Print

SystemRescue

Page Views: 12758

Close
warningWARNING
THIS ARTICLE IS PROVIDED IN THE HOPE THAT IT WILL BE USEFUL, BUT WITHOUT ANY WARRANTY. IT IS PROVIDED "AS IS"

Close
commentCredits
Original page by peterk2005. Additional information in comments by cybrmage.

Close
commentRelated information
Additional service access information snippet.

Well, this all started with bricking my O!Play. lol It was definitely my fault, I had two open telnet sessions, one to the Asus and the other to my NAS, and I have entered some commands in the wrong place. Never accept a phone call when you do such things, and more importantly, don't think you can continue your work with full attention. wink

Anyway, damage has been done, I needed to revive my device. I was almost sure that the root fs was intact, it was the the media player application /usr/local/bin/dvdplayer) that refused to start (or crashed). This made the device - or the application, didn't know which one at that time - continuously restart. I thought if I could interrupt the init process - not letting the media player application start -, I could fix the problem. Other alternative was to kill the watchdog (/usr/local/bin/RootApp), and stop the continuous start/stop/restart loop.

I tried to telnet in, but no go. Telnet wasn't working, not even for a second. So, I hat to read. ;) I went through again all of the wiki articles Mike wrote here, and also his posts on the netbookuser site(external link), where he posted the capture of the serial console boot log. Examining the log, I noticed that eth0 has been brought up early, with the default address of: 192.168.0.9.

From this point, it was easy. I remembered that inetd - means telnet for me - is started during the init process. So the device should be accessible through telnet early, before the dvdplayer application starts
(as the last step of the init process). The only problem is that this option may last only for a few seconds. I changed my network settings to match the 192.168.0.* network, started telnet, and powered up the device. And ideed, telnet was available!

ethO System Rescue
IP-Config: Complete: 
device=eth0, 
addr=192.168.0.9, 
mask=255.0.0.0, 
gw=192.168.0.254, 
host=192.168.0.9, 
domain=, 
nis-domain=(none), 
bootserver=255.255.255.255, 
rootserver=255.255.255.255, 
rootpath=

Only for a short time though - 2-3 secs, I was right about it -, but it was available. So I put up a little script that pings the above IP address, and once it responds, immediately starts a telnet session
and sends a few keypresses. First the "root" string certainly, then a "/usr/bin/stopall" command.
(I remembered that I was able to kill the dvdplayer & watchdog with a "# /usr/bin/stopall" command from the telnet command prompt.)

I have a windows laptop, so I needed a windows script. I used a similar script a while ago to connect to a Linksys router, so I took that script and modified it. Here is how it looked:

asusrescue.bat
echo off
echo Set objShell = WScript.CreateObject("WScript.Shell") > asusrescue.vbs
echo Set objExecObject = objShell.Exec("cmd /c ping -t -w 1 192.168.0.9") >> asusrescue.vbs
echo Wscript.Echo "Now, start your O!Play..." >> asusrescue.vbs
echo Do While Not objExecObject.StdOut.AtEndOfStream >> asusrescue.vbs
echo     strText = objExecObject.StdOut.ReadLine() >> asusrescue.vbs
echo     Wscript.Echo strText >> asusrescue.vbs
echo     If Instr(strText, "Reply") > 0 Then >> asusrescue.vbs
echo         Exit Do >> asusrescue.vbs
echo     End If >> asusrescue.vbs
echo Loop >> asusrescue.vbs
echo objShell.Run("telnet 192.168.0.9") >> asusrescue.vbs
echo Do Until Success = True >> asusrescue.vbs
echo     Success = objShell.AppActivate("telnet") >> asusrescue.vbs
echo Loop >> asusrescue.vbs
echo Wscript.Sleep 300 >> asusrescue.vbs
echo Success = objShell.AppActivate("telnet") >> asusrescue.vbs
echo objShell.SendKeys "root" >> asusrescue.vbs
echo objShell.SendKeys "{ENTER}" >> asusrescue.vbs
echo objShell.SendKeys "/usr/bin/stopall" >> asusrescue.vbs
echo objShell.SendKeys "{ENTER}" >> asusrescue.vbs
echo Wscript.Echo "Done... You can close this window." >> asusrescue.vbs
rem echo Wscript.Quit >> asusrescue.vbs

