Archospma-430 Bootflash-signature Check' Removed!

[sashz]

If you like our work - please consider donating on http://www.pdaxrom.org

Here is the Archos PMA 400/430 flash hack which is avoid the bootloader checksum.

Unlike the Zaurus, the Archos bootloader checks the aimage.img for correct signature. Because it stops people for custom building aimage.img, i hacked flash bootloader for disable signature checkin.

Heres manual:

1) Download http://mail.pdaxrom.org/archos.ru/experime...ack-0.1.tar.bz2
2) Unpack it on PC
3) Check you bootrom to see if its compatible with the bootloader hack need the same flash images by following the next steps
4) Connect PMA to PC
5) From phys directory on the PC copy files phys_m.o, xxx1 to PMA
6) Disconnect PMA from PC
7) Run console on PMA
Go in directory where files, probably it will /media :

Code: [Select]

cd /media9) Load kernel module phys_m.o:

Code: [Select]

insmod ./phys_m.o10) Run xxx1 for get your flash rom:

Code: [Select]

./xxx111) Check md5sum for the flash image and cut some from flash  :

Code: [Select]

cd /tmp
dd if=bios.rom of=bios.rom.part bs=1 count=128000
md5sum bios.rom.partThe checksum must be

Code: [Select]

f67a0f5d320be1b0dc8bfa602ca6cdac  bios.rom.part12) If your md5sum is different, stop here - you cannot use this hack  gzip rom file and send it me
13) If md5sum OK, connect PMA to PC again
14) Copy file flash_m.o to PMA
15) Disconnect PMA
16) Run console on PMA and go to directory where file is placed
17) Load module:

Code: [Select]

insmod ./flash_m.o18) Ohh, there error! hehe , dont worry. It is ok - we just run flash patcher in kernel space and then come back.
19) Run dmesg:

Code: [Select]

dmesg20) There must be messages "Sector 0xD patched!" and "Sector 0xE patched!"
21) DONE!!! Now your PMA wil able run aimage.img with any signature

if you got message "Unknown flash chip!", that mean your device uses M29W400BB flash. Go to step 14 and use flash-m29_m.o file for hack your device

There russian version PMA-430 system, with custom aimage.img :
http://mail.pdaxrom.org/archos.ru/experime..._rus-050106.zip

If you like our work - please consider donating on http://www.pdaxrom.org

[grond]

Here is the Archos PMA 400/430 flash hack which is avoid the bootloader checksum.

You are my hero!!! Thank you so much, I just followed your instructions and it works. I overwrote the signature with "Hello, Archos, seems like your bootloader isn't as secure as you said!" and my PMA still boots...  

I hope that those other bootroms can soon be hacked too...  

[sashz]

Fast guide how build custom aimage)

in flash-hack archive ( http://mail.pdaxrom.org/archos.ru/experime...ack-0.1.tar.bz2 ) look aimage directory.
There 2 utils: extract and build.

extract will write cramfs image and kernel image from exists aimage.img:

Code: [Select]

./extract aimage.img
when it will finish you get 2 files: rootfs.bin and zImage

for unpack cramfs you must use cramfs stuff with XIP feature (sticky files is uncompressed), for example this: http://mail.pdaxrom.org/archos.ru/experime...-archos.tar.bz2

Code: [Select]

cramfsck -x root rootfs.bin
all files from archos system will in directory root.  Now you can hack it and add your own features in system:) for roll new cramfs image use mkcramfs utility:

Code: [Select]

mkcramfs root rootfs.bin
New rootfs.bin will created.

Note:
cramfs image must be ~21MB - need better understand aimage header

For build aimage.img use build utility. Copy aimage.hdr in directory where your zImage and rootfs.bin and run build:

Code: [Select]

./build
that will create new aimage.img

[sashz]

Here is the Archos PMA 400/430 flash hack which is avoid the bootloader checksum.

You are my hero!!! Thank you so much, I just followed your instructions and it works. I overwrote the signature with "Hello, Archos, seems like your bootloader isn't as secure as you said!" and my PMA still boots...  

I hope that those other bootroms can soon be hacked too...  
[div align=\"right\"][a href=\"index.php?act=findpost&pid=109618\"][{POST_SNAPBACK}][/a][/div]

hope there no another bootloaders  with different md5sum:)

[sashz]

latest flash-hack tools updated and uploaded

http://mail.pdaxrom.org/archos.ru/experime...ack-0.2.tar.bz2

now you can restore default bootloader for archos warranty

for SST39VF400A owners: rev-flash_m.o

for M29W400BB owners: rev-flash-m29_m.o

[ZDevil]

That's awesome.... Perhaps if Sharp stops making Zaurii Archos is the way.

[bam]

if sharp quits makeing the z I will buy at least 3 more 3100's for stock

[sashz]

latest custom system http://mail.pdaxrom.org/archos.ru/experime..._rus-110106.zip

[Jaffar]

Hi and thanks, works like a charm I can now read my favorite bulgarian web pages. BUT the cyrkeyboard does not work and you have to remove the cyrkeyboard input applet otherwise you get the safe mode until you disable it. Small bug for a great job though. Well done!

[pyknite]

Hi and thanks, works like a charm I can now read my favorite bulgarian web pages. BUT the cyrkeyboard does not work and you have to remove the cyrkeyboard input applet otherwise you get the safe mode until you disable it. Small bug for a great job though. Well done!
[div align=\"right\"][a href=\"index.php?act=findpost&pid=110971\"][{POST_SNAPBACK}][/a][/div]

hum... archos is here

[sashz]

Hi and thanks, works like a charm I can now read my favorite bulgarian web pages. BUT the cyrkeyboard does not work and you have to remove the cyrkeyboard input applet otherwise you get the safe mode until you disable it. Small bug for a great job though. Well done!
[div align=\"right\"][{POST_SNAPBACK}][/a][/div]

that because settings for keyboard applet in russian backup
else i uploaded settings for keyboard there:

[a href=\"http://mail.pdaxrom.org/archos.ru/experimental/keymaps.zip]http://mail.pdaxrom.org/archos.ru/experimental/keymaps.zip[/url]

download and extract it on archos harddrive. There included danish  english  english-uk  german  macedonian  russian  slovak keymaps. Look /media/pda/Applications/cyrillica/russian for example and build bulgarian keymap (i know there different cyrillic chars location than on russian). I had it before when made it for zauruses, but probably lost.

[chrissy]

Hi,
 I've just got an Archos PMA400 and am interested in playing around with it a little more than designed.  Unforunately the flash-hack and cramfs links on this page are leading to a 'page not found' area.  Don't suppose anyone has the latest versions of each of these available anywhere?....

  Cheers

    Chris

[sashz]

Hi,
it moved to http://openpma.org/

My PMA400 brocken (fall 0.5 meter) and i stop any development for it.

[chrissy]

Hi,
 Thanks for the quick reply - unfortunately (unless I'm being very dense) it looks like everywhere on the net that has info related to this boot-flash (or in particular the extract and create bins) links to the same download page on mail.pdaxrom.org/archos.ru/experimental which is down....oh well.

Hi,
it moved to http://openpma.org/

My PMA400 brocken (fall 0.5 meter) and i stop any development for it.
[div align=\"right\"][a href=\"index.php?act=findpost&pid=126380\"][{POST_SNAPBACK}][/a][/div]

That's rough - no plans on replacing it?.  I've only had mine a few days but it is impressive (to a point, which is where I want to take it up!).  As a system admin, having a proper(ish) hand held wifi linux box is hopefully gonna be pretty useful.

Cheers anyway...