NeMesiS FlashKit (TSOP Flasher)

Discussion about Modding the XBOX, including hardware and software hacks.
User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

NeMesiS FlashKit (TSOP Flasher)

Post by NeMesiS »

My knowledge of Linux has much improved over the past 3 months.
I thought I'd revisit this project to put my new skill set to good use.
I'm hoping to make some dramatic improvements, starting with Raincoat.

Lately I've been experimenting with;
"007 TSOP Flash Kit v1.0 alpha 6" by modrobert@eurasia.nu
A TSOP flash kit based on Linux and raincoat 0.5 by andy@warmcat.com.
http://www.eurasia.nu/modules.php?name= ... le&sid=160
And I find myself in a similiar position as "Professor Jonny":
As mentioned previously in "NeMesiS TSOP Flasher & Auto Installer 3.0" Post
http://www.xbmc4xbox.org.uk/forum/viewt ... =13&t=3862
professor_jonny wrote: I made custom initrd there is a post on here somewhere, it might of been on the old forum. It has the ability to load a Linux bash script from outside the initial ramdisk stored on the xbox hdd. The cleaver thing you could copy on another script and customize a flash tool that could be used as an auto installer and supported windbond chips. It did bios file size verification on startup and did selection using a keyboard or controller for input as I patched in drivers for the controller to map buttons to keys on the keyboard. Only problem is that I did not or could not figure out how to compile busy box and patch it in the initrd I messed with different built tools and finally gave up. The raincoat flasher disk busybox build was rather stripped down did not have all the Linux commands to do file verification checks so I remed the lines hoping someone would follow on from my attempts.

I used it several times to do windbond flashing booting Linux and loading bios images off hdd. the initrd you have to have the image under 4 or 8 mb I think because of available ram and I could not fit all the bios images and scripting to do a complete flash tool and I wanted to make it simple and small.

here is the link: http://www.xbmc4xbox.org.uk/forum/viewt ... 942#p13942

it brought up a little text menu and psarsed on the selection to raincoat flasher. I used file to disk on the pc to mount the initrd as a disk then ran a emulator on windows of a Ubuntu install. I had to do it this way for netbsd socket emulation as I had a winmodem and it did not work under Linux.
I've also linked the linuxrc to an external script and implemented bios size verification.
Instead of having to select the bios size manually, my script will flash the appropriate bios size
accordling to the detected flash type, which are read from raincoat.cfg file (151 flashtypes).
"modrobert" compiled Raincoat0.5+ for me which increased read flashtypes from 31 to 1024.
Having a limited initrd image size of 4mb, it made it difficult to import additional binaries.
However I was able to symlink binaries stored on xbox hd to the initrd image.
I acquired binaries like unrar, awk and stat from Resctoox...
I was also able to adapt busybox-1.00 from Resctoox, however it had been compiled
in a way that it would not load the linuxrc script but a load a terminal screen awaiting input.
Like so: "Gentoox:> _ "

My objective is compile a completely automated TSOP flasher, requiring little to no input.
I would like to update busybox and other functional binaries to extend the TSOP Flashers abilities.
But it would be nice to have all the improvements contained on a single image...
I would firstly need an alternative loader to work from such as Gentoox (Resctoox) Loader or XblastOS.
Being unable to locate a download for XblastOS in the usuall places, I then moved onto Resctoox.
I noticed its running a slightly updated kernel (2.4.32) which supports a 26mb initrd image (approx 8mb after gzip)
But is there a way to make Gentoox Loader to boot my initrd image and in turn run my linuxrc script without any input?
User avatar
professor_jonny
Posts: 1296
Joined: Thu Jul 05, 2012 5:41 am
Location: New Zealand
Has thanked: 66 times
Been thanked: 196 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by professor_jonny »

linuxboot.cfg ?

below is linuxboot.cfg from chimp is that what you want to do I don't really see what you mean?

inside the initrd the linuxrc script you can use to call your external script but because it is on fatx you will have to use the below to call it as you cant set the execute bit:

if you fit your code all inside the linuxrc script you don't need to do that I only did it that way as I wanted to be able to edit the script with out mounting the initrd all the time and stuffing around in telnet from my pc.

you could use xboxdrv and use the controller for input like I attempted.

