Hi, MsTiFtS wrote: > > I got my nano 2G 8GB about a week ago and since then have been quite > busy playing around with it. > For instance I removed the AUPD and RSRC file from the firmware > partition, relocated a bunch of stuff (even the directory structure IS > relocatable, the pointer in the first block IS still used, although > somebody keeps telling the contrary, I think I read that somewhere in > the iPL wiki), shrunk down my firmware partition to ~6MiB and > repartitioned the whole thing to make about 124MiB more space for music. > Since then, my nano reboots every time I remove it from my PC, so the > auto-update reboot is probably triggered by writing something to the > first 94MiB of flash.
This is extremely interesting to me. Actually, how far can you push the modifications you do. Did you ever have an 'invalid firmware' on which you cannot boot ? And what kind of modifications are definitevely NOT allowed. I really would like to understand which parts of the firmware is CRCed, where is located the CRC and how is computed the CRC. It would help to inject some code in it. As far as I know from my own investigations, the filesystem is totally free of CRC. You can modify it at will (thus make it smaller), but the binaries part is highly kept secured. But I might have missed something !!! > By the way, the backlight is turned on as one of the last things during > bootup, the OSOS is doing a lot of other work before turning it on. So > the firmware loading and decryption may need at most around 10 seconds. > I found that out by making my nano reboot in an endless loop because of > a stale iTunesDB (master playlist without master bit set), which > happened by accident during the development of an iTunesDB modification > tool. > I meanwhile have managed to write a pretty stable Java implementation of > such a thing, allowing me to do some peeks and pokes on the DB. (But > it's really ugly code) If it's working, you should ship it ! ;) It could be a good basis for the work of others. We can offer you a branch in you SVN (http://svn.gna.org/viewcvs/linux4nano/trunk/). > Just in case you have any questions on the iTunesDB or firmware > partition layout/relocation thing, feel free to ask me. > If you should manage to get your fingers on some other corrupted > iTunesDBs that cause nanos to do strange things, just send them over and > I'll have a look what's going on with them and how one could possibly > exploit it. Unfortunately, I'm a bit overwhelmed with work now... but your stuff is definitely interesting ! Regards -- Emmanuel Fleury I am not a vegetarian because I love animals; I am a vegetarian because I hate plants. -- A. Whitney Brown _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