CALL CScript asusrescue.vbs
del asusrescue.vbs

SAVE THIS SCRIPT AS asusrescue.bat

INSTRUCTIONS:

1 - Power down the O!Play (unplug the power cord)

a - Ensure your Laptop or PC Network Connections are configured as per above
b - Link your PC and the OPlay with your Cat5 cable

2 - Start the asusrescue.bat script
3 - Then switch on the OPlay
4 - This pings the above IP address, and once it responds, immediately starts a telnet session
5 - Now it sends a few keypresses. First the "root" string

c - If you have installed OpenSSH and set a "root" password you'll need to modify the script

6 - Now the script issues a "/usr/bin/stopall" command

So we are basically able to System Rescue with the following commands:

Execute Command:
/usr/bin/stopall
Execute Command:
mount / -o remount,rw

It worked for the very first time. The dvd player application stopped, so did the watchdog, and I had a working telnet prompt. In fact this command did some more, for example remounted the root fs in write mode, etc., so I think this command is a kind of debug command to aid developers to get access to things easily.

So I had a working telnet connection, I could fix my mistakes, and my O!Play was working again. ;)

Note: The above script works on english versions of Windows XP and up. For making it work on localized versions, you need to change the string "Reply" in the 8th line to something that ping displays for succesfull tries, but does not displays when there is no response. It does not need to be a whole word, you can choose any character sequence which is part of the success message, but not part of the unsuccess message.

I believe that by polishing this further, we will be able to initiate a firmware reflashing procedure as well. Examining the firmware, I noticed that the "kill -6 1" command triggers busybox to execute the script /etc/reexec_init. This script creates a ramfs, copies the required files from the root fs to this ramfs. Finally, busybox executes a new init in ram. The script /etc/reexec_init/rcS (which becomes /etc/rcS in ram, so executed by the init) calls "loader_a", the flash image loader.
The loader expects the firmware URL as parameter. Since, at this point there are no USB devices yet, we cannot just give it a /tmp/usbmounts/..../install.img path. Either we need to

  • Put the flash image on a web site and let "loader_a" download it from there.
  • Mount the usb device manually, and specify the path of the flash image on the mounted usb drive.

I haven't tried this, so I don't know if any of the two ways work. But I think it should. I'll try it soon, I just feel I need to dig some more info out about how things work before I make an attempt to reflash a working device. ;) So, more about this later.

Notes

1. I tried the /usr/bin/stopall application from a telnet login.

Here is the list of threads running before, the output of stopall, and the list of threads running afterward:

Expected Result
/usr/bin # ls /proc
1            139          29           8            cmdline      irq          partitions
10           14           3            80           cpuinfo      kallsyms     self
100          140          32           83           crypto       kcore        slabinfo
101          141          35           84           devices      kmsg         stat
102          142          4            9            diskstats    loadavg      swaps
103          143          5            92           dma          locks        sys
104          144          55           93           driver       meminfo      sysvipc
11           15           6            94           execdomains  misc         tty
112          154          65           96           filesystems  modules      uptime
113          155          7            98           fs           mounts       version
12           196          70           99           interrupts   mtd          vmstat
13           2            77           buddyinfo    iomem        nandinfo     yaffs
134          28           79           bus          ioports      net
/usr/bin # ./stopall
[Found RootApp] pid = 79 ...
[Found dvdplayer] pid = 83 ...
killing DvdPlayer...
killing RootApp...
RootApp AVHDD version...
pli initialization...
remount RO: ...
chip id: 1283: Mars...


>>>>>> Got NAND Flash device!

