-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firmware 5.2.1 OEM device MINI7S-A5MB_F37 REV 1_0 2021-06-11 #46
Comments
Cannot interrupt u-boot autoboot sequence, pressing any kay has no effect Tried to change load address to
|
When booting with the hack microSD card I see this output:
|
With a different brand microSD card:
|
Also sharing my device info:
|
Slightly different error after changing address in ppsMmcTool.txt:
|
Followed this manual to dump the flash: guino/BazzDoorbell#11
|
@tosiara were you able to get the device rooted ? if not, can you provide a copy of your flash -- it looks ok from the binwalk above (you can email me directly if you prefer -- my email is on my github profile)? I assume you were not able to get the /proc/cmdline changed even after using 82008000 as the address ? |
No, I was not able to root it, injection in cmdline does not appear |
By updating u-boot console variable to
Can't find a working password so far. Full boot log:
|
By setting
|
@tosiara that is pretty cool, you should be able to write any changes you made to your flash with the bootloader. The question I have for you is how you're modifying the bootloader settings right now ? are you using a flash programmer ? |
Yes, I'm able to do anything in u-boot. If you have an easy and fail-safe command to unlock root access - I will be happy to try. As for modifications - no, I'm not using a programmer. I'm adjusting |
@tosiara you can try adding a boot parameter to see if it works: |
I already tried that, but that did not work as there is still prompt to login:
|
I have finally got root on the serial console by patching the Now, when I'm looking back I see two issues with the original "hack":
Will try to clean up everything and re-test the original hack. |
You need to download busybox from the web link on my repo — it just won’t clone it correctly. it does seem like the sd card is mot mounted when initrun.sh is called. If there’s enough boot parameter space you could add a command to mount the sd card first. Does Telnet show a standard ‘linux’ OS ? |
Yep, looks like a regular linux:
|
@tosiara you made very good progress with this device. If the SD card isn't mounted when the initrun.sh is called, you could try a longer delay in the boot parameter (ip=60 instead of 30), that may be enough time to allow ppsapp to mount the SD card before the script runs. |
After going through once again I can confirm that the hack is not working. The previous Sorry for confusion. If you want me to test something else, I'd be glad to do that. |
The final report The only way to root the camera without soldering a serial console is to dump the flash using this instructions: #46 (comment)
This will:
Pack squashfs back:
Here Since all those steps may be destructive and may brick your device I will not provide the exact steps. Only providing this info for advanced user that would like to try and hack their camera |
Hey, I will start a thread here with all my findings about a similar device
MINI7S-A5MB_F37 REV 1_0 2021-06-11
UART boot log:
The text was updated successfully, but these errors were encountered: