Kernel: 3.1.1c with killinird applied. Obtained from PTVupgrades. Product info: LBA48-401DD PTVupgrade LBA48 4.01 with Enhancements.
This document outlines how to add a new, larger hard drive, get a bash prompt over a serial port, install the USB 2.0 networking drivers, bring up eth0, and get the tivo ready for installing the extraction in control hacks (TyTools, TivoWebPlus, mfs_ftp, and mplayer are my personal favorites).
I have a DirecTiVo Phillips DSR 7000 running version 3.1.1e of the TiVo kernel & software, but I was able to make everything work well, despite the fact that only up to 3.1.1d is covered in the book. Apparently there are folks out there who have gotten 4.0 tivo software to work on the DirecTivo's, but I'm not quite that adventurous yet.
In order to get the DirecTivo hacks working for Bash and extraction, I had to download the 3.1.1c tivo kernel from PTVdatabase. It had already had the killinitrd hack applied. This cost me $5.00, but was well worth it.
I also needed the Linux usb drivers for my configuration. I got those from genTiVo_HackPack.zip. One of the steps was to unzip the file, and load the contents of the ethernet_drivers directory on to the new TiVo drive. I'm using a linksys USB200M usb network adapter, which is fairly common and available in most computer stores as of right now (January 2005).
I couldn't find a kernel/root combination that worked for me on the net, and spent 3 evenings trying various combinations, getting a tivo that wouldn't boot, restoring, and trying again. The first time it wouldn't boot I had the crap scared out of me, but restoring the partitions and running bootpage to reset the boot parameter to a simple "root=/dev/hda7" fixed it right up.
I carried out this entire procedure on a Linux PC, and therefore had access to my every-day use hard drive for backing up small partitions, downloading docs from the net, etc... It was very convenient. I burned the CD image to a CD, and copied it back to my PC in preparation for this procedure.
Many of the steps here refer to "Hacking the Tivo, Second Edition" by Bill von Hagen. Other information was gleaned from the DealDatabase TiVo forums.
I then backed up my crucial partitions. This saved my butt, as I was able to restore them by reversing the if & of parameters, which brought back a non-booting tivo more then once.
Note: hdb was my new TiVo disk, and hda was my personal hard drive.
I mounted my regular every-day hard drive to use as a file source and backup repository:
mkdir /mnt/mypc mount /dev/hda5 /mnt/mypc
dd if=/dev/hdb6 of=/mnt/mypc/home/rwhall/tivo/backups/partition6_kernel.img dd if=/dev/hdb3 of=/mnt/mypc/home/rwhall/tivo/backups/partition3_kernel.img dd if=/dev/hdb4 of=/mnt/mypc/home/rwhall/tivo/backups/partition4_root_fs.img bs=32k dd if=/dev/hdb7 of=/mnt/mypc/home/rwhall/tivo/backups/partition7_root_fs.img bs=32k
dd if=/mnt/mypc/home/rwhall/tivo/files/vmlinux.px of=/dev/hdb6 dd if=/mnt/mypc/home/rwhall/tivo/files/vmlinux.px of=/dev/hdb3
mount /dev/hdb9 /mnt/tivo mkdir /mnt/tivo/hack/ethernet_files cp /mnt/mypc/home/rwhall/tivo/files/genTiVo_HackPack_m/ethernet_drivers /mnt/tivo/hack/ethernet_files
bootpage -P "root=/dev/hda7 dsscon=true console=2,115200 BASH_ENV=\`mount\$IFS-n\$IFS/dev/hda16\$IFS/mnt;echo\$IFS/mnt/hacks\`" -C /dev/hdb
Note: That must all be typed on one line!
At that point, I shut down my PC and re-mounted it in my DirecTivo. I was able to boot, and to see the bash prompt on the serial line. After 4 days of trying, THAT was a big moment!
cp usbcore.o /lib/modules/hack_usbcore.o cp hcd.o /lib/modules/hack_hcd.o cp ehci-hcd.o /lib/modules/hack_ehci-hcd.o cp ax8817x.o /lib/modules/hack_ax8817x.o
cd /lib/modules insmod hack_usbcore.o insmod hack_hcd.o insmod hack_ehci-hcd.o insmod ax8817x
ifconfig eth0 192.168.1.140 netmask 255.255.255.0 up route add default gw 192.168.1.1
Once this worked, I started the ftp and telnet daemons as outlined in the "Starting FTP and Telnet on Your TiVo" section, chapter 8, page 274.
I telneted into the machine, and was de-shackled from the 10 foot serial cable. Hurrah!
#MY OWN SIMPLE COMMANDS TO LOAD THE NETWORK #MODULES AND START TELNET AND FTP /sbin/insmod /lib/modules/hack_usbcore.o /sbin/insmod /lib/modules/hack_hcd.o /sbin/insmod /lib/modules/hack_ehci-hcd.o /sbin/insmod /lib/modules/hack_ax8817x.o sleep 10 /sbin/ifconfig eth0 192.168.1.140 netmask 255.255.255.0 up /sbin/route add default gw 192.168.1.1 /sbin/tnlited 23 /bin/bash -login & /var/hack/bin/tivoftpd &One lesson I learned the hard way: Mark the file as executable. Mark the file as executable. Mark the file as executable. When I saw the console output, and realized it couldn't execute the sysinit file and just hung, I was bummed. I had backed up the file and created a new one, so the original was preserved, but missed the crucial 'mark as executable' step. I had to pull the drive and Mark the file as executable:
chmod u+x rc.sysinit
There was one more wrinkle: I have a 3.1.1e root filesystem, as that remained unchanged, and a 3.1.1c kernel. So far that has presented me with no issues. The flip side, however, is that to shut off the encryption, I could find no documentation. The book only goes up to 3.1.1c. After much searching, I came across a post from AlphaWolf, who has one a tremendous amount of work on this sort of thing. According to his information, the 3.1.1e tivoapp is the same one as the 3.1.1d, so those instructions would work with it. I applied them, and everything worked fine. The AlhpaWolf post is here.
To turn off encryption on my tivo ( from Chapter 12 of the book, section 'Disabling Video Encryption', page 457):
mount -o remount,rw / cd /tvbin cp tivoapp tivoapp.orig mv tivoapp tivoapp.save cp tivoapp.orig tivoapp cp tivoapp.orig tivapp chmod 755 tivoappFrom the AlphaWolf post:
echo -ne "\x3c\x02\x00\x00" | dd conv=notrunc of=tivoapp bs=1 seek=6500332