Watchdata EMV chips in R6, G0 and other cameras

JAFO said:
Please inform u-boot version, there may be a way...
Click to expand...
Here is some camera info :
Code: 
U-Boot 2010.06-128034 (May 14 2015 - 19:28:38)

NAND:  128 MiB
Hit Ctrl+u to stop autoboot:  0
HKVS # help
?       - alias for 'help'
base    - print or set address offset
bootm   - boot application image from memory
bootp   - boot image via network using BOOTP/TFTP protocol
bootss  - boot from snapshot image
cmp     - memory compare
cp      - memory copy
crc32   - checksum calculation
ddr     - ddr training function
format  - format flash except bootloader area
getinfo - print hardware information
go      - start application at address 'addr'
help    - print command description/usage
loadb   - load binary file over serial line (kermit mode)
loadk   - load kernel to DRAM
loady   - load binary file over serial line (ymodem mode)
loop    - infinite loop on address range
md      - memory display
mii     - MII utility commands
mm      - memory modify (auto-incrementing address)
mtest   - simple RAM read/write test
mw      - memory write (fill)
nboot   - boot from NAND device
nm      - memory modify (constant address)
ping    - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
rarpboot- boot image via network using RARP/TFTP protocol
reset   - Perform RESET of the CPU
saveenv - save environment variables to persistent storage
setenv  - set environment variables
tftp    - tftp  - download or upload image via network using TFTP protocol
upbs    - update bootloader over serial line
update  - update digicap.dav
updateb - update bootloader
upf     - update firmware, format and update (factory use)
version - print monitor version
HKVS #



======================================================================


#
#
# [dsp]hikdsp still alive!!!!!!!!! runCnt=10

# prtHardInfo
Start at 2017-05-26 09:20:31
Serial NO :DS-2CD3335D-I20150619AACH524222564
V5.3.3 build 150514
NetProcess Version: 1.4.0 [20:10:37-Mar 10 2015]
Db Encrypt Version: 65537
hardwareVersion = 0x0
hardWareExtVersion      = 0x0
encodeChans             = 1
decodeChans             = 1
alarmInNums             = 0
alarmOutNums            = 0
ataCtrlNums             = 0
flashChipNums           = 0
ramSize                 = 0x100
networksNums            = 1
language                        = 2
devType                 = 0x22501
net reboot count        = 0
Path: .
Working Copy Root Path:

/usr/local/jenkins/workspace/Frontend_BaseLine_Publish_Build/2015-05-14_21-49-31
URL:

https://192.0.0.140/Camera/Platform/Branches/branches_frontend_software_platform/IPC_d

evelop_branch/ipc_G0_simple
Repository Root: https://192.0.0.140/Camera
Repository UUID: df2d70c3-7593-7941-af1e-571b313c0946
Revision: 128074
Node Kind: directory
Schedule: normal
Last Changed Author: liwenwei
Last Changed Rev: 128074
Last Changed Date: 2015-05-14 21:47:31 +0800 (Thu, 14 May 2015)

#
 
This version is new to me.
For version:
U-Boot 2010.06-209953 (Jul 29 2016 - 10:09:34) I can give help how to skip some fw checks when updating.
But to this version I need to peek it so I need copy of mtd0.

Cold you try this plain std u-boot, just put it to to tftp server and type go. (with dot).
If working, let me know...
 
JAFO said:
Cold you try this plain std u-boot, just put it to to tftp server and type go. (with dot).
If working, let me know...
Click to expand...
Interesting - well, it doesn't just crash like other sec.bin I have tried.
Where to go from here?

Code: 
▒


U-Boot 2010.06-128034 (May 14 2015 - 19:28:38)

NAND:  128 MiB
Hit Ctrl+u to stop autoboot:  0
HKVS # printenv
bootcmd=loadk;bootm
bootdelay=3
baudrate=115200
bootfile="uImage"
init=/bin/sh
filesize=300000
fileaddr=80007FC0
netmask=255.255.255.0
ipaddr=192.168.1.65
bootargs=console=ttyAMA0,115200 init=/bin/sh rootfs=0x82000000 rootfstype=initrd
serverip=192.168.1.99
stdin=serial
stdout=serial
stderr=serial
verify=n
ethaddr=c4:2f:90:44:2a:c6
mdio_intf=mii
phy_addr=3
ver=U-Boot 2010.06-128034 (May 14 2015 - 19:28:38)

