# List of "Unhackable Tivos"



## rbautch

I'm posting a list of Tivos that cannot be hacked without a prom modification. DTivos need to be hacked to use their USB ports, standalones do not. Prom modding is not easy, but perhaps you can find a pro to do it for you. Unless you solder for a living and have the specialized tools to do it (special tips, solder wick, stereoscope, DATA I/O device), don't attempt to undertake this risky procedure yourself. 

DirecTV Tivo R10
Tivo TCD540040
TiVo TCD540080
TiVo TCD540140
Humax T800
Humax DRT400
Humax DRT800
Humax T2500
Toshiba RS-TX20
Toshiba RS-TX60
TCD649080
TCD649180


----------



## Grentz

good information 

Luckily mine is not on the list hehehe


----------



## seinman

Say i'm on the list, and I *really* want TivoWebPlus. And while i'm at it, perhaps USB 2.0 drivers. Where are these places I can send it to have the modification done? I'm moving in like two weeks, so will be without TV for a while anyway, it's the perfect time to send the box away.


----------



## azitnay

Good list, looks complete... Except I think the Humax is a T2500, not a DRT2500, right?

Drew


----------



## rbautch

On the "other forum", there is a sticky called "PROM Socketing" in the Series 2 support forum. There a 2 users listed who will do it for $50.


----------



## rbautch

azitnay said:


> Good list, looks complete... Except I think the Humax is a T2500, not a DRT2500, right?


Right, fixed. Thanks!


----------



## davidlallen

rbautch said:


> On the "other forum", there is a sticky called "PROM Socketing" in the Series 2 support forum. There a 2 users listed who will do it for $50.


Those users are no longer in the business. Please search the "other forum" for my thread entitled "Problems with Prom Mod".


----------



## technomutt

OK, so no hacks.. but is it still possible to make backups of the original disk, either for future replacement or capacity increasing?


----------



## kramerboy

Sure, you can do that.


----------



## technomutt

kramerboy said:


> Sure, you can do that.


Thanks... I didn't realize "unhackable" was only talking about the USB port. After so many years of happily using Series 1 machines (all SVR-2000's) I find the latest Tivo specials on the Humax DVD recorders a little too irresistable. Just wanted to check 'em out here in the forum before I click on "add to cart"...


----------



## Kevin L

Excuse my ignorance, since I only have DirecTV DVRs (3 HR10-250s and a couple of HDVR2s). I just bought two TCD540140 TiVos for my mother who has cable. Am I to understand that I *cannot* use the USB ports? I'm not interested in hacking. I just want the daily call to go by broadband, and perhaps set up MRV.

Thanks!


----------



## azitnay

You can certainly use the 540 units' USB ports for broadband and MRV.

When the original post in this thread mentions not being able to enable the USB ports, it's really talking about the lone DirecTV model on the list (the R10). Perhaps that should be clarified.

Drew


----------



## Kevin L

azitnay said:


> You can certainly use the 540 units' USB ports for broadband and MRV.
> 
> When the original post in this thread mentions not being able to enable the USB ports, it's really talking about the lone DirecTV model on the list (the R10). Perhaps that should be clarified.
> 
> Drew


Thanks. The OP has me confused since it says:

List of "Unhackable Tivos"

--------------------------------------------------------------------------------

Since so many people ask about enabling their USB ports and hacking, I'm posting a list of Tivos that cannot be hacked without a prom modification. You can send your Tivo out to be modded for around $50. Unless you solder for a living and have the specialized tools to do it (special tips, solder wick, stereoscope, DATA I/O device), don't attempt to undertake this risky procedure.

DirecTV Tivo R10
Tivo TCD540040
TiVo TCD540080
TiVo TCD540140
Humax T800
Humax DRT400
Humax DRT800
Humax T2500
Toshiba RS-TX20
Toshiba RS-TX60 
________________________________________________________________

What can't be done with the TCD540140?


----------



## azitnay

Without a hardware (PROM) modification, 540 units can't be hacked to, say, add TiVoWebPlus, and other hacks of that nature.