Code: Select all

/bin/bash 

Code: Select all

kernel /utils/chimp2618/linux265
initrd /utils/chimp2618/initrd.gz
append root=/dev/ram0 init=/linuxrc video=xbox:640x480 quiet kbd-reset
User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by NeMesiS »

Yea, got the external script working fine and for the same reason,
being able to edit script easily without having to mount initrd image.
I followed your example from your post you had previously referred me to.
Definitely consider using xboxdrv... I wasn't quite referring to the linuxboot.cfg,
However "chimp" was the answer I was looking for, Thanks!

The two kernels on chimp got my attention. (linux24 & linux26)
Where the numbers correspond with the kernel version (2.4 & 2.6)
These kernels happen to work with the .xbe and initrd from "flashkit alpha".
To a point anyways... linuxrc script runs up until mounting the fatx partition.

Code: Select all

...
#Variables
MNTDIR=/mnt/xbox
APPDIR=/mnt/xbox/apps/raincoat
HDDEV=/dev/discs/disc0/part50

#Mount FatX
mount -t fatx -o rw $HDDEV $MNTDIR*
cd $APPDIR**
...
* I dont get any error notifications when mounting
** It fails when trying to go to $APPDIR directory "No such directory" or so...
It would be nice to be able to update the kernel to 2.6, wouldnt be able to compile one myself otherwise...
User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by NeMesiS »

Rocky5 wrote:In my opinion the best tool to flash TSOPS is, Gentoox loader v1.6 or XBLAST OS (based of Gentoox loader)
They flash all known TSOPS.
also the source is available so you can change it to boot straight to the bios flasher & flash a bios automatically.
That way you can use UnleashX to copy the bios & launch the flasher in one press of the (A) button.
I agree with you but at the end of the day their all using the same binary "Raincoat"
I will be definitely be using UnleashX for the AutoInstaller but I'm not sure if it will be necessary for the exploit as yet.
User avatar
professor_jonny
Posts: 1296
Joined: Thu Jul 05, 2012 5:41 am
Location: New Zealand
Has thanked: 66 times
Been thanked: 196 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by professor_jonny »

NeMesiS wrote:
* I dont get any error notifications when mounting
** It fails when trying to go to $APPDIR directory "No such directory" or so...
It would be nice to be able to update the kernel to 2.6, wouldnt be able to compile one myself otherwise...
Did you create a path somewhere to mount the xbox hdd/partition?
that will cause it to fail:

Code: Select all

# Make folders for mountpoints
mkdir -p /cdrom /ram /proc /mnt/xbox
# done
you could also try this to list the mount points to see it it worked:

Code: Select all

mount -l -t fatx
or verbrose mode ?

Code: Select all

 mount [b]-v[/b] -t fatx -o rw $MASTERHDDEPARTITION $XBOXMOUNTPATH 
User avatar
Rocky5
Posts: 974
Joined: Sat Feb 08, 2014 5:27 am
Has thanked: 101 times
Been thanked: 257 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by Rocky5 »

NeMesiS wrote:
Rocky5 wrote:In my opinion the best tool to flash TSOPS is, Gentoox loader v1.6 or XBLAST OS (based of Gentoox loader)
They flash all known TSOPS.
also the source is available so you can change it to boot straight to the bios flasher & flash a bios automatically.
That way you can use UnleashX to copy the bios & launch the flasher in one press of the (A) button.
I agree with you but at the end of the day their all using the same binary "Raincoat"
I will be definitely be using UnleashX for the AutoInstaller but I'm not sure if it will be necessary for the exploit as yet.
The difference from using the Linux raincoat & Gentoox loader, is you only need the Gentoox xbe file & if you edit the source & compile it (bennydiamond/psyko_chewbacca, released a VHD image of his Linux setup to compile XBlast OS) you can have it boot & flash a bios automatically, with zero user input.

So no faffing about with Linux on the Xbox.

AFAIK raincoat doesn't auto resizes the bios files, Gentoox loader does.
Download Xbox Softmodding Tool & Extras Disc
XBMC4Kids Mod


Xbox Gamertag = Connxtion
PSN ID = JCRocky5
User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by NeMesiS »

I've made some progress...
To see what was happening with linuxrc I added some sleep commands here and there.
It aided me to discover that modules were not being loaded by the new 2.6 kernel.
I quickly realised I had to rename lib kernel folder to /mnt /initrd/lib/modules/2.6.18 from 2.4.xx-xbox
This now gave me a new error message "insmod: QM_MODULES function not implemented"
Google search revealed that I needed to update "insmod" binary... I downloaded:
https://www.kernel.org/pub/linux/utils/ ... 1.i386.rpm
Now I get: "libc.so.6 not found, version GLIBC_2.3 required by insmod"...
I checked the current file by: strings /mnt/initrd/lib/libc.so.6 | grep GLIBC
Which gave me a result of versions "GLIBC_2.0" through to "GLIBC_2.2.5"

I'm not sure as to where to acquire this libc.so.6 GLIBC_2.3 file from.
I found a source but I wouldn't know how to compile it: http://gnu.uberglobalmirror.com/libc/
Maybe I could use a older version of insmod which would work with current libc.so.6 GLIBC_2.2.5
I'm not really sure as to what to do next...

Rocky5 wrote:So no faffing about with Linux on the Xbox.
AFAIK raincoat doesn't auto resizes the bios files, Gentoox loader does.
I enjoy playing around with Linux... I enjoy learning new things...
I hope you understand, otherwise I wouldn't be doing these sorts of things.
But how does Gentoox actually implement the resize?
User avatar
Rocky5
Posts: 974
Joined: Sat Feb 08, 2014 5:27 am
Has thanked: 101 times
Been thanked: 257 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by Rocky5 »

NeMesiS wrote:
Rocky5 wrote:So no faffing about with Linux on the Xbox.
AFAIK raincoat doesn't auto resizes the bios files, Gentoox loader does.
I enjoy playing around with Linux... I enjoy learning new things...
I hope you understand, otherwise I wouldn't be doing these sorts of things.
But how does Gentoox actually implement the resize?
Well technically it doesn't resize, it just writes the file multiple times, so 512kb writes it twice & 256kb 4 times eg....
Download Xbox Softmodding Tool & Extras Disc
XBMC4Kids Mod


Xbox Gamertag = Connxtion
PSN ID = JCRocky5
User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by NeMesiS »

I've made some more progress... kinda...
I remembered that I downloaded a 32bit Kali Linux earlier this year...
So I burnt the image and managed to find libc.so.6 which supported GLIBC_2.3
Then error message stated that libc.so.6 required ld-linux.so.2, so...
I updated that too and libdl.so.2 while I was at it. By now I've replaced most of the lib
Now whilst trying to load modules I get the following error messaged:

FATAL: kernel too old
Kernel Panic - not syncing
Attempting to kill init

It's not the kernel panic that worries me but "kernel too old" really?
So I'm assuming I need to downgrade either insmod or the lib...
Rocky5 wrote:Well technically it doesn't resize, it just writes the file multiple times, so 512kb writes it twice & 256kb 4 times eg....
Couldn't either of the following work to resize the BIOS using Linux?
cat 256kbios.bin 256kbios.bin >512kbios.bin
cat 256kbios.bin 256kbios.bin 256kbios.bin 256kbios.bin >1024kbios.bin
User avatar
professor_jonny
Posts: 1296
Joined: Thu Jul 05, 2012 5:41 am
Location: New Zealand
Has thanked: 66 times
Been thanked: 196 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by professor_jonny »

NeMesiS wrote: Couldn't either of the following work to resize the BIOS using Linux?
cat 256kbios.bin 256kbios.bin >512kbios.bin
cat 256kbios.bin 256kbios.bin 256kbios.bin 256kbios.bin >1024kbios.bin
yip :-)

just remember some bioses cant go the other way.

