Quote:
|
Originally Posted by scotty1024
That will only survive a patch update. On their full updates they dd a new file system into the disk on chip.
|
Yes, this will be more tricky, but still possible to backdoor. I'll wait until 2.8 is out before posting suggestions.
Quote:
I hope that wasn't the real name you used for your rc script, I'm sure they'll have a patch for that in 2.7.2. 
|
It was a throwaway - but an interesting measure of their paranoia to see whether they do patch it or not.
Quote:
|
BTW I'm not some cowboy with my start.sh hack for the clock. Once their panel starts you have to kill out and restart the icon container, which is a central nexus in how the iLiad routes things like the keyboard events. I've done it by hand but its cleaner to just mod the actual start.
|
No indeed, but (as I find daily), you can't underestimate the clumsiness of people entering your scripts into their machine. If a mistake is possible, then somebody will make it. And missing off the last
& in startup.sh is very easy and deadly to do.
Perhaps we could post an exploit to update er_registry (harmless), then supply clickable sed or shell scripts to do the rest...
On a related topic, have you any idea where the kernel boot image lives? Its symlink in /boot doesn't exist and it's not on /dev/tffsa1 where I might have expected to find it. I can only assume that there's another paged boot flash that we don't have access to... If we could find that, then we'd be on the first steps to brick-protection..