Ok, so I should have updated this post a LOOONG time ago but if you were curious enough to look at the Windows Live Writer forum links I posted earlier, you would have found the work-around to not having CA-signed SSL certificates. The trick is to add the following command line switch to your Windows Live Writer program shortcut. To do this:

1.) Open the the program link to Windows Live Writer from the Windows Start menu – when you get to it, right-click on the Windows Live Writer program shortcut and select Properties.

2.) Update the Target path to the following:
”C:\Program Files (x86)\WindowsLive\Writer\WindowsLiveWriter.exe” /allowunsafecertificates

3.) Click Ok, and then launch Windows Live Writer.

VOILA – that is it, after entering your blog URL and username/password, Windows Live Writer will now use a secure connection to edit/create/update your blog posts without the need for an expensive CA-signed SSL certificate!

John Uncategorized

Since I never got a definitive answer from the Windows Live Writer forums I linked to in my previous post, I went ahead and purchased a SSL certificate from GoDaddy.com. This Cert. Authority-signed certificate proved to be the trick in getting Windows Live Writer to accept using https://<my blog URL> and I am no longer getting the SSL/TLS error message in my original post. Please keep this in mind if you want to secure your blog posting and administration with SSL you will need a CA-signed SSL certificate. I paid $12 for this certificate which is valid for one year. Now if I/we could just figure out how to bypass the need to use/subscribe to these CAs

John Security

I reconfigured my web server to use SSL but when
I configured my Windows Live Writer blog account to point to
https://<my blog URL>, I get the following error:

Blog Account Update screen:

Error message after clicking on Next:

Any ideas on what could cause this error? Is this a symptom of trying to use a self-signed SSL certificate? I have posted this question on the Windows Live Writer forum here and
here but so far no response.In the meantime, I will continue to use the insecure
blog posting URL (http://<my Blog URL>) until I find a fix.

John Security

Recently, I configured a netbook for my friend installing Windows 7 and various programs that he would use. After finishing the installation, I asked him how he was going to use the netbook and he said he would take it on the road to meet potential sales leads and business contacts. He also mentioned he was the victim of a break-in and told me all the gory details of lost licenses, house keys, etc. I was more than a little concerned and I offered to encrypt his hard drive and other USB memory devices to keep his mind at ease in case his gear got stolen/lost again. The next step was to figure out what software/hardware solution would work best to encrypt his USB and hard drive. Looking online, many people recommended TrueCrypt 6.3a and after reading the FAQ and online documentation I tested installation on my VMWare VPC environment evaluating its performance with full drive encryption and overall ease-of-use.

Hard drive encryption worked flawlessly and I then tried to encrypt my 4 gig SanDisk flash drive. TrueCrypt offers two options to encrypt USB flash devices – full drive encryption or what they call an “encrypted file container”. According to TrueCrypt’s User Guide:

1) Encrypt the entire USB flash drive. However, you will not be able run TrueCrypt from the
USB flash drive.
Note: Windows does not support multiple partitions on USB flash drives.

2) Create a TrueCrypt file container on the USB flash drive (for information on how to do so,
see the chapter – Beginner’s Tutorial). If you leave enough space on the USB flash drive
(choose an appropriate size for the TrueCrypt container), you will also be able to store
TrueCrypt on the USB flash drive (along with any other unencrypted files you want on the drive)
and you will be able to run TrueCrypt from the USB flash drive (see also the chapter Portable
Mode).

I chose option 1 (above) since I wanted to protect all of my USB flash drive and not worry about multiple partitions (encrypted and unencrypted). I first backed up the contents of my flash drive and then formatted it with TrueCrypt (Select Volumes (selecting Removable Disk 1 my flash drive) —>then selecting Volumes–>Create New Volumes). Below are the options presented for encrypting your USB flash drive:

Caveat 1.
I selected “Encrypt a non-system partition/drive” but at the end of the process my drive became unreadable in Windows XP/7! Reading in the forums and FAQ, people mentioned this was a “possibility” but did not say for certain that this was the case. Scratch that option off your list unless you are going to use the drive in a Unix/Linux (maybe Mac too) environment. If you do use this USB drive on a Linux/Unix/Mac environment you will have to install TrueCrypt on these machines.

Caveat 2. (Encrypting the whole USB drive will create hidden partitions that have to be removed using a separate USB format utility)
With this option not working I then formatted my USB drive using Windows XP’s built-in disk formatting tool. Loading TrueCrypt again, I selected Volumes–>Create New Volumes and selected Create an encrypted file container. I specified a 1.1 gb. size container to hold my encrypted files/programs. I chose this size because I use my USB flash drive as a bootable Windows 7 installer which consumes 2.25 gb. of drive space. After creating the encrypted file container, I tried to boot into my USB Windows 7 installer and got a boot loader error:

“Error in boot\BCD – code 0x0000c25
Please try loading your original Windows 7 install CD and restart your system”

This cryptic error made me think that maybe my Win7 files got corrupted after copying them back onto the flash drive. However, this was not case as I formatted the drive again in WinXP and copied over just the installer files from a known working Win7 install DVD. I kept getting the same error over and over until I finally found this strange output using mbrwiz

Disk: 2  Size: 3.75:G
Pos MBRndx Type/Name  Size Active Hide Start Sector  Sectors  DL Vol Label
— —— ———- —- —— —- ———— ———— — ———-
0 2  07-NTFS  3G  Yes  No  725,232,223  144,311,832 J: JB_FLASH_DRIVE
1  0  07-NTFS  No  Yes  144,311,895  299,033,910
2 1  07-NTFS  No  Yes  288,324,232  221,123,121

This did not make sense as a formatted flash drive should only have 1 partition and the MBRndx values were out of order. I ended up using a separate USB format utility (HP USB Disk Storage Format Tool) to format the drive and tested the Win7 installer and voila, the installer worked without issue. As was mentioned as a “possibility” in the User Guide, TrueCrypt did in fact create hidden partitions when I tried to encrypt the whole USB drive. These partitions were not removed when I formatted the drive and caused my Win7 boot installer to fail!

Caveat 3. (Creating a USB Traveler Disk will not auto-launch True-Crypt in Windows XP or Windows 7)

Once I figured out the hidden partitions issue, I then proceeded to setup my encrypted file container and copying the TrueCrypt program files to my USB drive. To copy the appropriate TrueCrypt launcher files, I created a Traveler Disk (under Tools–>Traveler Disk Setup) for my USB drive. A Traveler Disk is required in order to access the encrypted partition on your USB flash drive since only a portion of the drive is encrypted and the TrueCrypt launcher files are required to access this encrypted portion. To me this is a HUGE drawback to using TrueCrypt on USB flash media but I think this same problem exists on other vendors’ USB media unless they have their own read-only hidden partition that automatically loads an accessor program when you insert the drive in a system prompting for a password.

In summary, these caveats should not be enough to discourage you from using TrueCrypt as it is free, easy to use, and is quite fast after encrypting your hard drive(s) and USB flash media with no noticeable slow down accessing data or booting the OS. Hopefully, the issues with encrypting USB Flash media will be worked out in a future version but I think my friend will be quite happy to have his information protected in case it is lost/stolen (as will his clients).

Tip: If you are deploying TrueCrypt in a small/medium business environment, make use of the Rescue Disk feature. Doing so will allow you or other Administrators to retrieve user data in case he/she forgets/loses their TrueCrypt password and this will allow the user to set their own hard drive encryption password.

John Security

According to Laurent Gaffie’s (security researcher) Security blog:
”This bug is a real proof that SDL #FAIL
The bug trigger an infinite loop on smb{1,2}, pre-auth, no credential needed…
Can be trigered outside the lan via (IE*)
The bug is so noob, it should have been spotted 2 years ago by the SDL if the SDL had ever existed:”

Translation….click on a malformed link to a server fileshare in Internet Explorer and your computer running Windows 7 (all versions) or Server 2008 will CRASH. I tested this myself as it just seemed too easy and scary to be true and voila…I confirmed this exploit on my home network! Let’s hope Microsoft fixes this soon and in the meantime, there are several things you can do to prevent this exploit from crashing your system:

1.) Don’t use Internet Explorer and if you must, be aware of what you are clicking on.
2.) Have your network administrator/IT staff block TCP ports 135 –> 139 and port 445 (ports related to SMB traffic). This is probably already in place in most medium to large businesses.
3.) Repeat the same port blocking methodology for clients inside your firewall.

Some “good” news from security researchers examining this exploit – we won’t have to worry too much as all it really does is “Denial of Service” and so probably won’t be widespread…hmmm, tell that to the person who loses their critical documents that were not recently saved and their system crashes!!

