Can't install CFW on Dafang 2017DP3894 on 5.5.1.353

[DanielePetrarolo]

Hello everyone

I really can't install the CFW on my dafang DF3 1080p. I tryed eveything. Downlaod cfw from 1.0 to 1.3, put on microsd, holdsetup button than powered and release at different times. I tried 2 different microsd from Lexar: one is 16GB the other is 8GB. Eveytime I try to flash the camera start spin in just 20seconds, and when I test the blue shining led, I don't get it. Also, passing the steps above give me no result. The camera use always the original firmware. On MiHome the camera is on firmware 5.5.1.353.

Can you give me some advice?

Maybe my DaFang is a new versione? I have bought it some weeks ago.

[DanielePetrarolo]

Someone can help me?

[jmtatsch]

Did you try with a 512 mb fat partition?

[DanielePetrarolo]

Yes. Nothing different. Why a small partition could be a solutions? I ask because I'm Noob, maybe I'm do something wrong.

Maybe the problem is the latest firmware 5.5.1.353?

[jmtatsch]

Are you on windows? No hidden files left on the SD?

[DanielePetrarolo]

Tried everything: from windows but also on Mac, using terminal to check if on the microSd thare are hidden files. Nothing. Only demo.bin present but can't install cfw. Really sad.

[DanielePetrarolo]

I add some info: trying to install demo.bin I turn on the camera (yellow light) with setup pressed, after 5 second the light become blue, i release button and after 5 second the light back to yellow. After 2 second it start rotating. Here I disconnect the camera and copy firmware_mod inside sd card. After this I'm stuck.

[jmtatsch]

That sounds like a normal startup. Are you pressing the setup button hard enough? Is it broken?

[DanielePetrarolo]

I think I press well. After this part I power off camera, Remove sd and restar camera: only a Yellow ligth appear, no blue. If a try to copy firmware_mod and mount sd, the stock firmware start, not the mod one.

Maybe 5.5.1.353 remove possibility to hack?

[jmtatsch]

Possible but unlikely. 5.5.1.327 is known to work and not that far away. Maybe try to downgrade your stock firmware to 5.5.1.200

[DanielePetrarolo]

How can I do a firmware downgrade? The are some instructions?

[jmtatsch]

Just use the original fw on git and follow the initial demo.bin procedure.

[DanielePetrarolo]

So I have to do the demo.bin procedure. Than poweroff, remove sd, copy firmware original on micro sd and restare with out setup pressed Buffon?

[DanielePetrarolo]

So I have to do the demo.bin procedure. Than poweroff, remove sd, copy firmware original on micro sd and restare with out setup pressed Buffon?

[jmtatsch]

You got it working now?

[DanielePetrarolo]

I junk i have close the issue for error. I will try this night. The procedure to downgrade the firmware is what I write up here?

[jmtatsch]

No. Take the stock fw, rename to demo.bin and flash exactly like the custom fw.

[DanielePetrarolo]

Insidie the original fw folder there are a kit of files: what i have to take to rename in demo.bin?

[DanielePetrarolo]

Someone can help me? Inside the 5.5.1.200 there are a lot of files. What should I take and rename to demo.bin to flash original fw? Thanks

[jmtatsch]

There are 2 firmwares already packed in a .bin. Take one of those.

[DanielePetrarolo]

I see more than 2 bin file here: https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks/tree/master/firmware_original/dafang/5.5.1.200 What should I Use? Sorry for nood question XD

Other things: after flash the original firmware in the MiHome app I have to check the fw version to check 5.5.1.200 right?

[jmtatsch]

Then take an earlier fw which is already packed.

[DanielePetrarolo]

Tried eveything. Nothing work. really sad,,, I think it's my hardware

[DanielePetrarolo]

Maybe is need a new version of cf for 5.5.1.353? cf-1.4.bin incoming?

[jmtatsch]

Nah, first you should solder a serial interface to your camera and collect a full bootlog.

[jplh42]

Having the exact same issue. I have been trying everything, every demo.bin. It's my 4th camera (I ordered this one recently, never had the issue before). Impossible to downgrade or to put a CFW. I will try to open it up and plug a serial to check what is happening.

[M203]

I have the exact same issue. FW is 5.5.1.353. Looking forward to your findings @jplh42

[DanielePetrarolo]

I think that 5.5.1.353 change the way that microsd bootloader load files/hack. I think We need a new cfw. But maybe I am wrong

[jplh42]

Hi everyone, sorry for the delay. I recently bought a new apartment and I was struggling trying to find my USB2UART :).

Here is the boot sequence. (Please, keep in mind that the camera and the speaker are unplugged) boot.txt I think we run in trouble here :

---

reading demo.bin
reading demo.bin
jiabo_au_check_cksum_valid!!!!!!!!!!!!!!!!!!!!!!!!
jiabo_idx=4
misc_init_r before change the blue_gpio
gpio_request lable = blue_gpio gpio = 39
misc_init_r after gpio_request the blue_gpio ret is 39
misc_init_r after change the blue_gpio ret is 0
jiabo_start=40000,jiabo_len=a90000
flash erase…
len plus offset more than flash size!
sfc erase error
SPI flash sector erase failed

---

If anybody needs me to run anything on console, test a firmware, ..., just contact me (even for live debugging/testing/... Just keep in mind I'm in the CEST timezone).

[DanielePetrarolo]

I’m a noob in this situation: what this means? Thank you for work!

[jplh42]

from what I understand, it means the .bin needs a diet :)

[DanielePetrarolo]

Nice! Hope mantainers could help us! :)

[M203]

@jplh42 Great work, youre analysis of the log seems to be right! Hope this will be able to be solved with a new .bin.