Pretty much the only "hack" you can do on a 540 without messing with the PROM is a hard disk upgrade.

Drew


----------



## rbautch

I fixed the OP.


----------



## Kevin L

Ahh, thanks guys. That answers my questions. My mom is 75, so she's not going to be doing any hacking. As long as I can use the USB ports, I'll be fine.


----------



## fredfillis

Kevin L said:


> My mom is 75, so she's not going to be doing any hacking.


Not until she does more reading.


----------



## Kevin L

fredfillis said:


> Not until she does more reading.


Good one!


----------



## Fofer

What's the status on hacking the HDTiVo? I've currently got a pair of HDVR2's hacked with 6.2 and all the goodies. 

Are all the same things possible on the HDTiVo?


----------



## azitnay

I'm not a DirecTV guy, but AFAIK the HR10-250 is just as hackable as the other DTV S2's that came before it. The only "unhackable" (without PROM mod) DirecTiVo is the R10.

Drew


----------



## Fofer

azitnay said:


> I'm not a DirecTV guy, but AFAIK the HR10-250 is just as hackable as the other DTV S2's that came before it. The only "unhackable" (without PROM mod) DirecTiVo is the R10.


I guess I should have been more specific. Can HMO & MRV be enabled on those boxes? TiVoWeb? (I know we can't talk about extraction so I won't ask about that.)


----------



## classicsat

You'd have to look in the "other" place, but I don't think 4.x or 6.2 have the HD innards.


----------



## rrr22777

Thank you for this list. It will prevent future mistakes. I already have a Toshiba RS-TX20. 

I am getting ready to buy a second tivo and since it looks like the newer 540 series tivos are unhackable which ones have the following criteria:

1. Are hackable with tivoweb plus
2. Can be networked using USB 2.0
3. Can support drives > 137 GB
4. Can support yac or elseed (my previous svr-2000 did not support either)


----------



## azitnay

230 and 240 units are the ones you'll have the most luck with (though I don't know specifically about yac or elseed).

Drew


----------



## juanian

I'm confused; I thought that *all* Series 2's needed a prom mod to be hacked?


----------



## lee espinoza

juanian said:


> I'm confused; I thought that *all* Series 2's needed a prom mod to be hacked?


No just R-10's


----------



## Gunnyman

R10's on the DTV side.
the S2's listed in the OP are indeed unhackable without grabbing PROM mods.

Lee, be careful when you post man.


----------



## lee espinoza

Gunnyman said:


> R10's on the DTV side.
> the S2's listed in the OP are indeed unhackable without grabbing PROM mods.
> 
> Lee, be careful when you post man.


sorry need to be more clear next time


----------



## satdummy4

Hi there,

First off Id like to say Im a complete newbie at this and am just looking to get my first tivo so please forgive the ignorance.. I want to make sure that I can hack it (after all whats the fun if you cant) 

So heres the question.. If the TiVo is not on this list can it be hacked without any sort of hardware mod?

Im OK with some basic hardware stuff (HD swap etc) but nothing thats over advanced so Id like to avoid that.

Any help would be appreciated 

Thanks in advance


----------



## Gunnyman

yes.
If you have a Tivo NOT on the list, software modding is at your service.


----------



## captain_video

The name of the list should actually indicate which Tivos can only be hacked with a PROM modification. Here's a breakdown of the rest of the Tivos and what needs to be done to enable hacking (i.e., the installation of apps and scripts):

S1 SA Tivos can be hacked without having to circumvent any safeguards. See Steve Jenkins' website for info on hacking S1 SA Tivos.

S1 DTivos have to have the EEPROM flashed to disable initrd. Initrd performs a check of the Tivo filesystem to see if anything was altered. If it finds anything that doesn't belong it wipes out the offending files and then allows the Tivo to continue booting. If you install any files on a Tivo that has not had initrd disabled, the files will disappear from the Tivo. From that point you can install hacks similar to the S1 SA models. A popular program was developed for the S1 DTivos that shall remain nameless (yet another item that's censored here) that flashed the EEPROM and upgraded the OS to version 2.5 (which enabled the dual tuner functionality), added serial bash, and installed fixsub (mistakenly known as the lifetime sub hack). Several other scripts were developed that installed an entire suite of hacks that could be enabled a la carte and it also upgraded the OS version to 2.5.2 or 3.1 at your option. This was necessary to receive local channels. The Turbonet installation program can also be used to disable the initrd function to enable ethernet capability.