If you don’t believe me click on the link below (I will leave the exploit code running until a patch is released from M$):

WARNING: If you click on this link, your system will crash e.g. freeze
so you have been warned! If your system does freeze, simply reboot (power off
holding down the power button for 5 seconds or press the Reset switch if your
PC has one). This exploit does not affect Windows XP or Vista.
Requirements:
Internet Explorer 6,7,8
Windows 7 or Windows Server 2008.

Here is the link –> link html is: file://<public IP of host running exploit code>

John Security, Technology Projects

Recently, I had some issues with a USB mobile phone (HTC Eris) and a dial-up modem program (PDANet). PDANet tried to install the USB drivers for this phone but could not ( I believe because of a prior installation of the USB drivers). When I tried to “clean” out all instances of these USB drivers, several entries in my Windows 7 registry could not be removed. System restore was not an option for me either so after spending an afternoon looking online, I found several sources that said I needed to change the permissions and ownership of these registry key/values before attempting to delete/modify them. I followed these articles but my particular entries could not be removed. Frustrated that I could not take ownership and modify delete these entries, I found another way to do this using PsTools (created by Mark Russinovich – link to tool website here).

After downloading the PsTools package and unzipping them to a directory on my drive (C:\pstools is fine), I did the following to enable access to the Windows 7 registry as a SYSTEM user:

1.) Create a shortcut on your Desktop (or other location) –>right-click–>select New–>Shortcut.
2.) Type in the name of the program your are creating a shortcut for –> regedit.exe (under C:\Windows\).
2a.) Give the shortcut a name – e.g. Regedit_SYSTEM_User
3.) Right click on the shortcut and select Properties
4.) Under the Shortcut tab in the Properties window, type the following in for the Target:
C:\<location where you extracted the PsTools package>\psexec.exe -i -s “regedit”
Click OK, right click on the shortcut again and select Shortcut–>Advanced. Click on the checkbox – Run as Administrator.
5.) Click OK. You can go back later and change the icon for your shortcut
and other properties as well.
6.) Double click on the shortcut and if you have the User Account Control settings
turned on you will be asked to confirm if you want this program to make changes
to the computer – click Yes.
7.) Congratulations – a command prompt and then a Regedit window will open allowing
you to make changes to your Windows 7 registry as a SYSTEM user. When you close
Regedit, the command prompt will shut down as well.

WARNING: Make sure you know what you are doing whether you are accessing the
Windows 7 registry as a SYSTEM user or not – you can really mess up your system if you
accidentally delete/modify important entries. In my case, I knew exactly which entries needed
to be removed (under HKEY LOCAL MACHINE–>SYSTEM–>ControlSet001–>ENUM–>USB).

John Technology Projects

So, you have a Verizon Wireless XV6900 (now being sold on Verizon’s site for $9.99 with 2-year contract) and you are wondering why/how you can get GPS and tethering enabled e.g. “hack it”? When I initially tested my XV6900 and started reading some forum posts about a year ago, I realized this phone had a GPS receiver but the ROM software provided by Verizon disabled access to this hardware. As well, I could not get tethering to work without calling Verizon and paying an additional $10 on top of my data plan. The GPS was another $10 as well, so I did some research and realized my best bet was to get off the stock Verizon ROM!

To install a custom ROM on the Verizon XV6900, I will be using  NFSFan’s Windows Mobile 6.5 ROM (version 16). The process for installing a custom ROM is fairly straightforward especially after you have installed the custom bootloader as I will explain below. Once this bootloader is installed, you can upgrade/downgrade both the ROM and phone radio software as needed. Always remember though that if you do install a custom ROM, BACKUP all of your contacts and application data!

Step 1 – Backing up your phone data and installing the custom bootloader

1.)  Connect your phone to the PC you will be using to backup/store your files.
2.) Use ActiveSync (download from Microsoft) to backup up your contacts.
3.) Once ActiveSync has finished backing up your data, go to Windows Explorer
and you should see your Mobile Device listed. Double-click and select My Windows
Mobile-Based Device –> Application Data. Copy this folder to a safe place on your PC.
Also copy the Documents and Settings folder and My Documents folders to your PC.
4.)  Any programs you wish to re-install after the upgrade will need to be copied to your PC
or stored on the Micro-SD card (if you have one for this phone). After the upgrade, your
phone will not have any applications you may have installed prior except for the applications
that come with the custom NFSFan ROM.

