Articles

How to change GM MDI interface SN

by Alex Carter Mechanic Assistant

Figured it out. To get shell on the GM MDI clone interface and change the serial numbersee the instructions:

Mount the sdcard parition 1 under linux, and rename telnetd.sh-disabled to telnet.sh in /bin. While there I also edited the init script and added this near the start to make the prompt nicer:

Quote:export PS1='[\u@mdi \W]\$ ‘

Access u-boot (38400 baud, see previous post), and at the prompt type:

Quote:askenv setbootargsprimary

 

Please enter ‘setbootargsprimary’:run normalargs addinit addconsole addeth addprimary;setenv bootargs ${bootargs} mtdparts=flash0:256k(boot),128k(bootvars),1536k(linux1),6144k(initrd1),1536k(lin​ux2),6144k(initrd2),128k(linuxvars1),128k(linuxvars2),32k@16320k(serialnum),32k(​macaddress),128k@16256k(id);

 

Boot

The MDI will boot and start a telnet server on its IP and have a new flash partition configured as /dev/mtd10 called ‘id’. This will align with the erase block so can be updated. Check in /var/log/messages for the presence of ‘id’ without it being forced readonly.

Telnet in and rip a copy of mtd10 with dd, and send it to an ftp server you have setup on your lan.

Quote: [root@mdi ~]# cd /tmp

[root@mdi tmp]# dd if=/dev/mtd10 of=mtd10.img

256+0 records in

256+0 records out

[root@mdi tmp]# ls -l mtd10.img

-rw-r–r– 1 root root 131072 Jan 1 00:07 mtd10.img

[root@mdi tmp]# ftpput -u <user> -p <pass> <ip> mtd10.img mtd10.img

Now load up mtd10.img on your pc in HxD or Hexworkshop. The serial is at 0x10000 with a crc32 checksum of 0x10000->0x17FFB at 17FFC (LSB).

MAC is at 18000 with a crc32 checksum 0x18000->0x1FFFB at 1FFFC.

Update both (just change the last couple of numbers), and use the calculate checksum feature of the hexeditor to calculate crc32 the sums of of the ranges and save the new sums in the bin (remember to enter them in LSB format).

Now pull the files back to the mdi, and update flash:

Quote:[root@mdi ~]# cd /tmp

[root@mdi tmp]# ftpget -u <user> -p <pass> <ip> mtd10-new.img mtd10-new.img

[root@mdi tmp]# cd /usr/local/mtd/

[root@mdi mtd]# ./flash_unlock /dev/mtd10

[root@mdi mtd]# ./flash_erase /dev/mtd10

Erase Total 1 Units

Performing Flash Erase of length 131072 at offset 0x0 done

[root@mdi mtd]# ./flashcp /tmp/mtd10-new.img /dev/mtd10

[root@mdi mtd]# dd if=/dev/mtd10 of=/tmp/mtd10-readback.img

256+0 records in

256+0 records out

[root@mdi mtd]# md5sum /tmp/mtd10-new.img /tmp/mtd10-readback.img

1a1f4fb7db878218c558b45c0db50c9f /tmp/mtd10-new.img

1a1f4fb7db878218c558b45c0db50c9f /tmp/mtd10-readback.img

Now reboot the GM MDI multiple interface, and hold down the power button so it goes in to recovery mode. Use MDI manager to recover the device. Once completed it’ll have the new serial and mac.

I expect that the cloners will find this thread and soon they wont all have the same serial anymore. But if you already have one then you can do this yourself, so long as your careful and make sure everything is going to plan and makes sense to you as you go.

 

 

BIG THANKS to gmtools from the MH forum

src: https://mhhauto.com…GM-MDI-serial-number

http://gmmdiwifi.blogspot.com/


Sponsor Ads


About Alex Carter Advanced   Mechanic Assistant

45 connections, 0 recommendations, 438 honor points.
Joined APSense since, July 23rd, 2015, From Carlifornia, United States.

Created on Jan 14th 2018 20:58. Viewed 350 times.

Comments

No comment, be the first to comment.
Please sign in before you comment.