704 hacking info+DOWNGRADE 704 WIFI TO 1.7.16
Page 1 of 1

Author:  Remdale [ Sun Nov 13, 2016 2:03 am ]
Post subject:  704 hacking info+DOWNGRADE 704 WIFI TO 1.7.16

I'm working on unlocking the plugins for 704. I'm not well at programming, but will try do all my best doing that. Where to start from?
I have plugins for my 504 and I want to use them for 704. What is needed to run them? The suitable product ID. I hope this is the only thing needed for running the plugins. So how to change the product ID? We need to boot up with the suitable HD serial number. But we have to get rid of the lock down function. There are many owners who have their devices with latest firmware which disables GFT hack. This link shows the firmware versions where GFT doesn't work.
I probably defined that 1.7.16 has a HD lockdown ability as 704TV does at 1.7.17.
I enabled a scrollbar in Opera with getting the symlink method of access to the Opera directory. Just replaced the original opera.ini with the changed one.
Also I found some interesting stuff in etc\init.d\S20modules
#! /bin/sh


load_sdio_modules ()
   if [ -e /mnt/data/a704wifi.txt ] ; then
      tmp=`cat /mnt/data/a704wifi.txt`
      if [ "$tmp" = "sdio" ] ; then
         let hw_id=$boards_rev_sdio
         let hw_id=0
      let hw_id=`cat /sys/devices/system/cpld_io/cpld_io0/hardware_id`
   if [ $hw_id -ge $boards_rev_sdio ] ; then
      insmod /lib/modules/sdio-core.ko
      insmod /lib/modules/sdio_dma_davinci.ko
      insmod /lib/modules/sdio_host_davinci.ko

and so on

It means if the file a704wifi.txt containing the "sdio" string exists, then sdio-core.ko, sdio_dma_davinci.ko and sdio_host_davinci.ko modules will be installed. SDIO must be Secure Digital I/O. But what are they for? I created the file a704wifi.txt and inserted the sdio string. After reboot nothing special happened. If you change the contents of that file to other than "sdio", then you cannot activate wifi. It ends up with Wifi Error message. I tried to execute a command from the file, but no luck.
So I need the firmware before 1.7.53 to use GFT. If anyone has one of older firmware versions, please share its hidden partition image.
I will be looking forward for searching for 704 with the initial OS 1.7.08. I should find out if it has a lockdown function. But I think it does, since it was released after 504/604/404 firmware with the lockdown function.

I also tried to hot-swap the drive while the booting process. It didn't help to get another Product ID to use the plugins from 504. After pressing the power button, the boot begins with checking the info about the hard disk. It happens during 2 blinks of the red HDD LED. The third blink means mounting optfs and rootfs and maybe something else. Before the third blink you can quickly replace the hard drive with another one only if the latter contains the and from the same 704 WIFI or TV. Otherwise the error message appears.
So it seems that product ID is being generated basing on the SN being located in RAM after the boot. So to change the product ID I will have to edit RAM or find the file that is responsible for system info. I believe if I edit the firmware version number somewhere in settings, then downgrade would be possible.

I got my 704WIFI with 1.7.05 installed. It's even earlier than "initial OS" 1.7.08. After scanning its hard disk for removed files, I couldn't find the firmware file. It seems its previous owner has deleted it completely.
I created an image of hidden partition. Moved it into another hard drive of my second 704 with firmware 1.7.53. Then started it. Checked if it was 1.7.05 and then started a downgrade procedure with 1.7.16 firmware file, because I don't have anything earlier. If someone has 1.7.10 firmware file, please share. Thus I upgraded the OS on the HD, but downgraded the bootloader. It was not really necessary, except for the case when you will have to reinstall the OS with 1.7.16 firmware from recovery menu.
I checked if that 1.7.05 devices has a HD lockdown. Yes, it does. It seems Archos has implemented the HD lockdown feature even before creating 704.
But anyways, this firmware version is important for starting Qtopia and running GFT-way code.
Take out the hard drive and connect it directly to PC through ide adaptor.
Run "HD Clone"(link below)->Restore partition->choose the folder where 1.7.05 image is located: first click on the needed drive from the left panel. Then using the right panel go to the folder with the needed image folder and click on it-> click Next (if the button is not active, it means you didn't choose the image)->in the next window "Target partition" click "Show all partitions" to uncover the hidden partition->find the hard drive of your Archos and click on the smaller partition called "unnamed". Its size has to be around 97MB->click Next->Start->Start copying->(Waiting)->Automatically->Quite HDClone.
Place the hard drive back into Archos and start it. Choose "repair" if recovery menu appears. Then use 1.7.16 firmware file (rename it to a704wifi.aos) to downgrade the bootloader. You're DONE!
HD Clone - 1.7.05 image
a704wifi(1.7.16).aos - 1.7.16 fimware file
I changed the link to the clonning program because I've got a notification from 4shared admin that I posted a copyrighted material. How to unpack the program: main archive file (password: ☤ﮝﻻ⋩ﻛԷ따덕ڦ㏶쳥) contains another archive file called (password: ☃✧〠Ⓙ〶✰ǬⓆ). Unpack the file Reports.rar from and change its extension to exe. Then run it to install the program. If those passwords don't work just let me know.

Now, my idea is to change the product id to run plugin files from different GEN4 devices. It's being generated during the boot process and stored somewhere (maybe it's /sys/devices/system/cpld_io/cpld_io0/product_id or /sys/devices/system/cpld_io/cpld_io0/hardware_id). I tried to copy those files with the symlink technique, but no luck. It seems I have to be root. So I will try to copy them with GFT. To be continued...

Page 1 of 1 All times are UTC+01:00
Powered by phpBB® Forum Software © phpBB Limited