I-Appliance BBS
The Official Source for Internet Appliance Upgrades and Mods		 Amazon Honor System Click Here to Pay Learn More
BBS Main List | Sign In | Sign Up | Search | Help | Linux-Hacker.netReply to Thread | Printer |

Home / Other I-Appliances / Virgin Webplayer
Hacking progress
Real steps to hack the WebPlayer

New MessageHacking progress (modified 0 times) Want2Code
Finally got a small amount of time to hack on the WebPlayer. I think there's a pretty easy way to get in.

So far, here's what I've done and learned:

1) I downloaded the DOC contents into a file on my PC. (Please don't ask for it.)
2) Scanning the 48MB file with a hex editor reveals that it's clearly Linux (no VxWorks as reported elsewhere).
3) Most of the #!/bin/sh text files are easily readable, including all the startup scripts, X config, etc.
4) The entire user experience is Java. During startup, startx is called, and the main Java-based application is run.
5) Linux runs in single user mode. getty and login do not seem to be available.
6) I have run a modified version of the DOC that doesn't call the startx script (which worked) and tries to start a console-based shell. I have been unable to get a shell to run on the screen; there doesn't seem to be console support for the screen or the keyboard.
7) There seems to be a way to get a shell via the second COM port.

My goal is to run my modified DOC so that X and the main Java app don't start, and to get a shell via the second COM port. Then I should be able to start a PPP session manually to my server and move files on and off the WP. With some work, it should be possible to use the WP any way you want, and still be able to start the Virgin environment manually when you want to do your 10 hours.

HOWEVER, the first domino in this series is getting the hardware for the COM connector figured out. I can tweak the DOC software. Unfortunately, I don't have the time or the bench space to carefully take the WP apart and trace the COM connector pinouts. I am appealing to the rest of you to help with this step.

Basically, we need the pinout of the COM connector (it's a 12-pin header with pin #10 missing), and at what voltage it's running. I'm guessing it's a TTL-level serial, which means we'll need a MAX232-type chip.

06-18-2000 13:29:31

New MessageRE:Hacking progress (modified 0 times) Dag1968
Wow! So how did you manage to download the doc image? Please share.
06-19-2000 09:55:25

New MessageRE:Hacking progress (modified 0 times) linux-virgin
You da man! Keep it up..
06-19-2000 14:41:52

New MessageRE:Hacking progress (modified 0 times) Gorf
We all really appreciate what you're doing and I really hope the Linux/ Hacker crowd helps each other. Is there anything the less code savy among us can do to help? Just slap me if this is real obvious but is there anything to mapping the port besides pulling it apart and following the wires? Is it stupid for me to try and help at this level when I don't know whatTTL-level serial or MAX232-type chip means?
06-19-2000 16:16:52

New MessageRE:Hacking progress (modified 0 times) bad_packet
Want,

Do you think this thing will be able to run Linux, as a seperate OS?

Haven't pulled mine apart yet, debating sending it to the folks.

So far, when I log on, all I get is an empty browser window with current weather.

Heard there are no IDE ports or user accessible IO. 'Course, with a standard CyrixGX setup, these could probably be added.

06-19-2000 20:11:41

New MessageRE:Hacking progress (modified 0 times) Want2Code
bad_packet,

> Do you think this thing will be able to run Linux, as a seperate OS?

It already is running Linux but there's just no access to a shell except for a debug mode through the COM port. Once we can get a little control, we should be able to load all the software we need to turn it into a generally useful box. One thing in particular I'm looking forward to running is a BIOS password cracker, even if I have to write one that runs a brute force attack for days at a time.

I think it will even be possible to replace the kernel. That could activate the USB ports and give us things like Ethernet.

> Heard there are no IDE ports or user accessible IO. 'Course, with a
> standard CyrixGX setup, these could probably be added.

It's got an IDE port that will be usable once we crack the BIOS password. It's got 2 USB ports that are currently going to waste.


BTW, I have one of the really awful development systems from M-Systems, the DOC people. I don't recommend it unless you want to spend hours figuring out why the hardware supports multiple addresses for the DOC but the software they supply doesn't. That's how I downloaded the DOC contents.

06-19-2000 21:32:16

New MessageRE:Hacking progress (modified 0 times) Want2Code
Gorf,

Thanks for the support. I don't think I'd recommend trying to take it apart and trace the circuit if you've never done it. Tracing the circuit may not even be the best approach since the circuit board is multi-layer and pretty dense.