[jplh42]

I could probably fix the issue, but I would have to spend too much time (which I don't really have :(). Anyway, I did dump all /dev/mtd* on a working camera. I did a dd on the "new" release of the Dafang. IT worked like a charm. I only had to modify the MAC address in /params/config/.product_config (since I dumped EVERYTHING) to make it work normally on my network. If you have a USB2UART dongle, it really takes like 10-15 minutes to do the whole procedure. If I can spare some time, I will try my best to look deeper.

[DanielePetrarolo]

Wow! Can you so a simple tutorial about it?

[sanjeewasam]

need help. I had previous experience with Dafang and Xiofang hacking so I went ahead with the hack before checking if the unit actually work. I installed demo.bin on my new Dafang and flashing went same as before and then copied the hack. But It does not work like before and motor/lens get stuck and I hear this noise in the motor trying to rotate the base.

So I reloaded demo.bin from original firmware and flashed it. Flashed went ok but when I boot in the initialisation phase get stuck (motor goes on and does not stop and the lens move up and stays up -frozen). Even I disconnect and connect the power same. It remain in the same position and I get this motor working sound continuously.

So I am not sure if the issue caused by getting the hack installed or if it was a faulty unit. I cannot install the Mi App connection as the lens is stuck

Here is the video I made. Can someone comment if they have seen this issue before https://1drv.ms/v/s!Ap9mRNsGkIVH2Aj9xjHN1h45A3wK

[sanjeewasam]

my unit DF3-00432402

[DanielePetrarolo]

@sanjeewasam i think you have to open a new issue. This thread is talking about a different problem.

[DanielePetrarolo]

@jplh42 can you do a simple tutorial to install the cfw? Thanks a lot :)

[jplh42]

well, first of all, you need to disassemble your camera (only 2 screws) Then, you'll have access to the main board as seen here

Then, you need to open a serial console (minicom on Linux, iTerm on MacOS, if you are on windows, I would suggest to reinstall a real OS :)). The settings should be 115200,8,N,1. Then you'll be able to watch the boot sequence as I have shown last week.

When you have the prompt Ingenic-uc1_1 login: type root and the password is ismart12

Then you should unpack the latest .bin firmware and copy the files on your SD card as shown here

When this part is done, plug your SD card back on the camera and use dd to write directly to the NAND every part of the firmware manually. dd if=uboot.bin of=/dev/mtdblock0 dd if=kernel.bin of=/dev/mtdblock1 dd if=rootfs.bin of=/dev/mtdblock2 dd if=driver.bin of=/dev/mtdblock3 dd if=appfs.bin of=/dev/mtdblock4 dd if=backupk.bin of=/dev/mtdblock5 dd if=backupd.bin of=/dev/mtdblock6 dd if=backupa.bin of=/dev/mtdblock7 dd if=config.bin of=/dev/mtdblock8 dd if=para.bin of=/dev/mtdblock9 dd if=flag.bin of=/dev/mtdblock10

Hope this will help some of you. In any case, if you don't understand what you are doing or if you are not sure, please : DON'T DO ANYTHING and wait for the next release, it probably will take care of the actual issue.

Cheers !

[TimvdEijnden]

@jplh42 Opening up the camera is easy but how do you get physical access to the RX, TX & GND ? Because I'm unable to take out the board out of the camera. And I do not want to break the case.

@jmtatsch Would this also be possible with a new .bin file using an micro SD card only in the future?

[jplh42]

well, everything should be easy to "slide" out when you remove the back panel. I didn't force anything, just removed the flat cables properly. Hope this helps.

[corvy]

Great work! Do you have usb cable to connect or do you need a classic serial port? Is there a cable diagram for the connection to the mainboard?

[jplh42]

This is what I use to connect to the serial. You only need TX, RX and GND, as long as the camera is plugged and powered on.

[corvy]

Thanks! I will get myself one of those right away :) Cheers!

[masgar]

Hi, same issue here. I tried the jplh42 way but I'm stuck at unpacking firmware. unpacking.py returns this error (tried with python 2.7 and 3.7)

mbp:firmware max$ python unpacker.py cfw-1.3.bin Traceback (most recent call last): File "unpacker.py", line 26, in cli() File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/click/core.py", line 722, in call return self.main(args, kwargs) File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/click/core.py", line 697, in main rv = self.invoke(ctx) File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/click/core.py", line 895, in invoke return ctx.invoke(self.callback, ctx.params) File "/opt/local/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/click/core.py", line 535, in invoke return callback(args, **kwargs) File "unpacker.py", line 21, in cli f = open(filename, "wb") IOError: [Errno 2] No such file or directory: 'flash/kernel.bin'

Any help appreciated. Max

[jplh42]

Hi, I will try my best to find some time this week to give you a way around it. I just need to look into it.

[DanielePetrarolo]

Some news guys? Is there any chance to get a new demo.bin file that can execute on our dafang 5.5.1.353?

[sanjeewasam]

I suggest using demo_5.5.1.194.bin in the firmware_original folder and downgrade your firmware and then use the demo file you download to install boot loader for the hack. I have done and have never broke my camera so give it a go.

[sanjeewasam]

I have done downgrade in Xiofang and Dafang as the demo.bin to install hack firmware boot loader did not work direct. I have messed up several times but you could try again it it does not work.

[M203]

Did you do this on 353 FW? Cause I have tried this as you have explained and it does not work to downgrade from 353 as far as I have tested. Anyone have any luck downfrading from 353?