News:

Re-organized the forum to more cleanly delineate the development section, as the end user support side appears to have taken a life of its own!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - admin

Pages: [1] 2 3 ... 27
1

have had a quick look, but github loads terribly slowly in china., if you're referring to j3.jpg 左右 that means left right

gm8126 for bt mining? hah, woefully underpowered

2
Site Announcements / Forum update
« on: April 04, 2018, 07:40:37 pm »
Possibly seeing some failed hack attempts, as the settings file was getting erased blocking the site for a day or two.
Updated forum software to latest version, and will monitor for further issues.

3
uCLinux / Re: Fix KRACK ATTACK in ARM Linux
« on: November 23, 2017, 11:29:43 pm »
wpa_supplicant version 2.4 and above is affected, so replace that.

That said I'm not actually sure that the version on the camera is vulnerable, it might actually be too old.

4
Firmware / Re: Recovering Siepem S6211-WR - Ingenic T10 based
« on: August 21, 2017, 08:15:37 pm »
Haven't seen an ingenic SoC in a while.  One of the few MIPS processors left in the market, everything else is ARM...
Have done a bit of work on their older stuff (JZ4755 SoC), good documentation, shame the company got bought out.

Boot shows
[    0.936018] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(31,2)


Make sure you have a valid root file system wherever it needs to be in flash.
Not much clue where it should be from this (although we do have locations for other stuff).


Top of RAM usable for U-Boot at: 84000000
Reserving 402k for U-Boot at: 83f98000
Reserving 32784k for malloc() at: 81f94000
Reserving 32 Bytes for Board Info at: 81f93fe0
Reserving 124 Bytes for Global Data at: 81f93f64
Reserving 128k for boot params() at: 81f73f64


Suggest check in the uBoot to see if you can list partition locations, and work out where a FS ought to be.
You'll then need to make one, and copy over to the uBoot software to flash.

See what uBoot commands you have in order to check first.
Also suggest read up about uBoot.

5
Firmware / Re: Hi3516 Unknown command 'root' - try 'help'
« on: July 28, 2017, 01:42:11 pm »
Suggest read the uBoot docs for what is (possibly) available.

http://www.denx.de/wiki/view/DULG/UBootCmdGroupInfo

a uboot is a preboot that loads the OS
You will need to see if you have an OS on your board to boot into.

I'd try some common commands like
help
ls
flinfo

and try see what partitions you have etc

6
Firmware / Re: U-boot corrupted. Looking for recovery procedure
« on: July 28, 2017, 01:36:53 pm »
Whats the SoC?

Some of the more modern SoC's can do recovery via USB boot.
If not, you'll need an SPI flasher or similar to rewrite the uboot directly onto the flash, eg with a BusPirate or dedicated device.

7
Firmware / Re: VACRON firmware format
« on: July 28, 2017, 01:30:05 pm »
I wish I could afford IDA, that was actually moderately useful.

You can't assume/guarantee that the update /upgrade mechanism will be the same for each camera though.

Looks like it loads the file via web interface into ram, writes to /tmp then does some compares to see if valid.
I'd check the .bin file you first gave to see if it passes their compare process.



8
Firmware / Re: VACRON firmware format
« on: July 28, 2017, 01:16:26 am »
I downloaded the rar file, unpacked and took a cursory look at the bin file.

Looks like its possibly encrypted or compressed post header, as I don't see many FF's or 00 strings in the file after the initial header.
strings also doesn't show any readable text, which ties in with it being compressed or encrypted.

A scan with binwalk ( http://binwalk.googlecode.com ) to see if it finds any recognizable FS or compression in there shows nothing.

I'm guessing its probably encrypted with some custom method.

You'd need more firmware files to look at in order to proceed.

9
Hacking & Modding / Re: In over my head/dumb questions
« on: July 27, 2017, 06:24:45 am »
Post 5 messages, and the restriction is lifted,  its a spammer block, unfortunately if you don't make it difficult then the boards get inundated with spam.

