Announcement

Collapse
No announcement yet.

Hacking Express gate (Asus Splashtop)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #91
    Hi,
    I managed to start my own linux system from ExpressGate with the kexec program and it works without problems. I just compiled a statically linked kexec (because I have no SDK and the executable I tried didn't work) and put it into a bs-aaa_kexec.sqx. The "aaa" makes shure that it is loaded first after the kernel. Then I copied my kernel and initrd file to a folder on the NTFS partition and executed following commands:

    Code:
    kexec --load /mnt/dvmdrive_root/linux/vmlinuz --append="root=UUID=XXX ro vga=791 pci=nobios pnpbios=off" --initrd "/mnt/dvmdrive_root/linux/initrd.img --console-vga
    kexec -e
    At first I can not see any output, but after a while my Ubuntu login screen is shown. All in all from power switch to ubuntu login screen it saves me around 10 seconds. Unfortunately a klick on one of the icons on the ExpressGate screen is still necesarry.

    At least a first start...

    Comment


    • #92
      Thats really tricky, never used kexec before.

      Comment


      • #93
        Me too, but since I installed it on my Ubuntu 9.04 it always restarts by loading the kernel with kexec, which is usually not what I want as I need a real restart when I want to boot into Express Gate...

        Does anybody know how to load a kernel file with a disassembler? It shouldn't be too hard to find out how the CEFULL is loaded and if it can be replaced by a standard linux kernel. This would really be a great thing.

        Comment


        • #94
          I think that ce(_bz) is inside the bios on your system.

          Comment


          • #95
            I also think that the BIOS part initializes the hardware so far, that it can read and execute the CEFULL bootloader. Which is already pretty much as the file is on a NTFS partition. As the same data can also be executed if you add a header similar to a normal linux kernel I think it should be possible to disassemble and understand it so far, that it can be patched to always start the first menu entry. Maybe this is even possible by changing only the menu file itself (e.g. 00de.bin). I think I will just write an email to them asking for information about the bootloader and the possibility to load an alternative kernel.

            Comment


            • #96
              Try something else: remove all ce* files from hd, i don't think that will matter.

              Comment


              • #97
                Originally posted by Kano View Post
                Try something else: remove all ce* files from hd, i don't think that will matter.
                Nope, if I remove CEFULL there is an error message without any graphical menu.

                Comment


                • #98
                  Ah, thats interesting. Maybe therefore the restriction that ahci is not allowed. You could try loading ce_bz with another loader and enable ahci. Maybe you could replace cefull by another workload like grub.

                  Comment


                  • #99
                    Originally posted by Kano View Post
                    Ah, thats interesting. Maybe therefore the restriction that ahci is not allowed. You could try loading ce_bz with another loader and enable ahci. Maybe you could replace cefull by another workload like grub.
                    Thats exactly what I would like to do, but that is why I could need some help from a disassembler specialist: If cefull can be loaded with a header from a linux kernel it has to be possible to see what happens when a menu entry is chosen. A first step would be to skip the menu part and directly jump to that position.

                    BTW: I think I am getting a feeling of what is included in the menu files *.idx and *.bin: the idx-file holds the indexes of the indexes in the index-table in the corresponding bin-file: 10000010.*

                    Code:
                    idx@0x00000000: 0x28010000
                    bin@0x00000128: 0x3c070000
                    bin@0x0000073c: "...../kernel.bin "
                    and so on for the rest of the menu entrys and similar for the included gifs.

                    Comment


                    • I never analized it that much, i only wrote a script to extract the gifs + replace em with smaller ones. Maybe you saw that too.

                      Comment

                      Working...
                      X