I've yet to try cam-reverse. Is it expected to work for all MCU variants?
I was going to hook them all up to certmitm/mitmrouter and wireshark to see if anything new could be seen. let me know if any of this is of interest and if you want anything specific.
Not all are expected to work, but it seems unrelated to the MCU. Some firmware versions encrypt the payload with a sinmple scheme, but that's not implemented, as neither of my 5 cameras have that firmware version.
I've 5 of these. 4 A9s with Allwinner/Xradiotech XF16 and Taixin TXW817-810 and an X5 with TXW817-810.
The XF16 has an external 1mb SOIC8 flash chip, so here's the dump from that Flashrom_C74014.bin.zip
Some musings, including boot logs in https://www.elektroda.com/rtvforum/topic4074636.html and https://www.elektroda.com/rtvforum/topic4033757.html#21035231 where you'll also see I unsuccessfully tried to get to the internal flash on one of the cams using CH341A, After reading this though I know why that's not an option https://habr.com/ru/articles/810291/
Maybe I'll try the ST bluepill idea
I've yet to try cam-reverse. Is it expected to work for all MCU variants?
I was going to hook them all up to certmitm/mitmrouter and wireshark to see if anything new could be seen. let me know if any of this is of interest and if you want anything specific.
bootlog.txt - from green PCB TXW817