I think, I formatted NAND using command "nand test"
Oops!
I can write NAND on programmer but what to write? Have anyone full image for R6 camera?
Hello Viktor,
I don't have a NAND dump taken directly from the flash chip - but attached are copies of the individual flash partitions, and all the files concatenated into one, which should be the equivalent of the full flash dump.
This was taken from a DS-2CD2042WD-I running the 5.4.3 firmware that I bought on eBay, fixed up and re-sold.
If / when you succeed in re-writing the flash, you will need to reset to defaults (reset button on the back) to clear the password and existing settings.
You also should update the firmware as it's an old version vulnerable to the 'Hikvision backdoor'.
Your camera 'bootpara' info - MAC address, serial number etc should still be OK as it is not held in the flash memory.
Be aware that writing a full flash dump to a different camera does not allow for any bad blocks that the donor or the recipient camera may have, that does introduce another variable.
Here was the flash layout and status :
Code:
[ 2.283628] ambarella-nand e0001000.nand: in ecc-[1]bit mode
[ 2.289318] ambarella_nand: Use On Flash BBT
[ 2.293640] NAND device: Manufacturer ID: 0x98, Chip ID: 0xf1 (Toshiba NAND 128MiB 3,3V 8-bit), 128MiB, page size: 2048, OOB size: 64
[ 2.305880] Bad block table found at page 65472, version 0x01
[ 2.311807] Bad block table found at page 65408, version 0x01
[ 2.317740] nand_read_bbt: bad block at 0x000006000000
[ 2.322948] 16 ofpart partitions found on MTD device amba_nand
[ 2.328781] Creating 16 MTD partitions on "amba_nand":
[ 2.333909] 0x000000000000-0x000000020000 : "bst"
[ 2.339405] 0x000000020000-0x000000120000 : "bld"
[ 2.344745] 0x000000120000-0x000000200000 : "ptb"
[ 2.350108] 0x000000200000-0x000000280000 : "env"
[ 2.355429] 0x000000280000-0x000000380000 : "sysflg"
[ 2.361110] 0x000000380000-0x000000400000 : "param"
[ 2.366642] 0x000000400000-0x000000500000 : "dpt"
[ 2.372057] 0x000000500000-0x000000f00000 : "rcvy"
[ 2.377568] 0x000000f00000-0x000001700000 : "krn_pri"
[ 2.383277] 0x000001700000-0x000001f00000 : "krn_sec"
[ 2.389062] 0x000001f00000-0x000004100000 : "app_pri"
[ 2.394820] 0x000004100000-0x000006300000 : "app_sec"
[ 2.400615] 0x000006300000-0x000006900000 : "cfg_pri"
[ 2.406292] 0x000006900000-0x000006f00000 : "cfg_sec"
[ 2.412029] 0x000006f00000-0x000007700000 : "dbg"
[ 2.417430] 0x000007700000-0x000007f00000 : "syslog"