Environment size: 410/262140 bytes
HKVS # go.
ETH0: PHY(phyaddr=3, mii) link UP: DUPLEX=FULL : SPEED=100M
MAC:   C4-2F-90-44-2A-C6
TFTP from server 192.168.1.99; our IP address is 192.168.1.65
Download Filename 'sec.bin'.
Download to address: 0x81fffed8
Downloading: #################################################
done
Bytes transferred = 333192 (51588 hex)


U-Boot 2010.06 (Apr 19 2017 - 17:20:48)
OpenRD_base

NAND:  Check nand flash controller v610. found
Special NAND id table Version 1.36
Nand ID: 0x98 0xF1 0x80 0x15 0xF2 0x16 0x08 0x00
Block:128KB Page:2KB Chip:128MB*1 OOB:64B ECC:4bit/512
128 MiB
*** Warning - bad CRC or NAND, using default environment

In:    serial
Out:   serial
Err:   serial
Net:   No ethernet found.
Hit any key to stop autoboot:  0
Wrong Image Format for bootm command
ERROR: can't get kernel image!
PTSD# help
?       - alias for 'help'
base    - print or set address offset
bootm   - boot application image from memory
bootp   - boot image via network using BOOTP/TFTP protocol
bootss  - boot from snapshot image
chpart  - change active partition
cmp     - memory compare
cp      - memory copy
crc32   - checksum calculation
ddr     - ddr training function
fatinfo - print information about filesystem
fatload - load binary file from a dos filesystem
fatls   - list files in a directory (default /)
getinfo - print hardware information
go      - start application at address 'addr'
help    - print command description/usage
loadb   - load binary file over serial line (kermit mode)
loady   - load binary file over serial line (ymodem mode)
loop    - infinite loop on address range
md      - memory display
md5sum  - compute MD5 message digest
mii     - MII utility commands
mm      - memory modify (auto-incrementing address)
mtdparts- define flash/nand partitions
mtest   - simple RAM read/write test
mw      - memory write (fill)
nand    - NAND sub-system
nboot   - boot from NAND device
nm      - memory modify (constant address)
ping    - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
rarpboot- boot image via network using RARP/TFTP protocol
reset   - Perform RESET of the CPU
saveenv - save environment variables to persistent storage
setenv  - set environment variables
tftp    - tftp  - download or upload image via network using TFTP protocol
usb     - USB sub-system
usbboot - boot from USB device
version - print monitor version
ydump   - YAFFS device struct
yls     - yaffs ls
ymkdir  - YAFFS mkdir
ymount  - mount yaffs
ymv     - YAFFS mv
yrd     - read file from yaffs
yrdm    - read file to memory from yaffs
yrm     - YAFFS rm
yrmdir  - YAFFS rmdir
yumount - unmount yaffs
ywr     - write file to yaffs
ywrm    - write file from memory to yaffs
PTSD# getinfo
getinfo - print hardware information

PTSD# nand
nand - NAND sub-system

PTSD# nand -h
nand - NAND sub-system

PTSD# version

U-Boot 2010.06 (Apr 19 2017 - 17:20:48)
OpenRD_base
PTSD# mtdparts -h
Check nand flash controller v610. found
Nand ID: 0x98 0xF1 0x80 0x15 0xF2 0x16 0x08 0x00
Block:128KB Page:2KB Chip:128MB*1 OOB:64B ECC:4bit/512
128 MiB
mtdparts variable not set, see 'help mtdparts'
mtdparts - define flash/nand partitions

PTSD#
 
hmm... ethernet not ok...

