# Can't get bash shell in Series 1 ver 1.3 software



## Lucian_rider (Mar 22, 2007)

Hi all,

I hope this is the correct Forum for this question.

I have a couple of the old Sony series 1 Tivo's running the 1.3 software which I use as digital recorders for manual recording. I can communicate using a handmade serial cable but I don't get a Bash prompt and I need to run settime to obviously set the time.

I have a two drive Phillips series 1 which was upgraded by digitalrecorders also with ver 1.3 software and can access the bash shell and run settime so I know it can be done.

What do I need to do? I would guess install Bash somehow?

I have upgraded both units to 120 gig drives using Hinsdale's how to so I know a bit about the files system etc.

I can get as far as hitting the B key to boot the partition but then it just halts without giving me a prompt.

I would appreciate any help I can get.

Chris


----------



## BTUx9 (Nov 13, 2003)

for bash access, you need to hack the tivo... check for older guides


----------



## Lucian_rider (Mar 22, 2007)

Well I have gotten as far as Steve Jenkins boot cd and installed his tools but I can't untar them using cpio as this command does not exist apparently in ver 1.3. I guess I need to somehow get and install a copy of tar but I don't really know where to start.

A few pointers would really help please...


----------



## Lucian_rider (Mar 22, 2007)

I'm slowly moving forward by having copied tar from the mfstools cd and untarred the files but now I get no where because the rest of the instructions are for telnetting into the box and I don't have a network card.

I feel I am close but still can't get a bash prompt???


----------



## BTUx9 (Nov 13, 2003)

Hacking the tivo involves 2 main, necessary steps

1) bypassing the code in the kernel (initrd, actually) that deletes any foreign files on the tivo root... not sure if 1.3 had this code or not

2) modifying the boot process such that you have some sort of access (telnet, serial bash).

Without doing at least those 2 steps (1 step if your s/w version doesn't reject foreign code), your tivo isn't hacked, and you can't do anything to/with it other than what the tivo standardly allows.

the line to start serial bash is something like:

```
/bin/bash --login </dev/ttyS2 &>/dev/ttyS2 &
```
 ... if you haven't added that code to a file on your tivo (test.conf, rc.sysinit, rc.sysinit.author) then you won't have access to serial bash

As I said earlier, you really should be looking for a tivo hacking guide (my knowledge of old series1 boxes is a bit spotty)... there are a number of old ones out there

edit: for the pedantic among you, yes, you could technically hack a tivo, and add something like TWP WITHOUT enabling either telnet or bash, but what would be the point... you'd be unable to make many changes, and it's almost no extra effort to make sure you have the ability to get to bash somehow


----------



## Lucian_rider (Mar 22, 2007)

Well I have gone through the rc.sysinit file and it seems that MFStools has added all the right lines to enable bash already but it will not work.

Also the ttyS line is not 2 but 3, I have tried both but on a Sony Series 1 which would be the serial port, 2 or 3 ?

When I originally did the upgrade I had to use TivoMad to run ideturbo=false in order to get the image to boot. However this is the last line of the serial output that I get and to me it might be preventing the bash line to run??

Below is the output from the loggin screen using Hyper terminal: I wish I could copy the rc.sysinit file but I haven't figured out a way to get it onto my main computer.

Verify password: ******* 
Console switched to DSS port

------- System Info -------- 
Processor speed = 50 MHz 
Bus speed = 25 MHz 
Amount of DRAM = 16 MBytes 
Video configuration 3, Serial number 0 
Enet MAC address= 0:4:ac:e3:0:54 
Hostname = debug-13 
Auto disk locking enabled 
---------------------------- 
IDE err = 0x4 
Need to lock unit 0 
Initialize IDE security on unit 0 
IDE err = 0x4 
Can't set security keys 
IDE err = 0x4 
IDE drive 0 doesn't challenge security.. Assume insecure device 
IDE drive 1 is locked. chal=0xa500a5, resp=0x6ff369f1 
IDE drive 1 should be unlocked now

--- Device Configuration --- 
Power-On Test Devices: 
000 Enabled System Memory [RAM] 
---------------------------- 
Boot Sources: 
002 Enabled EIDE disk Controller [EIDE] 
gateway: 192.168.40.20 
---------------------------- 
Autolock disk(s) on power-up 
---------------------------- 
B - Boot from disk 
N - Network (tftp) boot 
X - print extended menu 
->b 
Loading boot image from partition 6 
1644 
Loaded successfull 
Entry point at 0x80010000 ... 
IDEprom: jump to boot_entry (0x80010000) 
Boot jump to 0x80010000, params=root=/dev/hda7 runideturbo=false


----------



## BTUx9 (Nov 13, 2003)

couple of things:
1) MFSTools has nothing to do with the hacking of the tivo... it wouldn't have put lines in rc.sysinit... it's only used to backup/restore/expand tivo drives

2) Unless I'm sadly mistaken, all series 1 tivos use ttyS2, not ttyS3 (AFAIK, only the S2.5 and newer use ttyS3)


----------



## Lucian_rider (Mar 22, 2007)

BTUx9 said:


> couple of things:
> 1) MFSTools has nothing to do with the hacking of the tivo... it wouldn't have put lines in rc.sysinit... it's only used to backup/restore/expand tivo drives
> 
> 2) Unless I'm sadly mistaken, all series 1 tivos use ttyS2, not ttyS3 (AFAIK, only the S2.5 and newer use ttyS3)


Hi and thanks for the help!

After going through the rc.sysinit file there are a number of entries there that in my mind would have had to have been put there by anyone other than Tivo, I wish I could duplicate it here...

I wonder if someone had a go at this unit before me?? It would have had to be years ago...

Anyway I finally got it to work by adding the following line to the bottom of the rc.sysinit file:

bash </dev/ttyS3 >& /dev/ttyS3 &

This was pretty much what you had told me to do. I just copied the line which was somewhere near the bottom of the file but was in an IF statement. So apparently the the serial port is ttyS3.

Anyway all is good with the world again and I can set the clock, this is great!


----------



## BTUx9 (Nov 13, 2003)

hmm... sadly mistaken again 
I really thought the only significant difference with the sonys were the remotes


----------

