# Series3 Boot Logo Hacking



## Omikron (Feb 27, 2006)

Old:









New:









Crappy Proof of Concept (Courtesy of iPhone's Crappy Camera):










I'm actually quite pleased with the result, even though the atrocious photo doesn't do it justice. Once my Canon gets fixed, I'll post new photos. ;-)


----------



## Omikron (Feb 27, 2006)

Oh, and in case anyone is curious, the boot logo is stored in the gzipped portion of the PROM code on the chip and is encoded in a proprietary format. More information about it can be found on the "other" forum.


----------



## ciper (Nov 4, 2004)

Does the TivoHD have this same data even though there is no display?


----------



## Omikron (Feb 27, 2006)

ciper said:


> Does the TivoHD have this same data even though there is no display?


That is an excellent question. I'll look into it.


----------



## Omikron (Feb 27, 2006)

Omikron said:


> That is an excellent question. I'll look into it.


Just a follow up...

I looked through the PROM code of the TiVo HD and the only image I could find was the normal TiVo Sunrise shown on the screen upon power-on.


----------



## ciper (Nov 4, 2004)

Interesting. How hard would it be to uncompress the PROM code and do a binary comparison (with some type of resynchronization after differences) to find all the changes between models?

Since the prom is able to display the sunset image during bootup I assume the 'video processor' is initialized so would it be possible to remove this image and instead display some type of boot status messages?


----------



## Omikron (Feb 27, 2006)

ciper said:


> Interesting. How hard would it be to uncompress the PROM code and do a binary comparison (with some type of resynchronization after differences) to find all the changes between models?
> 
> Since the prom is able to display the sunset image during bootup I assume the 'video processor' is initialized so would it be possible to remove this image and instead display some type of boot status messages?


Not very hard. Just search for the 1F8B08 gzip signature in the PROM and save everything that follows including the signature to a binary file. Then simply uncompress via gzip and analyze to your heart's content. ;-)


----------



## Omikron (Feb 27, 2006)

Here's a slightly better photo for the curious:


----------