What is shown if you type (orig u-boot):
md 0x8094c1b8 100

Could you inform what you get when you type in psh
dmesg
(if you have serial cable connected)
 
Last edited:
JAFO said:
hmm... ethernet not ok...
Click to expand...
But link detect is on at the switch.
Code: 
U-Boot 2010.06-128034 (May 14 2015 - 19:28:38)

NAND:  128 MiB
Hit Ctrl+u to stop autoboot:  0
HKVS # go.
ETH0: PHY(phyaddr=3, mii) link UP: DUPLEX=FULL : SPEED=100M
MAC:   C4-2F-90-44-2A-C6
TFTP from server 192.168.1.99; our IP address is 192.168.1.65
Download Filename 'sec.bin'.
Download to address: 0x81fffed8
Downloading: #################################################
done
Bytes transferred = 333192 (51588 hex)


U-Boot 2010.06 (Apr 19 2017 - 17:20:48)
OpenRD_base

NAND:  Check nand flash controller v610. found
Special NAND id table Version 1.36
Nand ID: 0x98 0xF1 0x80 0x15 0xF2 0x16 0x08 0x00
Block:128KB Page:2KB Chip:128MB*1 OOB:64B ECC:4bit/512
128 MiB
*** Warning - bad CRC or NAND, using default environment

In:    serial
Out:   serial
Err:   serial
Net:   No ethernet found.
Hit any key to stop autoboot:  0
Wrong Image Format for bootm command
ERROR: can't get kernel image!
PTSD#
PTSD# md 0x8094c1b8 100
8094c1b8: 00000002 00000002 00000001 59560002    ..............VY
8094c1c8: 454d434b 00000000 00000000 00010001    KCME............
8094c1d8: 00000001 902fc400 00c62a44 00000000    ....../.D*......
8094c1e8: 31303200 31363035 34323539 35323232    .201506195242225
8094c1f8: 01003436 00000101 00000100 00200000    64............ .
8094c208: 00000101 00012501 00000000 00000000    .....%..........
8094c218: 00000000 00000000 00000000 00000000    ................
8094c228: 322d5344 33334443 2d443533 00000049    DS-2CD3335D-I...
8094c238: 00000000 00000000 00000000 00000000    ................
8094c248: 00000000 00000000 00000000 00000000    ................
8094c258: 00000000 00000000 00000000 00000000    ................
8094c268: 00000000 00000000 00000000 00000000    ................
8094c278: 00000000 00000000 00000000 00000000    ................
8094c288: 00000000 00000000 00000000 00000000    ................
8094c298: 00000000 00000000 00000000 00000000    ................
8094c2a8: 000007df 00000006 00000013 0000000b    ................
8094c2b8: 00000037 00000010 00000006 012b35ba    7............5+.
8094c2c8: 2db83cef eae7a237 c0dfca03 838779da    .<.-7........y..
8094c2d8: 09723bf1 10d803bd 6481bde2 9b6ad74b    .;r........dK.j.
8094c2e8: c0988d37 58ec87b9 dd172dbd 444dc720    7......X.-.. .MD
8094c2f8: c9b2deed 96d2a847 21d851c7 e7353c95    ....G....Q.!.<5.
8094c308: 430a717c 48cfe3e4 7fe0a4fe c61671b0    |q.C...H.....q..
8094c318: 1138c0df 52b73f2f 2e110667 db8dfc38    ..8./?.Rg...8...
8094c328: eda2228f 2da6d965 5e4e3e03 15426fec    ."..e..-.>N^.oB.
8094c338: 84a8e916 49c5cbc8 487b25d6 6cd75e94    .......I.%{H.^.l
8094c348: 8fb166f9 1d3a1fa3 1d788ee9 dbf15cf1    .f....:...x..\..
8094c358: bb22f2bf 1822e934 1232503e 4533fccb    ..".4.".>P2...3E
8094c368: c358dde4 b7a744c3 58813ddb af43d8e3    ..X..D...=.X..C.
8094c378: 55bf83f1 61ea4390 245428bb 01c07efb    ...U.C.a.(T$.~..
8094c388: 2ab62b6b 9a10f6e6 b08ae4e8 335686d5    k+.*..........V3
8094c398: 7862717a 33353164 28054f6d 3aa07e3e    zqbxd153mO.(>~.:
8094c3a8: e59f0140 eb00006c e3a09030 e1550006    @...l...0.....U.
8094c3b8: 0a000006 e5d53001 e59f012c e3530000    .....0..,.....S.
8094c3c8: 05c59001 e5f51001 eb000063 eafffff6    ........c.......
8094c3d8: e59f0118 eb000060 eb0008d1 e3500000    ....`.........P.
8094c3e8: aa000002 e59f0108 eb00005b ea000008    ........[.......
8094c3f8: e1a00004 eb000871 e3500000 aa000008    ....q.....P.....
8094c408: e59f00f0 eb000054 eb00004d e3500000    ....T...M.....P.
8094c418: 0afffffc e3e0347e e3e00000 e503012f    ....~4....../...
8094c428: ea000025 e59f00d0 e3a06e7d eb00004a    %.......}n..J...
8094c438: e3a00ffa eb000052 e2566001 1afffffb    ....R....`V.....
8094c448: e3e0347e e503612f e5943100 e58d3020    ~4../a...1.. 0..
8094c458: e5943104 e58d301c e5943108 e58d3018    .1...0...1...0..
8094c468: e594310c e58d3014 e5943110 e58d3010    .1...0...1...0..
8094c478: e5943114 e58d300c e5943118 e58d3024    .1...0...1..$0..
8094c488: e597300c e3530000 0a000006 e5933008    .0....S......0..
8094c498: e12fff33 e59f302c e28d000c e593300c    3./.,0.......0..
8094c4a8: e5933004 e12fff33 e1a00004 eb000032    .0..3./.....2...
8094c4b8: e59f0048 eb000028 e3a00000 e28dde13    H...(...........
8094c4c8: e8bd82f0 200f0000 8200e620 20210000    .......  .....!
8094c4d8: 82005a45 8200f24c 82005a66 82005a94    EZ..L...fZ...Z..
8094c4e8: 82005a40 81fffed8 82005a9b 82005ab0    @Z.......Z...Z..
8094c4f8: 82005c09 82005ab3 82005ae5 82005b25    .\...Z...Z..%[..
8094c508: 82005b57 e59f3020 e3a02001 e59f101c    W[.. 0... ......
8094c518: e5933000 e5911000 e2830002 e1a03312    .0...........3..
8094c528: e1a00012 e7803001 e12fff1e 8200e620    .....0..../. ...
8094c538: 8200e628 e598c01c e59cf000 e598c01c    (...............
8094c548: e59cf004 e598c01c e59cf008 e598c01c    ................
8094c558: e59cf00c e598c01c e59cf010 e598c01c    ................
8094c568: e59cf014 e598c01c e59cf018 e598c01c    ................
8094c578: e59cf01c e598c01c e59cf020 e598c01c    ........ .......
8094c588: e59cf024 e598c01c e59cf028 e598c01c    $.......(.......
8094c598: e59cf02c e598c01c e59cf030 e598c01c    ,.......0.......
8094c5a8: e59cf034 e598c01c e59cf038 e598c01c    4.......8.......
PTSD# ping 192.168.1.99
No ethernet found.
ping failed; host 192.168.1.99 is not alive
PTSD#
 
