I have successfully changed the 'Digital Check' flag....
cli is modified to take any username and password, then
'upgrade set flag n' (n 0-4?) sets it.
'upgrade get flag' gets it.
equipcmd is modified to take out 'CmdEnableCheck', and this has
'equipcmd disbootfrom' which displays main or 'salve', and
'equipcmd setbootfrom SLAVESS' which changes it to slave image.
When the set command is run in gdb, it reads the 16k of flash which contains the boot flag at offset 0x3000 - this is how i confirmed it actually changed.
Once I had confirmed it had actually changed, and re-checked the CFE code where a value of '2' produces a print of 'SIGN NONE CHECK', a I was supremely confident...
I tested change to '1' and reboot, and it changed back to '0' (for '1', CFE seems would say 'SIGN FIR CHK.' (first?).
I tested change to '2' and reboot, and it stayed at '2'.
Even more confident now, I set it to use the SLAVESS. On reboot, it reported it was using main again...
Then, the fatal blow. I remounted the rootfs rw
mount -o remount,rw /
then i copied a file into bin, and rebooted.
Now i have a lovely red light, and a web page inviting me to supply an upgrade file....
My only saving grace is that MAYBE mine will take an unsigned upgrade file
... I have the flash image, so I could investigate the DG source's image file creation, and see if I can make something that works... but....
mod to cli is:
change 0x39cd to 40->00
change 0x39e5 to 40-?00
mod to equipcmd is:
change 0x190 1044->0000
change 0x1906 027e->0000
So, experiment,
but don't change the FS unless you are even more sure than me!!!We need a mips simulator running the CFE before we do this again... I think we are going to need to change the CFE, which also means we'll need to re-write the jffs2 completely as the CFE boot part only looks for the first jffs2 reference to cfe.