There was someone that started work on a new kernel on the xbox over at emu xtras, but yes you must downgrade or rebuild the libarys with support for the old kernel but it is a lot of work I think alsa and a few other modules need to be reworked.
User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by NeMesiS »

I figured out that the first lib files I tried where compiled from GLIBC_2.13 and would not work with kernel 2.6.18
I managed to find a old torrent for Backtrack5 and found GLIBC_2.11.1 lib files, which seem to work.
Again I got "insmod: QM_MODULES: Function not implemented" I again replaced insmod with one from Backtrack.
I feel as I am getting somewhere but I am also hoping that its not going to be all in vain...
Once more I loaded Linux on the xbox and received yet another new error message:
"insmod: can't read "modfile": No such file or directory" ...
I corrected directories to modfiles in modules.dep to correspond with new kernel, still no luck...
I will go over my changes on modules.dep maybe I've over looked something...

Modules I'm trying to load are: fat.o, fatx.o, i2c-core.o, i2c-dev.o, i2c-proc.o & i2c-xbox.o
I'm not to sure what the i2c modules are about but the fat modules are necessary to mount the xbox hd.
professor_jonny wrote:just remember some bioses cant go the other way.
Yea like that X2 512k BIOS, whatever its called...
How would you down size, with "split" command?
ldotsfan
Posts: 49
Joined: Sun Jul 08, 2012 1:47 pm
Has thanked: 1 time
Been thanked: 24 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by ldotsfan »

http://sourceforge.net/projects/xboxhdm ... /Kernel26/
http://sourceforge.net/projects/xboxhdm2/files/X-DSL/
That's all the file dumps of my work with xbox kernel in various versions: 2.4 and 2.6

You cannot mix and match files from different places and expect them to work. Kernel expects a certain version of libc and vice versa. Statically built binaries with all dependencies are another way to go. 2.6.18's FATX is broken if I remember right.

chimp2618 executables are compressed with UPX. http://upx.sourceforge.net/ as some of them are too big. You should also look at busybox if you need more functions in 1 executable.

Good luck
Ldotsfan :)
User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by NeMesiS »

ldotsfan wrote:http://sourceforge.net/projects/xboxhdm ... /Kernel26/
http://sourceforge.net/projects/xboxhdm2/files/X-DSL/
That's all the file dumps of my work with xbox kernel in various versions: 2.4 and 2.6
Awesome, thanks...
ldotsfan wrote:You cannot mix and match files from different places and expect them to work. Kernel expects a certain version of libc and vice versa. Statically built binaries with all dependencies are another way to go.
I never expecting things to work, just hoped they did...
And I've never compiled anything before, guess I was trying to avoid the inevitable.
ldotsfan wrote:2.6.18's FATX is broken if I remember right.
Are you referring to the 2.6 kernel from chimp?
Just your download says"linux-2.6.18.withfatx.tar.bz2", confusion.
ldotsfan wrote:You should also look at busybox if you need more functions in 1 executable.
Yes, I've already considered busybox but wouldn't I compile busybox dynamically?
I've checked out menuconfig from busybox-1.23.2... Is there anything specifically I need to remember whilst compiling?
For example do "CFLAGS=-m32" or is that only when compiling 32bit binary from 64bit system?
User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by NeMesiS »

Managed make a quick compile of busybox, it was alot easier than I had expected.
Used the 32bit live linux cd I burnt earlier and installed "ncurses-dev"

Code: Select all

BusyBox v1.23.2 (2015-08-19 06:50:17 UTC) multi-call binary.

Currently defined functions:
	[, [[, ash, awk, basename, bunzip2, bzcat, bzip2, cat, chmod, chroot,
	clear, cmp, cp, cut, date, depmod, df, dirname, dmesg, du, env, expr,
	false, find, free, freeramdisk, grep, gunzip, gzip, halt, head, hostid,
	id, init, insmod, klogd, linuxrc, ln, loadkmap, logger, ls, lsmod,
	mkdir, mknod, mktemp, modinfo, modprobe, more, mount, mv, pidof,
	pivot_root, poweroff, printf, ps, reboot, rm, rmdir, rmmod, sed, sh,
	sleep, sort, split, stat, sync, syslogd, tail, tar, test, true, tty,
	umount, uname, uniq, unzip, vi, wc, which, xargs, yes, zcat
User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by NeMesiS »

