Can't get bash shell in Series 1 ver 1.3 software

Hacking the tivo involves 2 main, necessary steps

1) bypassing the code in the kernel (initrd, actually) that deletes any foreign files on the tivo root... not sure if 1.3 had this code or not

2) modifying the boot process such that you have some sort of access (telnet, serial bash).

Without doing at least those 2 steps (1 step if your s/w version doesn't reject foreign code), your tivo isn't hacked, and you can't do anything to/with it other than what the tivo standardly allows.

the line to start serial bash is something like: ... if you haven't added that code to a file on your tivo (test.conf, rc.sysinit, rc.sysinit.author) then you won't have access to serial bash

As I said earlier, you really should be looking for a tivo hacking guide (my knowledge of old series1 boxes is a bit spotty)... there are a number of old ones out there

edit: for the pedantic among you, yes, you could technically hack a tivo, and add something like TWP WITHOUT enabling either telnet or bash, but what would be the point... you'd be unable to make many changes, and it's almost no extra effort to make sure you have the ability to get to bash somehow

Well I have gone through the rc.sysinit file and it seems that MFStools has added all the right lines to enable bash already but it will not work.

Also the ttyS line is not 2 but 3, I have tried both but on a Sony Series 1 which would be the serial port, 2 or 3 ?

When I originally did the upgrade I had to use TivoMad to run ideturbo=false in order to get the image to boot. However this is the last line of the serial output that I get and to me it might be preventing the bash line to run??

Below is the output from the loggin screen using Hyper terminal: I wish I could copy the rc.sysinit file but I haven't figured out a way to get it onto my main computer.

Verify password: *******
Console switched to DSS port

------- System Info --------
Processor speed = 50 MHz
Bus speed = 25 MHz
Amount of DRAM = 16 MBytes
Video configuration 3, Serial number 0
Enet MAC address= 0:4:ac:e3:0:54
Hostname = debug-13
Auto disk locking enabled
----------------------------
IDE err = 0x4
Need to lock unit 0
Initialize IDE security on unit 0
IDE err = 0x4
Can't set security keys
IDE err = 0x4
IDE drive 0 doesn't challenge security.. Assume insecure device
IDE drive 1 is locked. chal=0xa500a5, resp=0x6ff369f1
IDE drive 1 should be unlocked now

--- Device Configuration ---
Power-On Test Devices:
000 Enabled System Memory [RAM]
----------------------------
Boot Sources:
002 Enabled EIDE disk Controller [EIDE]
gateway: 192.168.40.20
----------------------------
Autolock disk(s) on power-up
----------------------------
B - Boot from disk
N - Network (tftp) boot
X - print extended menu
->b
Loading boot image from partition 6
1644
Loaded successfull
Entry point at 0x80010000 ...
IDEprom: jump to boot_entry (0x80010000)
Boot jump to 0x80010000, params=root=/dev/hda7 runideturbo=false

BTUx9 said:

couple of things:
1) MFSTools has nothing to do with the hacking of the tivo... it wouldn't have put lines in rc.sysinit... it's only used to backup/restore/expand tivo drives

2) Unless I'm sadly mistaken, all series 1 tivos use ttyS2, not ttyS3 (AFAIK, only the S2.5 and newer use ttyS3)

Click to expand...

Hi and thanks for the help!

After going through the rc.sysinit file there are a number of entries there that in my mind would have had to have been put there by anyone other than Tivo, I wish I could duplicate it here...

I wonder if someone had a go at this unit before me?? It would have had to be years ago...

Anyway I finally got it to work by adding the following line to the bottom of the rc.sysinit file:

bash </dev/ttyS3 >& /dev/ttyS3 &

This was pretty much what you had told me to do. I just copied the line which was somewhere near the bottom of the file but was in an IF statement. So apparently the the serial port is ttyS3.

Anyway all is good with the world again and I can set the clock, this is great!