In order to do so I use script from here:
http://www.inreto.de/dns323/reloaded/dn … /reload.sh



So far no luck in reloaded module. DNS stay unresponsive after loading module.
First, script didn't get correctly my ip address, so i forced it to test. but still nothing commande look like:

Code:

insmod reloaded-2.6.22.18.ko machtype=526 kernel=zImage-2.6.22.18 initrd=0byte cmdline="console=ttyS0,115200 :::DB88FXX81:egiga0:none ip=192.168.0.5::192.168.0.254:255.255.255.0:DNS-320:egiga0:none "

So does anyone have a hint or already tried?


History note:
I have a DNS-320 for one year. I'm using FFP from begining. Fonz works is amazing a,d I would like to thanks him and everyone on this forum who help me a lot.
I also use Debian squeeze now. The only sad thing is it's not possible to rebuild a kernel (or module) directly on the nas wink
My end goal, is to load a kernel with ipV6 and netfilter enabled.

Last edited by yoshi57 (2012-02-20 12:34:32)

Offline

 

#2 2012-02-20 10:25:39

Mijzelf
Member / Developer
Registered: 2008-07-05
Posts: 709

Re: FFP Reloaded Module

I don't know about the DNS-320, but I've been working with a Lacie networkspace 2, also Kirkwood based. Looking at the serial port I could see that the box freezes while zImage is decompressing the kernel. I think this is caused by some unexpected interrupt, which vector points to garbage.

Offline

 

#3 2012-02-20 12:29:32

yoshi57
Member
Registered: 2012-02-19
Posts: 5

Re: FFP Reloaded Module

Mijzelf wrote:

I don't know about the DNS-320, but I've been working with a Lacie networkspace 2, also Kirkwood based. Looking at the serial port I could see that the box freezes while zImage is decompressing the kernel. I think this is caused by some unexpected interrupt, which vector points to garbage.

Hello
I was reading your topic http://dns323.kood.org/forum/viewtopic.php?id=3434
Intersting, I will have a few more stuff to test.

I think, one of my errors are that I need an initrd.
You wrote:

Mijzelf wrote:

2) Copied initrd: dd -if=/dev/mtd1 of=initrd. This makes a file of 12928kB.

Mine is 5Mo. And how can I be sure mtd1 is initrd ?


Off topic note, /dev/mtd4 is 10.0Mo and Start with the egig0 Mac address !? is it the driver ? would be possible to change Mac ?

Last edited by yoshi57 (2012-02-20 12:35:30)

Offline

 

#4 2012-02-20 15:50:50

Mijzelf
Member / Developer
Registered: 2008-07-05
Posts: 709

Re: FFP Reloaded Module

yoshi57 wrote:

Mine is 5Mo. And how can I be sure mtd1 is initrd ?

That's easy. It isn't.

A Linux kernel needs a rootfs to run. Roughly there are 3 ways to get/create one:
* An initramdrive build in in the kernel (AFAIK always a gzipped cpio archive)
* An initramdrive loaded in memory by the bootloader (or reloader.ko), and passed to the kernel. (Also a gzipped cpio device)
* An external filesystem, in most cases defined in the commandline. (Something like root=/dev/mtd1)

You mtd1 does not fit in the first option, and almost certain also not in the second. Assuming your box uses uBoot it *might* be an uImage containing an initramdrive, but in that case you'll have to extract the header, before it can be used for reloader.ko.

How to know? Dump the contents to a file, and let the linux command 'file' speak.

Code:

file mydump

When it says 'uImage containing initrd', you can stript the first 64 bytes, keep the number of bytes 'file' specifies, and offer it to reloader.ko.

Off topic note, /dev/mtd4 is 10.0Mo and Start with the egig0 Mac address !? is it the driver ? would be possible to change Mac ?

10MB? That's a lot. I don't think it's a driver, but it might be uBoot environment. (But 10MB is very much, 64kB is more suitable.)
And yes, you can change the MAC address. The MAC address has to be somewhere in the flashrom, or in some dedicated eeprom. It is read by uBoot, and provided to the kernel via the commandline, or read by the kernel itself. I wouldn't change it in flashrom without trying to find out if there is a bigger structure, there could be some checksum somewhere.

But if you just want another MAC address you can change it using ifconfig

Code:

ifconfig egiga0 hw ether <new_mac_address>

Offline

 

#5 2012-02-20 23:22:46

yoshi57
Member
Registered: 2012-02-19
Posts: 5

Re: FFP Reloaded Module

Mijzelf wrote:

That's easy. It isn't.

