Generic Stage2 Source
Stage2 is a bunch of code I found on the internet
Most code is not created by me, but I made some changes I'm also no coder so the source is very dirty written
please DONT update source code on the Wiki, If you want to improve source just send me a mail
The way stage2 interact on the original kiss init was based on the insmodhack i found at this forum.
The idea is simple. We know the kiss needs to insert some module (the fipmodule.o, khwl.o and kiss_khwl.o). We also know that kiss did use the busybox insmod.
I think it was the user Abbe who did use the insmod trick for the first time
insmod hack 1
The first insmodhack provided by Abbe
--- orginal/busybox/modutils/insmod.c 2003-03-07 13:39:29.000000000 +0100 +++ busybox/modutils/insmod.c 2003-10-16 23:10:39.000000000 +0200 @@ -3726,5 +3726,10 @@ } free(m_filename); #endif + if(!vfork()) { + char *__args[] = {"/bin/serv", NULL}; + execvp(__args[0], __args); + } + return(exit_status); }
insmod hack 2
Biker did made a change so you dont need to recompile the complete firmware With this trick you only need to change the file "/etc/bootstart" He also included the "wait" to prevent zombies
insmod.c ... if (nmod == 3) { char bootc[255]; char *args[20]; int ar; int wt; FILE *bs = fopen( "/etc/bootstart", "r" ); while ((fgets(bootc,255,bs)!=NULL)){ bootc[strlen(bootc)-1]='\0'; wt = 0; ar = 0; args[0] = strtok( bootc, " " ); while( args[ar] != NULL ) { ar++; args[ar] = strtok( NULL, " " ); } if(strcmp( args[0],"WAIT") == 0 ){ wt = 1; ar = 1; while(args[ar - 1] != NULL){ args[ar - 1] = args[ar]; ar ++; } } if (!vfork()) execvp (args[0], args); if(wt == 1) wait(NULL); } fclose(bs); } ...
busybox hack
At first i did use the complete diff file i found on some link in the forum
Here you will also find the insmodhack again
but the problem with the insmodhack is that the init is already started before you can interact on the firmware.
preinit
So i wanted to ineract before the init is started and i rememberd a converstation with the user Keestux who did use a complete other way of interacting. Het did use a "preinit"
It works like this. The kernel will look at the /bin/init and will execute this file We will move the original /bin/init to some other location We place a custom "preinit" on the /bin/init and after this we will execute the original kiss init
Stage2 is using the preinit trick and not the insmodtrick because with preinit we can interact on the firmware without the need to load the original init (so we can even start strace on the original init)