S2 DTivos have to have the "chain of trust" (i.e., initrd) broken using killhdinitrd. This includes non-RID as well as RID model DTivos. This does NOT include the R10. If your DTivo has a sticker with an RID number on it then it's an RID model. If the RID number is not on the sticker, you have a non-RID model.

S2 SA Tivos also have to have the chain of trust broken to enable hacking using killhdinitrd.

HDTivos can also be enabled for hacking using killhdinitrd. Note that all Tivos that can use killhdinitrd must have it applied to a 3.1.5 kernel (actually it's the 2.4.20 kernel that comes with the HDTivo OS version 3.1.5 but is commonly referred to as the 3.1.5 kernel; the kernel must come from the basic 3.1.5 OS version and none of the subsequent updated OSes like 3.1.5d, e, or f). The killhdinitrd'd kernel is then copied over to the active partition to replace the current kernel that resides in that partition. You can use the bootpage command resident on the PTVUpgrade LBA48 enhanced CD to determine the active partitions. The CD also contains kernels from three different Tivo OS versions that have all had killhdinitrd applied. This CD is available for download for $5 from PTVUpgrade.

S2 SA models beginning with model number 540 and R10 DTivos have to have the PROM physically removed and replaced with a pre-programmed PROM that disables the initrd function and breaks the chain of trust. This also applies to the units listed in the first post.

Once the chain of trust has been broken then you can install whatever hacks or scripts you like, as long as they are compatible with that version of Tivo. HDTivos cannot have MRV or HMO installed because it is not resident in the existing OS. S2 DTivos with OS 6.2 already have the MRV, HMO, and USB drivers resident in the OS but they're not active. You need to apply the superpatch to turn them on. S2 SA models with 7.2 already have these features enabled right out of the box so there's no need to apply the superpatch for these functions.

Note that series 1 Tivos all run on a PowerPC platform. All S2 Tivos use a MIPS CPU so any binaries you install must be compiled for that specific platform or they will not work. Binaries consist of native Linux utilities like ls and numerous others. Tcl scripts are not platform dependent and some are interchangeable. Many of them still have to be tailored to the OS version but not necessarily the platform.


----------



## satdummy4

Thanks for the quick replies .... I think I've got it.. Although captain, I think I liked Gunny's answer better ;-) 

Seriously I do appreciate the help


----------



## captain_video

Note the look of astonishment on my face.


----------



## technomutt

captain_video said:


> Note the look of astonishment on my face.


Trust me Captain, some of us enjoy the details...

I've been seeing some informal references to "Series 2.5" in the forums. I suspect that's not an official designation, but is there a relationship between the "unhackable" list, units running version 7.x of the Tivo software, and "Series 2.5"? The only S2 I own is the Humax burner (now with 200GB drive), which started life with version 5.x and within the first few weeks of use was autoupgraded to ver 7.x. The "older" Series 2's went from ver 4.x to ver 6.x, right? Coincidence?

I'll never give up my SVR-2000s with their (IMHO) superior remotes.


----------



## azitnay

I believe Series2.5 typically refers to TiVos with a TSN starting with 5. This also corresponds to the above list.

7.x doesn't really have anything to do with it, since all Series2's get it, including the "older" Series2's. 6.x is a DirecTV release, not a standalone release.

Drew


----------



## classicsat

captain_video said:


> S1 DTivos have to have the EEPROM flashed to disable initrd. Initrd performs a check of the Tivo filesystem to see if anything was altered. If it finds anything that doesn't belong it wipes out the offending files and then allows the Tivo to continue booting. If you install any files on a Tivo that has not had initrd disabled, the files will disappear from the Tivo. From that point you can install hacks similar to the S1 SA models. A popular program was developed for the S1 DTivos that shall remain nameless (yet another item that's censored here) that flashed the EEPROM and upgraded the OS to version 2.5 (which enabled the dual tuner functionality), added serial bash, and installed fixsub (mistakenly known as the lifetime sub hack). Several other scripts were developed that installed an entire suite of hacks that could be enabled a la carte and it also upgraded the OS version to 2.5.2 or 3.1 at your option. This was necessary to receive local channels. The Turbonet installation program can also be used to disable the initrd function to enable ethernet capability.


