R0 / DS-2CD2x32 BrickfixV2 brick recovery and full upgrade tool - enhanced.
- Thread starter alastairstevenson
- Start date
5.4.5 does not have the backdoor.
5.4.41 is the version that Hikvision announced as having the backdoor fixed.
The web GUI should work OK, and will be easiest.
The 5.4.5 build 170401 seems to post-date the 5.4.41 version, though I don't know why, I haven't looked.
bathuudamdin
n3wb
Thanks Alastairstevenson,
Apparently mine is 5.4.5 170123. I guess I will update it to 5.4.41 then 5.4.5 170401 to see if night image improves.
Apparently mine is 5.4.5 170123. I guess I will update it to 5.4.41 then 5.4.5 170401 to see if night image improves.
bathuudamdin
n3wb
vasycara
Getting the hang of it
- Jun 22, 2015
- 227
- 48
Yes, the links in the Updates tab can be a bit confusing as they don't lead to a download.
The download links are in the History tab :
R0 series DS-2CD2x32x-Ixx IP camera firmware - History
I noticed this with 5.4.5 170401. Save your config (under the Maintenance menu) then do a Restore and Import your settings. Did make a significant difference.
Thank you so much Alastair,
My old bricked 2CD2132F-IWS is now running again with version 5.4.5 170401.
Greetings and thanks from the Netherlands.
My old bricked 2CD2132F-IWS is now running again with version 5.4.5 170401.
Greetings and thanks from the Netherlands.
It would be a complicated way of doing that, there are various easier methods.
What does SADP show for the firmware version of the camera?
Maybe it's backdoor-vulnerable and the configuration file can be extracted.
What does SADP show for the firmware version of the camera?
Maybe it's backdoor-vulnerable and the configuration file can be extracted.
Today I tried this method to fix my camera (DS-2CD2132F-IS), which I kept in the closet due to the backdoor problem and the inability to update with a newer firmware.
Unfortunately, this method brick my camera completely. I followed exactly the steps and after the successful update with brickfixv2EN.dav, after power cycle, the camera is completely brick. When switched on, the IR lights come on and stays in this position forever and camera not visible in the network anymore. Any ideas what went wrong?
This is the last log of the camera :
[2020-06-11 17:30:46] Device[192.0.0.64] test tftpserver
[2020-06-11 17:30:54] Connect client[192.0.0.64] success
[2020-06-11 17:30:54] Start file[D:\HikVIsion_unbrick\brick_fixv2\digicap.dav] transmitting
[2020-06-11 17:31:22] Completed file[D:\HikVIsion_unbrick\brick_fixv2\digicap.dav] transmit
[2020-06-11 17:31:36] Device[192.0.0.64] system update completed!
Unfortunately, this method brick my camera completely. I followed exactly the steps and after the successful update with brickfixv2EN.dav, after power cycle, the camera is completely brick. When switched on, the IR lights come on and stays in this position forever and camera not visible in the network anymore. Any ideas what went wrong?
This is the last log of the camera :
[2020-06-11 17:30:46] Device[192.0.0.64] test tftpserver
[2020-06-11 17:30:54] Connect client[192.0.0.64] success
[2020-06-11 17:30:54] Start file[D:\HikVIsion_unbrick\brick_fixv2\digicap.dav] transmitting
[2020-06-11 17:31:22] Completed file[D:\HikVIsion_unbrick\brick_fixv2\digicap.dav] transmit
[2020-06-11 17:31:36] Device[192.0.0.64] system update completed!
No no there is no visibility in the network, I think that immediately after turning on, camera freeze and nothing more happens.
During the last few 2-3 years I periodically do experiments and tests with the camera and many times I have tested updates with different firmware and I have bricked it many times, but I always easily restore it with TFTP (192.0.0.64). Now, however, something different has happened and not visible in any way on the network.
Maybe when I have more time I will try to do something with a serial cable (If I find information what needs to do..
In fact, I'm not sure before doing this procedure whether the camera was in working condition (5.2.5) or was stay bricked with a newer firmware (> 5.3.0 ..) that I tested. I don't remember the last time how I left camera. I saw that for this procedure the camera must have a working firmware (5.2.5), but I did not see it write about any risks and I decided to test directly. I assumed that if there is any problem I will easily recover again ..
Maybe this is a problem?
During the last few 2-3 years I periodically do experiments and tests with the camera and many times I have tested updates with different firmware and I have bricked it many times, but I always easily restore it with TFTP (192.0.0.64). Now, however, something different has happened and not visible in any way on the network.
Maybe when I have more time I will try to do something with a serial cable (If I find information what needs to do..
In fact, I'm not sure before doing this procedure whether the camera was in working condition (5.2.5) or was stay bricked with a newer firmware (> 5.3.0 ..) that I tested. I don't remember the last time how I left camera. I saw that for this procedure the camera must have a working firmware (5.2.5), but I did not see it write about any risks and I decided to test directly. I assumed that if there is any problem I will easily recover again ..
Maybe this is a problem?
Last edited:
The serial console will provide some good information on what wrong is with the camera.
No - not necessary. Just the tftp updater / recovery image to be working.
What you would need, if you wish to explore the problem :
A serial TTL to USB convertor. Popular is a PL2303TA-based device, often 'For Arduino'.
A 4-pin 1.5mm JST ZH wired connector, usually sold in 10-packs.
Even a well-bricked camera should respond to the BrickfixV2 method, all it needs is the tftp updater to operate, and for the hardware to be working.
Today I did a test with a serial cable and below I show the generated log after last row camera stays with illuminated IR forever and not visible in the network (192.0.0.64)
I also show a video that shows the ping of the address during startup (192.0.0.64 appears for a 1-2 seconds and then is no longer available).
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.06.12 20:19:19 =~=~=~=~=~=~=~=~=~=~=~=
[4l
U-Boot 1.3.4-100728 (Nov 11 2014 - 13:58:34)
ARM Clock: 480MHz
DDR Clock: 336MHz
Hit Ctrl+u to stop autoboot: 2
Hit Ctrl+u to stop autoboot: 1
Hit Ctrl+u to stop autoboot: 0
|BIND err|
Unknown command:null
nand booting ...
load kernel...
load ramdisk...
init started: BusyBox v1.19.3 (2016-05-23 16:23:55 CST)
starting pid 378, tty '': '/etc/init.d/rcS'
Starting udev: [ OK ]
UBI device number 1, total 191 LEBs (24643584 bytes, 23.5 MiB), available 0 LEBs (0 bytes), LEB size 129024 bytes (126.0 KiB)
waiting for /dev/ubi1_0.
pri_iUpgSuccCnt:0x1, sec_iUpgSuccCnt:0x1
UBI device number 3, total 32 LEBs (4128768 bytes, 3.9 MiB), available 0 LEBs (0 bytes), LEB size 129024 bytes (126.0 KiB)
waiting for /dev/ubi3_0.
Check dir /davinci ok! (0)
UBI device number 4, total 32 LEBs (4128768 bytes, 3.9 MiB), available 0 LEBs (0 bytes), LEB size 129024 bytes (126.0 KiB)
waiting for /dev/ubi4_0.
Check dir /config ok! (0)
diagnose_way = 15, repair_way = 1, interval = 30
route: ioctl 0x890c failed: No such process
mount: mounting none on /proc/bus/usb failed: No such file or directory
/dav
map_size = 0x300000
nr_item = 3
addr_offset = 0x0 filename = orccode.bin
addr_offset = 0x200000 filename = orcme.bin
addr_offset = 0x2a0000 filename = default_binary.bin
mmap returns 0x402ca000
loading ./orccode.bin...addr = 0x402ca000, size = 0x1a0a91
loading ./orcme.bin...addr = 0x404ca000, size = 0x3a4fc
loading ./default_binary.bin...addr = 0x4056a000, size = 0x40000
===============================
u_code version = 2016/4/6 3.0
===============================
The system is going down NOW!
Sent SIGTERM to all processes
Sent SIGKILL to all processes
Requesting system reboot
[4l
U-Boot 1.3.4-100728 (Nov 11 2014 - 13:58:34)
ARM Clock: 480MHz
DDR Clock: 336MHz
Hit Ctrl+u to stop autoboot: 2
Hit Ctrl+u to stop autoboot: 1
Hit Ctrl+u to stop autoboot: 0
begin to enter mini system
I can also after startup immediately interrupt the process with ctrl-u and I have access to the following commands, which I do not know how to use properly
U-Boot 1.3.4-100728 (Nov 11 2014 - 13:58:34)
ARM Clock: 480MHz
DDR Clock: 336MHz
Hit Ctrl+u to stop autoboot: 2
Hit Ctrl+u to stop autoboot: 1
HKVS #
HKVS #
HKVS # help
The following commands are supported:
boot help bios diag
mtest dump erase go
exec ping r8 r16
r32 reset saveenv printenv
setenv show usbdl w8
w16 w32 tftpboot bootm
readoob killb crc nandread
nandwrite ups upm format
update upf upa upr
upk updateb ubi bapi
Use 'help' to get help on a specific command
HKVS #
I also show a video that shows the ping of the address during startup (192.0.0.64 appears for a 1-2 seconds and then is no longer available).
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.06.12 20:19:19 =~=~=~=~=~=~=~=~=~=~=~=
[4l
U-Boot 1.3.4-100728 (Nov 11 2014 - 13:58:34)
ARM Clock: 480MHz
DDR Clock: 336MHz
Hit Ctrl+u to stop autoboot: 2
Hit Ctrl+u to stop autoboot: 1
Hit Ctrl+u to stop autoboot: 0
|BIND err|
Unknown command:null
nand booting ...
load kernel...
load ramdisk...
init started: BusyBox v1.19.3 (2016-05-23 16:23:55 CST)
starting pid 378, tty '': '/etc/init.d/rcS'
Starting udev: [ OK ]
UBI device number 1, total 191 LEBs (24643584 bytes, 23.5 MiB), available 0 LEBs (0 bytes), LEB size 129024 bytes (126.0 KiB)
waiting for /dev/ubi1_0.
pri_iUpgSuccCnt:0x1, sec_iUpgSuccCnt:0x1
UBI device number 3, total 32 LEBs (4128768 bytes, 3.9 MiB), available 0 LEBs (0 bytes), LEB size 129024 bytes (126.0 KiB)
waiting for /dev/ubi3_0.
Check dir /davinci ok! (0)
UBI device number 4, total 32 LEBs (4128768 bytes, 3.9 MiB), available 0 LEBs (0 bytes), LEB size 129024 bytes (126.0 KiB)
waiting for /dev/ubi4_0.
Check dir /config ok! (0)
diagnose_way = 15, repair_way = 1, interval = 30
route: ioctl 0x890c failed: No such process
mount: mounting none on /proc/bus/usb failed: No such file or directory
/dav
map_size = 0x300000
nr_item = 3
addr_offset = 0x0 filename = orccode.bin
addr_offset = 0x200000 filename = orcme.bin
addr_offset = 0x2a0000 filename = default_binary.bin
mmap returns 0x402ca000
loading ./orccode.bin...addr = 0x402ca000, size = 0x1a0a91
loading ./orcme.bin...addr = 0x404ca000, size = 0x3a4fc
loading ./default_binary.bin...addr = 0x4056a000, size = 0x40000
===============================
u_code version = 2016/4/6 3.0
===============================
The system is going down NOW!
Sent SIGTERM to all processes
Sent SIGKILL to all processes
Requesting system reboot
[4l
U-Boot 1.3.4-100728 (Nov 11 2014 - 13:58:34)
ARM Clock: 480MHz
DDR Clock: 336MHz
Hit Ctrl+u to stop autoboot: 2
Hit Ctrl+u to stop autoboot: 1
Hit Ctrl+u to stop autoboot: 0
begin to enter mini system
I can also after startup immediately interrupt the process with ctrl-u and I have access to the following commands, which I do not know how to use properly
U-Boot 1.3.4-100728 (Nov 11 2014 - 13:58:34)
ARM Clock: 480MHz
DDR Clock: 336MHz
Hit Ctrl+u to stop autoboot: 2
Hit Ctrl+u to stop autoboot: 1
HKVS #
HKVS #
HKVS # help
The following commands are supported:
boot help bios diag
mtest dump erase go
exec ping r8 r16
r32 reset saveenv printenv
setenv show usbdl w8
w16 w32 tftpboot bootm
readoob killb crc nandread
nandwrite ups upm format
update upf upa upr
upk updateb ubi bapi
Use 'help' to get help on a specific command
HKVS #
Last edited:
It looks to me from your log that the 'min-system' recovery facility is not working.
This is the facility that processes the firmware update from the tftp updater in the bootloader.
And the normal running system has been replaced by the payload-dropping portion of the BrickfixV2 recovery/update firmware, which when it's dropped the payload, immediately boots into it. But in this case, it does not work.
So that does give a 'Catch-22 situation' in that the normal way to recover the firmware requires the min-system recovery system, which appears to be broken.
I think with some work-arounds the camera can be recovered, and updated.
Do you have an NFS share available on your LAN, such as from a NAS?
Does the camera have an SD-card option?
Either of these would provide a way to get files into the camera.
What's required is to get to a root shell prompt, and then to be able to transfer data which can then be applied to the flash.
Unfortunately, I don't think the bootloader in that model has any flash writing commands remaining, Hikvision took them out quite early.
Suggestion, to first try for a root shell :
Interrupt the bootloader and use these commands at the HKVS # prompt -
setenv bootargs console=ttyS0 initrd=0xc0a00000,0x400000 rw root=/dev/ram dbg=9 debug single
saveenv
reset
The device hopefully will boot to a root shell # prompt.
Then use these commands to complete the initialisation -
/bin/mount -t proc proc /proc
/bin/mount -t sysfs sysfs /sys
/bin/mount -t ramfs ramfs /home
/etc/S_udev
Then - to confirm status, use -
cat /proc/mtd
mount
ls -al /dev/m*
If that looks OK, we'd need to mount a device so that files can be transferred in.
But let's see how the above works first.
The camera has a SD slot. There is a command log in the attachment ... I think it looks good:
U-Boot 1.3.4-100728 (Nov 11 2014 - 13:58:34)
ARM Clock: 480MHz
DDR Clock: 336MHz
Hit Ctrl+u to stop autoboot: 1
HKVS # setenv bootargs console=ttyS0 initrd=0xc0a00000,0x400000 rw root=/dev/ram dbg=9 debug single
HKVS # saveenv
Writing env to Nand... done
▒KVS # reset
U-Boot 1.3.4-100728 (Nov 11 2014 - 13:58:34)
ARM Clock: 480MHz
DDR Clock: 336MHz
Hit Ctrl+u to stop autoboot: 0
eth_fbi:st=0x0380a102
|NUL eth|
Unknown command:null
nand booting ...
load kernel...
load ramdisk...
[ 0.000000] Linux version 2.6.38.8 (chenyuanming@Cpl-Frt-BSP) (gcc version 4.6.1 (Sourcery CodeBench Lite 2011.09-70) )
[ 0.000000] #18 PREEMPT Thu Jan 21 17:27:08 CST 2016
[ 0.000000] CPU: ARMv6-compatible processor [4117b365] revision 5 (ARMv6TEJ), cr=00c5387f
[ 0.000000] CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
[ 0.000000] Machine: Coconut
[ 0.000000] Memory policy: ECC disabled, Data cache writeback
[ 0.000000] Ambarella: AHB = 0x60000000[0xf0000000],0x01000000 0
[ 0.000000] Ambarella: APB = 0x70000000[0xf1000000],0x01000000 0
[ 0.000000] Ambarella: PPM = 0xc0000000[0xe0000000],0x00200000 9
[ 0.000000] Ambarella: BSB = 0xc8c00000[0xe8c00000],0x00400000 9
[ 0.000000] Ambarella: DSP = 0xc9000000[0xe9000000],0x07000000 9
[ 0.000000] Ambarella: HAL = 0xc00a0000[0xfee00000],0x0000e708 9
[ 0.000000] On node 0 totalpages: 25344
[ 0.000000] free_area_init_node: node 0, pgdat c0563180, node_mem_map c0589000
[ 0.000000] Normal zone: 198 pages used for memmap
[ 0.000000] Normal zone: 0 pages reserved
[ 0.000000] Normal zone: 25146 pages, LIFO batch:7
[ 0.000000] bootmem_init: high_memory = 0xc8a00000
[ 0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[ 0.000000] pcpu-alloc: [0] 0
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 25146
[ 0.000000] Kernel command line: console=ttyS0 initrd=0xc0a00000,0x400000 rw root=/dev/ram dbg=9 debug single KRN_PRT=pri RMD_PRT=pri reserved=0xc6500000,0x100000,99 video=amb0fb:720x480,720x480,1,0
[ 0.000000] PID hash table entries: 512 (order: -1, 2048 bytes)
[ 0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
[ 0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
[ 0.000000] Memory: 99MB = 99MB total
[ 0.000000] Memory: 90656k/90656k available, 10720k reserved, 0K highmem
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
[ 0.000000] DMA : 0xfe600000 - 0xfee00000 ( 8 MB)
[ 0.000000] vmalloc : 0xc9000000 - 0xe0000000 ( 368 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xc8a00000 ( 138 MB)
[ 0.000000] modules : 0xbf000000 - 0xc0000000 ( 16 MB)
[ 0.000000] .init : 0xc0008000 - 0xc002d000 ( 148 kB)
[ 0.000000] .text : 0xc002d000 - 0xc052f000 (5128 kB)
[ 0.000000] .data : 0xc0530000 - 0xc0563820 ( 207 kB)
[ 0.000000] Preemptable hierarchical RCU implementation.
[ 0.000000] RCU-based detection of stalled CPUs is disabled.
[ 0.000000] Verbose stalled-CPUs detection is disabled.
[ 0.000000] NR_IRQS:224
[ 0.000000] sched_clock: 32 bits at 72MHz, resolution 13ns, wraps every 59652ms
[ 0.000000] sched_clock: wrong multiply/shift: 1864135111>>27 vs calculated 3728270222>>28
[ 0.000000] sched_clock: fix multiply/shift to avoid scheduler hiccups
[ 0.000000] Console: colour dummy device 80x30
[ 0.000000] console [ttyS0] enabled
[ 0.274238] Calibrating delay loop... 527.56 BogoMIPS (lpj=2637824)
[ 0.522862] pid_max: default: 32768 minimum: 301
[ 0.527869] Mount-cache hash table entries: 512
[ 0.533181] CPU: Testing write buffer coherency: ok
[ 0.544610] NET: Registered protocol family 16
[ 0.559560] Ambarella Coconut:
[ 0.562870] chip id: 5100
[ 0.565677] board type: 3
[ 0.568465] board revision: 10
[ 0.571845] chip name: a5m
[ 0.574745] HAL version: 176869
[ 0.578064] reference clock: 24000000
[ 0.581895] system configuration: 0x060004ea
[ 0.586263] boot type: 0x00000002
[ 0.589753] hif type: 0x00000000
[ 0.619013] bio: create slab <bio-0> at 0
[ 0.625687] ambarella-spi ambarella-spi.0: ambarella SPI Controller 0 created
[ 0.643183] ambarella-i2c ambarella-i2c.0: Ambarella Media Processor I2C adapter[i2c-0] probed!
[ 0.653559] ambarella-i2c ambarella-i2c.1: Ambarella Media Processor I2C adapter[i2c-1] probed!
[ 0.663768] i2c i2c-0: Added multiplexed i2c bus 2
[ 0.668588] ambarella-i2cmux ambarella-i2cmux.0: mux on ambarella-i2c adapter
[ 0.678605] Advanced Linux Sound Architecture Driver Version 1.0.23.
[ 0.688689] cfg80211: Calling CRDA to update world regulatory domain
[ 0.696545] Switching to clocksource ambarella-cs-timer
[ 0.710175] Switched to NOHz mode on CPU #0
[ 0.766477] NET: Registered protocol family 2
[ 0.771175] IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.779302] TCP established hash table entries: 4096 (order: 3, 32768 bytes)
[ 0.786723] TCP bind hash table entries: 4096 (order: 2, 16384 bytes)
[ 0.793383] TCP: Hash tables configured (established 4096 bind 4096)
[ 0.799752] TCP reno registered
[ 0.802996] UDP hash table entries: 256 (order: 0, 4096 bytes)
[ 0.808869] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[ 0.815824] NET: Registered protocol family 1
[ 0.820920] RPC: Registered udp transport module.
[ 0.825795] RPC: Registered tcp transport module.
[ 0.830517] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 0.837487] Trying to unpack rootfs image as initramfs...
[ 0.845337] rootfs image is not initramfs (no cpio magic); looks like an initrd
[ 0.885711] Freeing initrd memory: 4096K
[ 0.892551] [ kernel version: svn-174544 ]
[ 0.896818] mmc0 power register success!
[ 0.900762] mmc1 power register success!
[ 0.905061] reboot times :1
[ 0.933543] msgmni has been set to 185
[ 0.946204] alg: No test for stdrng (krng)
[ 0.950441] io scheduler noop registered
[ 0.954659] io scheduler deadline registered
[ 0.959101] io scheduler cfq registered (default)
[ 0.967456] ambarella-fb ambarella-fb.0: probe p[720x480] v[720x576] c[1] b[0] l[736] @ [0xc5980000:0x00068000]!
[ 0.979536] ambarella-uart.0: ttyS0 at MMIO 0x70005000 (irq = 9) is a ambuart
[ 1.025366] brd: module loaded
[ 1.042090] loop: module loaded
[ 1.048581] NAND device: Manufacturer ID: 0xc2, Chip ID: 0xf1 (MXIC NAND 128MiB 3,3V 8-bit)
[ 1.057292] ambarella_nand_config_flash: 0x02e00140, 0x02c00140
[ 1.063748] Bad block table found at page 65472, version 0x01
[ 1.069980] Bad block table found at page 65408, version 0x01
[ 1.076125] nand_read_bbt: Bad block at 0x0000006e0000
[ 1.081280] nand_read_bbt: Bad block at 0x0000007c0000
[ 1.086518] nand_read_bbt: Bad block at 0x0000012e0000
[ 1.091676] nand_read_bbt: Bad block at 0x000002460000
[ 1.096881] nand_read_bbt: Bad block at 0x000002cc0000
[ 1.102040] nand_read_bbt: Bad block at 0x0000055e0000
[ 1.107248] nand_read_bbt: Bad block at 0x000007620000
[ 1.118763] ambarella-nand ambarella-nand: ambarella_nand_probe: Partition infomation found!
[ 1.127326] Creating 18 MTD partitions on "ambnand":
[ 1.132385] 0x000000000000-0x000000020000 : "bst"
[ 1.140882] 0x000000020000-0x000000120000 : "ptb"
[ 1.149280] 0x000000120000-0x000000220000 : "bld"
[ 1.157838] 0x000000220000-0x000000320000 : "hal"
[ 1.166426] 0x000000320000-0x000000420000 : "ano_ptb"
[ 1.175345] 0x000000420000-0x0000004a0000 : "env"
[ 1.184016] 0x0000004a0000-0x000000520000 : "param"
[ 1.192886] 0x000000520000-0x000000620000 : "dpt"
[ 1.201428] 0x000000620000-0x000001020000 : "rcvy"
[ 1.210389] 0x000001020000-0x000001820000 : "krn_pri"
[ 1.219346] 0x000001820000-0x000002020000 : "krn_sec"
[ 1.228357] 0x000002020000-0x000002420000 : "rmd_pri"
[ 1.237382] 0x000002420000-0x000002820000 : "rmd_sec"
[ 1.246487] 0x000002820000-0x000004020000 : "app_pri"
[ 1.255596] 0x000004020000-0x000005820000 : "app_sec"
[ 1.264801] 0x000005820000-0x000005c20000 : "cfg_pri"
[ 1.273980] 0x000005c20000-0x000006020000 : "cfg_sec"
[ 1.283293] 0x000006020000-0x000007020000 : "dbg"
[ 1.298556] PPP generic driver version 2.4.2
[ 1.304358] PPP Deflate Compression module registered
[ 1.309437] PPP BSD Compression module registered
[ 1.508811] Ambarella MII Bus: probed
[ 1.514158] ambarella-eth ambarella-eth.0: MAC Address[c4:2f:90:0c:15:84].
[ 1.521761] console [netcon0] enabled
[ 1.525608] netconsole: network logging started
[ 1.531668] mousedev: PS/2 mouse device common for all mice
[ 1.538401] input: AmbInput as /devices/virtual/input/input0
[ 1.545205] ambarella_gpio_irq_set_wake: irq[75] = girq[11] = 1
[ 1.551152] ambarella-input ambarella-input: AmbInput probed!
[ 1.558004] ambarella-adc ambarella-adc: ADC Host Controller [polling mode] probed!
[ 1.567401] ambarella-rtc ambarella-rtc: rtc core: registered ambarella-rtc as rtc0
[ 1.575764] i2c /dev entries driver
[ 1.584023] ambarella-wdt ambarella-wdt: Ambarella Media Processor Watch Dog Timer[ambarella-wdt].
[ 1.599427] ALSA device list:
[ 1.602653] No soundcards found.
[ 1.606230] Netfilter messages via NETLINK v0.30.
[ 1.611096] nf_conntrack version 0.5.0 (1480 buckets, 5920 max)
[ 1.617885] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 1.623494] TCP cubic registered
[ 1.627115] NET: Registered protocol family 10
[ 1.634106] Mobile IPv6
[ 1.636670] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 1.642427] IPv6 over IPv4 tunneling driver
[ 1.650229] NET: Registered protocol family 17
[ 1.655588] sctp: Hash tables configured (established 4096 bind 8192)
[ 1.662499] sctp: sctp_init_sock(sk: c58d5b20)
[ 1.667056] lib80211: common routines for IEEE802.11 drivers
[ 1.672841] lib80211_crypt: registered algorithm 'NULL'
[ 1.681932] ambarella-rtc ambarella-rtc: setting system clock to 2020-06-12 21:30:34 UTC (1591997434)
[ 1.692133] RAMDISK: gzip image found at block 0
[ 2.561886] VFS: Mounted root (ext2 filesystem) on device 1:0.
[ 2.568035] Freeing init memory: 148K
init started: BusyBox v1.19.3 (2016-05-23 16:23:55 CST)
starting pid 378, tty '': '-/bin/sh'
BusyBox v1.19.3 (2016-05-23 16:23:55 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
#
# /bin/mount -t proc proc /proc
# /bin/mount -t sysfs sysfs /sys
# /bin/mount -t ramfs ramfs /home
#
# /etc/S_udev
Starting udev: [ OK ]
# cat /proc/mtd
dev: size erasesize name
mtd0: 00020000 00020000 "bst"
mtd1: 00100000 00020000 "ptb"
mtd2: 00100000 00020000 "bld"
mtd3: 00100000 00020000 "hal"
mtd4: 00100000 00020000 "ano_ptb"
mtd5: 00080000 00020000 "env"
mtd6: 00080000 00020000 "param"
mtd7: 00100000 00020000 "dpt"
mtd8: 00a00000 00020000 "rcvy"
mtd9: 00800000 00020000 "krn_pri"
mtd10: 00800000 00020000 "krn_sec"
mtd11: 00400000 00020000 "rmd_pri"
mtd12: 00400000 00020000 "rmd_sec"
mtd13: 01800000 00020000 "app_pri"
mtd14: 01800000 00020000 "app_sec"
mtd15: 00400000 00020000 "cfg_pri"
mtd16: 00400000 00020000 "cfg_sec"
mtd17: 01000000 00020000 "dbg"
# mount
rootfs on / type rootfs (rw)
/dev/root on / type ext2 (rw,relatime)
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
ramfs on /home type ramfs (rw,relatime)
udev on /dev type tmpfs (rw,relatime)
devpts on /dev/pts type devpts (rw,relatime,mode=600)
# ls -al /dev/m*
crw-rw---- 1 root root 1, 1 Jun 12 21:31 /dev/mem
crw-rw---- 1 root root 90, 0 Jun 12 21:31 /dev/mtd0
crw-rw---- 1 root root 90, 1 Jun 12 21:31 /dev/mtd0ro
crw-rw---- 1 root root 90, 2 Jun 12 21:31 /dev/mtd1
crw-rw---- 1 root root 90, 20 Jun 12 21:31 /dev/mtd10
crw-rw---- 1 root root 90, 21 Jun 12 21:31 /dev/mtd10ro
crw-rw---- 1 root root 90, 22 Jun 12 21:31 /dev/mtd11
crw-rw---- 1 root root 90, 23 Jun 12 21:31 /dev/mtd11ro
crw-rw---- 1 root root 90, 24 Jun 12 21:31 /dev/mtd12
crw-rw---- 1 root root 90, 25 Jun 12 21:31 /dev/mtd12ro
crw-rw---- 1 root root 90, 26 Jun 12 21:31 /dev/mtd13
crw-rw---- 1 root root 90, 27 Jun 12 21:31 /dev/mtd13ro
crw-rw---- 1 root root 90, 28 Jun 12 21:31 /dev/mtd14
crw-rw---- 1 root root 90, 29 Jun 12 21:31 /dev/mtd14ro
crw-rw---- 1 root root 90, 30 Jun 12 21:31 /dev/mtd15
crw-rw---- 1 root root 90, 31 Jun 12 21:31 /dev/mtd15ro
crw-rw---- 1 root root 90, 32 Jun 12 21:31 /dev/mtd16
crw-rw---- 1 root root 90, 33 Jun 12 21:31 /dev/mtd16ro
crw-rw---- 1 root root 90, 34 Jun 12 21:31 /dev/mtd17
crw-rw---- 1 root root 90, 35 Jun 12 21:31 /dev/mtd17ro
crw-rw---- 1 root root 90, 3 Jun 12 21:31 /dev/mtd1ro
crw-rw---- 1 root root 90, 4 Jun 12 21:31 /dev/mtd2
crw-rw---- 1 root root 90, 5 Jun 12 21:31 /dev/mtd2ro
crw-rw---- 1 root root 90, 6 Jun 12 21:31 /dev/mtd3
crw-rw---- 1 root root 90, 7 Jun 12 21:31 /dev/mtd3ro
crw-rw---- 1 root root 90, 8 Jun 12 21:31 /dev/mtd4
crw-rw---- 1 root root 90, 9 Jun 12 21:31 /dev/mtd4ro
crw-rw---- 1 root root 90, 10 Jun 12 21:31 /dev/mtd5
crw-rw---- 1 root root 90, 11 Jun 12 21:31 /dev/mtd5ro
crw-rw---- 1 root root 90, 12 Jun 12 21:31 /dev/mtd6
crw-rw---- 1 root root 90, 13 Jun 12 21:31 /dev/mtd6ro
crw-rw---- 1 root root 90, 14 Jun 12 21:31 /dev/mtd7
crw-rw---- 1 root root 90, 15 Jun 12 21:31 /dev/mtd7ro
crw-rw---- 1 root root 90, 16 Jun 12 21:31 /dev/mtd8
crw-rw---- 1 root root 90, 17 Jun 12 21:31 /dev/mtd8ro
crw-rw---- 1 root root 90, 18 Jun 12 21:31 /dev/mtd9
crw-rw---- 1 root root 90, 19 Jun 12 21:31 /dev/mtd9ro
brw-rw---- 1 root root 31, 0 Jun 12 21:31 /dev/mtdblock0
brw-rw---- 1 root root 31, 1 Jun 12 21:31 /dev/mtdblock1
brw-rw---- 1 root root 31, 10 Jun 12 21:31 /dev/mtdblock10
brw-rw---- 1 root root 31, 11 Jun 12 21:31 /dev/mtdblock11
brw-rw---- 1 root root 31, 12 Jun 12 21:31 /dev/mtdblock12
brw-rw---- 1 root root 31, 13 Jun 12 21:31 /dev/mtdblock13
brw-rw---- 1 root root 31, 14 Jun 12 21:31 /dev/mtdblock14
brw-rw---- 1 root root 31, 15 Jun 12 21:31 /dev/mtdblock15
brw-rw---- 1 root root 31, 16 Jun 12 21:31 /dev/mtdblock16
brw-rw---- 1 root root 31, 17 Jun 12 21:31 /dev/mtdblock17
brw-rw---- 1 root root 31, 2 Jun 12 21:31 /dev/mtdblock2
brw-rw---- 1 root root 31, 3 Jun 12 21:31 /dev/mtdblock3
brw-rw---- 1 root root 31, 4 Jun 12 21:31 /dev/mtdblock4
brw-rw---- 1 root root 31, 5 Jun 12 21:31 /dev/mtdblock5
brw-rw---- 1 root root 31, 6 Jun 12 21:31 /dev/mtdblock6
brw-rw---- 1 root root 31, 7 Jun 12 21:31 /dev/mtdblock7
brw-rw---- 1 root root 31, 8 Jun 12 21:31 /dev/mtdblock8
brw-rw---- 1 root root 31, 9 Jun 12 21:31 /dev/mtdblock9
U-Boot 1.3.4-100728 (Nov 11 2014 - 13:58:34)
ARM Clock: 480MHz
DDR Clock: 336MHz
Hit Ctrl+u to stop autoboot: 1
HKVS # setenv bootargs console=ttyS0 initrd=0xc0a00000,0x400000 rw root=/dev/ram dbg=9 debug single
HKVS # saveenv
Writing env to Nand... done
▒KVS # reset
U-Boot 1.3.4-100728 (Nov 11 2014 - 13:58:34)
ARM Clock: 480MHz
DDR Clock: 336MHz
Hit Ctrl+u to stop autoboot: 0
eth_fbi:st=0x0380a102
|NUL eth|
Unknown command:null
nand booting ...
load kernel...
load ramdisk...
[ 0.000000] Linux version 2.6.38.8 (chenyuanming@Cpl-Frt-BSP) (gcc version 4.6.1 (Sourcery CodeBench Lite 2011.09-70) )
[ 0.000000] #18 PREEMPT Thu Jan 21 17:27:08 CST 2016
[ 0.000000] CPU: ARMv6-compatible processor [4117b365] revision 5 (ARMv6TEJ), cr=00c5387f
[ 0.000000] CPU: VIPT nonaliasing data cache, VIPT nonaliasing instruction cache
[ 0.000000] Machine: Coconut
[ 0.000000] Memory policy: ECC disabled, Data cache writeback
[ 0.000000] Ambarella: AHB = 0x60000000[0xf0000000],0x01000000 0
[ 0.000000] Ambarella: APB = 0x70000000[0xf1000000],0x01000000 0
[ 0.000000] Ambarella: PPM = 0xc0000000[0xe0000000],0x00200000 9
[ 0.000000] Ambarella: BSB = 0xc8c00000[0xe8c00000],0x00400000 9
[ 0.000000] Ambarella: DSP = 0xc9000000[0xe9000000],0x07000000 9
[ 0.000000] Ambarella: HAL = 0xc00a0000[0xfee00000],0x0000e708 9
[ 0.000000] On node 0 totalpages: 25344
[ 0.000000] free_area_init_node: node 0, pgdat c0563180, node_mem_map c0589000
[ 0.000000] Normal zone: 198 pages used for memmap
[ 0.000000] Normal zone: 0 pages reserved
[ 0.000000] Normal zone: 25146 pages, LIFO batch:7
[ 0.000000] bootmem_init: high_memory = 0xc8a00000
[ 0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[ 0.000000] pcpu-alloc: [0] 0
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 25146
[ 0.000000] Kernel command line: console=ttyS0 initrd=0xc0a00000,0x400000 rw root=/dev/ram dbg=9 debug single KRN_PRT=pri RMD_PRT=pri reserved=0xc6500000,0x100000,99 video=amb0fb:720x480,720x480,1,0
[ 0.000000] PID hash table entries: 512 (order: -1, 2048 bytes)
[ 0.000000] Dentry cache hash table entries: 16384 (order: 4, 65536 bytes)
[ 0.000000] Inode-cache hash table entries: 8192 (order: 3, 32768 bytes)
[ 0.000000] Memory: 99MB = 99MB total
[ 0.000000] Memory: 90656k/90656k available, 10720k reserved, 0K highmem
[ 0.000000] Virtual kernel memory layout:
[ 0.000000] vector : 0xffff0000 - 0xffff1000 ( 4 kB)
[ 0.000000] fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
[ 0.000000] DMA : 0xfe600000 - 0xfee00000 ( 8 MB)
[ 0.000000] vmalloc : 0xc9000000 - 0xe0000000 ( 368 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xc8a00000 ( 138 MB)
[ 0.000000] modules : 0xbf000000 - 0xc0000000 ( 16 MB)
[ 0.000000] .init : 0xc0008000 - 0xc002d000 ( 148 kB)
[ 0.000000] .text : 0xc002d000 - 0xc052f000 (5128 kB)
[ 0.000000] .data : 0xc0530000 - 0xc0563820 ( 207 kB)
[ 0.000000] Preemptable hierarchical RCU implementation.
[ 0.000000] RCU-based detection of stalled CPUs is disabled.
[ 0.000000] Verbose stalled-CPUs detection is disabled.
[ 0.000000] NR_IRQS:224
[ 0.000000] sched_clock: 32 bits at 72MHz, resolution 13ns, wraps every 59652ms
[ 0.000000] sched_clock: wrong multiply/shift: 1864135111>>27 vs calculated 3728270222>>28
[ 0.000000] sched_clock: fix multiply/shift to avoid scheduler hiccups
[ 0.000000] Console: colour dummy device 80x30
[ 0.000000] console [ttyS0] enabled
[ 0.274238] Calibrating delay loop... 527.56 BogoMIPS (lpj=2637824)
[ 0.522862] pid_max: default: 32768 minimum: 301
[ 0.527869] Mount-cache hash table entries: 512
[ 0.533181] CPU: Testing write buffer coherency: ok
[ 0.544610] NET: Registered protocol family 16
[ 0.559560] Ambarella Coconut:
[ 0.562870] chip id: 5100
[ 0.565677] board type: 3
[ 0.568465] board revision: 10
[ 0.571845] chip name: a5m
[ 0.574745] HAL version: 176869
[ 0.578064] reference clock: 24000000
[ 0.581895] system configuration: 0x060004ea
[ 0.586263] boot type: 0x00000002
[ 0.589753] hif type: 0x00000000
[ 0.619013] bio: create slab <bio-0> at 0
[ 0.625687] ambarella-spi ambarella-spi.0: ambarella SPI Controller 0 created
[ 0.643183] ambarella-i2c ambarella-i2c.0: Ambarella Media Processor I2C adapter[i2c-0] probed!
[ 0.653559] ambarella-i2c ambarella-i2c.1: Ambarella Media Processor I2C adapter[i2c-1] probed!
[ 0.663768] i2c i2c-0: Added multiplexed i2c bus 2
[ 0.668588] ambarella-i2cmux ambarella-i2cmux.0: mux on ambarella-i2c adapter
[ 0.678605] Advanced Linux Sound Architecture Driver Version 1.0.23.
[ 0.688689] cfg80211: Calling CRDA to update world regulatory domain
[ 0.696545] Switching to clocksource ambarella-cs-timer
[ 0.710175] Switched to NOHz mode on CPU #0
[ 0.766477] NET: Registered protocol family 2
[ 0.771175] IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 0.779302] TCP established hash table entries: 4096 (order: 3, 32768 bytes)
[ 0.786723] TCP bind hash table entries: 4096 (order: 2, 16384 bytes)
[ 0.793383] TCP: Hash tables configured (established 4096 bind 4096)
[ 0.799752] TCP reno registered
[ 0.802996] UDP hash table entries: 256 (order: 0, 4096 bytes)
[ 0.808869] UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
[ 0.815824] NET: Registered protocol family 1
[ 0.820920] RPC: Registered udp transport module.
[ 0.825795] RPC: Registered tcp transport module.
[ 0.830517] RPC: Registered tcp NFSv4.1 backchannel transport module.
[ 0.837487] Trying to unpack rootfs image as initramfs...
[ 0.845337] rootfs image is not initramfs (no cpio magic); looks like an initrd
[ 0.885711] Freeing initrd memory: 4096K
[ 0.892551] [ kernel version: svn-174544 ]
[ 0.896818] mmc0 power register success!
[ 0.900762] mmc1 power register success!
[ 0.905061] reboot times :1
[ 0.933543] msgmni has been set to 185
[ 0.946204] alg: No test for stdrng (krng)
[ 0.950441] io scheduler noop registered
[ 0.954659] io scheduler deadline registered
[ 0.959101] io scheduler cfq registered (default)
[ 0.967456] ambarella-fb ambarella-fb.0: probe p[720x480] v[720x576] c[1] b[0] l[736] @ [0xc5980000:0x00068000]!
[ 0.979536] ambarella-uart.0: ttyS0 at MMIO 0x70005000 (irq = 9) is a ambuart
[ 1.025366] brd: module loaded
[ 1.042090] loop: module loaded
[ 1.048581] NAND device: Manufacturer ID: 0xc2, Chip ID: 0xf1 (MXIC NAND 128MiB 3,3V 8-bit)
[ 1.057292] ambarella_nand_config_flash: 0x02e00140, 0x02c00140
[ 1.063748] Bad block table found at page 65472, version 0x01
[ 1.069980] Bad block table found at page 65408, version 0x01
[ 1.076125] nand_read_bbt: Bad block at 0x0000006e0000
[ 1.081280] nand_read_bbt: Bad block at 0x0000007c0000
[ 1.086518] nand_read_bbt: Bad block at 0x0000012e0000
[ 1.091676] nand_read_bbt: Bad block at 0x000002460000
[ 1.096881] nand_read_bbt: Bad block at 0x000002cc0000
[ 1.102040] nand_read_bbt: Bad block at 0x0000055e0000
[ 1.107248] nand_read_bbt: Bad block at 0x000007620000
[ 1.118763] ambarella-nand ambarella-nand: ambarella_nand_probe: Partition infomation found!
[ 1.127326] Creating 18 MTD partitions on "ambnand":
[ 1.132385] 0x000000000000-0x000000020000 : "bst"
[ 1.140882] 0x000000020000-0x000000120000 : "ptb"
[ 1.149280] 0x000000120000-0x000000220000 : "bld"
[ 1.157838] 0x000000220000-0x000000320000 : "hal"
[ 1.166426] 0x000000320000-0x000000420000 : "ano_ptb"
[ 1.175345] 0x000000420000-0x0000004a0000 : "env"
[ 1.184016] 0x0000004a0000-0x000000520000 : "param"
[ 1.192886] 0x000000520000-0x000000620000 : "dpt"
[ 1.201428] 0x000000620000-0x000001020000 : "rcvy"
[ 1.210389] 0x000001020000-0x000001820000 : "krn_pri"
[ 1.219346] 0x000001820000-0x000002020000 : "krn_sec"
[ 1.228357] 0x000002020000-0x000002420000 : "rmd_pri"
[ 1.237382] 0x000002420000-0x000002820000 : "rmd_sec"
[ 1.246487] 0x000002820000-0x000004020000 : "app_pri"
[ 1.255596] 0x000004020000-0x000005820000 : "app_sec"
[ 1.264801] 0x000005820000-0x000005c20000 : "cfg_pri"
[ 1.273980] 0x000005c20000-0x000006020000 : "cfg_sec"
[ 1.283293] 0x000006020000-0x000007020000 : "dbg"
[ 1.298556] PPP generic driver version 2.4.2
[ 1.304358] PPP Deflate Compression module registered
[ 1.309437] PPP BSD Compression module registered
[ 1.508811] Ambarella MII Bus: probed
[ 1.514158] ambarella-eth ambarella-eth.0: MAC Address[c4:2f:90:0c:15:84].
[ 1.521761] console [netcon0] enabled
[ 1.525608] netconsole: network logging started
[ 1.531668] mousedev: PS/2 mouse device common for all mice
[ 1.538401] input: AmbInput as /devices/virtual/input/input0
[ 1.545205] ambarella_gpio_irq_set_wake: irq[75] = girq[11] = 1
[ 1.551152] ambarella-input ambarella-input: AmbInput probed!
[ 1.558004] ambarella-adc ambarella-adc: ADC Host Controller [polling mode] probed!
[ 1.567401] ambarella-rtc ambarella-rtc: rtc core: registered ambarella-rtc as rtc0
[ 1.575764] i2c /dev entries driver
[ 1.584023] ambarella-wdt ambarella-wdt: Ambarella Media Processor Watch Dog Timer[ambarella-wdt].
[ 1.599427] ALSA device list:
[ 1.602653] No soundcards found.
[ 1.606230] Netfilter messages via NETLINK v0.30.
[ 1.611096] nf_conntrack version 0.5.0 (1480 buckets, 5920 max)
[ 1.617885] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 1.623494] TCP cubic registered
[ 1.627115] NET: Registered protocol family 10
[ 1.634106] Mobile IPv6
[ 1.636670] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 1.642427] IPv6 over IPv4 tunneling driver
[ 1.650229] NET: Registered protocol family 17
[ 1.655588] sctp: Hash tables configured (established 4096 bind 8192)
[ 1.662499] sctp: sctp_init_sock(sk: c58d5b20)
[ 1.667056] lib80211: common routines for IEEE802.11 drivers
[ 1.672841] lib80211_crypt: registered algorithm 'NULL'
[ 1.681932] ambarella-rtc ambarella-rtc: setting system clock to 2020-06-12 21:30:34 UTC (1591997434)
[ 1.692133] RAMDISK: gzip image found at block 0
[ 2.561886] VFS: Mounted root (ext2 filesystem) on device 1:0.
[ 2.568035] Freeing init memory: 148K
init started: BusyBox v1.19.3 (2016-05-23 16:23:55 CST)
starting pid 378, tty '': '-/bin/sh'
BusyBox v1.19.3 (2016-05-23 16:23:55 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
#
# /bin/mount -t proc proc /proc
# /bin/mount -t sysfs sysfs /sys
# /bin/mount -t ramfs ramfs /home
#
# /etc/S_udev
Starting udev: [ OK ]
# cat /proc/mtd
dev: size erasesize name
mtd0: 00020000 00020000 "bst"
mtd1: 00100000 00020000 "ptb"
mtd2: 00100000 00020000 "bld"
mtd3: 00100000 00020000 "hal"
mtd4: 00100000 00020000 "ano_ptb"
mtd5: 00080000 00020000 "env"
mtd6: 00080000 00020000 "param"
mtd7: 00100000 00020000 "dpt"
mtd8: 00a00000 00020000 "rcvy"
mtd9: 00800000 00020000 "krn_pri"
mtd10: 00800000 00020000 "krn_sec"
mtd11: 00400000 00020000 "rmd_pri"
mtd12: 00400000 00020000 "rmd_sec"
mtd13: 01800000 00020000 "app_pri"
mtd14: 01800000 00020000 "app_sec"
mtd15: 00400000 00020000 "cfg_pri"
mtd16: 00400000 00020000 "cfg_sec"
mtd17: 01000000 00020000 "dbg"
# mount
rootfs on / type rootfs (rw)
/dev/root on / type ext2 (rw,relatime)
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
ramfs on /home type ramfs (rw,relatime)
udev on /dev type tmpfs (rw,relatime)
devpts on /dev/pts type devpts (rw,relatime,mode=600)
# ls -al /dev/m*
crw-rw---- 1 root root 1, 1 Jun 12 21:31 /dev/mem
crw-rw---- 1 root root 90, 0 Jun 12 21:31 /dev/mtd0
crw-rw---- 1 root root 90, 1 Jun 12 21:31 /dev/mtd0ro
crw-rw---- 1 root root 90, 2 Jun 12 21:31 /dev/mtd1
crw-rw---- 1 root root 90, 20 Jun 12 21:31 /dev/mtd10
crw-rw---- 1 root root 90, 21 Jun 12 21:31 /dev/mtd10ro
crw-rw---- 1 root root 90, 22 Jun 12 21:31 /dev/mtd11
crw-rw---- 1 root root 90, 23 Jun 12 21:31 /dev/mtd11ro
crw-rw---- 1 root root 90, 24 Jun 12 21:31 /dev/mtd12
crw-rw---- 1 root root 90, 25 Jun 12 21:31 /dev/mtd12ro
crw-rw---- 1 root root 90, 26 Jun 12 21:31 /dev/mtd13
crw-rw---- 1 root root 90, 27 Jun 12 21:31 /dev/mtd13ro
crw-rw---- 1 root root 90, 28 Jun 12 21:31 /dev/mtd14
crw-rw---- 1 root root 90, 29 Jun 12 21:31 /dev/mtd14ro
crw-rw---- 1 root root 90, 30 Jun 12 21:31 /dev/mtd15
crw-rw---- 1 root root 90, 31 Jun 12 21:31 /dev/mtd15ro
crw-rw---- 1 root root 90, 32 Jun 12 21:31 /dev/mtd16
crw-rw---- 1 root root 90, 33 Jun 12 21:31 /dev/mtd16ro
crw-rw---- 1 root root 90, 34 Jun 12 21:31 /dev/mtd17
crw-rw---- 1 root root 90, 35 Jun 12 21:31 /dev/mtd17ro
crw-rw---- 1 root root 90, 3 Jun 12 21:31 /dev/mtd1ro
crw-rw---- 1 root root 90, 4 Jun 12 21:31 /dev/mtd2
crw-rw---- 1 root root 90, 5 Jun 12 21:31 /dev/mtd2ro
crw-rw---- 1 root root 90, 6 Jun 12 21:31 /dev/mtd3
crw-rw---- 1 root root 90, 7 Jun 12 21:31 /dev/mtd3ro
crw-rw---- 1 root root 90, 8 Jun 12 21:31 /dev/mtd4
crw-rw---- 1 root root 90, 9 Jun 12 21:31 /dev/mtd4ro
crw-rw---- 1 root root 90, 10 Jun 12 21:31 /dev/mtd5
crw-rw---- 1 root root 90, 11 Jun 12 21:31 /dev/mtd5ro
crw-rw---- 1 root root 90, 12 Jun 12 21:31 /dev/mtd6
crw-rw---- 1 root root 90, 13 Jun 12 21:31 /dev/mtd6ro
crw-rw---- 1 root root 90, 14 Jun 12 21:31 /dev/mtd7
crw-rw---- 1 root root 90, 15 Jun 12 21:31 /dev/mtd7ro
crw-rw---- 1 root root 90, 16 Jun 12 21:31 /dev/mtd8
crw-rw---- 1 root root 90, 17 Jun 12 21:31 /dev/mtd8ro
crw-rw---- 1 root root 90, 18 Jun 12 21:31 /dev/mtd9
crw-rw---- 1 root root 90, 19 Jun 12 21:31 /dev/mtd9ro
brw-rw---- 1 root root 31, 0 Jun 12 21:31 /dev/mtdblock0
brw-rw---- 1 root root 31, 1 Jun 12 21:31 /dev/mtdblock1
brw-rw---- 1 root root 31, 10 Jun 12 21:31 /dev/mtdblock10
brw-rw---- 1 root root 31, 11 Jun 12 21:31 /dev/mtdblock11
brw-rw---- 1 root root 31, 12 Jun 12 21:31 /dev/mtdblock12
brw-rw---- 1 root root 31, 13 Jun 12 21:31 /dev/mtdblock13
brw-rw---- 1 root root 31, 14 Jun 12 21:31 /dev/mtdblock14
brw-rw---- 1 root root 31, 15 Jun 12 21:31 /dev/mtdblock15
brw-rw---- 1 root root 31, 16 Jun 12 21:31 /dev/mtdblock16
brw-rw---- 1 root root 31, 17 Jun 12 21:31 /dev/mtdblock17
brw-rw---- 1 root root 31, 2 Jun 12 21:31 /dev/mtdblock2
brw-rw---- 1 root root 31, 3 Jun 12 21:31 /dev/mtdblock3
brw-rw---- 1 root root 31, 4 Jun 12 21:31 /dev/mtdblock4
brw-rw---- 1 root root 31, 5 Jun 12 21:31 /dev/mtdblock5
brw-rw---- 1 root root 31, 6 Jun 12 21:31 /dev/mtdblock6
brw-rw---- 1 root root 31, 7 Jun 12 21:31 /dev/mtdblock7
brw-rw---- 1 root root 31, 8 Jun 12 21:31 /dev/mtdblock8
brw-rw---- 1 root root 31, 9 Jun 12 21:31 /dev/mtdblock9
Last edited:
Yes, that was the desired result, a root shell.
Now we just need to get some files in there.
Do you have a NAS with an nfs share?
Can you put an SD card in the camera?
Now we just need to get some files in there.
Do you have a NAS with an nfs share?
Can you put an SD card in the camera?
First of all, thank you very much for your cooperation
The camera has a SD slot and I have access to it is currently disassembled and everything hangs in the air
I also made 1 NFS shared folder on my QNAP ..
my shared NFS folder should look like this:
nfs 192.168.2.155:/Public
The camera has a SD slot and I have access to it is currently disassembled and everything hangs in the air
I also made 1 NFS shared folder on my QNAP ..
my shared NFS folder should look like this:
nfs 192.168.2.155:/Public
Last edited: