iraven/newpublicsite
1
0
Fork 0
Code Issues Activity

More random changes and additions

Browse Source
This commit is contained in:
iRaven
2025-06-04 01:54:59 -05:00
parent 8895ad2d5d
commit 60b1112d48
23 changed files with 213 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
blog/posts/ibookg4os9hack.html Normal file
View File

@ -0,0 +1,66 @@
<html>
<head>
<link rel="stylesheet" type="text/css" href="../../default.css">
<link rel="stylesheet" type="text/css" href="../../buttons.css">
<title>iR Blog (11/25/21): iBook G4 running Mac OS 9 (Unofficially)</title>
<meta name="title" content="iRaven - Blog Post">
<meta name="description" content="iBook G4 running Mac OS 9 (Unofficially)">
</head>
<body>
<img src=../../siteimg/deioxpk-32.png></img>
<img src=../../siteimg/notepad.png></img>
<h1>iBook G4 running Mac OS 9 (Unofficially)</h1>
<h2>11/25/21</h2>
<hr>
<!--text-->
So, decided to start off this public random blog with this, neat.
Crossing my fingers if this formats correctly too. If it doesn't, fuck shit in a dick. (Spoiler alert, it didn't. :())
<br><br>
I was contacted by a viewer of a video on my channel (about running Mac OS 9 on my iBook), as they wanted to do the same.
<br><br>
Heeeere comes the context though- the video on my channel was published in 2019- <em>The video was recorded in November 2017. Halp.</em>
<br><br>
Obviously having no clue on how to do this off the top of my head, and there being no official guide (as results on different systems are mixed), I had to go through older bookmarks I saved in 2017.
<br><br>
This whole ordeal is trial-error, there isn't any official guides for a reason. My research involved a lot of commands/tinkering on forum posts on respective forums MacOS9Lives!, ThinkClassic, and 68kmla.
<br><br>
With no modifications, inserting an OS9 install CD (Unsupported G4s version is preferred- find it on MacOS9Lives.) into the machine results in it appearing in Startup Manager, however upon booting to no avail - a grey screen. This is the normal behavior as iBooks in this era shipped with some OSX version (and was far into OSX at the time).
<br><br>
This is due to it detecting the computer information - model identifier, processor type, version, etc. and Mac OS 9 was last developed in 2002- when iBook G4s were produced in 2004. It's incompatible on a hardware level- because of how OS9 is, not the actual hardware itself.
<br><br>
(The G4 chip is leaps and bounds capable of running OS9.)
<br><br>
Open Firmware is your friend in this case and is extensively used. The only required thing to get OS9 to detect a valid system to boot on is to 'derp it' and make it identify falsely equipped with an older PPC G4/chip.
<br><br>
Open Open Firmware (lol) with the key combo Alt, Command, O, and F on startup immediately after the <a href="https://www.youtube.com/watch?v=IyvOz0HK9ss">bong.</a>
<br><br>
It should go to a command/terminal interface. My iBook is identified as PowerBook6,5- yours may be different and the following may not apply to you. If you happen to have the same model, <em>eyy 6,5 gang. XD</em>
<br><br>
We're now going to enter nvedit mode- a mode for entering a script of OF commands to be eventually saved in your computer's NVRAM. (If your computer has a dead CMOS battery- replace it, else you're going to have to do the following every. single. time. For the iBooks this doesn't apply.)
<br><br>
Simply type nvedit to enter this mode. Your cursor should jump below the field you just typed on.
Type these commands exactly how they appear on screen:
<br><br>
" /cpus/@0" find-package if drop " /cpus/@0" find-device 80010201 encode-int " cpu-version" property then
<br><br>
" /cpus/@1" find-package if drop " /cpus/@1" find-device 80010201 encode-int " cpu-version" property then
<br><br>
You won't be able to see anything you're typing, have a decent keyboard with you. Or just be careful.
<br><br>
After these commands are entered, press Ctrl + C to exit nvedit mode, then type nvstore to save the above commands in NVRAM.
<br><br>
After that, you need to enable a setting so the script runs on each startup. Type: setenv use-nvramrc? 1
to enable it.
<br><br>
After that, you should be good to go- make sure your computer has a stable power source and then type reset-all to immediately reboot.
<br><br>
Do whatever method you did before to start up to the OS9 CD. Make sure it's the special patched "Unsupported G4s" version from MacOS9Lives- Normal installation discs won't work without other OF commands.
<br><br>
If happy mac goto success. You should be able to install OS9- with a catch.
<br><br>
<em>Suggestion: The image file it installs on there using ASR (Apple Software Repair/Update) may not work when you boot from the HD- in my experience, copying the contents of the CD to the HD is preferred, and then manually sifting through extensions and control panels (in case any rogue ones get in the way).</em>
<br><br>
</body>
</html>

