Difference between revisions of "Eject Bug Hack"

From Exploitee.rs
Jump to navigationJump to search
(Package the patch into a patchloader for end-user use.)
Line 1: Line 1:
Here is a git patch that consists of a script to detect and recover from the eject bug and the modification necessary to make that script be run as a service.  Nothing about this install process is automatic, though once installed it runs fully automatic.  If you don't know how to read a git patch, you'd best learn how.  Improper application of the contents of this patch to your system could certainly brick it.
Here is a patchloader that consists of a script to detect and recover from the eject bug and the modification necessary to make that script be run as a service.  The user can follow the instructions below to install this on their GTV.


The install procedure and the workaround itself are run as root, so there is of course the risk that the user could brick their system with no recourse for recovery.  As with any root-related activity, if you can't afford to lose it, don't do it.


----
<pre>#!/bin/sh


Description of what follows, to clarify why it is this way:
# patchloader, by Catrane
The patch can only be applied to a GTV by manually reading the patch and making the changes described within it by handIt's merely packaged as a git patch because, well, git is damn awesome and if you can read a git patch it's impossible for the meaning of it to be misunderstood. Git patches are a detailed documenting of additions, deletions, and context.
# Bluray disc eject workaround, by Catrane
#
# USER INSTRUCTIONS
# -----------------
# 1) Save the full contents of this patchloader file to your computer.  This may
#    involve copying and pasting, or just downloading.
# 2) Connect to your device using adbadb usage is outside the scope of this
#    document.
# 3) Transfer this patchloader file to your device via adb so that it exists as
#    /patchloader.sh on your device.
#    e.g. adb push patchloader.sh /patchloader.sh
# 4) Execute the patchloader by running the following command via adb.
#    adb shell /bin/sh /patchloader.sh
# 5) Follow any instructions printed out by the patchloader.


The patch is divided into sections, the top being a basic email header that serves to identify who, when, and what; following that is a list of files affected, including a line of +/- indicating quantity of insertions and deletions, and note of any new files added or old files deleted along with standard UNIX permissions for those files; following this, the diff of each file affected is included with the format described above. Within the diff, any line that begins with a "+" is an inserted line.  Any line that begins with a "-" is a removed line (there are none here).  Lines around those lines are context.  The lines that begin with "@@" indicate which line numbers the context included in the patch should be found at, and what the line numbers should be after the changes.
# DEVELOPER INSTRUCTIONS
# -----------------
# Search for these sections below:
#  PRE PATCH, PATCH PAYLOAD, PATCH MD5, POST PATCH, and USER INSTRUCTIONS.
# Follow directions in each section.
# Do not modify any other sections.


It was packaged this way for convenience of publishing the information.  I'm told it can be applied via the patch command included in busybox on the rooted GTV.  Super coolHopefully someone can fix up my crappy documentation with something a little more usable.
# PATCHLOADER TRUNCATION CHECK
# -----------------
busybox tail -5 $0 | grep -q "[P]ATCHLOADER END FILE SIGNATURE"
if [ "$?" != "0" ]
then
echo "FATAL: Patchloader truncatedPlease redownload and try again."
exit
fi


Unformatted patch follows:
# PRE PATCH
# -----------------
# Add any commands below which should be run prior to applying the patch.


<pre>From f5b9194ad7865bfdaf43ad676965ff77c5895465 Mon Sep 17 00:00:00 2001
# END PRE PATCH
From: Catrane <catrane@gtvhacker>
# -----------------
Date: Mon, 12 Mar 2012 23:21:14 -0500
Subject: [PATCH] Hack workaround to make disc eject work on rooted NSZ-GT1.
Includes 60 second delay before activating as a safety
window.