I have removed some of the non relevant questions (the ones related to the older forum template).


10
Site Announcements / Forum, software updates
« on: July 14, 2017, 03:20:24 am »
Updated forum software to 2.0.14, changed default template to the traditional default, as I need to work on the old template to make it compatible.

Added some boards for the XiaoMi camera range, as I have some, and will probably fiddle with them!


11
Xiaoyi Camera (小蚁) / Region lock fix
« on: July 14, 2017, 03:08:48 am »
From my page here - http://www.computersolutions.cn/blog/2016/09/xiaomi-camera-bs-region-locking-fix/

Essentially -

Enable telnet.
Login.
Kill the watchdog, and kill the camera app.
rename the api call to check the country.

-----
Create a folder named test on an SD card.
Create a plain text file called equip_test.sh in that folder, and add the following bash script:

Code: [Select]
#!/bin/sh
# Telnet
if [ ! -f "/etc/init.d/S88telnet" ]; then
echo "#!/bin/sh" > /etc/init.d/S88telnet
echo "telnetd &" >> /etc/init.d/S88telnet
chmod 755 /etc/init.d/S88telnet
fi
dr=`dirname $0`
# fix bootcycle
mv $dr/equip_test.sh $dr/equip_test.sh.moved
reboot

The script will enable telnet on the camera, and then rename the script so it doesn’t run again on the next boot.

Stick the prepared card into the camera, power on, and it should reboot (twice).
If you check the open ports on the camera ip you should now see port 23 (telnet) is open.

Login with the default user/pass (as below) via telnet

User: root
Password: 1234qwer

Once telnet’d in, enter the following, line by line –

Find and kill the watchdog process

killall watch_process

Find and kill /home/cloud process so we can edit it without the watchdog watch_process restarting it

killall cloud

Change the check within /home/cloud executable to query a fake domain so it never returns a failure, then reboot.


Code: [Select]
sed -i 's|api.xiaoyi.com/v4/ipc/check_did|api.xiaoyi.foo/v4/ipc/check_did|g' /home/cloud
reboot

13
Hacking & Modding / Re: In over my head/dumb questions
« on: July 14, 2017, 02:13:09 am »
Really depends on the board you have, and what gpio's are available to use, and how much flash / ram (for user space software etc).

Do you have the Hi3518e SoC SDK?

You'll need the SDK to get started, and compile a rom with kernel, userfs etc
Maybe the supplier will give you a ready to use kernel/rom/userfs that you can start from.

You'll need to have a  uBoot on the board.  Hopefully will have one already, otherwise you'll also need an SPI flash programmer to program the uBoot.
You'll need to be able to setup a crosscompiler environment (suggest use Docker or similar virtualized system to setup, then you can migrate easily).
You'll need to unpack the SDK, then be able to compile kernel.
You'll need to learn how to setup rom in flash.

Suggest read the uCLinux posts from 2011 where I talk about similar things.  Its relevant, although not 100% relevant to your particular board.


Also suggest reading other peoples posts, e.g. https://felipe.astroza.cl/hacking-hi3518-based-ip-camera/

Good luck.

Might want to think about using something like an ESP8266 for your gimbal to control sensors, as that has wifi, and they're dirt cheap.

14
Firmware / Re: Hi3516 Unknown command 'root' - try 'help'
« on: June 24, 2017, 05:00:51 am »
Not an error,  you're in the bootloader - u-boot.
You need to boot past that into the OS.



15
Hacking & Modding / Re: H3518 / UART TxRx
« on: May 31, 2017, 01:04:49 am »
HI3518

Look at the data sheet, and see what the RX / TX pins are, then follow those around the board to see if they end up anywhere accessible.

T19 / T18 according to the data sheet
http://www.datasheetspdf.com/PDF/Hi3518/853432/64

Also look at this -

https://felipe.astroza.cl/hacking-hi3518-based-ip-camera/

Pages: [1] 2 3 ... 27