MSN TV 2/Linux Shellcode Disassembly

From WebTV Wiki
Revision as of 22:01, 7 March 2023 by Wtv-411 (talk | contribs) (Created page with "(Back to Installing Linux on the MSN TV 2 (RM4100) ----- Disassembly of the shellcode used to flash the BIOS on the MSN TV 2 (RM4100) with a modified one that runs Linux. Originally [https://web.archive.org/web/20070124034254/http://www.smittys.pointclark.net:80/rm4100/viewtopic.php?p=321&sid=2f68e2ef3ce9cfd9a96d0de9a4d2585d posted] to the "RM4100 Customizing" forum (smittys.pointclark.net) on January 1st, 2007 by "ollo...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Back to Installing Linux on the MSN TV 2 (RM4100)


Disassembly of the shellcode used to flash the BIOS on the MSN TV 2 (RM4100) with a modified one that runs Linux. Originally posted to the "RM4100 Customizing" forum (smittys.pointclark.net) on January 1st, 2007 by "ollopa".

Disassembled code:

seg000:0082E160 ; Base Address: 0000h Range: 0000h - 00D0h Loaded length: 00D0h
seg000:0082E160
seg000:0082E160 .486
seg000:0082E160 .model flat
seg000:0082E160
seg000:0082E160 ; ヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘヘ
seg000:0082E160
seg000:0082E160 ; Segment type: Regular
seg000:0082E160 seg000 segment byte public '' use32
seg000:0082E160 assume cs:seg000
seg000:0082E160 ;org 82E160h
seg000:0082E160 assume es:nothing, ss:nothing, ds:nothing, fs:nothing, gs:nothing
seg000:0082E160 push offset msg_hi_there
seg000:0082E165 call near ptr 82F158h
seg000:0082E16A push 3
seg000:0082E16C push 82E1DEh
seg000:0082E171 call near ptr 808C94h
seg000:0082E176 push 0FFFFFFFFh
seg000:0082E17B push 100000h
seg000:0082E180 push eax
seg000:0082E181 call near ptr 80940Ch
seg000:0082E186 add esp, 18h
seg000:0082E18C cmp eax, 0
seg000:0082E191 jg short loc_82E1A4
seg000:0082E193 push 82E1FBh
seg000:0082E198 call near ptr 82F158h
seg000:0082E19D add esp, 4
seg000:0082E1A3 retn
seg000:0082E1A4 ; トトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトト
seg000:0082E1A4
seg000:0082E1A4 loc_82E1A4: ; CODE XREF: seg000:0082E191�j
seg000:0082E1A4 push offset msg_flashing ; "starting flash...\n\r"
seg000:0082E1A9 call near ptr 82F158h
seg000:0082E1AE push 0
seg000:0082E1B3 push 100000h
seg000:0082E1B8 push 100000h
seg000:0082E1BD call near ptr 800384h
seg000:0082E1C2 push 82E207h
seg000:0082E1C7 call near ptr 82F158h
seg000:0082E1CC add esp, 14h
seg000:0082E1D2 retn
seg000:0082E1D2 ; トトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトトト
seg000:0082E1D3 msg_hi_there db 'hi there', 0Ah, 0Dh, 0
seg000:0082E1D3 ; DATA XREF: seg000:0082E160�o
seg000:0082E1DE public bios_bin_file
seg000:0082E1DE bios_bin_file db 62h ; b
seg000:0082E1DF db 69h ; i
seg000:0082E1E0 db 6Fh ; o
seg000:0082E1E1 db 73h ; s
seg000:0082E1E2 db 2Eh ; .
seg000:0082E1E3 db 62h ; b
seg000:0082E1E4 db 69h ; i
seg000:0082E1E5 db 6Eh ; n
seg000:0082E1E6 db 0
seg000:0082E1E7 msg_flashing db 'starting flash...',0Ah ; DATA XREF: seg000:loc_82E1A4�o
seg000:0082E1E7 db 0Dh,0
seg000:0082E1FB msg_io_error db 69h ; i
seg000:0082E1FC db 2Fh ; /
seg000:0082E1FD db 6Fh ; o
seg000:0082E1FE db 20h
seg000:0082E1FF db 65h ; e
seg000:0082E200 db 72h ; r
seg000:0082E201 db 72h ; r
seg000:0082E202 db 6Fh ; o
seg000:0082E203 db 72h ; r
seg000:0082E204 db 0Ah
seg000:0082E205 db 0Dh
seg000:0082E206 db 0
seg000:0082E207 msg_flash_done db 66h ; f
seg000:0082E208 db 6Ch ; l
seg000:0082E209 db 61h ; a
seg000:0082E20A db 73h ; s
seg000:0082E20B db 68h ; h
seg000:0082E20C db 69h ; i
seg000:0082E20D db 6Eh ; n
seg000:0082E20E db 67h ; g
seg000:0082E20F db 20h
seg000:0082E210 db 73h ; s
seg000:0082E211 db 75h ; u
seg000:0082E212 db 63h ; c
seg000:0082E213 db 63h ; c
seg000:0082E214 db 65h ; e
seg000:0082E215 db 73h ; s
seg000:0082E216 db 73h ; s
seg000:0082E217 db 66h ; f
seg000:0082E218 db 75h ; u
seg000:0082E219 db 6Ch ; l
seg000:0082E21A db 2Ch ; ,
seg000:0082E21B db 20h
seg000:0082E21C db 79h ; y
seg000:0082E21D db 6Fh ; o
seg000:0082E21E db 75h ; u
seg000:0082E21F db 20h
seg000:0082E220 db 63h ; c
seg000:0082E221 db 61h ; a
seg000:0082E222 db 6Eh ; n
seg000:0082E223 db 20h
seg000:0082E224 db 72h ; r
seg000:0082E225 db 65h ; e
seg000:0082E226 db 62h ; b
seg000:0082E227 db 6Fh ; o
seg000:0082E228 db 6Fh ; o
seg000:0082E229 db 74h ; t
seg000:0082E22A db 0Ah
seg000:0082E22B db 0Dh
seg000:0082E22C db 0
seg000:0082E22D db 0
seg000:0082E22E db 0
seg000:0082E22F db 0
seg000:0082E22F seg000 ends
seg000:0082E22F
seg000:0082E22F
seg000:0082E22F end