[removed]

[critor]

Some more debug :

Code: Select all

Loading from Boot 2 partition...

19%
EXPLOIT: Created by parrotgeek1. Compiled: Jan 25 2018 00:13:21
Decompressing boot2...
8000
8040
8010
8010
8020
8020
8080
320
8070
Decompressing field...

EXPLOIT: Created by parrotgeek1. Compiled: Jan 25 2018 00:13:21
Decompressing boot2...
8000
8040
8010
8010
8020
8020
8080
320
8070
Decompressing field...
Decompressed field
Decompressed Boot2
CAS OS mode
Wrong boot2 version

It's in decompress(), during the 0x8070 field decompression, that the calculator is going crazy... stack corruption ?

[parrotgeek1]

It looks like there is some corruption going on; If the boot2 is made a few KB bigger the exploit crashes, even before it tries to decompress the boot2.

[critor]

Anyway, this problem doesn't seem to occur on real hardware.

Just installed your boot loader on my CX CAS CR4 (HW-W), and so far it worked perfectly. Congratulations, you're a genious !
Boots OS 4.5 very fast (44secs), doesn't reflash the Boot2 partition, and auto-installs Ndless 4.5.
Tried several times, alternating hot-reboots and cold-boots. No problem so far.

I've only modified your mkexp.sh file, so that generated Nanoloader images can be flashed correctly with BtMg :

Code: Select all

(cat boot15_4.4.img; echo $(($(wc -c < "$1")+32)) | xargs printf '800F%08X' | xxd -r -p; printf '\x80\x00\x80\x44Hack\x80\x1350F\x80\x13510\x80\x84';echo "$2" | xxd -r -p; wc -c < "$1" | xargs printf '807F%08X' | xxd -r -p; cat "$1"; printf '\x02\xF0\xFF\xF0') > test.img

Why don't you make a single CAS + non-CAS image instead of two separate ones ?
It would be easier to switch from CAS to non-CAS or non-CAS to CAS, when testing things.
Too big ?

[parrotgeek1]

.

[critor]

Thank you for your reply.
Indeed, I forgot this technical problem :
- Boot1 unmapped and thus unusable
- Boot1.5 corrupted and thus unusable
- and Boot2 4.0.3 payload has to remain quite small

If I understand well, you need Boot2 4.0.3 (to inject the OS patcher which then injects Ndless in the OS), and patch its version to 4.6.4.8 so that it won't be updated by supported and non-supported OSes.
I would have chosen something much higher, since next OS version may be a 5.0 coming with a Boot2 5.0.

Can we have a list of the OS you are going to support ?
You've taken ControlX patches (no problem with this), but removed most OS versions.
I can only find support for CX (CAS) OS versions :
- 3.6.0.546/550
- 4.4.0.532
- 4.5.0.1180

It may be enough for users, but it's not great for a tinkerer like me.
I may someday forget this and downgrade to test something, and then not understand immediately why it just broke everything.

Is there a problem (like a size limit) with including back other OS versions patches ?

[parrotgeek1]

.

[critor]

> patch its version to 4.6.4.8

That is supposed to be 4.4.0.8. Oops.

That's what I'm getting :

Note Boot2 version format isn't raw if I remember well.
But it might be some corruption too ?...

> Is there a problem (like a size limit) with including back other OS versions patches ?

Yes there is a size limit, but I could still add more. What oses do you want?

I was just asking. I can't predict my future tests.
So if we can't include all OSes like with ControlX, I think the most important ones for users are :

• 3.1
• 3.6
• 4.4
• 4.5

Although personnally, I think all users should just update to 4.4 or 4.5 now that boot loaders support them and on all hardware revisions.

[parrotgeek1]

.

[critor]

Ok, thanks.

As you don't have a CX anymore, below is an unlisted video you can check.

You can note Boot1 version is 4.0.1 at the start of the video, and Ndless is installed at the end after the reboot.

Some strange things which don't happen on emulators (at least in non-CR4+ mode) :
- the lock icon disappears, once Boot2 is launched I suppose
- the progress bar seems to skip a whole part

[parrotgeek1]

.