Menu
Logo

Tadpole M1400/FT01: Firmware 


 


 

 



BIOS

On powering up, after a delay whilst things are initialised, the FT01 displays a blue screen with the word 'loading' filling it. This is subsequently replaced by the running on-board firmware.

As well as the usual keys of DEL, F1, F2, F4, F10 I've tried every key on the keyboard and have still failed to interrupt the loading sequence and bring up a BIOS setup screen instead.....HELP!

Unless we can get to the BIOS settings I don't see how we can run any alternative software.

Clear CMOS

Backup battery and CMOS reset I found a posting from somebody who had a Compal FT01 stolen and then recovered a few months later. It came back with a BIOS password set. He eventually fixed this by clearing the CMOS which is backed up by a battery - BATT2. This is can be found just under the casing adjacent to the RAM memory. Unfortunately the battery is soldered to the board which gave him a certain amount of grief. However I did manage to track down some additional information and shorting out J5 should clear the CMOS. With the front edge of the laptop towards you J5 can be found at the right hand end of the RAM bay as shown in the photograph. It is just a couple of PCB traces that can be bridged by a screwdriver blade or other metal object.

Booting

With the standard firmware there are two possible error messages:

boot failure error code 17 - I can't find any mass storage.

boot failure error code 4 - I can find mass storage but I don't recognise the data that is on it.

Standard Firmware

The standard firmware is setup for interaction with Sun servers and so is really of no interest to me unless there is someway we could subvert it to gain control. In my brief look so far it doesn't look like we can as, as far as I can see, the operating system is loaded from elsewhere before it accesses this flash memory.

For those who wish to use it 'as is' I tracked down copies of the user manual and the administrator's manual on the Flextronics website. (Flextronics took over complete support for the range in December 2013).

This is my current guess how the standard setup works.

The core of the operating system is embedded (maybe) in the BIOS flash chip. It is somewhere - the Pulsar hardware was easy to check and I didn't see any added memory elsewhere. I haven't had the FT01 fully apart to see what's on the motherboard. As it's a standard laptop I think it unlikely that there's an extra chip.

When the system boots the default boot device is something like the ROM FLOPPY DRIVE as identified in the Pulsar BIOS. This then loads the core of the operating system. Once loaded it searches any disk drives to find the rest of the operating system - the 'apps' and configuration information.

SATA drive I have proved the 'auto search' aspect by copying the image of the supplied Flash Memory to a Compact Flash card, removing the original flash and connecting the Compact Flash card to the SATA socket via a CF-to-SATA adapter. The standard software ran happily as before.

The Flash memory contains two partitions: One holds the basic apps for the terminal server...

root@pike:/mnt# ls -al sdc1
total 52732
drwxrwxrwx    2 root     root         16384 Jan  1  1970 .
drwxrwxr-x    7 root     staff          140 Aug  4 13:02 ..
-rwxrwxrwx    1 root     root       1992280 Jul 31  2012 0base.tle
-rwxrwxrwx    1 root     root           280 Jul 31  2012 0bootarg.ime
-rwxrwxrwx    1 root     root      10520056 Jul 31  2012 0browser.tle
-rwxrwxrwx    1 root     root       2124376 Jul 31  2012 0client.tle
-rwxrwxrwx    1 root     root       2001688 Jul 31  2012 0drivers.tle
-rwxrwxrwx    1 root     root        980584 Jul 31  2012 0initrd.ime
-rwxrwxrwx    1 root     root          6386 Jul 31  2012 0meteor.bom
-rwxrwxrwx    1 root     root         12952 Jul 31  2012 0misc.tle
-rwxrwxrwx    1 root     root        868456 Jul 31  2012 0network.tle
-rwxrwxrwx    1 root     root       3272856 Jul 31  2012 0opengl.tle
-rwxrwxrwx    1 root     root       2276872 Jul 31  2012 0os.ime
-rwxrwxrwx    1 root     root        463144 Jul 31  2012 0oss.tle
-rwxrwxrwx    1 root     root          1320 Jul 31  2012 0platfrm.tle
-rwxrwxrwx    1 root     root        162952 Jul 31  2012 0sc.tle
-rwxrwxrwx    1 root     root       2263080 Jul 31  2012 0video.tle
-rwxrwxrwx    1 root     root       1992280 Jul 31  2012 1base.tle
-rwxrwxrwx    1 root     root           280 Jul 31  2012 1bootarg.ime
-rwxrwxrwx    1 root     root      10520056 Jul 31  2012 1browser.tle
-rwxrwxrwx    1 root     root       2124376 Jul 31  2012 1client.tle
-rwxrwxrwx    1 root     root       2001688 Jul 31  2012 1drivers.tle
-rwxrwxrwx    1 root     root        980584 Jul 31  2012 1initrd.ime
-rwxrwxrwx    1 root     root          6386 Jul 31  2012 1meteor.bom
-rwxrwxrwx    1 root     root         12952 Jul 31  2012 1misc.tle
-rwxrwxrwx    1 root     root        868456 Jul 31  2012 1network.tle
-rwxrwxrwx    1 root     root       3272856 Jul 31  2012 1opengl.tle
-rwxrwxrwx    1 root     root       2276872 Jul 31  2012 1os.ime
-rwxrwxrwx    1 root     root        463144 Jul 31  2012 1oss.tle
-rwxrwxrwx    1 root     root          1320 Jul 31  2012 1platfrm.tle
-rwxrwxrwx    1 root     root        162952 Jul 31  2012 1sc.tle
-rwxrwxrwx    1 root     root       2263080 Jul 31  2012 1video.tle
-rwxrwxrwx    1 root     root            23 Jul 31  2012 factory.conf
-rwxrwxrwx    1 root     root            80 May  8  2008 features
-rwxrwxrwx    1 root     root           384 May  8  2008 licence

whilst the other appears to hold some security related files.

root@pike:/mnt# ls -l sdc2
total 16384
-rwxrwxrwx    1 root     root       4194304 Aug  3 12:22 0certs.img
-rwxrwxrwx    1 root     root       4194304 Aug  3 12:24 0meteor.cfg
-rwxrwxrwx    1 root     root       4194304 Jul 31  2012 1certs.img
-rwxrwxrwx    1 root     root       4194304 Jul 31  2012 1meteor.cfg

These are actually file systems that can be mounted.

root@pike:/mnt# mount -o loop sdc2/0certs.img img
root@pike:/mnt# ls -l img
total 6
drwxr-xr-x    2 root     root          2048 Feb 27  2009 ca_root
drwxr-xr-x    2 root     root          2048 Jul 31  2012 pending
drwxr-xr-x    2 root     root          2048 Jul 31  2012 pkcs12
root@pike:/mnt#

 


Any comments? email me. Added August 2016