Step 2 – Installing the custom boot loader/unlocker

Warning: Installation of the IMCokeMan boot loader will void any/all warranty you have with this phone and Verizon. This boot loader allows you to install any non-Verizon ROM. I take no
responsibility if you “brick” your phone so you have been warned!
1.) Follow the steps listed here to install the ImCoKeMan boot loader (includes link to ImCoKeMan install program/script).

2.) Reboot your phone and you should still be able to boot into your existing stock
Verizon WinMobile ROM. If not, repeat the installation steps or leave me a comment
with any questions.

Step 3 – Install stock Verizon MR1 ROM/Radio upgrade

We will now install the official Verizon ROM update to install Win Mobile 6.1 which
includes a radio update for the XV6900 to version 3.37.78. The most important part of
this step is to NOT LET THE CUSTOMIZATIONS RUN. You will also need to re-provision your
phone after the upgrade is completed by calling Verizon and telling them you had to do a
hard reset of your phone and cannot make any phone calls. You will only need to do this
once as Verizon has not released any radio updates for this phone since November 2008. This
may change if Verizon puts out a Windows Mobile 6.5 ROM upgrade but I HIGHLY doubt
they will  (the XV6900 is over a year old now).

NOTE – In order to run the MR1 update below, make sure your battery charge level is at least
50% or the upgrade program will not proceed.

1.) Download the official Verizon MR1 ROM update here.
2.) Connect your XV6900 to your PC. Cancel any ActiveSync update but leave the
phone connected.
3.) Launch the MR1 update and click on the check-box indicating you understand the
warning that all data will be deleted by the upgrade.
4.) Click Next, it will ask you click on the check-box indicating you have launched
and connected to ActiveSync. Click on the check-box (“I completed the steps indicated above”)
and select Next.
5.) Click on Update -  this screen will also show the current ROM and version on the phone e.g.
Image Version 1.2.x.22 of the stock Verizon ROM.
6.) Click Next–>Next and the upgrade process will begin. Your phone will now automatically
reboot and you should see the IMCoKeMan’s tri-color boot loader screen v. 2.31.
7. ) As the installation proceeds, you will see a progress bar indicator on your phone and the
following progress indicator on your PC:

Note – DO NOT DISCONNECT your XV6900 phone during this process

8.) After the installation completes, your phone will automatically reboot. Remove the stylus during this reboot as you will need to insert it in the small reset button hole next to the phone’s USB connector in the next step.
9.) Now that the upgrade has finished installing and your phone rebooted, you will see the Verizon logo during boot-up. Wait for the Windows Mobile 6.1 boot image to load and when you see “Tap the screen to set up your Windows Mobile-based device” message, click on the screen – you must align the stylus before rebooting.
10.) After alignment is finished, click Skip to skip the stylus tutorial, select your time zone, and click Skip to skip over setting up a device password. IMMEDIATELY after clicking on the COMPLETE screen that is presented, insert your stylus in the reset button hole at the bottom of the phone – you will only have 3 seconds to reset the device before the customizations are installed.

10.) Your phone will now reboot and once it finishes loading, you can proceed to the next step of installing NFSFan’s Windows Mobile 6.5 custom ROM.

Step 4 – Install NFSFan’s Windows Mobile 6.5 ROM

1.) Download and unpack the NFSFan ROM files to a folder on your PC. Double click on the ROMUpdateUtility.exe program to begin the installation process.
2.) On your XV6900, go to Start –>Settings–>Connections–>USB to PC. Uncheck the “Enable advanced network functionality” checkbox and tap Ok. Soft reset your phone and you should now see your PC’s ActiveSync turn on and the XV6900 will now be connected to your PC.
2.) Click on the checkbox to acknowledge that you understand the caution and click Next. Click on the checkbox to acknowledge that you completed the pre-installation steps (your phone will need to have at least 50% charge).
3.) Click Next and you will see your stock Verizon image version – 3.14.605.1. Click Update.
4.) Click Next to upgrade to NFSFan’s ROM contained within the installer(2.00.V16) –>Next. Your phone will reboot into the tri-color boot loader and begin the upgrade process.
5.) The upgrade should only take about 5 minutes since the ROM image does not have an radio/PRI updates included (why we installed the stock MR1 Verizon beforehand). Once this has finished, your phone will automatically reboot.
6.) You will see NFSFan’s WinMobile 6.5 boot-screen but let any/all customizations run after this screen.
7.) After the customizations have finished installing, your XV6900 will reboot.
8.) You are DONE!
NOTE – If you don’t like the default Dialer skin for the Phone application – I recommend NFSFan’s CDMA dialer although it lacks some enhanced features of his Mega GSM dialer. You can download the CDMA dialer skin here

