New ip camera xiomi

[ster1um]

Hello, I see new camera mjsxj02hl with 170° fisheye. the wifi chip is Marvell 88W8977

Will it be possible to support it in the future?

[grifu]

The file that works for me can be found in this link. It was retrieved from this site. There is another file with the same firmware in the same site that does not work, you can find in this link. The working version 4.0.5_0105, provides two files (demo_hlc6_sign.bin and demo_hlc6.bin) and seems to be an update from the older version 4.0.5_0105 which provides just one file demo_hlc6.bin. However, this file does not work for me. The size of this older version (4.0.5_0105) is 12,1 Mbytes and the the newer version and signed version are 11,1 Mbytes. Why the differences in these files for the same version?

[tomaszduda23]

@grifu did you manage to run telnet or ftp?

[grifu]

No! The modified firmware does not work for me, only the signed firmware, even the version shared by Borewik . Do you have the same problem?

[tomaszduda23]

Yes. Signed firmware does not have run.sh

[borewik]

I made a mistake by not checking how this signed fw structure look like I just used same "packer.py" as for previous fws. Gotta run binwalk on that signed fw, and make changes to packer.py in line 16 "dic" put there correct addresses for partitions. Can do that correctly for you this time, if that info doesn't help you enough.

[tomaszduda23]

Modification is easy but I though that it will be rejected by bootloader due to incorrect signature. I have not verified it though. I will check. I will be surprised if it works.

$ hexdump demo_hlc6_sign.bin | tail 0a8d930 0000 0000 0000 6000 0000 0000 0000 bc00 0a8d940 0000 0000 0000 ed00 0fd8 0000 0000 0800 0a8d950 e880 0003 0000 0000 0f00 0fd9 0000 0000 0a8d960 0000 0000 0000 0000 0000 0000 0000 0000 * 0a8e040 0484 96c0 4570 a32d 7856 69c5 cab5 4f1a <--- it seems to be signature 0a8e050 8161 e90a c23b a26f 75bf 6054 035a e275 0a8e060 9546 9e74 984d ab04 9aad 3e28 7731 4ee9 0a8e070 6007 4d90 fa5e 5831 19be aa35 c776 0634 0a8e080

$ hexdump demo_hlc6.bin | tail 0a8d950 e880 0003 0000 0000 0f00 0fd9 0000 0000 0a8d960 0000 0000 0000 0000 0000 0000 0000 0000 0a8e040 0484 96c0 4570 a32d 7856 69c5 cab5 4f1a 0a8e050 8161 e90a c23b a26f 75bf 6054 035a e275 0a8e060 9546 9e74 984d ab04 9aad 3e28 7731 4ee9 0a8e070 6007 4d90 fa5e 5831 19be aa35 c776 0634 0a8e080 0000 0000 0000 0000 0000 0000 0000 0000 <--- unsigned version is padded with zeros 0b7f080

[grifu]

In did, there are differences in the unsigned version which is padded with zeros as tomaszduda explains. Is it possible to sign the firmware to trick the boot loader?

[rezmus]

it's possible to flash old bootloader which accepts unsiged firmware. here you can find all info and custom firmware with rtsp.

https://io-net.ru/proshivka-zagruzchika-ip-kamery-mjsxj02hl-s-pomoshhyu-usb/ https://io-net.ru/mjsxj02hl_firmware/

[grifu]

In did Rezmus, it is possible to flash the boot loader, but it requires opening the camera and soldering some wires which I would prefer to avoid. Is it possible to check which version of the boot loader is installed in our cameras?

[rezmus]

check links i gave. it's possible to flash bootloader with hitool without opening the camera.

[grifu]

Thx Rezmus, I didn't knew! it would be great to change the boot loader without messing with the hardware. I'll check the links.

[fboulange]

@rezmus thx for those links. I can't get pass the first step thought with Zadig software : any tips about the exact steps to do ? I mean do you have press reset on the camera in the same time as plug it and the keep the reset button press (to find HiUSBBurn device aka the camera) ? Cheers Fr3d

[karolzamosc]

check links i gave. it's possible to flash bootloader with hitool without opening the camera.

Using this RTSP modded firmware causes the camera stops working with Mi Home app?

[rezmus]

mijia cloud is stripped from custom firmware.

@fboulange i never did it myself (all my cams came with unlocked bootloader), but you should connect camera to usb with reset button pushed. then check device manager. new device should be detected and displayed. you have to select this device in zadig and install driver. you only have a few seconds before camera detects no update and reboots. it may need some practice and several tries.

btw: make sure to use full usb cable with data lines. stock one from camera won't work.

[john9393]

I have put this RTSP modded firmware but the RTSP ends up after little seconds. What 's could be wrong ?

[john9393]

Sorry for that,but I had found what as wrong : using NMAP for seeing if the rtsp's port was open causes the rtsp ends up.

[lphuctai]

@fboulange @ SIM0N-F https://dl.bintray.com/xiaomi/mjsxj02hl

Hi, i receive this link is not working anymore. "Forbidden!" How i can access it or could you reupload them to some where else, please.

Thank u so much!

[madagaga]

Hi, I successfully flashed mine. Here is what I did :

• Dowload and flash uboot unlocker : uboot
• Download and flash modified firmware : firmware

[piciuok]

I successfully flashed mine too!

great!

[grifu]

I was able to flash the firmware following madagaga links, first uboot and then the firmware. Unfortunately the MJSXJ02HL firmware 1.2.4 does not work with the Mi Home app. The LED changes to blue and I do not know what to do next. I believe that it is required a configuration file with the router access WPA2. Is it possible to change the firmware 1.2.4 to become compatible with the Mi Home app?

Let me share some installations issues until reaching the firmware upgrade using the sdcard.

1. You have to plug the camera with a data cable USB (the one that comes with the camera does not work)
2. It is a headache to upload the driver to the camera. First you have to open Zadig and choose the right driver then, connect the camera with the reset button. However, this does not worked for me because it was just a 2 seconds period. If you keep pressing the reset button the camera will reboot again and then you have more control of the time. It takes about 30 seconds to reboot, and when you press the install button, the driver will be uploaded after 5 seconds. You can press the install button on Zadig when the camera reboots. (it´s a matter of timing)
3. The HiTool presents the same challenge of Zadig. I was able to burn and upload the new boot with the same method. First press burn, then plug the camera with the reset and wait for the reboot. With a little bit of luck you when the Hitool starts to upload the boot is the 2 time seconds frame after the camera reboots.

[grifu]

@fboulange @ SIM0N-F https://dl.bintray.com/xiaomi/mjsxj02hl

Hi, i receive this link is not working anymore. "Forbidden!" How i can access it or could you reupload them to some where else, please.

Thank u so much!

You should use the russion thread, using the translated version the link does not work

[madagaga]

@grifu it won't work with mi home anymore. It enable rtsp and mqtt. Check the second link there is a how to.