TTL voltage levels are typically zero and plus five volts. Normal serial, like out of the back of your PC, typically has a broader range, -12 and +12 volts, if I remember correctly. A MAX232 is a chip that converts from TTL voltages to standard serial voltages, allowing you to connect to a PC.

06-19-2000 21:43:01

New MessageRE:Hacking progress (modified 0 times) bad_packet
Profile
Oh, didn't realize it had the IDE header in there, someone said it didn't.
Not too sure what this could be expected to do, as the Cyrix is still rather lame, and the screen refresh is the worst.

Don't need to set up a firewall, so how about
some ideas on possible uses for this pup?

uhmm, mp3 player? - probably not
eBook- not with that screen

uhh, ok, someone throw me a bone here..

Top 10 uses for the Webplayer II

1.

06-20-2000 20:27:08

New MessageRE:Hacking progress (modified 0 times) Want2Code
Sheesh, am I the only one working on this thing?

I've made a lot more progress. I managed to mount the WP's DOC in my Linux system by building a custom kernel and using M-Systems' lousy evaluation board. I can now get to the entire file system and read/write anything I want. I've got a backup of the whole thing in a TAR archive, just for safe keeping.

I gave up on using the serial port for the time being since no one seems to have the time or ability to figure out the pinout.

I have tried some more to get a shell running on the console with minor success. I can prevent the X system from starting and can now get it to accept keyboard input. I cannot get text to go to the screen, though. I suspect this is due to the kernel putting the screen in some graphics mode in order to draw the boot progress bar. It'd be great to have some simple utility to put the screen back into standard text mode.

I tried to get the screen back to normal by starting X (with xinit) and then exiting. X did start and stop well enough, but it left the screen in some other graphics mode still. It might be the same mode as when I started, just saved and restored by xinit.

I installed and ran a supposed BIOS password cracker called cmospwd. It didn't help. I can't even tell which particular version of the Phoenix BIOS this thing's running. Any ideas? Any good BIOS password crackers for it (that run under Linux or have source code)? If we can get the BIOS password, then I'm assuming we can make a drive connected to the IDE connector the boot drive and run anything we want.

I've got the whole WP application as a set of Java JAR files that I'll play with on another system. I would like to figure out the setup password algorithm so we can get into the settings any time we want.

What I'll probably do, especially since there's very little interest here, is build my own 2.4 kernel with USB support and try to get the USB ports to support ethernet. Then I'm going to use it as a bed-side or couch-side silent terminal on my home network. It'd be nice to have a browser near the TV for TV Guide, game show play-alongs, etc.

Does anyone still care?

07-04-2000 03:09:04

New MessageRE:Hacking progress (modified 0 times) chrisp
I still care...

I booted my WP on a DOC with DOS (Win98 version). It booted fine and I put every bios hack I could find on the web on the DOC (from hardware attacks to phoenix specific) and couldn't get a one of 'em to do a thing. I've given up for the time being, but if anyone does have specific info on the bios, specifically what version of phoenix it is, that might help. I never posted 'cause I really didn't make much progress...

I'm also under the assumption that the bios holds the key to booting from a hard drive. If anyone has a Dos based bios hack that they think might do the job, feel free to post a link.

07-04-2000 12:54:41

New MessageRE:Hacking progress (modified 0 times) jeremy
ok, so i have sat here and tried to find the password for my virgin web player and I cant! Is there a formula to use to get the password?
07-12-2000 15:56:01

New MessageRE:Hacking progress (modified 0 times) NickName
For the BIOS password, try "lambkeoghs"
07-14-2000 01:30:29

New MessageRE:Hacking progress (modified 0 times) chrisp
I've got the battery out and I'm going to leave it for a week or two and see what happens...

I was reading a manual on the newer phoenixbios and it seems that, for net appliances, there are extensions so that the bios can be programmed through the com port, as was suggested earlier in this thread.

The only problem is that you need the phoenix developer software to get in, something to the effect of picosbios or something. Anyone have an app like this?

07-14-2000 12:58:26

Reply to Thread | Printer |
All times are PSTPowered by UltraBoard v1.62


Copyright © 2000, Netmake Inc. All Rights Reserved.
See Terms and Conditions for more information.




i-opener opener laptop notebook computer help drivers dll free windows dos repair fix linux mac macintosh 2000 95 98 nt pc configure hardware software sound video netscape explorer network networking lan wan software cmos fat bios printer card mouse modem ide scsi cd rom controllers scanner tape hard drive cgi scripts source code mp3