** GPS configuration – see here for how to enable GPS on the Verizon XV6900
** MMS configuration post install – follow NFSFan’s HOTFIX instructions here – do NOT refer to the FAQ for configuring MMS!
** Site with all ROM information and answers to many ROM issues – see here
** NFSFan ROM FAQ site (common configuration questions and troubleshooting) – see here

John Technology Projects

I recently downloaded Battlefield 1943 DLC (Downloadable Content) for my PS3 and while I really love the incredible graphics and sound, I would continually get “kicked” out of the matches I joined! Without fail, my game session would get bounced within 1-4 minutes of playing – sometimes right in middle of an intense shootout. I went online and I have to say that Electronic Art’s support of this game (for Xbox 360 and Playstation 3) is terrible. There is no direct link on EA’s website to a BF1943 support page, only a link to the BF1943 game website. The BF1943 website’s only “support” link takes you to the BF1943 forums page which is poorly organized and from what I can tell not monitored by the DICE/EA Engineering & Support teams.

After several hours searching the forums and doing Google searches, I found the following information from Gordon Van Dyke (DICE) Link to forum post:
Quote:
“A lot of issues with logging into EA Online have been sorted, but there can still be some odd issues that might not be on our end. Make sure you check that these ports are open and not blocked by your home network or your ISP. Please use the below port list to confirm.

TCP Ports: 80, 13020, 18280, 18285
UDP Ports: 53, 3074, 11000-11030, 18285

We will continue to work on some of the DataCenters having above normal Packet Loss that is the possible culprit for the screen freezes and will update on this later.”

Well, I tried to open/port forward these ports to my PS3 and I was still getting kicked out of my matches every 3-4 minutes. Finally, I tried placing my PS3′s IP address in the DMZ and voila, I am not getting kicked out of my matches. I also tested this during “peak” and “off-peak” play times (9 A.M. PST) and 10 P.M. PST. and I have not been kicked out of my matches once since putting the PS3 in the DMZ.

My Solution

Here is how I added my PS3′s IP address to the DMZ - NOTE – I am using DD-WRT (v. 24-sp1)for my home router firmware:
1.) Open my router’s config. page – http://192.168.1.1
2.) Click on NAT/QoS–>DMZ
3.) Select the Enable radio button option and type in the IP address of your PS3
4.) Click Save and Apply Settings.
5.) Power off-on the Playstation 3 system
6.) Launch BF1943 and join a match. You should be able to connect to EA’s servers and play continually without getting kicked out of your matches.

Some people have said that adding these ports and or placing their PS3 in the DMZ did not resolve their connection issues, with that in mind, try this out and keep complaining to EA/DICE – they need to hear our complaints so that this game can be enjoyed!

John Personal, PlayStation 3

I thought I would share my semi-annual activity of how I update our hacked Series 2 TiVO to install the latest and greatest TiVO software. By hacked, I mean our TiVO Series 2 DVR is already capable of running custom software and scripts without fear of the TiVO kernel panicking and forcing the device to erase/re-format both TiVO partitions. I may put up a post on how I did the initial hack but for now I will talk just about the process I and others who have a similar “Monte” chainload configuration must complete everytime a new TiVO software is pushed out to our TiVOs.

First off, unless you have a script running as a cron job or some other kind of daemon process running in the background, you won’t know a software update has been pushed until you go and check.

Step 1 – Verifying if you have a TiVO update waiting to be installed and determining the update version

Using the TiVO menu
1.) Press your TiVO button and get to the Settings menu–>Network submenu
2.) Under the Network submenu, you will see a bunch of information regarding your current wireless/wired TiVO network connection (SSID, MAC, IP address, etc.).
3.) Under Status, if you see “Pending Restart” then your TiVO has already received the latest TiVO software update and your TiVO will automatically reboot at approximately 2:00 A.M. every day to try and install the software update.

Since your TiVO is already hacked (Monte or killinitrd kernel method), your system boot parameter – updgradesoftware is set to false and this is why your TiVO will not install the software update until you do it manually or set this variable to true (not recommended).