Some SVR2000s had initrd, which was killed the same way as for a DirecTV TiVo.


----------



## classicsat

Correct, S2.5 refers basically to those DVRs that have a TSN beginning with 5, both Standalones/DVD recorders, and the R10.

Older S2s went from 4.x to 7.1, S2.5s and DVD combos from 5.x to 7.1 or 7.2
TMK the first DVD combos (Pioneer 810 and Toshiba SD-H400, maybe Toshibas first DVD recorder), were the 2xx generation, but issued with 5.x software.


----------



## Paul G

I'm thinking about buying a Tivo, and since I'm here I want to be able to use all the 'extra' features. What should I buy?

Reply email 
TIA


----------



## azitnay

If you can find one, I'd recommend a 230 or 240 model, since you get both USB 2.0 hardware and full hackability.

Drew


----------



## Robertjm

That's not a correct statement. I have a 540 "Nightlight" and the kernel already has the USB drivers built in. Bought a Netgear FA120 off Ebay, plugged it in. Plugged the line to my router, restarted and started downloading immediately.



technomutt said:


> Thanks... I didn't realize "unhackable" was only talking about the USB port. After so many years of happily using Series 1 machines (all SVR-2000's) I find the latest Tivo specials on the Humax DVD recorders a little too irresistable. Just wanted to check 'em out here in the forum before I click on "add to cart"...


----------



## technomutt

azitnay said:


> If you can find one, I'd recommend a 230 or 240 model, since you get both USB 2.0 hardware and full hackability.


You sure know your Tivos... I take it the Sony SVR-3000's USB port is only USB1.1?


----------



## technomutt

Robertjm said:


> That's not a correct statement. I have a 540 "Nightlight" and the kernel already has the USB drivers built in. Bought a Netgear FA120 off Ebay, plugged it in. Plugged the line to my router, restarted and started downloading immediately.


Yes, I didn't understand the whole "unhackable" concept when I posted that... the USB issue was only on the DirecTivo units. Thanks to azitnay, classicat, captain_video, rbautch and the other experts here, I now realize we are talking about software mods like FTP, TivoWeb, etc. which can't be installed on "Series 2.5" units without a PROM mod. And I think I also understand that PROM modding is now a taboo subject, right?


----------



## azitnay

technomutt said:


> You sure know your Tivos... I take it the Sony SVR-3000's USB port is only USB1.1?


Yes... Essentially, since its TSN starts with a 1 (110), it has USB 1.1 hardware. TSN's starting with 2 and up have USB 2.0 hardware.

Drew


----------



## Paul G

Hi guys and girls;
Ok, I'm new to all of this and I'll be using digital cable TV (optimum online) with the unit I buy. What TIVO can I buy at Circuit City that will do me the most good (meaning I want to be able to use the hacks etc)
What about the Humax line?
Thank you


----------



## technomutt

Paul G said:


> ... What TIVO can I buy at Circuit City that will do me the most good (meaning I want to be able to use the hacks etc)...What about the Humax line?


Please revisit the list at the beginning of this thread. The Humax units listed comprise the entire Humax line. The one thing that hasn't been said so far is that this list is (AFAIK) also a complete list of all new Tivos currently available for sale at the retail outlets or online. In other words, *none of the new Tivos are hackable*, save for hard drive replacement/upgrade. So if you "_want to be able to use the hacks_", you need to buy a used unit. Please remember that hacking does not mean you can get Tivo for free. You still need to pay for the service. Also, many of the "hacks" for the older units are now "features" of the new units. But if you want to learn about Tivo hacking, good used units abound on Ebay. Good Luck!