fw_desc_table_v1->signature=VERONA__
fw_desc_table_v1->part_list_len=0xc0
data_buf = 0x10006878
fw_desc_table_v1 = 0x10006878
sizeof(fw_desc_table_v1_t) = 0x20
part_entry = 0x10006898
part_count= 0x4
fw_entry = 0x10006958
FW type, 0x2!
Audio FW found!
Video FW found!
audio_fw_entry->offset = 0x1420000
audio_fw_entry->length = 0x1cd6b0
audio_fw_entry->target_addr = 0x81b00000
read len = 0x1cd6b0
video_fw_entry->offset = 0x1600000
video_fw_entry->length = 0x1b2478
video_fw_entry->target_addr = 0x81e00000
read len = 0x1b2478
remount RW: ...
/usr/bin # ls /proc
1            206          65           crypto       ioports      mounts       sysvipc
10           28           7            devices      irq          mtd          tty
11           29           70           diskstats    kallsyms     nandinfo     uptime
12           3            77           dma          kcore        net          version
13           32           8            driver       kmsg         partitions   vmstat
14           35           9            execdomains  loadavg      self         yaffs
15           4            buddyinfo    filesystems  locks        slabinfo
154          5            bus          fs           meminfo      stat
155          55           cmdline      interrupts   misc         swaps
2            6            cpuinfo      iomem        modules      sys
/usr/bin #

For those not familiar with the contents of /proc under Linux -
Those numbers are the thread (process) id numbers and are each a directory of information about the process.

The output of 'ps -a' gives details, commands in square brackets are kernel internal tasks, others are user tasks:

Process List
/usr/bin # ps -A
  PID  Uid     VmSize Stat Command
    1 root        368 S   init
    2 root            SWN [ksoftirqd/0]
    3 root            SW< [events/0]
    4 root            SW< [khelper]
    5 root            SW< [kthread]
    6 root            SW< [kblockd/0]
    7 root            SW  [khubd]
    8 root            SW  [pdflush]
    9 root            SW  [pdflush]
   12 root            SW< [aio/0]
   10 root            SW  [kswapd0]
   11 root            SW  [watchdog]
   13 root            SW< [cifsoplockd]
   14 root            SW< [cifsdnotifyd]
   15 root            SW  [eth0]
   16 root            SW  [mtdblockd]
   28 root        376 S   init
   29 root        376 S   init
   32 root        376 S   init
   34 root        376 S   init
   64 root        380 S   inetd
   67 root            SW< [sata_eh/0]
   72 root            SW  [scsi_eh_0]
   83 root            SW  [scsi_eh_1]
  170 root        364 S   /sbin/udhcpc -p /var/lock/udhcpc_eth0.pid -t 15 -b -s
  183 root        312 R   telnetd
  184 root        492 S   -sh
  221 root        360 R   ps -A

Contributors to this page: mikez , somerandomhash , peterk2005 and admin .
Page last modified on Friday 17 of June, 2011 14:38:06 CDT by mikez.

SourceHistory 9 Comments
RESTORE PROCEDURE

on Tue 10 of Nov., 2009 19:52 CST, by cybrmage

Well.... I managed to get my O!play into a boot-loop by flashing an A.C.Ryan PlayOn HD firmware to it... so I was forced to try and recover it.... and was successful!!

Here is the procedure

1) prepare your firmware image. Yow will need to run an HTTP or FTP server on your computer. If you will be using FTP, make sure that you configure the server so that the firmware file is accessable to an anonymous user. Take not of the URL for the file.

2) Change your computer's IP address so that it is on the same network as the default address of the O!play (192.168.0.9). IE: use 192.168.0.2 as the computers IP address. Remember this address for later.

3) Break your O!play out of the boot loop. Copy the script above into your favorite text editor, and save it as "asusrescue.bat". Unplug your O!play, run the script from a command prompt, the plug in the O!play. Note, you may need to run the script several time, as the timing is very tight.

Once you have a telnet prompt on your O!play, It will be able to accept connections, but will not be able to initiate outbound connections. To solve this, change the o!play's IP address.

/ # ifconfig eth0 192.168.0.8

This will change the IP address, reconfigure the routing table, and disconnect your telnet session.

4) start a new telnet session to the O!play using the IP address you used in the last step.

5) prepare the O!play to download and flash the firmware image. The loader_a command can NOT be used directly to restore the firmware to the device, as it tried to create a writable directory in the root of the filesystem. You need to create a file in the ramdisk and store the URL of the file in it.

/ # echo "http://192.168.0.2/install.img" > /tmp/installing_source

6) Start the restore process.

/ # kill -6 1

This causes the initd to reinitialize the system executive (the main process, PID 1). The executive process will terminate all low priviledge processes (and will terminate your telnet session) and run the /etc/reexec/init.script file, which moves the root filesystem to the ramdisk, and starts the restore process.

