I have the 605, but I am having issues building the toolchain, etc. I will also be the first to admit I am a little out of my depth in throwing together a cross compiled un-signed kernel module... I will do some tinkering this afternoon.grond wrote:Somebody should make sure. I haven't got a 605...We suspect only signed modules can be insmod'ed into the kernel, though we aren't sure.
I just wonder with the anti-hacking developer how much he/she suspected that we would never get root. The fact that the non-signed cramfs stuff can be loaded by the OS is a good sign.
The rootfs.cramfs.secure contains the exact same file structure. When you refer to the hidden second partition, what are you talking about? /dev/hda2? Everything there is accounted for.grond wrote:Hm, since linuxrc is used for init IIRC and it resides somewhere on the harddisk, the kernel should mount / during kernel init. Not sure whether this leaves a trace in dmesg but it probably should.
Edit: nonsense. On the PMA the linuxrc was in the cramfs which was loaded to RAM by the bootloader before the kernel init was started. So the kernel found its root device at a predefined (at compile time) place in RAM. Not sure how it is done in the 605. Perhaps the hidden second partition is used as /
Now looking at mount, I see that / is /dev/ram0. I did a dd of /dev/ram0. It is essentially the same exact thing as rootfs.cramfs.secure, except it is stripped of it signature. I did a cramfsck against it and the only thing it complains about is that the file extends past the end of the filesystem. The rootfs.cramfs.secure is a 16m file and the ram0.dump is a 20m file.
So again, something, somewhere is reading the rootfs.cramfs.secure into a ram disk and mounting it. Everytime I go to my dmesg, I have overwritten the startup. I am curious how the one guy got a whole dump of his startup.