I'm sorry if I hijacked this thread..still g0 re working

Is there any supportType opt inside bootparams?
g0 davinci is checking this inside get_software_capability, 1 is ch, 2 is en.
Have someone seen some xml file inside g0 cam-> device_capa_xml ?
Maybe info is laying somewhere in a bitspace...
 
Hi all
Is anybody who can help me...
I have camera on platform G0 DS-2CD2035-I. I buy it with multilanguage firmware 5.3.6
By my test i updated it to new 5.5.53 CN and now i have only China language.
Is any chance to change this firware and language to english ?
When i write by USB Serial TTL this file sec.bin it can help me ? I want alos change region from CH to WR in serial number... When i try write english firmware i get error... and can not.
Please help me...
 
Hello
Is anybody who can share good working sec.bin file with platform G0 ? I test file from @JAFO and @Speed666 and on all not working network connection. I can not send any file by TFTP... I need this file because i have brick my camera DS-2CD2035-I with china firmware and i want convert it to working english version....
Please....
I write to user @Speed666 but he tell me that dont have a time... maybe anybody has good file ? Please
 
@rearanger and @alastairstevenson - do either of you have a recommended smart card reader I can use with a standard SOIC-8 clip to hook into these? Or am I going to be bodging wires around again? And I suppose of course the software package since the dumper isn't going to work.
 
I've not used a smart card reader with these devices. Much of what is stored is available via the prtHardInfo command in psh.
And attempts to write could trigger the self-erase protection.
 
  • Like
Reactions: Purduephotog
You must log in or register to reply here.
Top Bottom