[E3-hacking] E3 musings
Matt Thorpe
ciipher_uk at hotmail.com
Wed Feb 15 16:04:41 GMT 2006
Hello! First mail but I have been lurking for a few months.
My E3 reports the same build numbers as other E3s on this list, and seems to
only have one PARMS module at flash 00404400.
Have managed to gain shell access on my E3 via the init=/bin/sh method via
Johnathans pbltool utility and have been taking a nose around the
filesystem. A friend and I tried to rebuild its boot sequence from the
/start_cramfs and /run_delta scripts, and we seem to have managed to get it
to load it's kernal modules for all it's hardware gubbins, but the amstrad
software itself seems to be called at the end of run_delta as follows:
exec /bin/sh -c "\
while true; \
do \
/delta/watchman stnc_sys_boot.elf -r0xB20000,0x1400000 -C /dev/tty1;\
done\
" </dev/console >/dev/console 2>&1
We've tried running this command as is but it always results in an exception
from watchman (with all registers on the dump reading 0 oddly) followed by a
swift reboot. We get the same behaviour running the run_delta script
directly once we've executed the commands in start_cramfs.
Also, using an SMC 2202USB/ETH usb->ethernet adapter (via the pegasus.c
driver) we have managed to set an IP address on the E3 and ping it over a
LAN, however it doesn't seem to have any networking services on it as is so
it is not a massive help. We also tried mounting various USB storage
devices (hard drives and pendrives) but these get picked up and not claimed
by any driver, and I believe someone said that a few months that they had
managed this so it would be veyr helpful if they could let me know how as
we'd like to pull the ELF binaries in /delta off to see if dissasembly helps
our understanding of the system.
More information about the e3-hacking
mailing list