Be aware that your telnet session wil terminate, and the O!play will start to download the flash image. The screen will remain blank, and after several minutes, the display will appear and the flashing process will begin. Do not unplug the device!! THE RESTORE WILL TAKE A LONG TIME!!! The flash process took almost 20 minutes when I performed it.

top of page


restart loop error

on Sat 18 of Sep., 2010 10:20 CDT, by dashed

hy

i follow your guide..
i have restart looping error

1) prepare your firmware image. OK
2) Change your computer's IP address OK
3) Break your O!play out of the boot loop OK
4) start a new telnet session to the O!play using the IP address you used in the last step. OK

and after i have a problm

"~ # "http://192.168.0.2/install.img" > /tmp/installing_source
-sh: http://192.168.0.2/install.img:(external link) not found
~ #
"

the server is up, and running.
i can download "installing.img" from the firefox.
what can i do?

Plz try help me:)
I know my english realy realy bad, sry ;)

top of page

restart loop error

on Sat 18 of Sep., 2010 11:00 CDT, by wigout

"
"~ # "http://192.168.0.2/install.img" > /tmp/installing_source
-sh: http://192.168.0.2/install.img:(external link) (external link) not found

i can download "installing.img" from the firefox.
"

Just fact checking:
Your file must be named install.img (no hidden extension, not installing.img, just:
install.img
)

If you can get that far- just put your install.img on the root directory of a fat32 formatted usb stick and at the telnet prompt enter:
kill -6 1
that should cause the system to upgrade from the install.img on your flash drive.

-wigout

top of page

restart loop error

on Sat 18 of Sep., 2010 11:37 CDT, by dashed

(install.img of course. My mistake)

i trying your tipp, but nothing happened.
blank screen. i waiting over 10-15 min. and nothing.

short story long, i using alpha0.17PAL(Modded_From_1.28P) firmware mod, for torrent.Once restarting the oplay from "oplay web control panel", and since then looping and looping.

top of page

restart loop error

on Sat 18 of Sep., 2010 14:34 CDT, by wigout

"~ # "http://192.168.0.2/install.img" > /tmp/installing_source
-sh: http://192.168.0.2/install.img:(external link) (external link) not found
~ #
"

NOW I get what's happening:

Instead of:
"http://192.168.0.2/install.img" > /tmp/installing_source

your command there should read:
echo "http://192.168.0.2/install.img" > /tmp/installing_source

I'm a bit thick sometimes.

-wigout

top of page


restart loop error

on Sat 18 of Sep., 2010 11:52 CDT, by wigout

can you ping 192.168.0.2?
How about:

wget http:192.168.0.2/install.img

look over this thread:
http://minimodding.com/tiki-view_forum_thread.php?topics_offset=1&forumId=2&comments_parentId=2671(external link)

quote curtman:
"I got it going by putting the install.img in the root directory and named it 'install_img', then typing 'loader_a -t install_img'.. That seems to be all that happens with the kill -6 1 method, without killing the telnet session. I did find those instructions and tried them, but for some reason the stopall program was causing a kernel panic and freezing the box, and kill -6 1 didn't want to work with the dvdplayer app running."

that is curtman copied the install.img to the root directory OF THE PLAYER and the issued the following command:
loader_a -t install_img

I would only be concerned about the size of the file on your root directory.....

-wigout

top of page


restart loop error

on Sat 18 of Sep., 2010 12:35 CDT, by dashed

yes, ping ok

/ # ping 192.168.0.2
192.168.0.2 is alive!

wget didnt working

/ # wget http://192.168.0.2/install.img(external link)
wget: install.img: Cannot allocate memory

and now, how can i copy install.img to the root?
i have no idea

top of page


restart loop error

on Sat 18 of Sep., 2010 15:59 CDT, by dashed

ok.. now everything ok.
Its my fault.
Little web server config error and ,missed ECHO word caused the problem.
Now after 15-20min, firmware upgrading started..
Ty very much. And ty for your patience.

And again sry for my bad, bad englishneutral

top of page


No such file or directory

on Sun 20 of Feb., 2011 15:59 CST, by iwantmore

i get this:

root
/usr/bin/stopall
Venus login: login: cannot set groups: No such file or directory

Connection to host lost.

I realize im a very late here, but looking for some help, anyone please? :-)

Many Thanks.

top of page