# PATCH PAYLOAD
# -----------------
# Add patch content after the "echo" line here.  Be sure to escape any
# characters as necessary and adjust dos2unix/unix2dos settings as appropriate.
echo '
---
---
  init.eagle.rc                      |    5 +++
  init.eagle.rc                      |    5 +++
Line 90: Line 119:
+if [ ! -z "$1" ]
+if [ ! -z "$1" ]
+then
+then
+   sleep $1
+ sleep $1
+fi
+fi
+
+
+LASTDECT=$(date)
+LASTDECT=$(date)
+
+
+logcat -b main DiscPlayerManager:I *:S|busybox awk '/onStartCommand: com.sony.btv.discplayer.EJECT_DISC/ {system("echo onStartCommand: com.sony.btv.discplayer.EJECT_DISC")}'|while busybox awk '/onStartCommand: com.sony.btv.discplayer.EJECT_DISC/ {exit 0}'
+logcat -b main DiscPlayerManager:I *:S|busybox awk '"'"'/onStartCommand: com.sony.btv.discplayer.EJECT_DISC/ {system("echo onStartCommand: com.sony.btv.discplayer.EJECT_DISC")}'"'"'|while busybox awk '"'"'/onStartCommand: com.sony.btv.discplayer.EJECT_DISC/ {exit 0}'"'"'
+do
+do
+   if [ "$LASTDECT" != "$(date)" ]
+ if [ "$LASTDECT" != "$(date)" ]
+   then
+ then
+       echo Detected eject failure.
+ echo Detected eject failure.
+       setprop com.sony.btv.discplayer.enable 0
+ setprop com.sony.btv.discplayer.enable 0
+       busybox eject /dev/block/sr0
+ busybox eject /dev/block/sr0
+       setprop com.sony.btv.discplayer.enable 1
+ setprop com.sony.btv.discplayer.enable 1
+       echo Eject failure repair complete.
+ echo Eject failure repair complete.
+       LASTDECT=$(date)
+ LASTDECT=$(date)
+   fi
+ fi
+done
+done
+
+
--  
--  
1.7.6.1</pre>
1.7.6.1
' | busybox dos2unix -u > patchloader.patch


# PATCH MD5
# -----------------
# Calculate the MD5 hash of the patch file and set here for validation.
# Note that the script above starts and ends with a linefeed, so the best way to
# get the right value is to run the script with "GARBAGE" as the MD5 below and
# let it tell you the right value.
PATCH_MD5="023aa9d02d4ef49af781fc65215d4fc7  patchloader.patch"


=== Using busybox patch to apply this for you ===
# MD5 VALIDATION
# -----------------
MD5_CALC="`busybox md5sum patchloader.patch`"
if [ "$PATCH_MD5" != "$MD5_CALC" ]
then
if [ "GARBAGE" != "$PATCH_MD5" ]
then
echo "FATAL: Failure to validate patch integrity.  Please redownload and try again."
else
echo "patchloader MD5 hash is as follows.  Users should not see this message."
echo "$MD5_CALC"
fi
rm patchloader.patch
exit
fi


First off, make sure you have a good copy of the above patch saved in a file with UNIX end of line characters. Google lead me to http://wiki.secondlife.com/wiki/How_to_avoid_DOS_line_endings_in_Windows_tools which may be of use to you non-Linux folks. Once you have the patch saved as eject.patch, then follow these steps:
# PATCH APPLICATION
# -----------------
busybox patch -p1 < patchloader.patch
if [ "$?" != "0" ]
then
echo "FATAL: Error patching. Please redownload and try again."
rm patchloader.patch
exit
fi
rm patchloader.patch


# adb push eject.patch eject.patch
# POST PATCH
# adb shell
# -----------------
## busybox patch -p1 < eject.patch
# Add any commands below which should be run prior to applying the patch.
## chmod 755 /system/bin/eject_bug_workaround.sh
# Include here any instructions for user to reboot if necessary.
chmod 755 /system/bin/eject_bug_workaround.sh
rm $0
echo Please reboot your GTV via the power cord or ctrl-alt-del for this patch
echo to take effect.
echo This patch has a 60 second safety when loaded, so it will not actually run
echo until the GTV has been fully booted for 60 seconds.
 