----------



## chamelea

Thanks for all info above. I might want to 'ZIP' my S2 Phillips 7000, upsized by previous owner but not hacked. But hoping for some other clarifications (TIA):

1) I know my Phillips-7000 is non-RID, so it's the best of all choices, and what max disk? (TSN starts w/101)
2) Assuming not the R10, what is best alternate box choice among the $15 freebies?
3) How does RID affect zippability?
4) Is my currently idle, never-hacked SAT-60 too limiting to bother with hacking?


----------



## chamelea

azitnay said:


> If you can find one, I'd recommend a 230 or 240 model, since you get both USB 2.0 hardware and full hackability.
> 
> Drew


I'm uncertain what models this refers to, but I guess it must be new retail models instead of used eBay units?


----------



## azitnay

chamelea said:


> I'm uncertain what models this refers to, but I guess it must be new retail models instead of used eBay units?


They're not new (they were first out sometime in 2002, I believe)... They've been replaced by the 540 models, which are of course subject to the hacking restrictions detailed in this thread.

It's very likely some units on eBay are 230's and 240's, but you'd probably have to verify with the seller unless they list the exact model in the auction.

BTW, these are standalone units... Your previous post seems to indicate you deal mainly with DirecTV units.

Drew


----------



## chamelea

azitnay said:


> BTW, these are standalone units... Your previous post seems to indicate you deal mainly with DirecTV units.
> Drew


THanks .... I figured out after that post ... everything on the OP list (after #1) is SA-TiVo. 
And, exactly correct, I'm interested only in D-TiVos.


----------



## mr.unnatural

> 1) I know my Phillips-7000 is non-RID, so it's the best of all choices, and what max disk? (TSN starts w/101)


A good choice but not necessarily the best. All S2 DTivos prior to the R10 are all essentially the same with the exception of the RID feature. RID is strictly a DTV feature and has no affect on the hackability of the Tivo side of the box. Maximum drive size is bigger than anything you can currently buy so it's really a moot point when using a LBA48 kernel.



> 2) Assuming not the R10, what is best alternate box choice among the $15 freebies?


See reponse above



> 3) How does RID affect zippability?


No affect whatsoever



> 4) Is my currently idle, never-hacked SAT-60 too limiting to bother with hacking?


Depends on what you plan on doing with it. If you want it to work as a DTivo with all of the standard features then it's perfectly fine. You can also hack it with most of the same hacks available to S2 owners. If you plan on installing HMO and MRV then you'll have to get a series 2.


----------



## chamelea

Thanks very much.


----------



## bushman4

I just want to clarify something, since I am (until now) a S1 hacker only...

A friend has a TCD540040, and wants more space.

Does it already have an LBA48 aware kernel, or not?

I know I would have a hard time replaceing the kernel without socketting, and I just don't want him to over buy on the hard drive. 250gb ones are on sale here at the moment, but if it's only going to see 137, I'll have him get A 160...

tia,

Bushman


----------



## azitnay

Yes, 540's have always been LBA48-aware, since they started out with software version 5.x.

Drew


----------



## bushman4

Thanks az.

Bushman


----------



## JMcMusicman

Ok Clarification question here... I'm a bit of a newbie so bear with me.

If I've got a 'unhackable tivo', am I unable to add the 'superpatch' to enable HMO for the tivo server?? (Without the more extensive mods mentioned...)

Thanks


----------



## azitnay

You must be talking about an R10, and in that case yes, you can't superpatch without a PROM mod.

Drew


----------



## technomutt

azitnay said:


> You must be talking about an R10, and in that case yes, you can't superpatch without a PROM mod.


So is PROM modding OK or is it beyond the scope of legitimate discussion? Naturally, if legit then the next question will be sources for this procedure, as I don't possess surface-mount rework tools...


----------



## Gunnyman

it's your box, mod away.
FINDING chips is a challenge.
check DDB's for sale section


----------



## technomutt

Gunnyman said:


> it's your box, mod away.
> FINDING chips is a challenge.
> check DDB's for sale section


Thanks... didn't want to anger the Tivo gods... I'd like to mod my DRT-800, but sure don't want to jeopardize the serivce on my lifetime SVR-2000! If it's not too much to ask, please PM me a link to DDB's for sale section.


