News:

Registered a URL and setup a forum as the IPCam stuff really needed its own site vs my irregular blog posts about IPCam hacking at http://www.computersolutions.cn/blog

Author Topic: Bricked hi3516c - tried everything  (Read 521 times)

  • No avatar
  • *
August 11, 2018, 04:18:27 am
I bought a hi3516cv300 ip camera from aliexpress, this one:
https://www.aliexpress.com/item/Intelligent-Analysis-H-265-H-264-IPC-3-0MP-1-2-8-Sony-IMX291-Hi3516C-V300/32850733000.html

Plan was to modify it for astronomy use and it was going well until I bricked it  :-[

I first tried to save a copy of the existing firmware using one of those black edition CH341a programmers (again from aliexpress) but I could not get this to work. I tried the CH341a Programmer tool, it would connect to the black edition but would not read the chip (it just returned 16MB of FF ). I tried AsProgrammer and it has similar issues. I also tried flashrom and it wouldn't even connect to the black edition. I carried out the 3.3v mod on the black edition but this didn't work either. So i gave up with this tool.

I next soldered pins to the TX, RX & GND on the camera and was able to get a serial connection running and get into u-boot (the camera did not present a console when boot was complete).

Once in u-boot, I made a copy of the firmware and copied it out with tftp. I did a number of tests to verify the copy worked e.g. using binwalk and also copying the romfs partition and mounting it on my linux machine (all worked ok).

So next was to flash the kernel and rootfs from the SDK, this seemed to go OK, i could still get into u-boot. I changed the boot arguments and was able to load the kernel, but this would crash out at loading the rootfs and I got a kernel panic message. I then decided to go all the way and also load the u-boot image from the sdk as well. This also worked and I got into the sdk u-boot and could load the kernel. This time I got a root access and a terminal connection but rootfs still wasn't loading.

So it was at this point where the brick happened. I had rebooted the device and loaded the kernel and was on the console screen when for some reason I pulled the plug on the camera instead of using the reboot command. The serial screen reset and stayed blank  :-[

I tired unplugging it and leaving it for a while. I checked the power supply. I even tried flashing the firmware backup I made. Nothing seemed to work. The serial connection still just gave a blank screen. There was  some data commming through on power up but that was on about 20 characters of blank text (shown by the cursor moving).

My next move is to desolder the flash chip and see if it can be programmed that way but i'm waiting on some tools arriving.

Is there anything I should try in the meantime to get this camera back up and running?

  • No avatar
  • *
September 25, 2018, 06:41:49 am
We think this is a great channel for providing useful information.