Eject Bug Hack

From Exploitee.rs
Revision as of 08:45, 14 March 2012 by ASmig (talk | contribs)
Jump to navigationJump to search

Here is a git patch that consists of a script to detect and recover from the eject bug and the modification necessary to make that script be run as a service. Nothing about this install process is automatic, though once installed it runs fully automatic. If you don't know how to read a git patch, you'd best learn how. Improper application of the contents of this patch to your system could certainly brick it.

Description of what follows, to clarify why it is this way: The patch can only be applied to a GTV by manually reading the patch and making the changes described within it by hand. It's merely packaged as a git patch because, well, git is damn awesome and if you can read a git patch it's impossible for the meaning of it to be misunderstood. Git patches are a detailed documenting of additions, deletions, and context.

The patch is divided into sections, the top being a basic email header that serves to identify who, when, and what; following that is a list of files affected, including a line of +/- indicating quantity of insertions and deletions, and note of any new files added or old files deleted along with standard UNIX permissions for those files; following this, the diff of each file affected is included with the format described above. Within the diff, any line that begins with a "+" is an inserted line. Any line that begins with a "-" is a removed line (there are none here). Lines around those lines are context. The lines that begin with "@@" indicate which line numbers the context included in the patch should be found at, and what the line numbers should be after the changes.

It was packaged this way for convenience of publishing the information. I'm told it can be applied via the patch command included in busybox on the rooted GTV. Super cool. Hopefully someone can fix up my crappy documentation with something a little more usable.

Unformatted patch follows:

From f5b9194ad7865bfdaf43ad676965ff77c5895465 Mon Sep 17 00:00:00 2001
From: Catrane <[email protected]>
Date: Mon, 12 Mar 2012 23:21:14 -0500
Subject: [PATCH] Hack workaround to make disc eject work on rooted NSZ-GT1.
 Includes 60 second delay before activating as a safety

 init.eagle.rc                      |    5 +++
 system/bin/eject_bug_workaround.sh |   53 ++++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 0 deletions(-)
 create mode 100644 system/bin/eject_bug_workaround.sh

diff --git a/init.eagle.rc b/init.eagle.rc
index 2004d8a..685ce6f 100644
--- a/init.eagle.rc
+++ b/init.eagle.rc
@@ -329,6 +329,7 @@ on init
     setprop com.sony.btv.discplayer.enable 1
+    start ejectworkaround
   ## for lighttpd
     mkdir /var/log/lighttpd 0750 system system
@@ -439,6 +440,10 @@ service discplayer /system/bin/discplayer
     user root
     group system
+service ejectworkaround /system/bin/eject_bug_workaround.sh 60
+    user root
+    group system
 on property:com.sony.btv.discplayer.enable=1
     start discplayer
     start discservice
diff --git a/system/bin/eject_bug_workaround.sh b/system/bin/eject_bug_workaround.sh
new file mode 100644
index 0000000..1f4f282
--- /dev/null
+++ b/system/bin/eject_bug_workaround.sh
@@ -0,0 +1,53 @@
+# Reason:
+# There is a known problem that, for an unknown reason, disc eject fails on rooted NSZ-GT1 systems.
+# Side effects of this problem include the possibility that the disc is not ejected and in all cases
+# the problem that discs cannot be played after attempted eject.
+# Rebooting the system fixes the problem, but this solution eliminates the need for reboot.
+# Alternative solutions:
+# Restart the device via the power cord or ctrl-alt-del.
+# Caveats:
+# This fix does not detect the occurrence of any error, but rather occurrence of a known event which
+# reliably preceeds the error and is reliably followed by the error situation.
+# Error messages and odd behavior may be observed onscreen at the moment of eject, though none of
+# this causes any side-effects.
+# Stimulus:
+# From command: logcat -b main
+# Output: I DiscPlayerManager: onStartCommand: com.sony.btv.discplayer.EJECT_DISC
+# Response:
+# setprop com.sony.btv.discplayer.enable 0
+# busybox eject /dev/block/sr0
+# setprop com.sony.btv.discplayer.enable 1
+# Usage:
+#   eject_bug_workaround.sh &
+#   - Runs workaround in background.
+#   eject_bug_workaround.sh 600 &
+#   - Sleeps for 600 seconds before running, all in background.
+#   - Useful for ensuring a window of recovery in case any side-effects occur.
+if [ ! -z "$1" ]
+   sleep $1
+logcat -b main DiscPlayerManager:I *:S|busybox awk '/onStartCommand: com.sony.btv.discplayer.EJECT_DISC/ {system("echo onStartCommand: com.sony.btv.discplayer.EJECT_DISC")}'|while busybox awk '/onStartCommand: com.sony.btv.discplayer.EJECT_DISC/ {exit 0}'
+   if [ "$LASTDECT" != "$(date)" ]
+   then
+       echo Detected eject failure.
+       setprop com.sony.btv.discplayer.enable 0
+       busybox eject /dev/block/sr0
+       setprop com.sony.btv.discplayer.enable 1
+       echo Eject failure repair complete.
+       LASTDECT=$(date)
+   fi

Using busybox patch to apply this for you

First off, make sure you have a good copy of the above patch saved in a file with UNIX end of line characters. Google lead me to http://wiki.secondlife.com/wiki/How_to_avoid_DOS_line_endings_in_Windows_tools which may be of use to you non-Linux folks. Once you have the patch saved as eject.patch, then follow these steps:

  1. adb push eject.patch eject.patch
  2. adb shell
    1. busybox patch -p1 < eject.patch
    2. chmod 755 /system/bin/eject_bug_workaround.sh