Now that we are sure the TiVO has the latest software update we need to get the version number of the software that is waiting to be installed. You can check this 2 ways:

Get the upgrade version # – Using TiVO Web Plus web server (if you have this installed and setup)

1.) Open a web browser and type the IP address of your TiVO  e.g. http://<your assigned TiVO IP address>:<port number TWP is listening on e.g. 8080 or 8079>
2.) Click on System—>MFS and you will be presented with a list of TiVO files and directories.
3.) Click on SwSystem and you should see 2 entries listed as shown below:

If your TiVO system has a new software version waiting to be installed, the file size and date/time will be different than the file size and date/time listed as ACTIVE. NOTE: You will need to write down (copy and paste into a text file) the Name of the newly downloaded software for manual install later in this process so do that now.

Get the upgrade version # – via Telnet:

1.) Open a Telnet session on your PC that is connected on the same LAN as your TiVO. Connect to the TiVO’s IP address and you will be presented with a “<tivo:> |” prompt.
2.) Type the following command to retrieve and display the newly-downloaded TiVO software version number:
“echo mls / SwSystem | tivosh” generates the following output:

3.) Again, if you have a newly download TiVO software, the Date/Time and Size values will be different than the TiVO software image that is ACTIVE. In the TWP and Telnet sessions above, the ACTIVE and downloaded TiVO software are the same as no update was pushed to my TiVO at the time of this post. In your case, make a note of the Name of the newly downloaded TiVO software as you will type this in when running the installSw.itcl script later in these instructions.

Step 2 – Kicking off the TiVO software update

Now that we have the version number of the TiVO software update we want to install, we must login to our TiVO’s via Telnet or via a serial port connection to run the installSw.itcl script.
1.) Login to your TiVO and go to the following directory to edit and run the installSw.itcl script:
cd /tvbin
2.) Make sure your active TiVO partition has its file/directory permissions set to read-write by issuing the following command:
mount -o remount,rw /
3.) Now, you will need to edit the installSw.itcl script to have it abort after it has finished installing the TiVO software update. This is a critical step and not doing this properly could undo your TiVO hacks or worse completely hose your TiVO requiring a complete restore of your TiVO image and pulling the hard drive.
4.) Find the line as shown below and change it to the following:
<Line 91>

>                # Say goodbye
>               putlog “Attempting reboot…”
>                reboot
change to:
>                # Say goodbye
>            putlog “Aborting reboot, do as you must…”
>            exit 1
5.) Save and exit out of editing installSw.itcl

Start the TiVO software upgrade…

1.) Before installing the upgrade software, get the root and the boot partition number that your TiVO is currently using with the following command:
<Current boot partition number> bootpage -b /dev/hda
This will return either 6 or 3. After the upgrade, installSw.itcl will change this automatically to 3 or 6 at the end of the script. The boot partition e.g. hda3 or hda6 is where you will dd in the killinitrd kernel file (vmlinux.px) later in this tutorial and is critical to the Monte process so be aware of this and check what number TiVO is configured to boot from BEFORE rebooting.

<Current root partition number> bootpage -p /dev/hda
This will return either 7 or 4. The root partition is where you will copying over your TiVO hack files after the upgrade below has finished.

2.) Now that we have configured the installSw.itcl script to abort after installing the upgrade, type the following command to start the upgrade process:

/tvbin/installSw.itcl <Name/version number you obtained in step 2 of – Method 2 – Getting the newly downloaded TiVO software version number via Telnet above>

3.) The install process will begin and takes about 5-10 minutes to complete. Do not attempt to interrupt the install process or accidentally trip on the TiVO power cord. When the upgrade is finished you will see the following:

Step 3 – Copy over existing TiVO hack files to new partition

Before rebooting, you will need to copy over all of your TiVO hack files and binaries to ensure that your hacks continue to run properly after restart. In my case, 99% of my hack files are located on /var which is /dev/hda9 in terms of mounted Linux partitions on the TiVO.  This partition will remain untouched after reboot so long as you make a small modification to the startup script on the newly installed TiVO partition as described below:

1.) Check what the current TiVO root partition is set to using the command – “bootpage -p /dev/hda”. This will return the full boot string – check what value is contained in the “root=/dev/hda…” parameter of this boot string. Make a temporary directory – mkdir /tmp/tivo<partition number that the TiVO upgrade installed to>
2.) mount /dev/hda<value of root= parameter from command issued above> /tmp/tivo<4 or 7>
3.) cd to new mount directory – cd /tmp/tivo<4 or 7>/etc/rc.d/StageB_PostKickstart
4.) Edit the following file – rc.Sequence_150.CleanupVar.sh.
5.) Go to the following line – 106 and change the MaxVarPercent variable to the following:
MaxVarPercent=90
6.) This will allow you to consume 90% of the /var partition without TiVO going through and deleting/rebuilding the partition during bootup.
7.) Save the file and continue to the next step.

