Rooting around in the Longse / Cantonk S2L33M/IMX322 vari-focal camera.

[maks1978]

alastairstevenson, Hello!
I have such question-and whether it is possible to receive from a firmware in the attached file firmware.elf for flashing cameras through a Windows program and the USB port? You do not tell me, is it possible to do this by simple methods?
I probably have more than other options is not left without the ability to log into Linux on the device...
I couldn't find it on the Internet.elf firmware under this processor.

 

[alastairstevenson]

whether it is possible to receive from a firmware in the attached file firmware.elf for flashing cameras through a Windows program and the USB port?

I'm not sure that I completely understand the question.
Are you looking for a search / update Windows-based tool for these cameras?
If so, try the attached, see if it does anything useful.

 

[maks1978]

No no no.
I have a full-time tool from Ambarella. It runs on Windows.
I can connect the camera to the USB port and this tool can see it.
But the trouble is that this tool requires firmware in format *.elf or *.bin. Others he does not accept.
I only have the firmware files *.FLS, which can be used to update via a web browser, but are not suitable for Ambarella.
In the attached file pictures and explanations.

 

[alastairstevenson]

But the trouble is that this tool requires firmware in format *.elf or *.bin. Others he does not accept.

OK, I understand.
I'm sorry, but I've never used the USB updater or .bin files for that firmware.

 

[maks1978]

I understand.
You do not know the methods that can convert the file file S2L33M_IMX322_W_7.1.3.2.FLS to file S2L33M_IMX322_W_7.1.3.2.bin or elf?
That no easy?
Or is it impossible, in principle?

 

[alastairstevenson]

Or is it impossible, in principle?

From just starting with the firmware update file, I'd guess it's not possible.

It's guesswork what the .bin file holds.
It may be a whole flash image, for example, in which case it would need data that does not exist in that firmware update file such as the bootloader, the kernel, ptb etc.
Or the .bin file may be something quite different.

I've not looked at the specific firmware you've quoted above, but as an example of what's likely to be in the .fls file see below which I used on a recent hack of some IMX307-based cameras :

#!/bin/sh
# This is a simple 'split out some of the components' script based on a manual inspection
# of the original 3516CV300_IMX307_BASE_W_8.1.30.4.FLS firmware.
# It looks like the firmware is organised as a simple manifest front section, giving name,
# location and size for each component.
# The driver behind extracting the components is to gain telnet access to a root shell
# by circumventing the Lucky787 TelnetSwitch password and then the telnet password.
#
# It looks like HeroSpeed have closed off the 'window of opportunity' where telnet was
# initially active on bootup until TelnetSwitch was activated, which had briefly  allowed
# telnet access to swap out TelnetSwitch and use a cracked telnet password.
#
#
dd if=orig_fw.FLS of=libHi3516CV300IspDev.so bs=1 skip=$((0x0C18)) count=$((0xD140))
dd if=orig_fw.FLS of=Device.ini bs=1 skip=$((0xdd58)) count=$((0x41))
dd if=orig_fw.FLS of=DeviceIdentify bs=1 skip=$((0xdd99)) count=$((0x8ec8))
dd if=orig_fw.FLS of=LongSeStart bs=1 skip=$((0x016c61)) count=$((0x06ec))
dd if=orig_fw.FLS of=sdcard_hotplug.sh bs=1 skip=$((0x01734d)) count=$((0x025e))
dd if=orig_fw.FLS of=startapp bs=1 skip=$((0x0175ab)) count=$((0x013a))
dd if=orig_fw.FLS of=passwd bs=1 skip=$((0x0176e5)) count=$((0x26))
dd if=orig_fw.FLS of=passwd- bs=1 skip=$((0x01770b)) count=$((0x26))
dd if=orig_fw.FLS of=Ver.ini bs=1 skip=$((0x017731)) count=$((0x2d))
dd if=orig_fw.FLS of=config.ini bs=1 skip=$((0x01775e)) count=$((0x0747))
dd if=orig_fw.FLS of=isp.ini bs=1 skip=$((0x017ea5)) count=$((0x87c6))
#
# This is actually the start of the app SQUASHFS partition.
dd if=orig_fw.FLS of=app.squashfs bs=1 skip=$((0x02066b))
# Which we can unpack into the default folder.
 unsquashfs app.squashfs
# End

 

[maks1978]

Thank you, alastairstevenson!
Now I learned many things. I realized that such firmware is only the device manufacturer and there are no easy ways to get them yourself.
Unfortunately, in this case, my idea fails and these cameras will probably go in the trash.

 

[alastairstevenson]

these cameras will probably go in the trash.

Or the RU equivalent of eBay.
I check eBay daily for 'spares and repairs' IP cameras and NVRs, hoping for something to explore.

 

[maks1978]

Shipment from Russia negates all the advantages of these parts

 

[Handler]

Hello!
Thank you very much for your answers. I have news on these cameras.
I was able to connect the USB port to the computer and he saw this camera (it is necessary to use a short and thick USB wire).
But now I have a problem-to use Ambausb program I have to specify the firmware in format.bin. I have pieces from mtdblock0-mtdblock6 working camera. How can I convert them to a file *.bin ?
I also have upgrade_hs.tar.gzip with working video camera.
How do I apply all this?

hi, i got xiaomi mijia xiaobai, and it is brick. I'm unsuccessful get the uart access.

Can you explain me the "(it is necessary to use a short and thick USB wire)" part?

I just only got amboot prompt but not able to type command into it.