92
blog/posts/messedupdc.html Normal file
View File

@ -0,0 +1,92 @@
<html>
<head>
<link rel="stylesheet" type="text/css" href="../../default.css">
<link rel="stylesheet" type="text/css" href="../../buttons.css">
<title>iR Blog (01/23/23): that moment when you blow up a critical domain controller because you can't read</title>
<meta name="title" content="iRaven - Blog Post">
<meta name="description" content="that moment when you blow up a critial domain controller because you can't read">
</head>
<body>
<img src=../../siteimg/deioxpk-32.png></img>
<img src=../../siteimg/notepad.png></img>
<h1>that moment when you blow up a critical domain controller because you can't read</h1>
<h2>01/23/23</h2>
<hr>
<!--text-->
<p style="background-color: black; opacity:0.9;">
Soooo uh, holy crap i haven't updated this blog in quite a long time. blame life stuffs, depression, and more depression. all the depression! :D<br>
i've just got a new server that i'm fixing to migrate to, replacing my current (as of now) PowerEdge T310.<br>
this requires me to to do a Proxmox migration (not just putting in my existing Proxmox install drive in the new server).<br>
this last weekend (as of right now it's tuesday) i was planning to do this migration, with one thing i had to do left... clone a VM.<br>
<br>
back when i set up my current poweredge's proxmox install in Jan. 2022, before then it used to be a normal Windows Server 2008 R2 machine, running everything on there.<br>
in hindsight, it was kinda dumb, as that install runs a domain controller, however obviously proxmox had many many advantages with many VMs you can run, with many recommendations from friends.<br>
i didn't want to lose that install as it had lots of stuff running that i wanted to keep running (and later migrated to other server VMs, as it's a DC, but was running lots of other services), so the easiest way to set it up in proxmox was to bridge the physical drive of that install to a VM.<br>
it worked, and had no problems doing so, other than the fact it was a weird setup compared to all the other VMs that had virtual disk images on a dedicated VM HDD.<br>
<br>
soooo i decided, let's just move this DC VM to a virtual disk image just like the rest- as i've been meaning to since i set it up with the physical drive.<br>
i decided to use clonezilla, obviously as it's a fairly straightforward (at least if used in the basic mode... hindsight lol) way to clone a disk/partitions to a target disk. i've used it before on other systems and it's worked fairly well.<br>
however in this case, i realize it can't move a bigger disk's (the physical drive) contents to a smaller one (the virtual disk). not too surprised.<br>
<br><img src="../img/czillasdb.png" width="600" title="an image of a clonezilla command prompt, giving warnings such as 'do you want to delete all contents?', asking many times"><br>
i then search some stuff online, coming across a guide on using clonezilla with a specific argument to clone a partition to a smaller one. obviously, i took note of how much space the OS partition had used up, and sized the virtual disk accordingly.<br>
i then do proceed with that.. and while it's prompting me to select the target partition to restore to, i notice it doesn't show an 'sdb' option, which is the virtual disk (compared to the physical drive being /dev/sda.)<br>
i get a bit confused but go with the option it shows to target restore to: /dev/sda2, which is the Windows OS partition (where the source partition i picked was System Reserved, for boot files. i figured i'd do this one first.)<br>
i then realize while it gives me the prompts that that is the OS partition, and don't think twice, tell it to quick format it. this... broke it. a lot.<br>
<img src="../img/0xcferror.png" width="600"><br>
when i reboot and try to boot from the physical drive, i get this error. it's at this moment i knew i fucked up *hard*.<br>
<br>
i immediately mount a Hiren's Boot CD PE iso and start investigating what damage clonezilla (and my dumbassery) did to it.<br>
i notice there is *two* System Reserved partitions, one being the actual one, and the other one being what clonezilla copied to my physical drive's other OS partition.<br>
oddly enough both partitions were the same size (100 MB) while the fucked up one was also 232GB. *wat*<br>
so i then check if the data is still there (obviously), as that's the most important part. thanks to the Hiren PE iso, it has a copy of GetDataBack NTFS, which is the only program i discovered that could help me out with this.<br>
<em>(disclaimer: i also have a full working backup of that install from dec, which in hindsight was used, however just using it with no modifications would completely break my AD as i have a second domain controller (replicating from this one, yay Cadance!))</em><br>
after that program scans the entire disk, i can see the file contents that were "deleted" but are still there thanks to forensics and MFT things. i then copy all of it to the virtual disk's "OS" partition which takes forever.<br>
<br><img src="../img/filecopy.jpg" width="600"><br>
i then kinda figured it was that simple, as after i copied, i checked the boot files to see if they existed, and did the textbook <code>bootrec /fixmbr /fixboot</code> whatever.<br>
<br><img src="../img/0xcferror.png" width="600"><br>
