News:

Re-organized the forum to more cleanly delineate the development section, as the end user support side appears to have taken a life of its own!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - admin

Pages: [1] 2 3 ... 27
1
Firmware / Re: Recovering Siepem S6211-WR - Ingenic T10 based
« on: August 21, 2017, 08:15:37 pm »
Haven't seen an ingenic SoC in a while.  One of the few MIPS processors left in the market, everything else is ARM...
Have done a bit of work on their older stuff (JZ4755 SoC), good documentation, shame the company got bought out.

Boot shows
[    0.936018] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(31,2)


Make sure you have a valid root file system wherever it needs to be in flash.
Not much clue where it should be from this (although we do have locations for other stuff).


Top of RAM usable for U-Boot at: 84000000
Reserving 402k for U-Boot at: 83f98000
Reserving 32784k for malloc() at: 81f94000
Reserving 32 Bytes for Board Info at: 81f93fe0
Reserving 124 Bytes for Global Data at: 81f93f64
Reserving 128k for boot params() at: 81f73f64


Suggest check in the uBoot to see if you can list partition locations, and work out where a FS ought to be.
You'll then need to make one, and copy over to the uBoot software to flash.

See what uBoot commands you have in order to check first.
Also suggest read up about uBoot.

2
Firmware / Re: Hi3516 Unknown command 'root' - try 'help'
« on: July 28, 2017, 01:42:11 pm »
Suggest read the uBoot docs for what is (possibly) available.

http://www.denx.de/wiki/view/DULG/UBootCmdGroupInfo

a uboot is a preboot that loads the OS
You will need to see if you have an OS on your board to boot into.

I'd try some common commands like
help
ls
flinfo

and try see what partitions you have etc

3
Firmware / Re: U-boot corrupted. Looking for recovery procedure
« on: July 28, 2017, 01:36:53 pm »
Whats the SoC?

Some of the more modern SoC's can do recovery via USB boot.
If not, you'll need an SPI flasher or similar to rewrite the uboot directly onto the flash, eg with a BusPirate or dedicated device.

4
Firmware / Re: VACRON firmware format
« on: July 28, 2017, 01:30:05 pm »
I wish I could afford IDA, that was actually moderately useful.

You can't assume/guarantee that the update /upgrade mechanism will be the same for each camera though.

Looks like it loads the file via web interface into ram, writes to /tmp then does some compares to see if valid.
I'd check the .bin file you first gave to see if it passes their compare process.



5
Firmware / Re: VACRON firmware format
« on: July 28, 2017, 01:16:26 am »
I downloaded the rar file, unpacked and took a cursory look at the bin file.

Looks like its possibly encrypted or compressed post header, as I don't see many FF's or 00 strings in the file after the initial header.
strings also doesn't show any readable text, which ties in with it being compressed or encrypted.

A scan with binwalk ( http://binwalk.googlecode.com ) to see if it finds any recognizable FS or compression in there shows nothing.

I'm guessing its probably encrypted with some custom method.

You'd need more firmware files to look at in order to proceed.

6
Hacking & Modding / Re: In over my head/dumb questions
« on: July 27, 2017, 06:24:45 am »
Post 5 messages, and the restriction is lifted,  its a spammer block, unfortunately if you don't make it difficult then the boards get inundated with spam.

I have removed some of the non relevant questions (the ones related to the older forum template).


7
Site Announcements / Forum, software updates
« on: July 14, 2017, 03:20:24 am »
Updated forum software to 2.0.14, changed default template to the traditional default, as I need to work on the old template to make it compatible.

Added some boards for the XiaoMi camera range, as I have some, and will probably fiddle with them!


8
Xiaoyi Camera (小蚁) / Region lock fix
« on: July 14, 2017, 03:08:48 am »
From my page here - http://www.computersolutions.cn/blog/2016/09/xiaomi-camera-bs-region-locking-fix/

Essentially -

Enable telnet.
Login.
Kill the watchdog, and kill the camera app.
rename the api call to check the country.

-----
Create a folder named test on an SD card.
Create a plain text file called equip_test.sh in that folder, and add the following bash script:

Code: [Select]
#!/bin/sh
# Telnet
if [ ! -f "/etc/init.d/S88telnet" ]; then
echo "#!/bin/sh" > /etc/init.d/S88telnet
echo "telnetd &" >> /etc/init.d/S88telnet
chmod 755 /etc/init.d/S88telnet
fi
dr=`dirname $0`
# fix bootcycle
mv $dr/equip_test.sh $dr/equip_test.sh.moved
reboot

The script will enable telnet on the camera, and then rename the script so it doesn’t run again on the next boot.

Stick the prepared card into the camera, power on, and it should reboot (twice).
If you check the open ports on the camera ip you should now see port 23 (telnet) is open.

Login with the default user/pass (as below) via telnet

User: root
Password: 1234qwer

Once telnet’d in, enter the following, line by line –

Find and kill the watchdog process

killall watch_process

Find and kill /home/cloud process so we can edit it without the watchdog watch_process restarting it

killall cloud

Change the check within /home/cloud executable to query a fake domain so it never returns a failure, then reboot.


Code: [Select]
sed -i 's|api.xiaoyi.com/v4/ipc/check_did|api.xiaoyi.foo/v4/ipc/check_did|g' /home/cloud
reboot

10
Hacking & Modding / Re: In over my head/dumb questions
« on: July 14, 2017, 02:13:09 am »
Really depends on the board you have, and what gpio's are available to use, and how much flash / ram (for user space software etc).

Do you have the Hi3518e SoC SDK?

You'll need the SDK to get started, and compile a rom with kernel, userfs etc
Maybe the supplier will give you a ready to use kernel/rom/userfs that you can start from.

