New Dahua cams are not HiSilicon based, watch out!

Speed666

Getting the hang of it
Joined
Sep 19, 2015
Messages
167
Reaction score
91
Just wanted to let you know that new series of cameras that Dahua are selling are not HiSilicon based. They use SigmaStar/Mstar CPU/DPSs with NN (SSC339G).
Just got one of them, firmware is SecureBoot, crippled. Testing the stability. Was able to decipher firmware and get inside but those CPUs doesnt look good.
Hardware i.e.: DH-IPC3841Z-AS has SigmaStar SSC339.
Watch out - there is not UBoot TFT recovery process available - easy to brick !!!!
 

Speed666

Getting the hang of it
Joined
Sep 19, 2015
Messages
167
Reaction score
91
The quality of software is a pin. Bootloader i.e. is a BLOB with crippled Uboot (which is embedded as compressed xz stream inside...) just to boot kernel. There a lot of registers and it looks like a huge "try and merge" old code (sonia and rest) with different platform. Many of things is script-related.
Doesnt look good. Kernel is hacked with reading propertiary mtd_readsect functions to read AES crypted partitions. Just looks like homejob, not real big-company quality.

No TFTP on boot time support so no recovery after wrong firmware being put. As long as paritions are AES encrypted, single bitflip will kill camera without chance to recover it back...
 

kobebeef

Pulling my weight
Joined
Mar 13, 2016
Messages
207
Reaction score
229
Huawei HiSilicon was forced to death by the U.S.
The U.S. asks Taiwan's TSMC not to help Huawei OEM any chips.
So HiSilicon chip has been discontinued.
Dahua had to switch to SigmaStar, a subsidiary of MediaTek, to purchase
U-Boot has not changed.
Dahua can distinguish whether it is a SigmaStar chip from the firmware.
The Molec series is the SigmaStar chip.
But I don’t think there is anything wrong with the SigmaStar chip.
 
Last edited:

Speed666

Getting the hang of it
Joined
Sep 19, 2015
Messages
167
Reaction score
91
Huawei HiSilicon was forced to death by the U.S.
The U.S. asks Taiwan's TSMC not to help Huawei OEM any chips
So HiSilicon chip has been discontinued
Dahua had to switch to SigmaStar, a subsidiary of MediaTek, to purchase
U-Boot has not changed
Dahai can distinguish whether it is a SigmaStar chip from the firmware
The Molec series is the SigmaStar chip
But I don’t think there is anything wrong with the SigmaStar chip
DId you even see software or you just write? Uboot even doesnt have command line, it just boots kernel which is checked accross RSA key.
 

kobebeef

Pulling my weight
Joined
Mar 13, 2016
Messages
207
Reaction score
229
U-boot can use the command line alike HiSilicon.
UBoot can recover.
gw.jpg
 
Last edited:

kobebeef

Pulling my weight
Joined
Mar 13, 2016
Messages
207
Reaction score
229
U-boot is just the boot file of the camera
Just like the BIOS of a computer
This has nothing to do with the performance of the CPU (ARM)
Recovery over TFTP is possible is ok
But there may be software compatibility issues
For example, AMD or INTEL have their own advantages in certain performance
 

Speed666

Getting the hang of it
Joined
Sep 19, 2015
Messages
167
Reaction score
91
kobebeef - do You even know what you're writing? Recovery via TFT is not possible via upgrade_info.txt file because all functionality is removed because of limitation of size in IPL in Uboot payload.
 

kobebeef

Pulling my weight
Joined
Mar 13, 2016
Messages
207
Reaction score
229
limitation of size in IPL in Uboot payload in HiSilicon is also.
A single file has a limit of less than 30Mb.
SSC339G is a low-end processor with only 1TOPs processing power.

ssc.jpg

ssc1.png
 
Last edited:

Arjun

Known around here
Joined
Feb 26, 2017
Messages
9,015
Reaction score
11,032
Location
USA
Well, this is not good news. I'd rather much prefer HiSilicon. How do we check in the firmware? Are existing models affected by this or only new models going forward?
 

Speed666

Getting the hang of it
Joined
Sep 19, 2015
Messages
167
Reaction score
91
More info:
1. TFTP reset procedure is IN KERNEL at Kernel boot - if you flash and something goes wrong with kernel - you have a dead camera.
2. No console, crippled Dahua Bootloader without antyhing more than booting image.
3. All is secured by RSA
4. Software looks a little bad according to earlier models (switch_root, a lot of scripting inside).
5. After digging around - camera died.... without notice. At now no way to reflash it as long as someone has SigmaStar Flash Tool via I2C....
 
Top