NOTE: If you are keeping your hack binaries on a root partition and not /var, you can copy your hack directory/directories to the /tmp/tivo<4 or 7> now instead of doing the above modification. I stopped keeping my hack binaries on the root TiVO partitions as they took more space than was available.

8.) Modify and copy /sbin/iptables to newly created TiVO boot partition:
echo -e ‘#!/bin/bash\nexit 0′ > iptables
cp /sbin/iptables /tmp/tivo<4 or 7>/sbin

9.) Copy /etc/rc.d/rc.sysinit.author /tmp/tivo<4 or 7>/etc/rc.d:

cp /etc/rc.d/rc.sysinit.author /tmp/tivo<4 or 7>/etc/rc.d

Step 4 – Extract the virgin TiVO kernel for Monte chainload process

So now we need to extract the virgin TiVO kernel from the newly installed TiVO partition. We will use this kernel to chain boot into later on to complete the Monte process. We need to do this process now before we dd in the killinitrd older kernel file that is not compatible with newer hardware add-ons like the TiVO wireless adapter and possibly some TiVO software features. I switched to this Monte process for the fact that I had a TiVO wireless adapter that was incompatible with the older killhdinitrd kernel.

1.) Extract the virgin TiVO kernel:
mkdir /tmp/tivo<4 or 7>/monte
dd if=/dev/hda<3 or 6 depending on output from bootpage -b /dev/hda command> of=/tmp/tivo<4 or 7>/monte/<virgin_kernel.img>
Example screenshot of output:

2.) Initrd the extracted virgin kernel with the following command:
cd /monte
./replace_initrd.mips <virgin_kernel>.img myinitrd.img(this is what is inserted into the virgin kernel) <tivo_version>.px (this is the kernel file that will be loaded during the monte process)
Screenshot of successful killinitrd on virgin kernel:

3.) Copy over old the killhdinitrd kernel file to your TiVO – download here.

4.) Now we will dd in the older killhdinitrd kernel to the TiVO boot partition:
dd if=/<path to where you keep killhdinitrd kernel> of=/dev/hda<result from bootpage -b /dev/hda>
You should see the following output:
4096+0 records in
4096+0 records out

5.) Copy over TivoWebPlus and any other programs you have currently install on the TiVO root partition (in my case, I only have TiVOWebPlus on my root partition)

6.) Unplug your TiVO adapter if you have one before issuing the reboot command. Unmount the temporarily mounted partition:
cd /
umount -f -a
Copy over the existing monte script to the new tivo partition:
cp /etc/rc.d/rc.sysinit.monte /tmp/tivo<4 or 7>
Content of my monte boot script:
############################################################################################
#!/bin/bash
# bogus rc.sysinit, checks for monte
export PATH=/sbin:/bin:/tivobin:/tvbin:.:/:/etc/rc.d
export TERM=xterm
export PS1=’\h:\w$ ‘

