mei 26, 2016

Changing Karotz Firmware (part two)

Note: messing around with firmware can damage your Karotz, or even brick it (so you cannot use it anymore). If you don't want to take this risk, it is safe to read these instructions, but do not try to execute the commands. I'm not responsible for any damage to your Karotz when you follow these instructions.

In the previous post, I described how to extract the original Karotz Root Filesystem (Rootfs) from Violet/Mindscape to a (virtual) Linux machine, using "cramfsck". We now have a directory called "Karotz-Firmware/firmware" with the original firmware files from the read-only part (i.e. the flash memory) of our Karotz.

We can now change these files on our Linux system. When finished, we want to re-CRAM the files back to an image. We can use this new image to flash our Karotz with our custom firmware. If this succeeds, our Karotz will have a modified Root filesystem and we can make more modifications. This post will describe some of the changes and will give you instructions how to flash the image back to a Karotz running OpenKarotz.

Update Busybox

First, lets make some changes. To start with, we will update Busybox to the latest version. You can find the latest compiled binaries on the Busybox website: https://busybox.net/downloads/binaries/.
We need busybox-armv4tl and the latest version is from October 5, 2015. Download this file.

Rename the downloaded file to "busybox". Replace ./firmware/bin/busybox with this file.
Finally, correct permissions. Right-click on the new Busybox file, select "Permissions". Give the owner "Read and Write", Group and Others "Read-only". Tick the checkbox "Execute". You can also use Terminal and enter the following command in the firmware/bin/ directory:

chmod 755 ./busybox

Add a new root user with username 'karotz'

Next, lets add a user to the password file. This file is located in ./firmware/karotz/etc/ and is called "passwd". Edit this file with the Ubuntu editor. Right-click on the file, choose "open with gedit". Add this line below the "root user" on the first line:

karotz::0:0:Karotz root user:/usr/karotz:/bin/bash

Save the file. The user is added now with username "karotz", and no password. This new user has root permissions, its home directory is /usr/karotz and its default shell is /bin/bash.

Add inetd to startup

We're going to use this new user to login with Telnet and FTP. So we need a Telnet-server and FTP-server to startup during the boot process of our Karotz.
To start a Telnet- and FTP-server we will use inetd, the internet service daemon. We will need to change /karotz/etc/inittab to make sure /sbin/inetd is running and keeps running (respawn). And for inetd to run, it will need a config file: /karotz/etc/inetd.conf

Open /karotz/etc/inittab (right-click, choose "open with gedit"). Add this line below "::respawn:/karotz/bin/power":

::respawn:/sbin/inetd -f /karotz/etc/inetd.conf

This line will make sure inetd is started and keeps running. Save and close the file. After this, lets change the inetd.conf file. It already exists in /karotz/etc. Edit this file using gedit and add these three lines:

21 stream tcp nowait root /bin/busybox ftpd -w /
23 stream tcp nowait root /bin/busybox telnetd -i
80 stream tcp nowait root /bin/busybox httpd -i -c /karotz/etc/httpd.conf -h /usr/www

This will tell inetd to run three servers: an FTP-, Telnet- and Web(HTTP)-server, all as applet of Busybox.

Add necessary changes to run a webserver

The Web-server (that is, the web-server applet of Busybox) will use /usr/www as root directory. That's fine, because OpenKarotz is also using this directory as root for its webserver. The webserver will also need a config file, and we will create a new one in /karotz/etc called httpd.conf. Create this new file (/karotz/etc/httpd.conf) and add these lines:

A:*
I:index.html

This means that the web-server accepts all requests and the default file is index.html.

OpenKarotz is creating a Symbolic Link called "www" to /usr/www in the root of Rootfs. Lets include this in our firmware. You can use Terminal and enter the commands below to create this link in our firmware:

cd ~/Karotz-Firmware/firmware
ln -s /usr/www ./www

Disable auto updates of firmware and enable syslog

As written in the previous post, the firmware of a Karotz contains two parts: Rootfs and Yaffs. When firmware is installed, Rootfs is flashed into NAND memory, Yaffs is installed after this. Yaffs will install a file called "yaffs_start.sh". This file will run on every boot (called from karotz_init.sh, which is called from inittab). In this startup file, there is a check for updates:

[ "$AUTO_UPDATE" = "yes" ] && check_updates

Because there are no Violet/Mindscape update servers anymore, we don't want this to happen. So we edit the file "linuxrc" (located in the root of Rootfs), look for "AUTO_UPDATE=yes" and change it to:

AUTO_UPDATE=no

Below the line "AUTO_UPDATE" you'll see a command that will start the Syslog Deamon. But this will only happen when there is a file called "/etc/conf/enable_syslogd". Lets remove the check for this file so we will always have a syslog. Change this line to:

/sbin/syslogd

Summary

That's it. Until now, we made the following changes:

  • Updated to the latest version of Busybox. 
  • Created a new (root) user called "karotz". 
  • Make sure the internet deamon is always running by adding inetd to inittab with "respawn".
  • Changed the inetd.conf to let Busybox run a Telnet-, FTP- and HTTP-server. 
  • Added a configuration file for the web-server (/karotz/etc/httpd.conf). 
  • Created a symlink to www in the root of the firmware.
  • Disabled automatic updates and enabled the Syslog Deamon by editing linuxrc in the root of the firmware. 

We can do a lot more but will leave it for later.

Create new CRAMFS file and flash it to Karotz

Lets try to create a new firmware file that can be flashed to our Karotz. We will use Terminal for this. Using terminal, cd back to the Karotz-Firmware directory with this command:

cd ~/Karotz-Firmware

Next, change the ownership of the firmware directory (and all files) back to the root user using this command:

sudo chown -R root: ./firmware

Make a new CRAM image using this command:

mkcramfs ./firmware rootfs.001.img

And lets gzip the new image file:

gzip ./rootfs.001.img

This will create a file called rootfs.001.img.gz. We want to know the MD5 checksum of this file, so enter command

MD5SUM rootfs.001.img.gz

and save the checksum somewhere, you'll need it later.

Transfer the file rootfs.001.img.gz to your Karotz (place it for example in /tmp). I copied the file from my Linux machine to my Windows machine, and used WinSCP (in FTP mode) to transfer the file to /tmp of my Karotz.

Lets check the MD5 checksum of the transfered file. Enter MD5SUM rootfs.001.img.gz again and compare the checksum to the checksum you remembered from your Linux machine.
They are both equal to each other? Great!

Before you continue, please read this warning again: messing around with firmware can damage your Karotz, or even brick it (so you cannot use it anymore). If you don't want to take this risk, it is safe to read these instructions, but do not try to execute the commands. I'm not responsible for any damage to your Karotz when you follow these instructions.

Now comes the tricky part, we will use this image and write it to the NAND memory of our Karotz. Take a look at the original autorun script of the USB key. You'll find the flash commands on line 182-185. First, we'll clear mtd2 and then write the new image to mtd2 with these commands:

/sbin/flash_eraseall /dev/mtd2
/sbin/nandwrite -pmn /dev/mtd2 /tmp/rootfs.001.img.gz

And now, reboot! Enter command

reboot

cross your fingers, and wait until your Karotz started up.

Finally, test the new firmware

Try Telnet, FTP and a webbrowser and see if your Karotz is up and running. If so, log in with Telnet, enter command

busybox

and check the version number of Busybox. It should be 1.24.0.

Change whatever you want now and create your own custom firmware. Let me know what you discovered!

Leave a message