# END POST PATCH
# -----------------
 
# PATCHLOADER END FILE SIGNATURE
# -----------------
# Do not remove this PATCHLOADER END FILE SIGNATURE from the end of the file or
# place anything after it.  Pretty much, the text "PATCHLOADER END FILE SIGNATURE"
# needs to be in the last five lines so we can make sure nothing is missing.
</pre>

Revision as of 14:25, 15 March 2012

Here is a patchloader that consists of a script to detect and recover from the eject bug and the modification necessary to make that script be run as a service. The user can follow the instructions below to install this on their GTV.

The install procedure and the workaround itself are run as root, so there is of course the risk that the user could brick their system with no recourse for recovery. As with any root-related activity, if you can't afford to lose it, don't do it.

#!/bin/sh

# patchloader, by Catrane
# Bluray disc eject workaround, by Catrane
#
# USER INSTRUCTIONS
# -----------------
# 1) Save the full contents of this patchloader file to your computer.  This may
#    involve copying and pasting, or just downloading.
# 2) Connect to your device using adb.  adb usage is outside the scope of this
#    document.
# 3) Transfer this patchloader file to your device via adb so that it exists as
#    /patchloader.sh on your device.
#    e.g. adb push patchloader.sh /patchloader.sh
# 4) Execute the patchloader by running the following command via adb.
#    adb shell /bin/sh /patchloader.sh
# 5) Follow any instructions printed out by the patchloader.

# DEVELOPER INSTRUCTIONS
# -----------------
# Search for these sections below:
#  PRE PATCH, PATCH PAYLOAD, PATCH MD5, POST PATCH, and USER INSTRUCTIONS.
# Follow directions in each section.
# Do not modify any other sections.

# PATCHLOADER TRUNCATION CHECK
# -----------------
busybox tail -5 $0 | grep -q "[P]ATCHLOADER END FILE SIGNATURE"
if [ "$?" != "0" ]
then
	echo "FATAL: Patchloader truncated.  Please redownload and try again."
	exit
fi

# PRE PATCH
# -----------------
# Add any commands below which should be run prior to applying the patch.

# END PRE PATCH
# -----------------

# PATCH PAYLOAD
# -----------------
# Add patch content after the "echo" line here.  Be sure to escape any
# characters as necessary and adjust dos2unix/unix2dos settings as appropriate.
echo '
---
 init.eagle.rc                      |    5 +++
 system/bin/eject_bug_workaround.sh |   53 ++++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 0 deletions(-)
 create mode 100644 system/bin/eject_bug_workaround.sh

diff --git a/init.eagle.rc b/init.eagle.rc
index 2004d8a..685ce6f 100644
--- a/init.eagle.rc
+++ b/init.eagle.rc
@@ -329,6 +329,7 @@ on init
     setprop com.sony.btv.discplayer.enable 1
     export DISCPLAYER_KEEP_DMIX_ASIS true
     export DISCPLAYER_LOG_VERBOSE true
+    start ejectworkaround
 
   ## for lighttpd
     mkdir /var/log/lighttpd 0750 system system
@@ -439,6 +440,10 @@ service discplayer /system/bin/discplayer
     user root
     group system
 
