Announcement

Collapse
No announcement yet.

Hacking Express gate (Asus Splashtop)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #91
    Hi,
    I managed to start my own linux system from ExpressGate with the kexec program and it works without problems. I just compiled a statically linked kexec (because I have no SDK and the executable I tried didn't work) and put it into a bs-aaa_kexec.sqx. The "aaa" makes shure that it is loaded first after the kernel. Then I copied my kernel and initrd file to a folder on the NTFS partition and executed following commands:

    Code:
    kexec --load /mnt/dvmdrive_root/linux/vmlinuz --append="root=UUID=XXX ro vga=791 pci=nobios pnpbios=off" --initrd "/mnt/dvmdrive_root/linux/initrd.img --console-vga
    kexec -e
    At first I can not see any output, but after a while my Ubuntu login screen is shown. All in all from power switch to ubuntu login screen it saves me around 10 seconds. Unfortunately a klick on one of the icons on the ExpressGate screen is still necesarry.

    At least a first start...

    Comment


    • #92
      Thats really tricky, never used kexec before.

      Comment


      • #93
        Me too, but since I installed it on my Ubuntu 9.04 it always restarts by loading the kernel with kexec, which is usually not what I want as I need a real restart when I want to boot into Express Gate...

        Does anybody know how to load a kernel file with a disassembler? It shouldn't be too hard to find out how the CEFULL is loaded and if it can be replaced by a standard linux kernel. This would really be a great thing.

        Comment


        • #94
          I think that ce(_bz) is inside the bios on your system.

          Comment


          • #95
            I also think that the BIOS part initializes the hardware so far, that it can read and execute the CEFULL bootloader. Which is already pretty much as the file is on a NTFS partition. As the same data can also be executed if you add a header similar to a normal linux kernel I think it should be possible to disassemble and understand it so far, that it can be patched to always start the first menu entry. Maybe this is even possible by changing only the menu file itself (e.g. 00de.bin). I think I will just write an email to them asking for information about the bootloader and the possibility to load an alternative kernel.

            Comment


            • #96
              Try something else: remove all ce* files from hd, i don't think that will matter.

              Comment


              • #97
                Originally posted by Kano View Post
                Try something else: remove all ce* files from hd, i don't think that will matter.
                Nope, if I remove CEFULL there is an error message without any graphical menu.

                Comment


                • #98
                  Ah, thats interesting. Maybe therefore the restriction that ahci is not allowed. You could try loading ce_bz with another loader and enable ahci. Maybe you could replace cefull by another workload like grub.

                  Comment


                  • #99
                    Originally posted by Kano View Post
                    Ah, thats interesting. Maybe therefore the restriction that ahci is not allowed. You could try loading ce_bz with another loader and enable ahci. Maybe you could replace cefull by another workload like grub.
                    Thats exactly what I would like to do, but that is why I could need some help from a disassembler specialist: If cefull can be loaded with a header from a linux kernel it has to be possible to see what happens when a menu entry is chosen. A first step would be to skip the menu part and directly jump to that position.

                    BTW: I think I am getting a feeling of what is included in the menu files *.idx and *.bin: the idx-file holds the indexes of the indexes in the index-table in the corresponding bin-file: 10000010.*

                    Code:
                    idx@0x00000000: 0x28010000
                    bin@0x00000128: 0x3c070000
                    bin@0x0000073c: "...../kernel.bin "
                    and so on for the rest of the menu entrys and similar for the included gifs.

                    Comment


                    • I never analized it that much, i only wrote a script to extract the gifs + replace em with smaller ones. Maybe you saw that too.

                      Comment


                      • I have send them an email asking for some information about the kernel and if it would be possible to modify the bootloader in a way that it loads the kernel without parameter when the timeout has expired. Maybe they answer... we will see.

                        Comment


                        • Here some news:
                          I installed the files from the harddisk installation on an USB stick as described in the other thread. Then I switched the SATA configuration in the BIOS to AHCI so that the BIOS can not read the harddisk installation. If I boot now with the USB Stick plugged in the BIOS reads the files from the stick and the system starts. What I don't see anymore is the menu with the different options (Firefox, Skype etc) and the system starts immediately with the "initva=firefox" option. This means that my first point "Boot Express Gate immediately" is already accomplished. I moved most of the *.sqx files to a temp directory to see what is necessary to run a minimal graphical environment with my rxvt shell. I also have a shellscript running to start my own kernel with kexec right after the loading of the splashtop kernel. Unfortunately my kernel hangs for 16 seconds during the USB initialization with an error messages, that is addressed by one of the patches "disable_quirk_usb_early_handoff.patch". This delays the overall boot process to 55 seconds. So I assume I could boot in less then 40 seconds with this method. Next would be to either load another bootmanager or to modify the kernel in order to save another 15 or so seconds.

                          Comment


                          • I never have heard of that patch, for which kernel is it and whats the url?

                            Comment


                            • Hi

                              Did you get the direct boot to work with out using a USB key?
                              I might be able to live with the 2.6.25 kernel if it boots up quick.

                              Regards

                              Originally posted by Darkstar2000 View Post
                              Here some news:
                              I installed the files from the harddisk installation on an USB stick as described in the other thread. Then I switched the SATA configuration in the BIOS to AHCI so that the BIOS can not read the harddisk installation. If I boot now with the USB Stick plugged in the BIOS reads the files from the stick and the system starts. What I don't see anymore is the menu with the different options (Firefox, Skype etc) and the system starts immediately with the "initva=firefox" option. This means that my first point "Boot Express Gate immediately" is already accomplished. I moved most of the *.sqx files to a temp directory to see what is necessary to run a minimal graphical environment with my rxvt shell. I also have a shellscript running to start my own kernel with kexec right after the loading of the splashtop kernel. Unfortunately my kernel hangs for 16 seconds during the USB initialization with an error messages, that is addressed by one of the patches "disable_quirk_usb_early_handoff.patch". This delays the overall boot process to 55 seconds. So I assume I could boot in less then 40 seconds with this method. Next would be to either load another bootmanager or to modify the kernel in order to save another 15 or so seconds.

                              Comment


                              • The patch is in the source package from Splashtop. It's in the patches directory under "core" (source version 1.4.6.2).
                                To be honest, I am not shure how I did get the direct boot. Actually I wanted to install the system on a USB stick to play around without having to boot another system in between whenever I want to change a sqx-file and so I plugged in the USB stick where I installed an old 1.3.2.x according to the "Splashtop on USB stick"-thread. When I switched to AHCI I realized that the BIOS takes the file from the stick instead from the harddisk. Then I just copied the contents of the "ASUS.SYS" folder to the stick and after that it booted always without the boot menu. First I thought this was because there where not the right skin*.bin file (only german) and so I deleted all skins, but then it refused to boot at all. So I copied the skin*.bin and skin*.idx back to the stick and it booted again without the menu. I think I will do a quick diff and see what is different between the stick and the harddisk installation. Maybe this is a hint: whenever I start up the system asks me for the language settings like during the very first start. Does anybody knows where these information are stored?

                                I think as long as there is no SDK it is difficult to build own applications for the kernel, as I don't know which libraries are already installed and which version is used. The kernel version looks like an old Debian etch, but when I installed it in a virtual machine the libraries from the repository where already to new. If it is not possible to exchange the kernel.bin with a custom version I would really like to pass a custom "root=XXX" to the kernel and start my own full operational development system. But for that I need to know the exact library versions. Passing "root=/dev/sda2" where my Ubuntu 9.04 is installed does not work.

                                If I have something new, I will post it here.

                                Comment

                                Working...
                                X