I have to get back to work this week and will be taking my device with me and be away from home, this means I won't get much time. One thought I had, which I may get a chance to try, is when relaunches avos_helper.sh is to redirect the output to files. There is a HECK of a lot of interesting strings...

This is simple to do since /opt is simple to mount rw. Once avos is running. If you try to start or restart avos with /opt mounted, you run into issues. Though it is a bit easier then swapping out the whole root. So where's everyone disappeared to today? I was out all day, expected to see hundreds ...

Ok, I got netstat (via busybox) compiled and running on my device. I am seeing the following stuff. Anything "exploitable"? tcp 0 0 *:49152 *:* LISTEN tcp 0 0 *:49153 *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 10.222.222.13:ssh 10.222.222.6:51422 ESTABLISHED udp 0 0 localhost:1031 *:* udp 0 0 local...

impressive work kitsonk! Did you try iwconfig & ifconfig commands to get the wireless back up without going to standby? (the kmodule might just need reloading)) Nope I didn't try that, maybe next time... It seems to be something with avos getting disconnected from the wpa_supplicant. It might be be...

For me, all I want is Ogg Vorbis support. A simple request, one I am even willing to pay for. That is my simple motivation. So if Archos is watching, you could easily solve this problem for me. Also very helpful would be an exploit to start your scripts without need to find an access point and there...

Ok, I sucessfully got a replacement root file system. I had to do it in two stages, which I think grond might be right in that there is another way to set off a watching process to do the rest of the dirty work. So this is essentially what I did: Took the rootfs.cramfs.secure and stripped it of it s...

Also note that /dev/loop0 get freed when you umount /opt, so opt can just be remounted on the same loop device (Note though that /opt can't be umounted while the smbpasswd screen is active, so putting that bit in an initialising script using GFT hack may be tricky (a forced umount might work, but t...

ok so best way to add more loop devices shoud be (limited to 8): mkdir -p /mnt/system/newroot cp -a /dev /mnt/system/newroot mount /mnt/system/newroot/dev /dev -o bind then mknod /dev/loop2 b 7 2 and so on... of course make this match your new root fs ok... now I have a loop2 that is part of my new...

why do u need more than 8 loop devices ? 1 additional is enough.... and then use things like mount /mnt/system/newroot/opt /opt -o bind to add things where u want... There aren't actually 8 in /dev... there is only two created. I am not sure how to add more, though the kernel supports 8. Someone in...

restarting avos is very easy jst following what I told in that forums some times ago... just replacing the /sbin/reboot script by a script that does restart avos... when this is done just killall -9 avos... and avos will restart without rebooting... you have to shutdown some stuff.. (ifconfig eth0 ...

Wonderful news!!!!!!! I was able to swap roots on the device without a reboot!!!!! So, this is what I did: Created an new rootfs.ext3 Extracted the rootfs.cramfs.secure into it Added the new things from my buildroot (mainly chroot, vi, fdisk for now) Copied the new rootfs.ext3 to the device Created ...

Ok... I have gotten a little bit further, but doing this through ssh is a bit of a pain, because things don't quite move over right with pivot_root. I am going to have to do this through a shell script that "hopefully" will keep running after the pivot_root to finish off everything. Right now sshd s...

You should be able to loop mount it. The 605 (at least in my ancient 1.3.04) has support for 8 loop mounts. mount -o loop /path/to/file /path/to/mountpoint Btw, that is something else they seem to be cleaning up. I noticed it yesterday when trying to re-root myself, there is only loop0 and loop1 in...

Wouldn't it be better to convert to ext3, cramfs is read-only. What edit did you apply to the busybox config to get vi? Ok, I don't know how (yet) to mount an ext3 from a file. We don't have a spare partition and don't have sufficient free RAM to create another ram disk. I will look into some way o...

Ok, I think I have a way forward in part... I am going to bed, but this is where I have gotten and will pick up tomorrow. I compiled the "buildroot". I modified the busybox config to contain a couple of things not present in the build right now. First was "vi" just because I can't do without it, sec...

I was poking through http://download.intel.com/design/flcomp/datashts/31474904.pdf and there's two lock modes. They might just be doing a regular lock there instead of a lock down. Is the source available to read? Sorry, no... It is part of the proprietary modules that are not released under the GP...

Ok... Got my buildroot to compile, mounted the cramfs and tried to insert one of the modules: # insmod /mnt/data/Data/new_root/lib/modules/msp430cam.ko insmod: error inserting '/mnt/data/Data/new_root/lib/modules/msp430cam.ko': -1 Operation not permitted And I got the following in dmesg: An attempt ...

Just some other information: # modinfo flashrw.ko filename: flashrw.ko alias: char-major-10-243 license: Proprietary description: Secure Flash Driver for the Archos AVx04.series author: Honore Sossougah depends: vermagic: 2.6.10_mvl402 ARMv5 gcc-3.4 Could you make a "strings flashrw.ko" and see if ...

Just some other information: # modinfo flashrw.ko filename: flashrw.ko alias: char-major-10-243 license: Proprietary description: Secure Flash Driver for the Archos AVx04.series author: Honore Sossougah depends: vermagic: 2.6.10_mvl402 ARMv5 gcc-3.4 # modinfo keystore.ko filename: keystore.ko alias:...

We suspect only signed modules can be insmod'ed into the kernel, though we aren't sure. Somebody should make sure. I haven't got a 605... I have the 605, but I am having issues building the toolchain, etc. I will also be the first to admit I am a little out of my depth in throwing together a cross ...