DavidVentura
commented
3 weeks ago Not all are expected to work, but it seems unrelated to the MCU. Some firmware versions encrypt the payload with a sinmple scheme, but that's not implemented, as neither of my 5 cameras have that firmware version.
I've 5 of these. 4 A9s with Allwinner/Xradiotech XF16 and Taixin TXW817-810 and an X5 with TXW817-810.
The XF16 has an external 1mb SOIC8 flash chip, so here's the dump from that Flashrom_C74014.bin.zip
Some musings, including boot logs in https://www.elektroda.com/rtvforum/topic4074636.html and https://www.elektroda.com/rtvforum/topic4033757.html#21035231 where you'll also see I unsuccessfully tried to get to the internal flash on one of the cams using CH341A, After reading this though I know why that's not an option https://habr.com/ru/articles/810291/
Maybe I'll try the ST bluepill idea
I've yet to try cam-reverse. Is it expected to work for all MCU variants?
I was going to hook them all up to certmitm/mitmrouter and wireshark to see if anything new could be seen. let me know if any of this is of interest and if you want anything specific.
bootlog.txt - from green PCB TXW817