#enable this next line if you’re paranoid
#/bin/bash</dev/ttyS2&>/dev/ttyS2&

bootparm=`/sbin/bootpage -p /dev/hda`
if [ "$chainloaded" != "true" ]; then
echo “sp=\”$sp\” must be first pass, trying to run monte”
#/sbin/bootpage -P “root=$root console=2,115200 dsscon=true upgradesoftware=false
/sbin/insmod -f /monte/kmonte.o
/monte/monte /monte/932b_initrd.px “$bootparm chainloaded=true”
else
echo “sp=\”$sp\” must be second pass”
#/sbin/bootpage -P “root=$root console=2,115200 dsscon=true upgradesoftware=false
exec /etc/rc.d/rc.sysinit.real
fi
#######################################################################################
7.) Now let’s reboot and watch the boot process closely for any errors. If you have been issuing these commands so far via Telnet, plug in your trusty null modem cable to the serial port on the back of your TiVO NOW.
Issue reboot command from TiVO prompt: >reboot
8.) You will see the following startup messages as the TiVO boots up and unpacks/installs the TiVO software upgrade:
##############################################################################
>
>
Running boot Stage F_ApplicationLaunch scripts
Starting Services.
PCI: 00:0d.2 PCI cache line size set incorrectly (0 bytes) by BIOS/FW, correcting to 32
Initializing streamRestartMutex
Scanning for phase4 repair scripts
Running boot Stage G_PostApplication scripts
bash: no job control in this shell
(none):/var/tmp$ SIOCSIFADDR: No such device
eth0: unknown interface: No such device
SIOCSIFBRDADDR: No such device
eth0: unknown interface: No such device
SIOCSIFNETMASK: No such device
SIOCADDRT: Network is unreachable
Checking For Authoring Permissions…
Scanning for configuration files
rc.sysinit is complete
##################################
9.)Now that we know the TiVO is booting properly, we need to configure the monte process as follows:
Mount the root partition for read-write access:
mount -o remount,rw /

Edit the /etc/rc.d/rc.sysinit.monte
vi /etc/rc.d/rc.sysinit.monte
Change the following line to the directory where you are keeping the killinitrd kernel file:
/sbin/insmod -f /monte/kmonte.o
/monte/monte /monte/932b_initrd.px <replace this with the name of the name of the killinitrd kernel file>  “$bootparm chainloaded=true”
10.) Copy the /etc/rc.d/rc.sysinit to /etc/rc.d/rc.sysinit.real
11.) Rename your /etc/rc.d/rc.sysinit.monte to rc.sysinit
12.) Reboot the system
Copy of my monte files that you can copy to your /monte directory – here

Step 5 – Final steps/cleanup

Now that we have a working “Monte’d” system, go ahead and plugin the TiVO wireless adapter and watch for any kernel panics/errors while you have your serial cable connected to the TiVO. If you modified the /sbin/iptables file in Step 3 above, everything should be fine. I forgot to modify this file with a Monte’d system and while I did not get a kernel panic, I was unable to connect to my TiVo box via telnet, ftp, etc. – weird and frustrating error (connection attempts would just hang with no output)!

1.) Copy over the following script to remove CSO encryption of your TiVO recordings here. NOTE: My script has been modified to not do a 30 second skip and is configured to patch the latest 9.3.2b tivoapp version.  Run this script using the following command from your TiVo prompt (make sure tivoapppatches.tcl is located in the same directory that you are running tvapppatch.tcl):
./tvapppatch.tcl
Output:

2.) Reboot your TiVO and at the command prompt, type “ciphercheck.tcl” you should see the following:

3.) Delete the /tvbin/tivoapp.foo backup and YOU ARE DONE!

John Technology Projects

Another item to watch for on your 2000->2004 VW Passat or Jetta – the front left/right turn signal enclosures are apt to come loose or fall-out while driving!! I lost my passenger-side turn signal (next to the headlight dome) while driving over Highway 84 last weekend…maybe this car is telling me something (sell me soon)! In case you have the aforementioned VW, this part is held in place by a plastic spring clip that over time will dry and become brittle. Once this happens, it is just a matter of time before the plastic breaks and the whole enclosure comes loose. The only thing holding it in place at that point is the plug going to the turn signal bulb and highway driving will easily lift the enclosure out of place and onto the pavement which happened to me. This is a really poor design on the part of VW but I have experienced a lot of poor VW engineering and that is why I created this section – The Pacrap!

Oh and the cost to replace this part – $42.00 not including shipping ($11). If you go to the dealer, the part is $66 not including tax – just about a $20 difference. NOTE: Make sure that the parts dealer you go to (if you don’t go to a dealer) sells the complete turn signal assembly. The place I bought from online (had a good experience with prior) sold me the part but it didn’t have the light bulb assembly included! The part number was identical to the one I took to the dealer so you can’t rely just on the part # alone.  Don’t pay a shop to replace it either – get a Chilton VW Passat manual and you can do the work yourself in 5 minutes.

Here is a picture of the passenger-side turn signal enclosure(see the spring-clip on top of enclosure that will eventually fail):

 

 

 

 

 

 

 

Passenger-side turn-signal assembly part # for a year 2000 Passat GLX – 3B0953042D
Driver-side turn-signal assembly part # for a year 2000 Passat GLX – 3B0953041D

John The Pacrap