pcmhacking.net

Code: Select all

1) This is modifying the SD card files a little. Need the card from the MDI installed in something that can read and write linux.
  a)Take SD card  from MDI and install into reader.
  b)find bin/telnetd.sh-disable and rename  to "telnetd.sh"
  c)Add  << export  PS1='[\u@mdi \W]\$ ' >> to the top of init_script.sh   **everything between the << and >> including the '


2) Booting up MDI with serial cable connected and serial terminal running. This is so we can modify the boot and add a partition.
  a)Now you need the serial cable connected to the MDI.
  b)Reinstall the modified SD card with the modified files into the MDI and power it up.
  c)With a serial program connected at 38,400 press any key during boot at the prompt.
  d) type in  "askenv setbootargsprimary"
  e) type in "run normalargs addinit addconsole addeth addprimary;setenv bootargs ${bootargs} mtdparts=flash0:256k(boot),128k(bootvars),1536k(linux1),6144k(initrd1),1536k(linux2),6144k(initrd2),128k(linuxvars1),128k(linuxvars2),32k@16320k(serialnum),32k(macaddress),128k@16256k(id);"  
  f) now type "boot" and the mdi should restart and boot.

3)  Now we have the MDI booted up with the changed files and telnet should be running.
 a)open up a telnet program. I used the windows 10 built in program by typing in telnet into the search prompt on taskbar.
 b)type in o 192.168.171.2 to open a  telnet session.
 c) type in "dd bs=512 if=/dev/mtd10 of=/usr/local/include/mtd10" and this copies mtd partition as a file to sd card.
 
4)Now shut down MDI, install SD card into the computer and locate the mtd file in the include folder.
 
5)modify the file time!! Load up mtd10 on your pc in HxD or Hexworkshop. 
 The serial is at 0x10000 with a crc32 checksum of 0x10000->0x17FFB written at 17FFC-17FFFF (LSB).
 The MAC is at 18000 with a crc32 checksum 0x18000->0x1FFFB at 1FFFC.  << this is not needed to change serial.

 Update both (just change the last couple of numbers), and use the calculate checksum feature of the hexeditor to calculate crc32 the sums of of the ranges and save the new sums in the bin (remember to enter them in LSB format).
 Check that you understand how the crc is written before changing anything. Setup the checksum, get the crc and see how it's entered LSB format. 
 Again. CRC32 is written back to front here!!! If in doubt send me or someone else the file who knows how to do this. or post it up here.
 Don't forget to SAVE THE FILE!!! You can rename it but you'll need to modify the instructions below accordingly if you do.. 
 
6)now that  the mtd10 file is changed with the new serial number put it back in the mdi and serial cable connected.
  a) Boot up the mdi but stop boot using serial terminal again.
  b) Type in  "askenv setbootargsprimary"
  c) Type in "run normalargs addinit addconsole addeth addprimary;setenv bootargs ${bootargs} mtdparts=flash0:256k(boot),128k(bootvars),1536k(linux1),6144k(initrd1),1536k(linux2),6144k(initrd2),128k(linuxvars1),128k(linuxvars2),32k@16320k(serialnum),32k(macaddress),128k@16256k(id);"  
  d) Now type "boot" and the mdi should restart and boot again with the added partition again.
  
7) Time to  telnet in and finish up.. almost done!!
 a)open up the telnet program again.
 b)type in "o 192.168.171.2" to open a  telnet session again. 
 c)now type  cd /usr/local/mtd/" and the next prompts should change to "[root@mdi mtd]#"
 d)Type in "./flash_unlock" /dev/mtd10 to unlock the flash partition. do NOT stop now!!!
 e)Type in "./flash_erase" /dev/mtd10 to erase the flash partition do NOT stop now!!!
 f)type in "dd bs=512 if=/usr/local/include/mtd10 of=/dev/mtd10" and this copies mtd file back into flash partition.
 
 Congrats!!! You should have seen 
256+0 records in
256+0 records out

As long as you saw it write the modified file back go ahead and shut down the MDI, power it back up holding down the power button to put it in recovery mode and recover the MDI.. all done!!!