+service ejectworkaround /system/bin/eject_bug_workaround.sh 60
+    user root
+    group system
+
 on property:com.sony.btv.discplayer.enable=1
     start discplayer
     start discservice
diff --git a/system/bin/eject_bug_workaround.sh b/system/bin/eject_bug_workaround.sh
new file mode 100644
index 0000000..1f4f282
--- /dev/null
+++ b/system/bin/eject_bug_workaround.sh
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# Reason:
+# There is a known problem that, for an unknown reason, disc eject fails on rooted NSZ-GT1 systems.
+# Side effects of this problem include the possibility that the disc is not ejected and in all cases
+# the problem that discs cannot be played after attempted eject.
+# Rebooting the system fixes the problem, but this solution eliminates the need for reboot.
+
+# Alternative solutions:
+# Restart the device via the power cord or ctrl-alt-del.
+
+# Caveats:
+# This fix does not detect the occurrence of any error, but rather occurrence of a known event which
+# reliably preceeds the error and is reliably followed by the error situation.
+# Error messages and odd behavior may be observed onscreen at the moment of eject, though none of
+# this causes any side-effects.
+
+# Stimulus:
+# From command: logcat -b main
+# Output: I DiscPlayerManager: onStartCommand: com.sony.btv.discplayer.EJECT_DISC
+
+# Response:
+# setprop com.sony.btv.discplayer.enable 0
+# busybox eject /dev/block/sr0
+# setprop com.sony.btv.discplayer.enable 1
+
+# Usage:
+#   eject_bug_workaround.sh &
+#   - Runs workaround in background.
+#   eject_bug_workaround.sh 600 &
+#   - Sleeps for 600 seconds before running, all in background.
+#   - Useful for ensuring a window of recovery in case any side-effects occur.
+
+if [ ! -z "$1" ]
+then
+	sleep $1
+fi
+
+LASTDECT=$(date)
+
+logcat -b main DiscPlayerManager:I *:S|busybox awk '"'"'/onStartCommand: com.sony.btv.discplayer.EJECT_DISC/ {system("echo onStartCommand: com.sony.btv.discplayer.EJECT_DISC")}'"'"'|while busybox awk '"'"'/onStartCommand: com.sony.btv.discplayer.EJECT_DISC/ {exit 0}'"'"'
+do
+	if [ "$LASTDECT" != "$(date)" ]
+	then
+		echo Detected eject failure.
+		setprop com.sony.btv.discplayer.enable 0
+		busybox eject /dev/block/sr0
+		setprop com.sony.btv.discplayer.enable 1
+		echo Eject failure repair complete.
+		LASTDECT=$(date)
+	fi
+done
+
-- 
1.7.6.1
' | busybox dos2unix -u > patchloader.patch

# PATCH MD5
# -----------------
# Calculate the MD5 hash of the patch file and set here for validation.
# Note that the script above starts and ends with a linefeed, so the best way to
# get the right value is to run the script with "GARBAGE" as the MD5 below and
# let it tell you the right value.
PATCH_MD5="023aa9d02d4ef49af781fc65215d4fc7  patchloader.patch"

# MD5 VALIDATION
# -----------------
MD5_CALC="`busybox md5sum patchloader.patch`"
if [ "$PATCH_MD5" != "$MD5_CALC" ]
then
	if [ "GARBAGE" != "$PATCH_MD5" ]
	then
		echo "FATAL: Failure to validate patch integrity.  Please redownload and try again."
	else
		echo "patchloader MD5 hash is as follows.  Users should not see this message."
		echo "$MD5_CALC"
	fi
	rm patchloader.patch
	exit
fi

# PATCH APPLICATION
# -----------------
busybox patch -p1 < patchloader.patch
if [ "$?" != "0" ]
then
	echo "FATAL: Error patching.  Please redownload and try again."
	rm patchloader.patch
	exit
fi
rm patchloader.patch

# POST PATCH
# -----------------
# Add any commands below which should be run prior to applying the patch.
# Include here any instructions for user to reboot if necessary.
chmod 755 /system/bin/eject_bug_workaround.sh
rm $0
echo Please reboot your GTV via the power cord or ctrl-alt-del for this patch
echo to take effect.
echo This patch has a 60 second safety when loaded, so it will not actually run
echo until the GTV has been fully booted for 60 seconds.

# END POST PATCH
# -----------------

# PATCHLOADER END FILE SIGNATURE
# -----------------
# Do not remove this PATCHLOADER END FILE SIGNATURE from the end of the file or
# place anything after it.  Pretty much, the text "PATCHLOADER END FILE SIGNATURE"
# needs to be in the last five lines so we can make sure nothing is missing.