A Linux kernel needs a rootfs to run. Roughly there are 3 ways to get/create one:
* An initramdrive build in in the kernel (AFAIK always a gzipped cpio archive)
* An initramdrive loaded in memory by the bootloader (or reloader.ko), and passed to the kernel. (Also a gzipped cpio device)
* An external filesystem, in most cases defined in the commandline. (Something like root=/dev/mtd1)

You mtd1 does not fit in the first option, and almost certain also not in the second. Assuming your box uses uBoot it *might* be an uImage containing an initramdrive, but in that case you'll have to extract the header, before it can be used for reloader.ko.

OK well I have:

Code:

# file mtd1
mtd1: u-boot legacy uImage, Linux-2.6.22.18, Linux/ARM, OS Kernel Image (Not compressed), 2196588 bytes, Mon Nov 15 10:49:59 2010, Load Address: 0x00008000, Entry Point: 0x00008000, Header CRC: 0x614A65B2, Data CRC: 0xDBAE8F1E
# file mtd2
mtd2: u-boot legacy uImage, Ramdisk, Linux/ARM, RAMDisk Image (gzip), 1563868 bytes, Mon Dec  6 08:00:10 2010, Load Address: 0x00E00000, Entry Point: 0x00E00000, Header CRC: 0x27BA4C65, Data CRC: 0x8EAB8021

Both mtd are 5.0Mo
I'm a bit lost. Does it contain all item listed?how I know which part inly is the uImage?
cmdline from curent kernel is root=/dev/ram/


Mijzelf wrote:

10MB? That's a lot. I don't think it's a driver, but it might be uBoot environment. (But 10MB is very much, 64kB is more suitable.)
And yes, you can change the MAC address. The MAC address has to be somewhere in the flashrom, or in some dedicated eeprom. It is read by uBoot, and provided to the kernel via the commandline, or read by the kernel itself. I wouldn't change it in flashrom without trying to find out if there is a bigger structure, there could be some checksum somewhere.

Ok Thanks for the tip

Offline

 

#6 2012-02-21 10:20:34

Mijzelf
Member / Developer
Registered: 2008-07-05
Posts: 709

Re: FFP Reloaded Module

Well, that's obvious than. mtd1 contains the kernel, mtd2 contains the initrd.

Both mtd are 5.0Mo

Yes, but it's mainly empty space. mtd1 contains 64 bytes header + 2196588 bytes zImage, mtd2 64 bytes header + 1563868 bytes ramdisk.
If you want to extract the initrd:

Code:

dd if=mtd2 of=initrd bs=64 skip=1 count=24436

Offline

 

#7 2012-02-22 22:15:24

yoshi57
Member
Registered: 2012-02-19
Posts: 5

Re: FFP Reloaded Module

ok
I extracted the initrd. but no success.
So I extracted the kernel from mtd1 to use it. again no success
I also tried with root=/dev/ram as in cmdline from normal boot. still nothing.

When the reloded.ko is insmod, I here hdd read/write a couple of seconds. then nothing else. not even ping response.


What i'm missing? I must have a serial connection on the machine to see where it hang up?

Offline

 

#8 2012-02-29 00:00:44

yoshi57
Member
Registered: 2012-02-19
Posts: 5

Re: FFP Reloaded Module

I found that there is hardcoded adress value in reloaded module.
I try to change them to the correct value for my DNS-320
it look like:

Code:

Reboot.S:

        /* copy initrd */
-        mov     r2, #0x800000
+       mov     r2, #0xe00000


main.c

                t->hdr.tag = ATAG_INITRD2;
-                t->u.initrd.start = 0x800000;
+               t->u.initrd.start = 0xe00000;

Tried again with various matchtype but no response after insmod.

Also test without the actual rebooting code to see in dmsg if everything ok, and looks like it

Code:

initrd: OK (48 segments)
dns323_machtype = 526
CMDLINE: console=ttyS0,115200 :::DB88FXX81:egiga0:none ip=192.168.0.5::192.168.0.254:255.255.255.0:DNS-320:egiga0:none
MEM: start 00000000 size 128MB
INITRD: start 00800000 size 1563904
dns323_taglist  = 47fc000 (c47fc000)
copying 2160 bytes reboot code from bf00d00c to c0add000
dns323_reboot_start  = add000
Reloading...

I don't know where to look now..

Offline

 

#9 2012-03-02 02:33:06

Le_candide
Member
Registered: 2011-10-14
Posts: 7

Re: FFP Reloaded Module

Your project is very interresting !
you can also look at this thread :
https://groups.google.com/forum/#!topic … 5qfz-E6PG8

Offline

 

 

Pages: 1

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB