topper_harley
n3wb
Hi
I bought this camera and they mandate the use of an app and the video stream goes to the cloud. That's a no-no to me so I'm trying to see if I can change the firmware to use it locally.
It has a hi3518ev200 SoC with a 16MB flash, SD card reader, USB bus (but no plug, used to get the SD and other local devices).
There was a serial port so I soldered wires to a FTD and I have a UART.
It starts on U-Boot and there is a 0-second delay to stop it, but it asks for a password and continues booting off the flash.
If I put a SD card in the reader, it mounts the 1st partition and attempts to read a file called "cfgupdate". I tried to put commands in it (printenv, echo "foobar", etc) or copy a bootloader (u-boot) or a kernel, nothing works.
When the kernel boots, it DHCP over ethernet and opens sockets on port 23 (telnet) and 8888 (encrypted libp2p stream with the app when it is used in "local mode"). I disassembled the app but it's encrypted with libp2p so there is not much to be done here.
Here is the boot log:
Here is the boot log with a SD card: nothing happens after that (for minutes):
I bought this camera and they mandate the use of an app and the video stream goes to the cloud. That's a no-no to me so I'm trying to see if I can change the firmware to use it locally.
It has a hi3518ev200 SoC with a 16MB flash, SD card reader, USB bus (but no plug, used to get the SD and other local devices).
There was a serial port so I soldered wires to a FTD and I have a UART.
It starts on U-Boot and there is a 0-second delay to stop it, but it asks for a password and continues booting off the flash.
If I put a SD card in the reader, it mounts the 1st partition and attempts to read a file called "cfgupdate". I tried to put commands in it (printenv, echo "foobar", etc) or copy a bootloader (u-boot) or a kernel, nothing works.
When the kernel boots, it DHCP over ethernet and opens sockets on port 23 (telnet) and 8888 (encrypted libp2p stream with the app when it is used in "local mode"). I disassembled the app but it's encrypted with libp2p so there is not much to be done here.
Here is the boot log:
System startup
U-Boot 2010.06 (Aug 21 2018 - 18:31:32)
Check Flash Memory Controller v100 ... Found
SPI Nor(cs 0) ID: 0x1c 0x70 0x18
Block:64KB Chip:16MB Name:"EN25Q128"
SPI Nor total size: 16MB
MMC:
EMMC/MMC/SD controller initialization.
Card did not respond to voltage select!
No EMMC/MMC/SD device found !
In: serial
Out: serial
Err: serial
*No SD card found!
USB: scanning bus for devices... 1 USB Device(s) found
0 Storage Device(s) found
have no userfs
Hit any key to stop autoboot: 0
16384 KiB hi_fmc at 0:0 is now current device
## Booting kernel from Legacy Image at 82000000 ...
Image Name: Linux-3.4.35
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 2011560 Bytes = 1.9 MiB
Load Address: 80008000
Entry Point: 80008000
Loading Kernel Image ... OK
OK
Starting kernel ...
Uncompressing Linux... done, booting the kernel.
Booting Linux on physical CPU 0
Linux version 3.4.35 (root@Ubunut10) (gcc version 4.8.3 20131202 (prerelease) (Hisilicon_v300) ) #8 Wed Jun 5 11:59:50 CST 2019
CPU: ARM926EJ-S [41069265] revision 5 (ARMv5TEJ), cr=00053177
CPU: VIVT data cache, VIVT instruction cache
Machine: hi3518ev200
Memory policy: ECC disabled, Data cache writeback
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 9144
Kernel command line: mem=36M console=ttyAMA0,115200 root=/dev/mtdblock2 rootfstype=squashfs mtdparts=hi_sfc:320K(boot),2M(kernel),3584K(rootfs),-(app)
PID hash table entries: 256 (order: -2, 1024 bytes)
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Memory: 36MB = 36MB total
Memory: 31132k/31132k available, 5732k reserved, 0K highmem
Virtual kernel memory layout:
vector : 0xffff0000 - 0xffff1000 ( 4 kB)
fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
vmalloc : 0xc2800000 - 0xff000000 ( 968 MB)
lowmem : 0xc0000000 - 0xc2400000 ( 36 MB)
modules : 0xbf000000 - 0xc0000000 ( 16 MB)
.text : 0xc0008000 - 0xc04b2000 (4776 kB)
.init : 0xc04b2000 - 0xc04d2dcc ( 132 kB)
.data : 0xc04d4000 - 0xc05021e0 ( 185 kB)
.bss : 0xc0502204 - 0xc05388c8 ( 218 kB)
U-Boot 2010.06 (Aug 21 2018 - 18:31:32)
Check Flash Memory Controller v100 ... Found
SPI Nor(cs 0) ID: 0x1c 0x70 0x18
Block:64KB Chip:16MB Name:"EN25Q128"
SPI Nor total size: 16MB
MMC:
EMMC/MMC/SD controller initialization.
Card did not respond to voltage select!
No EMMC/MMC/SD device found !
In: serial
Out: serial
Err: serial
*No SD card found!
USB: scanning bus for devices... 1 USB Device(s) found
0 Storage Device(s) found
have no userfs
Hit any key to stop autoboot: 0
16384 KiB hi_fmc at 0:0 is now current device
## Booting kernel from Legacy Image at 82000000 ...
Image Name: Linux-3.4.35
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 2011560 Bytes = 1.9 MiB
Load Address: 80008000
Entry Point: 80008000
Loading Kernel Image ... OK
OK
Starting kernel ...
Uncompressing Linux... done, booting the kernel.
Booting Linux on physical CPU 0
Linux version 3.4.35 (root@Ubunut10) (gcc version 4.8.3 20131202 (prerelease) (Hisilicon_v300) ) #8 Wed Jun 5 11:59:50 CST 2019
CPU: ARM926EJ-S [41069265] revision 5 (ARMv5TEJ), cr=00053177
CPU: VIVT data cache, VIVT instruction cache
Machine: hi3518ev200
Memory policy: ECC disabled, Data cache writeback
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 9144
Kernel command line: mem=36M console=ttyAMA0,115200 root=/dev/mtdblock2 rootfstype=squashfs mtdparts=hi_sfc:320K(boot),2M(kernel),3584K(rootfs),-(app)
PID hash table entries: 256 (order: -2, 1024 bytes)
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Memory: 36MB = 36MB total
Memory: 31132k/31132k available, 5732k reserved, 0K highmem
Virtual kernel memory layout:
vector : 0xffff0000 - 0xffff1000 ( 4 kB)
fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
vmalloc : 0xc2800000 - 0xff000000 ( 968 MB)
lowmem : 0xc0000000 - 0xc2400000 ( 36 MB)
modules : 0xbf000000 - 0xc0000000 ( 16 MB)
.text : 0xc0008000 - 0xc04b2000 (4776 kB)
.init : 0xc04b2000 - 0xc04d2dcc ( 132 kB)
.data : 0xc04d4000 - 0xc05021e0 ( 185 kB)
.bss : 0xc0502204 - 0xc05388c8 ( 218 kB)
Here is the boot log with a SD card: nothing happens after that (for minutes):
System startup
U-Boot 2010.06 (Aug 21 2018 - 18:31:32)
Check Flash Memory Controller v100 ... Found
SPI Nor(cs 0) ID: 0x1c 0x70 0x18
Block:64KB Chip:16MB Name:"EN25Q128"
SPI Nor total size: 16MB
MMC:
EMMC/MMC/SD controller initialization.
MMC/SD Card:
MID: 0x3
Read Block: 512 Bytes
Write Block: 512 Bytes
Chip Size: 31166976K Bytes (High Capacity)
Name: "SH32G"
Chip Type: SD
Version: 2.0
Speed: 50000000Hz
Bus Width: 4bit
Boot Addr: 0 Bytes
In: serial
Out: serial
Err: serial
Interface: MMC
Device 0: Vendor: Man 035744 Snr 5595d209 Rev: 8.0 Prod: SH32G
Type: Removable Hard Disk
Capacity: 30436.5 MB = 29.7 GB (62333952 x 512)
Partition 1: Filesystem: FAT16 "NO NAME "
USB: scanning bus for devices... 2 USB Device(s) found
0 Storage Device(s) found
have no userfs
Hit any key to stop autoboot: 0 reading cfgupdate
** Unable to read "cfgupdate" from mmc 0:1 **
run command error !!
16384 KiB hi_fmc at 0:0 is now current device
## Booting kernel from Legacy Image at 82000000 ...
Image Name: Linux-3.4.35
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 2011560 Bytes = 1.9 MiB
Load Address: 80008000
Entry Point: 80008000
Loading Kernel Image ... OK
OK
U-Boot 2010.06 (Aug 21 2018 - 18:31:32)
Check Flash Memory Controller v100 ... Found
SPI Nor(cs 0) ID: 0x1c 0x70 0x18
Block:64KB Chip:16MB Name:"EN25Q128"
SPI Nor total size: 16MB
MMC:
EMMC/MMC/SD controller initialization.
MMC/SD Card:
MID: 0x3
Read Block: 512 Bytes
Write Block: 512 Bytes
Chip Size: 31166976K Bytes (High Capacity)
Name: "SH32G"
Chip Type: SD
Version: 2.0
Speed: 50000000Hz
Bus Width: 4bit
Boot Addr: 0 Bytes
In: serial
Out: serial
Err: serial
Interface: MMC
Device 0: Vendor: Man 035744 Snr 5595d209 Rev: 8.0 Prod: SH32G
Type: Removable Hard Disk
Capacity: 30436.5 MB = 29.7 GB (62333952 x 512)
Partition 1: Filesystem: FAT16 "NO NAME "
USB: scanning bus for devices... 2 USB Device(s) found
0 Storage Device(s) found
have no userfs
Hit any key to stop autoboot: 0 reading cfgupdate
** Unable to read "cfgupdate" from mmc 0:1 **
run command error !!
16384 KiB hi_fmc at 0:0 is now current device
## Booting kernel from Legacy Image at 82000000 ...
Image Name: Linux-3.4.35
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 2011560 Bytes = 1.9 MiB
Load Address: 80008000
Entry Point: 80008000
Loading Kernel Image ... OK
OK