Unofficial Archos Support Forum
It is currently Thu Aug 17, 2017 12:50 am

All times are UTC+01:00

Post new topic  Reply to topic  [ 1 post ] 
Author Message
PostPosted: Sun Nov 13, 2016 2:03 am 
Archos Novice
Archos Novice

Joined: Thu Mar 14, 2013 2:41 pm
Posts: 47
I'm working on unlocking the plugins for 704. I'm not well at programming, but will try do all my best doing that. Where to start from?
I have plugins for my 504 and I want to use them for 704. What is needed to run them? The suitable product ID. I hope this is the only thing needed for running the plugins. So how to change the product ID? We need to boot up with the suitable HD serial number. But we have to get rid of the lock down function. There are many owners who have their devices with latest firmware which disables GFT hack. This link shows the firmware versions where GFT doesn't work.
I defined that 1.7.16 has the HD lockdown ability as 704TV does at 1.7.17.
I enabled a scrollbar in Opera by using the symlink method of access to the Opera directory. Just replaced the original opera.ini with the changed one.
Also I've found some interesting stuff in etc\init.d\S20modules
#! /bin/sh


load_sdio_modules ()
   if [ -e /mnt/data/a704wifi.txt ] ; then
      tmp=`cat /mnt/data/a704wifi.txt`
      if [ "$tmp" = "sdio" ] ; then
         let hw_id=$boards_rev_sdio
         let hw_id=0
      let hw_id=`cat /sys/devices/system/cpld_io/cpld_io0/hardware_id`
   if [ $hw_id -ge $boards_rev_sdio ] ; then
      insmod /lib/modules/sdio-core.ko
      insmod /lib/modules/sdio_dma_davinci.ko
      insmod /lib/modules/sdio_host_davinci.ko

and so on

It means if the file a704wifi.txt containing the "sdio" string exists, then sdio-core.ko, sdio_dma_davinci.ko and sdio_host_davinci.ko modules will be installed. SDIO must be Secure Digital I/O. But what are they for? I created the file a704wifi.txt and inserted the sdio string. After reboot nothing special happened. If you change the contents of that file to something other than "sdio", then you cannot activate wifi. It ends up with Wifi Error message.

I also tried to hot-swap the drive while the booting process. It didn't help to get another Product ID to use the plugins from 504. After pressing the power button, the boot begins with checking the info about the hard disk. It happens during 2 blinks of the red HDD LED. The third blink means mounting optfs and rootfs and maybe something else. Before the third blink you can quickly replace the hard drive with another one only if the latter contains the and from the same 704 WIFI or TV. Otherwise the error message appears.
So it seems that product ID is being generated basing on the SN being located in RAM after the boot. So to change the product ID I will have to edit RAM or find the file that is responsible for system info. I believe if I edit the firmware version number somewhere in settings, then downgrade would be possible.

I got my 704WIFI with 1.7.05 installed. It's even earlier than "initial OS" 1.7.08. After scanning its hard disk for removed files, I couldn't find the firmware file. It seems its previous owner has deleted it completely.
I created an image of hidden partition. Moved it into another hard drive of my second 704 with firmware 1.7.53. Then started it. Checked if it was 1.7.05 and then started a downgrade procedure with 1.7.16 firmware file, because I don't have anything earlier. If someone has 1.7.10 firmware file, please share. Thus I upgraded the OS on the HD, but downgraded the bootloader. It was not really necessary, except for the case when you will have to reinstall the OS with 1.7.16 firmware from recovery menu.
I checked if that 1.7.05 devices has the HD lockdown. Yes, it does. It seems Archos has implemented it even before producing 704.
But anyways, this firmware version is important for starting Qtopia and running GFT-way code.
Take out the hard drive and connect it directly to PC through ide adaptor.
Run "HD Clone"(link below)->Restore partition->choose the folder where 1.7.05 image is located: first click on the needed drive from the left panel. Then using the right panel go to the folder with the needed image folder and click on it-> click Next (if the button is not active, it means you didn't choose the image)->in the next window "Target partition" click "Show all partitions" to uncover the hidden partition->find the hard drive of your Archos and click on the smaller partition called "unnamed". Its size has to be around 97MB->click Next->Start->Start copying->(Waiting)->Automatically->Quite HDClone.
Place the hard drive back into Archos and start it. Choose "repair" if recovery menu appears. Then use 1.7.16 firmware file (rename it to a704wifi.aos) to downgrade the bootloader. You're DONE!
HD Clone - 1.7.05 image
a704wifi(1.7.16).aos - 1.7.16 fimware file
I changed the link to the clonning program because I've got a notification from 4shared admin that I posted a copyrighted material. How to unpack the program: main archive file (password: ☤ﮝﻻ⋩ﻛԷ따덕ڦ㏶쳥) contains another archive file called (password: ☃✧〠Ⓙ〶✰ǬⓆ). Unpack the file Reports.rar from and change its extension to exe. Then run it to install the program. If those passwords don't work just let me know.

Now, my idea is to change the product id to run plugin files from different GEN4 devices. It's being generated during the boot process and stored somewhere (maybe it's /sys/devices/system/cpld_io/cpld_io0/product_id or /sys/devices/system/cpld_io/cpld_io0/hardware_id). I tried to copy those files with the symlink technique, but no luck. It seems I have to be root. So I will try to copy them with GFT.


First of all, for those who are not familiar with avos, it's a user interface used for all archos devices.

I defined that there's probably no file which contains product key information. I used IDA to disassembly AVOS code. It seems that product key is not being read and stored somewhere, but against, it is being generated on the go after reading from flash every time you go to system settings. I have no access to the flash yet, so I have a different idea of getting the plugins. I have got videopodcast and cinema plugins for a different 704 Wifi unit. I discovered that I can run my own avos just by starting it with GTF from the password field. I tried to kill original avos and start mine, but my player just freezes up. In order to kill the original one without 704 being rebooted you have to kill But once you do that device stops responding. I don't know why it happens. I tried to run my avos over the original one and it seems to work! But its functionality was very limited because at the same time original avos was using the modules which my avos needed to properly operate. My avos doesn't even respond to the power button and can't reboot the device. The only thing I could do is to go to system settings and browse files. So to free the modules up I have to kill the original avos and maybe even reload them. So it's my new goal now.
My idea is to disable the check of plugin files so that you could use the ones from other 704wifi devices. I hacked avos so that I can use any plugin file from any 704 wifi. Plugins from 504 give me: Bad update file, code 10. I guess the same thing would happen if I use any plugin from 704TV. I don't even want to hack the avos more to make it accept those plugins too as it may be dangerous though all of those devices use the same main parts and have almost same program. Anyways it's possible to check it.
First of all, starting another instance of avos over the original one gives you many troubles, but my idea is to use it just to unlock plugins with not native files. One of those troubles is it cannot recognize the DC adapter. Once I connect it there's no LED indication, though the original avos is running. It shows an empty battery indicator and after about 15 seconds of work it shuts down the device. Surely just 15 seconds would be enough to unlock the plugins, but once I open any plugin file it asks for DC. So I spent some time to find the function which asks for that. Then I just disabled it.
I used IDA Pro to find the needed function and then changed the value with a hex-editor.

So the next step was to disable the files check. I spent more time for my experiment to define the needed place to change the value. Once you open a plugin file it's being checked if its MD5 checksum corresponds to the one stored in the device. Actually the MD5 checksum seems to be the product key being represented in a different way on system screen.
I could easily find the needed place to be changed (thanks god manufacturers give appropriate names for their functions).
So just find the function
and just hack it

It worked, but it seems my avos can't get access to flash because after I perform a reboot no plugins appear to be unlocked.
So I decided to load flashrw.ko module before starting my own avos. Now after opening a plugin file it again says "Bad update file". So it seems I will have to spend more time. Update will be posted later.
There's some interesting stuff I could find inside avos. Among cinema and videopodcast plugins I could find some more plugins:
1) DebugInfo - it uses some file to store debug info
2) FriendlyName - I don't know what it is, but some Video_Stop functions refers to it
3) Cplus - Have no idea about it
4) ScreenDumper - Probably helps to take screenshots
5) TestVCPOff - Probably has something to do with the Viterbi-decoder coprocessor. From Texas Instruments' docs: Channel decoding of voice and low bit-rate data channels found in third generation (3G) cellular standards requires decoding of convolutional encoded data.The Viterbi-decoder coprocessor (VCP) in some of the digital signal processors of the TMS320C6000 DSP family has beendesigned to perform this operation for IS2000 and 3GPP wireless standards.

Of course, there would be no problem unlocking them, but my avos is not functioning properly until I load it correctly, so the only way to use the plugins in a full way (now) is to unlock them in the flash chip. The only plugins I can unlock in flash (for now) are just cinema and videopodcast. To be continued...

Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 1 post ] 

All times are UTC+01:00

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Limited