----------



## mr.unnatural

> If it's not too much to ask, please PM me a link to DDB's for sale section.


That won't work. The TCF software is set up to filter out any mention or URLs pointing to DDB, even in your PMs. Talk about paranoia!


----------



## Finnstang

google "hacking dtivo" with the quotes. first result then find the for sale section


----------



## technomutt

Finnstang said:


> google "hacking dtivo" with the quotes. first result then find the for sale section


Thanks.... and I must now sheepishly admit I knew about that site, just didn't make the connection with the acronym... DOH!


----------



## linenoise

Well, this thread explains a lot. I have spent the last 3 days trying to hack into my RS-TX20 with nothing but a grey creen being the result.
So if I'm reading correctly, there is no way for me to hack this unit at all?
I was trying to get TivoWeb loaded, and install some of my own IR codes as well.

Line Noise


----------



## azitnay

The only way would be to hack the PROM, as explained in the OP.

BTW rbautch, the TCD649080 and TCD649180 should probably be added to this list (I'm assuming).

Drew


----------



## EvilMidniteBombr

rbautch said:


> I'm posting a list of Tivos that cannot be hacked without a prom modification. DTivos need to be hacked to use their USB ports, standalones do not. Prom modding is not easy, but perhaps you can find a pro to do it for you. Unless you solder for a living and have the specialized tools to do it (special tips, solder wick, stereoscope, DATA I/O device), don't attempt to undertake this risky procedure yourself.
> 
> DirecTV Tivo R10
> Tivo TCD540040
> TiVo TCD540080
> TiVo TCD540140
> Humax T800
> Humax DRT400
> Humax DRT800
> Humax T2500
> *Toshiba RS-TX20*
> Toshiba RS-TX60


Aaaawwww crap! Ain't that a kick in the nuts? >.<

I am glad I found this list before I started messing around with my RS-TX20. rbautch just saved me untold frustration and brain pain. Thanks!

I would have really liked to have tried the increased buffer hack and the caller ID hack.


----------



## linenoise

Any chance of a software hack with the new version of 7.3.1 now for the RS-TX20?


----------



## EvilMidniteBombr

I am by no means an expert (I did stay at a Holiday Inn Express last night) but I believe what makes the RS-TX20 & 60 unhackable is the hardware. Changes made to the software won't change that. 




I think...


----------



## classicsat

Correct. 7.3.1 isn't the problem, it is the RS-TX20. So they release a leaky version, or someone figures out the private key to sign a custom kernel, the PROM mod is still needed to mod 5xx and 6xx DVRs.


----------



## linenoise

One can always hope though. Other models were once deemed un-hackable, and are opened up now. You never know.


----------



## rbautch

azitnay said:


> The only way would be to hack the PROM, as explained in the OP.
> 
> BTW rbautch, the TCD649080 and TCD649180 should probably be added to this list (I'm assuming).
> 
> Drew


Done, thanks.


----------



## jmarchil

azitnay said:


> Without a hardware (PROM) modification, 540 units can't be hacked to, say, add TiVoWebPlus, and other hacks of that nature.
> 
> Pretty much the only "hack" you can do on a 540 without messing with the PROM is a hard disk upgrade.
> 
> Drew


Has anyone been able to add remote control codes to a 540? Is that part of the protected files?

J.


----------



## cheer

jmarchil said:


> Has anyone been able to add remote control codes to a 540? Is that part of the protected files?


Remote codes for what?


----------



## jmarchil

cheer said:


> Remote codes for what?


For my cable box that doesn't have working codes already. I have hacked my series 1 by modifying an existing remote control set to work with my box.

I was wondering if the 540 could have those files modified without problems.

J.


----------



## cheer

No -- no files can be modded with a PROM hack on the 540 boxes.


----------



## classicsat

What model cable box -- that isn't a pirate box (typical reason to add codes)?

If it is a legit cable/satellite/IPTV box, you could ask TiVo to add the code for it.


----------

