Page 10 of 26 FirstFirst ... 8910111220 ... LastLast
Results 91 to 100 of 260

Thread: Hacking Express gate (Asus Splashtop)

  1. #91
    Join Date
    Apr 2009
    Posts
    14

    Default

    Hi,
    I managed to start my own linux system from ExpressGate with the kexec program and it works without problems. I just compiled a statically linked kexec (because I have no SDK and the executable I tried didn't work) and put it into a bs-aaa_kexec.sqx. The "aaa" makes shure that it is loaded first after the kernel. Then I copied my kernel and initrd file to a folder on the NTFS partition and executed following commands:

    Code:
    kexec --load /mnt/dvmdrive_root/linux/vmlinuz --append="root=UUID=XXX ro vga=791 pci=nobios pnpbios=off" --initrd "/mnt/dvmdrive_root/linux/initrd.img --console-vga
    kexec -e
    At first I can not see any output, but after a while my Ubuntu login screen is shown. All in all from power switch to ubuntu login screen it saves me around 10 seconds. Unfortunately a klick on one of the icons on the ExpressGate screen is still necesarry.

    At least a first start...

  2. #92
    Join Date
    Aug 2007
    Posts
    6,613

    Default

    Thats really tricky, never used kexec before.

  3. #93
    Join Date
    Apr 2009
    Posts
    14

    Default

    Me too, but since I installed it on my Ubuntu 9.04 it always restarts by loading the kernel with kexec, which is usually not what I want as I need a real restart when I want to boot into Express Gate...

    Does anybody know how to load a kernel file with a disassembler? It shouldn't be too hard to find out how the CEFULL is loaded and if it can be replaced by a standard linux kernel. This would really be a great thing.

  4. #94
    Join Date
    Aug 2007
    Posts
    6,613

    Default

    I think that ce(_bz) is inside the bios on your system.

  5. #95
    Join Date
    Apr 2009
    Posts
    14

    Default

    I also think that the BIOS part initializes the hardware so far, that it can read and execute the CEFULL bootloader. Which is already pretty much as the file is on a NTFS partition. As the same data can also be executed if you add a header similar to a normal linux kernel I think it should be possible to disassemble and understand it so far, that it can be patched to always start the first menu entry. Maybe this is even possible by changing only the menu file itself (e.g. 00de.bin). I think I will just write an email to them asking for information about the bootloader and the possibility to load an alternative kernel.

  6. #96
    Join Date
    Aug 2007
    Posts
    6,613

    Default

    Try something else: remove all ce* files from hd, i don't think that will matter.

  7. #97
    Join Date
    Apr 2009
    Posts
    14

    Default

    Quote Originally Posted by Kano View Post
    Try something else: remove all ce* files from hd, i don't think that will matter.
    Nope, if I remove CEFULL there is an error message without any graphical menu.

  8. #98
    Join Date
    Aug 2007
    Posts
    6,613

    Default

    Ah, thats interesting. Maybe therefore the restriction that ahci is not allowed. You could try loading ce_bz with another loader and enable ahci. Maybe you could replace cefull by another workload like grub.

  9. #99
    Join Date
    Apr 2009
    Posts
    14

    Default

    Quote Originally Posted by Kano View Post
    Ah, thats interesting. Maybe therefore the restriction that ahci is not allowed. You could try loading ce_bz with another loader and enable ahci. Maybe you could replace cefull by another workload like grub.
    Thats exactly what I would like to do, but that is why I could need some help from a disassembler specialist: If cefull can be loaded with a header from a linux kernel it has to be possible to see what happens when a menu entry is chosen. A first step would be to skip the menu part and directly jump to that position.

    BTW: I think I am getting a feeling of what is included in the menu files *.idx and *.bin: the idx-file holds the indexes of the indexes in the index-table in the corresponding bin-file: 10000010.*

    Code:
    idx@0x00000000: 0x28010000
    bin@0x00000128: 0x3c070000
    bin@0x0000073c: "...../kernel.bin "
    and so on for the rest of the menu entrys and similar for the included gifs.

  10. #100
    Join Date
    Aug 2007
    Posts
    6,613

    Default

    I never analized it that much, i only wrote a script to extract the gifs + replace em with smaller ones. Maybe you saw that too.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •