Hava RedBoot access via ethernet
I’ve been accessing the Hava console via it’s serial port for quite a while. It requires an adapter that converts the Hava’s 3.3 volt serial to something a pc can talk to. This allowed me to get root access to the Hava Titanium and poke around in it’s firmware.
It’s also possible to access the Hava’s Redboot boot loader via ethernet for 3 seconds just after it’s powered up. It’s almost impossible to do by hand but with a script it’s easy. The linux script below is based on the ones the people hacking on the NSLU2 use to access it’s bootloader. See How To Telnet Into RedBoot for other ways to telnet in.
There are a couple of gotcha’s for telneting into the Hava Titanium. The first is the IP address, during the first few seconds before boot it’s set internally (in the flash, it can be changed) to 192.168.1.220. The second is the MAC address, during boot it’s not the one on the label, it uses 00:03:47:DF:32:A8. If you know these two “secrets” you can telnet into the Hava Titanium while it’s booting. (Actually there are three, the port is 9000)
The linux shell script I use is:
#!/bin/sh route add -net 192.168.1.0 netmask 255.255.255.0 dev eth0 arp -s 192.168.1.220 00:03:47:DF:32:A8 echo -e "\0377\0364\0377\0375\0006" >break.bin /sbin/arping -f 192.168.1.220 nc -D -vvv 192.168.1.220 9000 telnet 192.168.1.220 9000
You can download the script from this server at havaredboot.sh. I execute the script as root, if you execute it as a regular user you may have to add sudo commands to the beginning of some of the lines. The route command adds a route to the 192.168.1.0 network because the interface’s real address is on the 192.168.0.0 network. You could add an alias or just change your IP temporarily, this just seemed easier to me. My ethernet interface is eth0, if your interface has a different name (the ifconfig command will tell you what it is) change it. The rest shouldn’t have to be changed. You can either do “chmod +x havaredboot.sh” to make it executable or execute it as “sh havaredboot.sh”.
To use it, execute the script and after it’s running plug the power cable into the Hava. It’s all automatic after that. This is the output of a run of the script. The script leaves you at the RedBoot> prompt about a dozen lines down. I typed in the “fconfig -l” command to list some of the redboot configuration parameters. The “fis list” command shows the “partitions” in the flash memory.
# ./havaredboot.sh SIOCADDRT: File exists ARPING 192.168.1.220 from 192.168.0.2 eth0 Unicast reply from 192.168.1.220 [00:03:47:DF:32:A8] 2.143ms Sent 11 probes (11 broadcast(s)) Received 1 response(s) Connection to 192.168.1.220 9000 port [tcp/cslistener] succeeded! == Executing boot script in 1.810 seconds - enter ^C to abort Trying 192.168.1.220... Connected to havaboot.jencoind.com (192.168.1.220). Escape character is '^]'. RedBoot> fconfig -l Run script at boot: true Boot script: .. fis load ramdisk .. fis load zImage .. exec Boot script timeout (1000ms resolution): 3 Use BOOTP for network configuration: false Gateway IP address: 192.168.1.1 Local IP address: 192.168.1.220 Local IP address mask: 255.255.255.0 Default server IP address: 192.168.1.221 Console baud rate: 115200 GDB connection port: 9000 Force console for special debug messages: false Network debug at boot time: false Default network device: npe_lan Network hardware address [MAC] for npe_lan: 0x00:0x03:0x47:0xDF:0x32:0xA8 Network hardware address [MAC] for npe_wan: 0x00:0x03:0x47:0xDF:0x32:0xAA Utopia on NPE-A: false RedBoot> fis list Name FLASH addr Mem addr Length Entry point RedBoot 0x50000000 0x50000000 0x00060000 0x00000000 zImage 0x50060000 0x01600000 0x00100000 0x01600000 ramdisk 0x50160000 0x00800000 0x00380000 0x00800000 local 0x504E0000 0x00800000 0x00200000 0x00800000 sysconfig 0x506E0000 0x506E0000 0x000E0000 0x00800000 hwconfig 0x507C0000 0x507C0000 0x00020000 0x00800000 extended 0x507E0000 0x507E0000 0x00800000 0x00800000 FIS directory 0x50FE0000 0x50FE0000 0x0001F000 0x00000000 RedBoot config 0x50FFF000 0x50FFF000 0x00001000 0x00000000 RedBoot>
Over the coming weekend I’ll post more about what you can do.
Bear in mind, most of the commands in RedBoot can make your Hava non-functional and non-bootable. Be careful. The “fconfig -l”, “fis list”, and “reset” commands are relatively safe. The first two list info as it shows above and reset just reboots the Hava.
-Hank
