Samstag, 11. Dezember 2010

Booting Boxee Box using Qemu

I managed to boot into Boxee Box's busybox with qemu.
But I guess the way I've done it is not really helpful, as I used another Kernel
that loads harddisks.
I tried to stick with boxee's kernel, attaching the image as a usb harddrive etc.
but without success ...
Another idea was to compile a kernel module for boxee's kernel that loads the harddrive,
but I didn't manage to get that working as well...

Well here are the steps to boot into busybox using some other Kernel, maybe its of help to someone :)

A lot of the needed info was taken from http://boxeeboxwiki.org/wiki/Main_Page
Thanks guys!


1. Download
http://dl.boxee.tv/version/dlink.dsm380/1.0.1.16126/boxee.iso
http://shell2.reverse.net/~matt/vmlinuz.boxee
http://shell2.reverse.net/~matt/nandboot_v3.0.gz

2. Test run
( http://boxeeboxwiki.org/wiki/Initrd )

qemu -kernel ./vmlinuz.boxee -append "root=/dev/ram0 console=ttyS0,115200" -serial stdio -initrd nandboot_v3.0


mount: mounting /dev/Glob_Spectraa1 on /ramtmp/p1 failed: No such device or address
mount: mounting /dev/Glob_Spectraa2 on /ramtmp/p2 failed: No such device or address
Can't Access File /ramtmp/p1/dlink_boxee_runtime.img
Can't Access File /dev/spectra
Stage4Verifier[1704]: segfault at 0 ip 0804e150 sp bfa6d520 error 4 in Stage4Verifier[8048000+134000]
Segmentation fault

--> as the virtual qemu machine has no Glob_Spectraa Devices (Nandflash) it fails
--> try to use another way to pass the required dlink_boxee_runtime.img to the machine
We are able to edit the initrd, so this should be possible
(on the boxee box initrd is located in flash, so I guess this won't work so easily in 'reality')

--> Next step is to get dlink_boxee_runtime.img

3. Unpack/Mount

file boxee.iso

boxee.iso: Squashfs filesystem, little endian, version 3.1, 153093873 bytes, 61 inodes, blocksize: 131072 bytes

unsquashfs boxee.iso

unpacks the iso content into ./squashfs-root

mv squashfs-root boxee_iso

file boxee_iso/normal.img

boxee_iso/normal.img: Linux rev 1.0 ext2 filesystem data, UUID=f1f51c31-779f-414d-9d06-5eb9bb51b724 (large files)

mkdir normal_img

sudo mount -o loop boxee_iso/normal.img normal_img

file normal_img/dlink_boxee_runtime.img

normal_img/dlink_boxee_runtime.img: Squashfs filesystem, little endian, version 3.1, 154957286 bytes, 3839 inodes, blocksize: 131072 bytes

--> We now have the dlink_boxee_runtime.img

4. Hacking ;)

I tried passing it directly to qemu via a harddrive image, but failed ...
It seems to me, as if boxee's kernel doesn't initialize any harddrives :/

Idea: Create harddrive image containing a partition (squashfs or ext2), which itself contains the dlink_boxee_runtime.img
(I used the backtrack4 iso for this, as I had it on my drive, but you could of course use any linux to do this)

Steps tried:


qemu-img create -f raw normal.raw 200M

qemu -hda normal.raw -cdrom /media/TMP/ISOs/bt4-final.iso -boot d -net nic -net user,hostfwd=tcp::2222-:22


------------Inside Virtual Machine-------------
--> Used Gparted to partition the virtual drive as ext2 and copied
dlink_boxee_runtime.img and dlink_bootup.bmp to it via ssh (port 2222 of host is forwarded to port 22 of guest)
-----------------------------------------------

--> boot boxee via qemu using normal.raw as harddrive

qemu -kernel vmlinuz.boxee -append "root=/dev/ram0 console=ttyS0,115200" -hda normal.raw -serial stdio -initrd nandboot_v3.0


--> Harddisk is not detected

--> Tried booting with another kernel, harddisk is found and can be mounted when editing initrd ("nano nandboot/sbin/init")
--> But: dlink_boxee_runtime.img cannot couldn't be mounted using this kernel, as squashfs support was missing

--> Idea: Create new harddrive that contains dlink_boxee_runtime.img's content in a ext2 image

Create new dlink_boxee_runtime_ext2.img as an ext2 image

dd if=/dev/zero of=dlink_boxee_runtime_ext2.img bs=1024 count=512000

mke2fs dlink_boxee_runtime_ext2.img


Extract content from dlink_boxee_runtime_img folder to the ext2 image

mkdir dlink_boxee_runtime_ext2

sudo mount -o loop,sync dlink_boxee_runtime_ext2.img dlink_boxee_runtime_ext2


unsquashfs -d dlink_boxee_runtime_ext2/unsq normal_img/dlink_boxee_runtime.img

mv dlink_boxee_runtime_ext2/unsq dlink_boxee_runtime_ext2

cd dlink_boxee_runtime_ext2/unsq

find . -mindepth 1 -maxdepth 1 -exec mv -t.. -- {} +

(moves all files to upper directory)

cd ..

