Registered a URL and setup a forum as the IPCam stuff really needed its own site vs my irregular blog posts about IPCam hacking at

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - GenePoole

Pages: [1]
Well, to follow up on my own post, I went ahead and gave it a try.  I copied off all of the mtd partitions from the jovision camera to NFS share via dd.

Apparently there's something different about the ethernet interface on these two cameras.  Once all the firmware was copied over using tftp from uboot, I rebooted and found that I no longer had network connectivity.  This triggered some sort of boot loop and I had to regain control at the uboot prompt via serial interface.  There was no network connectivity from uboot either.  I thought I was hosed, but I noticed on the uboot menu: "loady   - load binary file over serial line (ymodem mode)" I gave it a shot and managed to reload all my original firmware back to the cheap ebay camera and it seems no worse for the wear.

Next up, I'll try and use the linux kernel from the ebay camera (since it likely has the ethernet driver) in a custom partition and see where that takes me.  I suppose I could use the original uboot as well since it seems to be compiled to use the ethernet.

I have a few cheap HI3518 based cameras I've collected over the past few months.  Of these, one was purchased from microcenter and has a Jovision firmware derivative.  It has some features I like such as http based frame capture to JPG.  Another is a cheap Chinese ebay purchase, but has nearly identical hardware.  I'm able to get into the uboot menu of both and have managed to hack up some romfs images (with my own passwords, i.e.), but I'm wondering if I can flash one firmware onto another camera.

Both cameras have different size MTD partitions, but this is all just one hunk of MTD flash right?  The kernel command line tells it where to mark partition boundaries, right?  If I were to reset the uboot environment on one to match the other, then flash the partitions accordingly, would this work?  I'm still a bit afraid to try this just yet, but I guess at worst, I'm out a $16 ebay camera.

Hacking & Modding / Re: adding digital IO to a cheap yosee ipcam
« on: December 04, 2016, 04:13:13 pm »
My guess is that those are for the UART port.  The middle two are probably TX and RX.

Help / Re: Anran HD PTZ Camera bricked
« on: December 04, 2016, 12:49:35 pm »
I've only messed with three different brands.  They were all 115200 N81.  I also found that one one (with un-labled pads) that when I had some pins wrong, I would get garbage on the terminal.  The way I figure it out is to put the GND pin to a known ground on the board (like where a screw goes through and there's a bare spot on the ground plane.  Then just look for the TX line by trying them all between power cycles until you see legible characters.  Once you have TX, finding RX is pretty easy.  You may want to test the pads with a voltmeter first just to be sure it is a serial connection.  It could be for something else and have enough voltage to fry your serial TTL chip.

Help / Re: Anran HD PTZ Camera bricked
« on: December 02, 2016, 10:35:28 pm »
It looks like the serial port is trying to send something, but maybe the baud rate is off.  Are you sure you have the correct parameters?  Also, make sure there is no flow control.

Sorry if I'm being presumptive about your knowledge level on these things.

Pages: [1]