You'll need to have a  uBoot on the board.  Hopefully will have one already, otherwise you'll also need an SPI flash programmer to program the uBoot.
You'll need to be able to setup a crosscompiler environment (suggest use Docker or similar virtualized system to setup, then you can migrate easily).
You'll need to unpack the SDK, then be able to compile kernel.
You'll need to learn how to setup rom in flash.

Suggest read the uCLinux posts from 2011 where I talk about similar things.  Its relevant, although not 100% relevant to your particular board.


Also suggest reading other peoples posts, e.g. https://felipe.astroza.cl/hacking-hi3518-based-ip-camera/

Good luck.

Might want to think about using something like an ESP8266 for your gimbal to control sensors, as that has wifi, and they're dirt cheap.

11
Firmware / Re: Hi3516 Unknown command 'root' - try 'help'
« on: June 24, 2017, 05:00:51 am »
Not an error,  you're in the bootloader - u-boot.
You need to boot past that into the OS.



12
Hacking & Modding / Re: H3518 / UART TxRx
« on: May 31, 2017, 01:04:49 am »
HI3518

Look at the data sheet, and see what the RX / TX pins are, then follow those around the board to see if they end up anywhere accessible.

T19 / T18 according to the data sheet
http://www.datasheetspdf.com/PDF/Hi3518/853432/64

Also look at this -

https://felipe.astroza.cl/hacking-hi3518-based-ip-camera/

13
Help / Re: How to extract a .OV (extention) firmware file?
« on: April 17, 2017, 11:32:08 pm »
First off, you'll need to see what it is internally.

I'd start off with trying to find more info.
Common tools I would use for this are

head  filename.ov | hexdump -C
file filename.ov
strings filename.ov

OSX, Linux have those built in. Windows 10 now has bash/ Ubuntu if you enable it so will have after a bit of work. 
Otherwise a linux live ISO will be fine too.

For dev work, you really want a Mac or Linux box (I'm biased after using Windows for many years and hating it, hehe)

As an example -

Code: [Select]
head configs.zip | hexdump -C
00000000  50 4b 03 04 0a 00 00 00  00 00 30 0f 91 4a 00 00  |PK........0..J..|
00000010  00 00 00 00 00 00 00 00  00 00 08 00 10 00 63 6f  |..............co|
00000020  6e 66 69 67 73 2f 55 58  0c 00 d6 b0 f3 58 8c b0  |nfigs/UX.....X..|
00000030  f3 58 f5 01 14 00 50 4b  03 04 14 00 08 00 08 00  |.X....PK........|
00000040  56 0f 91 4a 00 00 00 00  00 00 00 00 00 00 00 00  |V..J............|
00000050  11 00 10 00 63 6f 6e 66  69 67 73 2f 2e 44 53 5f  |....configs/.DS_|
00000060  53 74 6f 72 65 55 58 0c  00 d3 b0 f3 58 d3 b0 f3  |StoreUX.....X...|
00000070  58 f5 01 14 00 ed 98 c1  6a c2 40 10 86 ff 89 39  |X.......j.@....9|
00000080  04 0a 65 8f 3d ee 13 48  b5 82 7a 5b 42 7c 82 be  |..e.=..H..z[B|..|
00000090  40 69 3d 0a 1e a4 f7 9c  7c ae 3e 9a 1b e6 b7 0a  |@i=.....|.>.....|
000000a0  31 62 4f 96 f6 ff 60 f8  20 99 99 24 97 dd 9d 00  |1bO...`. ..$....|


You'll see that my file starts with PK, so mine is a zip file (as phil katz invented zip, so zip files use his PK header, more history on that here  - https://en.wikipedia.org/wiki/Phil_Katz).

file will also tell me that though -
 
Code: [Select]
file configs.zip
configs.zip: Zip archive data, at least v1.0 to extract

For your OV file, you'll need to look at the header, and see if its a standard format, or its a custom format.
Its more likely to be a custom format.  Typically those will have a header with where bits are in the file, and filesize, and maybe crc's.
If you're really unlucky, its also sha1 or similar encryption on the file data.

I've written about decoding custom format files before on here, look through some of my posts on that, or on my http://www.computersolutions.cn/blog under firmware ( http://www.computersolutions.cn/blog/?s=firmware )

If you post the output from  head yourovfile.ov | hexdump -C here I can take a cursory look and tell you which its likely to be.


15
Firmware / Re: Is there such a thing as OpenNVR firmware?
« on: April 17, 2017, 10:06:25 pm »
Not really (opennvr firmware)

What you'll need to do is get hold of the SDK for the chipset, so that you can compile a kernel and app's.
Once you have that, then you can start building firmware and flash.

Issues are that not all hardware is identical, so you will have different NAND types, flash sizes, gpio usage etc.
Not insurmountable, but you'll generally want to pick the same hardware to develop, and port to.

The SDK for the HI3615C is here - http://pan.baidu.com/s/1o8TWZ0Y----

Let me know if you have problems downloading, I can put elsewhere.

Generally speaking, you'll want to open up whatever hardware you have.  Add serial headers, and connect up serial for minimal debugging, and for more serious stuff JTAG.  Boot up the hardware, and see what it tells you.  Hopefully you'll be able to see a boot log and bootloader, and communicate with it.

Developing with just serial is viable though if the hardware isn't too locked.
i.e. hopefully the device will have an accessible bootloader, then you can flash kernels and filesystems without too many headaches.

The flash will generally contain a bootloader (don't overwrite this, otherwise you'll need to use an SPI flasher or similar to rewrite).
The bootloader will load a kernel from the flash into ram, then execute it.
The kernel will then mount a filesystem from flash, and run the OS + programs.

A BSP or SDK allows you to build a kernel and programs (BSP = board support package.  SDK = software development kit).

Thats a brief overview.

Pages: [1] 2 3 ... 27