I was able to direct insmod to the correct directory.
However these modules are not compatible with the 2.6.18 kernel
In my efforts to find a solution I came across fatx-1.9:

https://aur.archlinux.org/packages/fatx/
- mkfs.fatx to create a new fatx filesystem
- fsck.fatx to check a fatx filesystem
- unrm.fatx to try to recover deleted files
- label.fatx to display or change fatx filesystem label
- fusefatx* to mount a fatx filesystem with fuse
*Could this be the answer to my problem?

I compiled the binary after installing "libboost-dev"
Just not exactly sure how to mount a partition as yet...

Code: Select all

fusefatx --help
Usage: fusefatx [options] device mountpoint:
  -h [ --help ]                produce help message
  --version                    produce version number
  -v [ --verbose ]             verbose output
  -i [ --input ] arg           set input device/file
  --offset arg                 force partition offset
  --size arg                   force partition size
  -p [ --partition ] arg (=x2) select partition:
                               "sc" for system cache,
                               "gc" for game cache,
                               "cp" for content partition,
                               "x1" for xbox 1,
                               "x2" for xbox 2 (default)
  -m [ --mount ] arg           set mountpoint
  -r [ --recover ]             mount with deleted files
  -o [ --option ] arg          mount options
  -c [ --cutname ]             enable use of long names
  -d [ --debug ]               enable debug output (implies -f)
  -f [ --foregrd ]             foreground operation
  -s [ --singlethr ]           fuse on single thread
  --uid arg                    sets uid of the filesystem
  --gid arg                    sets gid of the filesystem
  --mask arg                   sets mask for entries modes
  -t [ --test ]                test mode, no modification done
  --nodate                     dates of deleted files don't care
  --nolost                     don't care of lost chains
ldotsfan
Posts: 49
Joined: Sun Jul 08, 2012 1:47 pm
Has thanked: 1 time
Been thanked: 24 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by ldotsfan »

That's FATX for xbox 360. or XTAF.

The differences are more than endianness in the code. So that's a dead end.
Ldotsfan :)
ldotsfan
Posts: 49
Joined: Sun Jul 08, 2012 1:47 pm
Has thanked: 1 time
Been thanked: 24 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by ldotsfan »

NeMesiS wrote:[
Are you referring to the 2.6 kernel from chimp?
Just your download says"linux-2.6.18.withfatx.tar.bz2", confusion.
Reading might work but writing FATX is broken, chimp2618 doesn't use this kernel feature so it wasn't tested much
Ldotsfan :)
User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by NeMesiS »

Damn...
is there any hope of getting fatx to work with 2.6 kernel?
whats stopping insmod from loading the module?


Anyways, I thought I go back and give kernel 2.4 a go.
In order update busybox it requires glibc 2.3.4
I got glibc 2.3.6 and it fails to compile because of "as & ld" being too new
I'm not sure how to work around this...
ldotsfan
Posts: 49
Joined: Sun Jul 08, 2012 1:47 pm
Has thanked: 1 time
Been thanked: 24 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by ldotsfan »

Use virtualbox/qemu/vmware to run any old linux distro to compile stuff. (EASY)

OR

Use chroot , debootstrap and snapshot.debian.org to travel back in time to any past version of Debian (DIFFICULT).

The code for 2.6 FATX was never finished so 2.4 is a better bet.
Ldotsfan :)
User avatar
NeMesiS
Posts: 188
Joined: Sun May 10, 2015 3:56 am
Location: Melbourne
Has thanked: 1 time
Been thanked: 12 times

Re: NeMesiS FlashKit (TSOP Flasher)

Post by NeMesiS »

ldotsfan wrote:Use virtualbox/qemu/vmware to run any old linux distro to compile stuff. (EASY)
I already tried an old distro but obviously wasnt old enough
I'm still fairy new to linux but managing quite well with it, but
is there any old distro in particular you could recommend that may work?
Thanks in advance...
Post Reply