Search results

upf == "update and format". "update" in uboot means tftp digicap.dav loading so you have to have it. In that way it is not destructive.

upf does not delete anything important. It is just a "restore factory defaults". It is also very easy way to reset password because it will erase config partitions (sqlite db's). G0 model you have to hook one call and thats it. Inside hook you return what is needed to make davinci happy. And...

Camera need just normal power. Do not use vcc of uart, need of power is more than you can have from usb uart adapter (max 500mA).

Done!

I'm sorry if I hijacked this thread..still g0 re working Is there any supportType opt inside bootparams? g0 davinci is checking this inside get_software_capability, 1 is ch, 2 is en. Have someone seen some xml file inside g0 cam-> device_capa_xml ? Maybe info is laying somewhere in a bitspace...

Please give md cmd in original hik's u-boot.

hmm... ethernet not ok... What is shown if you type (orig u-boot): md 0x8094c1b8 100 Could you inform what you get when you type in psh dmesg (if you have serial cable connected)

Well, rule is: sw can not protect sw. So no need to desolder anything. Just plain sw inject and hooking stuff.

std u-boot

This version is new to me. For version: U-Boot 2010.06-209953 (Jul 29 2016 - 10:09:34) I can give help how to skip some fw checks when updating. But to this version I need to peek it so I need copy of mtd0. Cold you try this plain std u-boot, just put it to to tftp server and type go. (with...

Please inform u-boot version, there may be a way...

My bad! It's cn g0 digicap I'm using. Yes, it's checksum-16, just sum of all bytevalues starting from 0x09 - 0xff. Nothing special or new, you can have again hacked english g0 from China. QuoteManagers, those promiseware sellers and most do not know reality...

After fixing checksum: prtHardInfo Start at 1970-04-17 20:29:07 Serial NO :DS-2CD3345F-I20161204AACH686158XXX V5.4.20 build 160726 NetProcess Version: 1.7.1.204140 [16:40:42-Jul 11 2016] Db Encrypt Version: 65537 Db Major Version: 1176 Db svn info: Path...

Much obliged !

Some info about how motor runs: kernel calls early startup "open_card" function -> loads data from chip 9600 baud even parity using std gpio pins using half duplex mode. It's time critical and bad hw design, maybe crypto chip was added later in a panic mode ;-) (There are still free uart ports...

Some data from chip: g_chip_type at (null) : 00000001 g_WDSn at c0616770 : 1839009d ====dump DecryptData 0xC061682C==== c061682c: 10 79 69 6e 67 f3 51 2c 01 08 00 00 00 60 0b 00 .ying.Q,.....`.. c061683c: 82 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ ====dump DecryptData...

There is one big problem made by hik, for purpose, hisilicon hi3516D soc's BOOTROM boot pin is disabled by hik omitting 1k-4k7 pullup resistor. There is a place for resistor but omitting it makes impossible to recover if nand and bld partition is broken. Maybe this is a new way to care about...

sec.bin is u-boot standalone/bare metal app for a limited hik's G0 cameras like 2cd3345fi 2cd2635f and having u-boot version: "U-Boot 2010.06-209953 (Jul 29 2016 - 10:09:34)" Put sec.bin to tftp dir for dl and use hidden go. cmd (yes, go with dot) App is dloaded and started to/from 0x82000000...

fyi retdec decompiled. -jafo