KR-1 Hacking "How to"

Indio192 · EVDO Fledgling Joined: 03 Jun 2006 Posts: 24

A KR-1 Hacking “How to”

First and foremost is a huge thanks to TZ1 for developing the software and techniques for accessing the KR-1 firmware. I'm just piggybacking on his nice work.

My interest in hacking the KR-1 revolves around an attempt to improve the connection stability of the KR-1. While I don't seem to have much problem with my current Verizon USB720, I did have problems with a previous card and others have reported significant issues with random disconnects. So, with nothing better to do with my retirement time between traveling, fishing, golfing, photography, etc., I decided to rummage around inside the KR-1 firmware and try to identify what might be causing all these random disconnects. Hopefully, what I write here will inspire others to try their hand at investigating the internals of the KR-1.

I'm using Kubuntu on a PC.

Step 1: Go to TZ1's website:

http://homepage.mac.com/tz1

and then go to the "KR1 GPS BIX Utils" directory and download all the stuff including the tools-source subdirectory.

TZ1 provides a “SETUP-HOWTO.htm” file that gives instructions on what to do next. HOWEVER, these instructions are designed primarily for making gps related modifications to the KR-1 firmware. These modifications are extensive and include compiling code to produce additional executable routines to be added to the existing firmware. Compiling code for the KR-1 requires adding the MIPS Toolchain. TZ1 gives instrucitions on how to do this. While the the steps to add the MIPS Toolchain are simple, they do add a lot of stuff to your linux system. If you are not going to be compiling code and producing new routines for the KR-1, you do not have to add the MIPS Toolchain to your existing linux system.

DO NOT RUN THE “firstdothis.sh” SCRIPT UNLESS YOU ARE GOING TO BE DOING GPS STUFF!!!!! If you are going to be doing gps stuff, then following TZ1's instructions in “SETUP-HOWTO.htm”

The following instructions assume you are NOT going to be working with gps.

Step 2: Create the tools needed to manipulate the firmware files.

Issue this command:

make -C tools-source

This will create the following executables: genhead, genromfs, pad, romfsck, and splitter. These are used in the unbix.sh and rebix.sh scripts.

You can delete the following files: dev.tgz, firstdothis.sh, kml2kmz.c, Makefile, minigpsd.c, puturl.c, romdir.tgz. These are only applicable to gps work.

Step 3: Download a KR-1 firmware file (e.g., rk1010.bix) from the Kyrocera website.

Step 4: Unbix the firmware file into its respective pieces.

Issue this command (assuming you are using the rk1010.bix firmware file).

./unbix.sh rk1010.bix

This script invokes two of the tools, splitter and romfsck, and produces several files and a directory that contains the the unpacked linux file system of the KR1.

Specifically, the following files and directory are created:

header – a file containing the first 24 bytes of the .bix file – not used again
tailer – a file containing the last 24 bytes of the .bix file – not used again
kernel – a large binary file containing the KR1 linux kernel – used by rebix script
postfix – some other binary file that is part of the KR1 firmware – used by rebix script
rom0 – a compressed form of the linux file system – used by rebix script
run.bin – a temporary file created from rom0 – not used again
run.bin.gz – a gnuzip version of run.bin – not used again
romdir – a directory containing the KR1 file system – used by rebix script.

You can delete header, tailer, run.bin, and run.bin.gz. They will be recreated when you rebix the filesystem.

Step 5: Make your changes to the file system in romdir.

For example, you can change the /etc/rc startup file to allow telnet access to the KR1 (TZ1 shows how to do this in his rc file) by adding the line “/bin/telnetd &”.

I've been patching one of the routines in /bin to add or correct errors (or, at least, what I perceive to be errors) with the pppd options used for the evdo connection.

Step 6: Create a new bix file.

Simply issue the command

./rebix.sh

with no arguments. It assumes that files kernel, postfix, rom0, and the directory romdir are available. The new bix file will be “new.bix”. You can upload this file to the KR1.

WARNING. Be sure you know how to unbrick your KR1. I've bricked mine several times with bogus bix files. And there is always the possibility that you could get your KR1 into a state that it cannot be recovered. Don't say you haven't been warned.

Any comments from TZ1 or anyone else familiar with this subject are encouraged.

Jim McNeece