Archos 5 Patched Bootloaders

From ArchosDocs

Jump to: navigation, search

Contents

Description

This page contains a list of patched bootloaders for the Archos 5. We include in the term "bootloader" any code that resides in flash memory. This means: boot0, boot1, recovery and init.

Downloads

Version Download
1.7.11 bootloader a5-7 1.7.11 patched.zip
1.7.02 bootloader a5-7 1.7.02 patched.zip
1.6.54 bootloader a5-7 1.6.54 patched.zip
1.6.53 bootloader a5-7 1.6.53 patched.zip


List of modifications

boot0

In boot0 we removed the signature check on boot1. Any second stage bootloader can be installed without failing the signature check, whether it is validly signed or not. We did this by replacing the first instructions of the verify_hash() function by

MOV R0, #0
BX LR

boot1

In boot1 we removed the signature check on init and recovery. Any init and recovery kernel can be installed without failing the signature check, whether they are validly signed or not. We did this much in the same way as with boot0, by replacing the first instructions of the verify_hash() function.

recovery

We did not modify the recovery kernel itself, we rather modified the cpio filesystem loaded by the kernel. We modified the logic of the /init script:

  • Disabled the HDD lock: the original archos hard drive can now be replaced by any hard drive without causing the device not to boot.

We modified /bin/abcbox, which is a busybox-style application that handles several archos-specific tasks:

  • Disabled the version check on .aos files, in order to allow downgrading to an earlier firmware version. We replaced the first instructions by in AOS_check_version() by MOV R0, #0; BX LR.
  • Disabled all three signature checks on .aos files, it effectively has the effect of allowing any .aos files to be installed with /bin/aosparser, whether they are validly signed or not. To do this,

init

Just like for the recovery kernel, we modified the logic of the /init script:

  • Disabled the HDD lock: the original archos hard drive can now be replaced by any hard drive without causing the device not to boot.
  • Disabled the cramfs validation: any rootfs.cramfs.secure file can be installed without causing the device not to boot.

Testing: a simple word of advice

If you are going to attempt to install a new bootloader, this is a word of advice for you. There is no recovery from a bad boot0 or boot1. If you modify these, and suddenly your device will not boot because either of them were non-functional, there is nothing you can do about it. Your device is bricked.

On the other hand, if you are modifying the init or recovery, there is a safe way to go about it. First, flash a new init, but not recovery, and make sure you can boot all the way into avos. If it won't load avos, boot into recovery, flash an original firmware and start from zero. When you're sure your new init stage is working, and you have a way to execute code from your init stage (for example, you have a rootfs with ssh installed), then proceed to flash the recovery. Hold Power+Vol. UP during power on and make sure you can fully boot all the way to the recovery screen. If the recovery kernel is not working, boot again normally and try to flash a new recovery from the shell you have.

If you make both your init and recovery stages non-functional at the same time, then again, there is nothing you can do about it. Your device is bricked.

Personal tools