Patch your bootloader

From PhatHack Wiki
Jump to navigation Jump to search


I have created a program that will allow you to patch the bootloader located on the flash chip in your PhatBox. The result of this patch is that the drive signature check will be disabled, allowing you to use any of a number of 2.5" laptop drives in your DMS.

THIS MAY RUIN YOUR SYSTEM. It is currently very rough, but I believe it is safe. It is possible, but complicated, to recover your PhatBox flash if this process fails. (ie sbingner's shoehorn reflash trick)

Script to patch your firmware

First, take a backup of the drive signature on your existing DMS. This is the command I used on my 20 GB DMS: 

bushing:~# dd if=/dev/hda of=drivesig.backup bs=256 count=1 skip=4094
1+0 records in
1+0 records out
256 bytes transferred in 0.003099 seconds (82608 bytes/sec)

It should look something like this: 

bushing:~# od -x drivesig.backup 
0000000 0796 0000 2a5f 2a50 46a9 56a5 5085 1521
0000020 0008 2408 6005 2140 4905 5558 5548 5508
0000040 0019 9149 8405 9010 5950 1805 1944 0255
0000060 0211 1084 5090 4564 1121 4425 1565 9059
0000100 5941 1655 0644 1080 5085 5594 0424 4164
0000120 5448 1159 4048 9448 8551 9455 9504 8550
0000140 5844 1645 5095 4149 5116 8112 9054 4940
0000160 1065 4106 1106 5552 5156 5106 8102 2450
0000200 2415 2141 6055 0811 1841 1585 1460 1508
0000220 5159 4182 5095 1490 4480 0194 4461 0161
0000240 1561 1148 0109 0459 5419 5449 4148 4049
0000260 1009 5549 8058 6551 2105 2015 0941 0255
0000300 0200 0641 4600 4480 5191 1090 1020 9165
0000320 1900 8491 6441 1804 1464 1524 1425 1449
0000340 0648 0200 4494 0420 0125 4525 0060 1525
0000360 4146 4042 0006 002a 0000 0000 0000 0000
0000400

That file contains your drive signature, if you need it.

Copy the phatpatch program to your PhatBox, and somehow execute it. (Left as an exercise to the reader.)

The PhatBox will very likely either appear to hang or throw up an error message. We are currently having trouble writing to the flash memory on the system; that is to say, we can successfully write 16 bits to the flash, and then it sometimes crashes. This is okay, because we only need to change one byte here. By the time the system locks up, it will have already performed the modification.

To test to see if this worked, erase the drive signature from your DMS: 

bushing:~# dd if=/dev/zero of=/dev/hda bs=256 count=1 seek=4094
1+0 records in
1+0 records out
256 bytes transferred in 0.400212 seconds (640 bytes/sec)
bushing:~# sync

Now, try booting from your DMS in your modified PhatBox; you will never need to repeat this modification!

As a note, there is a subtle way to detect that this process has taken place, for those that are interested.

Create a bootload.log file (see Bootloader FAQ for details). If the drive has a valid signature, after you boot, your logfile will look like this: 

BOOT0-0: OK
BOOT0-1: OK
BOOT0: Successful
BOOT9: Successful
BOOTB: Successful
BOOTF: Successful
BOOT*: Successful

Now, if you boot with a bad signature, it will look like this: 

BOOT0-0: OK
BOOT0-1: OK
BOOT0-2: Successful
BOOT9: Successful
BOOTB: Successful
BOOTF: Successful
BOOT*: Successful

Enjoy!

Retrieved from "https://wiki.phathack.com/index.php?title=Patch_your_bootloader&oldid=15982"