rm -r unsq

cd ..

sudo umount dlink_boxee_runtime_ext2


--> Create a bigger harddrive (600MB) (squasfs is a compressing filesystem --> ext2 needs more space)

qemu-img create -f raw normal.raw 600M

qemu -hda normal.raw -cdrom /media/TMP/ISOs/bt4-final.iso -boot d -net nic -net user,hostfwd=tcp::2222-:22


------------Inside Virtual Machine-------------
--> Create parition and copy dlink_boxee_runtime_ext2.img and dlink_bootup.bmp to the virtual harddrive
-----------------------------------------------

gunzip nandboot_v3.0.gz

file nandboot_v3.0

nandboot_v3.0: Linux rev 1.0 ext2 filesystem data (mounted or unclean), UUID=e9271001-5cc6-430f-b329-7fabadc2535e

mkdir nandboot

sudo mount -o loop,sync nandboot_v3.0 nandboot

(sync is used so that any changes are immediately written to the image)

nano nandboot/sbin/init


Edit initrd to mount our harddrive instead of Glob_Spectraa1 etc.
(Line 65)

else
                echo "--- NORMAL ---"
                mount /dev/sda1 $PARTITION1
                img_name=dlink_boxee_runtime_ext2.img
                sig_device=/dev/sda
                sig_block=70
fi

Circumvent Stage4Verifier failure:
(Line 77)

if [ $? == 0 ]; then

Change image type at the end of initrd to ext2:

mount -t ext2 -o loop $PARTITION1/$img_name $BOOT_IMG

boot boxee via qemu using different kernel that loads harddrive and normal.raw as harddrive

qemu -kernel vmlinuz-2.6.28-020628-generic -append "root=/dev/ram0 console=ttyS0,115200" -hda normal.raw -serial stdio -initrd nandboot_v3.0


--> Qemu boots into boxee's busybox !!! (Press Enter to activate it)

End of output:

--- NORMAL ---
[    4.216678] EXT2-fs warning: mounting unchecked fs, running e2fsck is recommended
[    4.225894] Stage4Verifier[1800]: segfault at 0 ip 0804b682 sp bfbe6d34 error 4 in Stage4Verifier[8048000+134000]
Segmentation fault
init started: BusyBox v1.10.2 (2010-05-06 13:23:43 IDT)
starting pid 1806, tty '': '/etc/init.d/rcS'
Entering rc file
##### Starting Scripts #####
stty: /dev/ttyS1: Input/output error
/etc/rc3.d/S02system_setup SUCCESS
ifconfig: SIOCGIFFLAGS: No such device
route: SIOCADDRT: No such device
/etc/rc3.d/S04network SUCCESS
/etc/rc3.d/S08kernel SUCCESS
/etc/rc3.d/S10devtools SUCCESS
insmod: cannot insert '/lib/modules/osal_linux.ko': invalid module format
ERROR (/etc/rc3.d/S12osal): Command 'insmod /lib/modules/osal_linux.ko' failed
************************************************************************
 ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR

   /etc/rc3.d/S12osal FAILED [returned: 1]
   Exiting SysV init. Bringing up the console if possible.

 ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR ERROR
************************************************************************

insmod: cannot insert '/lib/modules/gdl_mm.ko': invalid module format
ERROR (/etc/rc3.d/T28display): Command 'insmod /lib/modules/gdl_mm.ko' failed
 /etc/rc3.d/T28display FAILED [returned: 1]
 Exiting SysV init. Bringing up the console if possible.

insmod: cannot insert '/lib/modules/ioctl_module.ko': invalid module format
ERROR (/etc/rc3.d/U30smd): Command 'insmod /lib/modules/ioctl_module.ko' failed
 /etc/rc3.d/U30smd FAILED [returned: 1]
 Exiting SysV init. Bringing up the console if possible.


Please press Enter to activate this console. insmod: cannot insert '/lib/modules/sec_kernel.ko': invalid module format
ERROR (/etc/rc3.d/V32sec): Command 'insmod /lib/modules/sec_kernel.ko' failed
 /etc/rc3.d/V32sec FAILED [returned: 1]
 Exiting SysV init. Bringing up the console if possible.
Eingestellt von um
Labels:

Keine Kommentare:

Kommentar veröffentlichen

Abonnieren Kommentare zum Post (Atom)