that... wasn't enough to kickstart it. something else was fucky. XC<br>
<br>
i then investigated the BCD (estencially, bootloader) a little bit more, which got messed up in the process of copying to the virtual drive.<br>
unsurprisingly, i saw it contained boot entries for two windows installs, one on the virtual and another on the physical drives. the thing was- the physical drive did not contain a valid OS partition readable by anything (other than forensic tools) anymore. <em>huh.</em><br>
<br>
i then figured out how to rebuild the bcd completely, using <code>bootrec /rebuildbcd</code>, however that didn't work as it didn't recognize my virtual disk's windows install as valid. i then figured out why- GetDataBack only copied file data and attributes, and *no* security permissions.<br>
this is a fucking disaster for windows in the first place as security/ACLs are very important, soooooooo i knew a direct restore from the physical drive's forensics wasn't going to work. to no surprise, no dism commands worked either (in fact, dism gave me errors i couldn't find anything specifically on the web about.<br>
i was stumped, so i slept on it.<br>
<br><img src="../img/dismnoimage.png" width="600"><br>
i then tried to tweak the bootloader a little more, until the infamous command to create all boot files <code>bcdboot c:\windows /s s: /v</code> ran successfully. i don't know exactly what i did, but it suddenly did that, so i rebooted.<br>
<br><img src="../img/wdfldrsyserror.jpg" width="600"><br>
i get this error complaining it can't load WDFLDR.sys, which i've never seen before. interestingly enough, when i search for this file in the virtual disk OS partition, it's clearly there.<br>
i didn't know if it's corrupted or not, but assumed it was (especially with how GDB didn't restore security permissions.)<br>
<br>
i then realize, wait- i can probably restore the known working backup i have of this install, then copy the latest modified files data and attributes via robocopy on another temporary virtual disk with GDB's restored files.<br>
<br><img src="../img/workingbackuprestore.png" width="600"><br>
and so i did that. restoring it from the working backup took forever, but i had a feeling this may or may not work.<br>
<br><img src="../img/pagefilecp.png" width="600"><br>
i then used robocopy to copy all the files i could find that are modified, such as logs, AD database (most most important), DNS, certificate authority, user profiles, etc.<br>
and then rebuilt the bootloader again, this time with <code>bootrec /rebuildbcd</code> actually recognizing the virtual OS partition and applying necessary changes. looking like we're on the right track.<br>
i very anxiously restart out of Hiren to the bootloader. i'm then greeted with this:<br>
<br><img src="../img/srv2008boot.png" width="600"><br>
holy fucking *shit* it's actually doing something. (keep in mind, i turned on verbose boot for a reason, so this is normal to see for now.)<br>
i then see a cursor, then i didn't realize it randomly rebooted. to no surprise, it crashes and goes in a boot loop. i then get a screenshot of the STOP error:<br>
<br><img src="../img/adbsod.png" width="600"><br>
for ADDS that is an incredibly weird error to see. it's like required files don't exist. (hindsight!)<br>
i then remember DSRM (directory services restore mode) is a thing, which i can use as an alternate safe mode without it bringing online NT domain services (for repair/restore use).<br>
so, i go back with a Server 2008 R2 ISO and use cmd to set it like so: <code>bcdedit /store e:\boot\bcd /set {default} safeboot dsrepair</code><br>
what do you know, i see a cursor, expecting it to BSOD... then i see this:<br>
<br><img src="../img/tngsvrdsrmlogon.png" width="600"><br>
<b>o m g</b> it's booted successfully for the first time since a few days ago when i nuked it c: then i continued to see what the issue was with ADDS.<br>
i then log on, and i notice explorer or anything doesn't come up like safe mode usually does. it definitely felt weird, so i checked task manager, with no signs of it. then i checked cmd.<br>
<br><img src="../img/svrbootloader.png" width="600"><br>
why in the <em>fuck</em> are you D:? i thought windows mounted its OS partition as C:??<br>
i then research that and find many ways to fix it, including rebuilding the BCD (yet again), or remounting/reattaching drives, both of which i did to no avail at all.<br>
i also found a <a href="https://learn.microsoft.com/en-us/troubleshoot/windows-server/backup-and-storage/restore-system-boot-drive-letter" target="_blank">registry tweak</a> published by microsoft, showing how to change the system boot drive letter.<br>
so i do this very cautiously knowing it may break things even more or not. i anxiously restart to apply the changes.<br>
whatddya know: i see a normal windows boot screen, followed by a normal windows logon screen.<br>
<b>i did it.</b><br>
i then try logging on with my domain admin account, and it works without any issue.<br>
<br><br>
TECHNOLOGSVR is finally restored and i definitely learned a lot while trying to restore it and failing. definitely making *waaaaaaaaaaaay* more often backups from now on, especially as it's my primary domain controller. c:<br>
(and i also need to upgrade it or replace it at some point because it still runs 2008 R2 halp)<br>
</p>
</body>
</html>