Headrush Core ssh help.

[tertiumndatur]

Hey, guys. I want to enable ssh on my Headrush Core. I have done root on Headrush Gigboard using uboot bootargs and single user mod, but it doesn't seem to have any effect on Headrush Core as the UART doesn't want to stop booting cause inMusic patched u-boot and changed input to gpio-keys.

U-Boot 2023.04-inmusic-20230616 (Jun 16 2023 - 13:46:24 +0100)

Model: Headrush Core
DRAM:  2 GiB
Core:  237 devices, 29 uclasses, devicetree: separate
MMC:   mmc@ff0d0000: 2, mmc@ff0f0000: 0 (eMMC)
Loading Environment from nowhere... OK
In:    gpio-keys
Out:   serial
Err:   serial

The only option left is to modify rootfs just like it is done on MPC.

I have compared the update programs from MPC and Headrush and they seem to be the same. The only difference is in the Update.img files. They have different headers to match their device.

https://www.headrushfx.com/products/core/index.html Maybe someone could take a look at the headrush image and post their thoughts on it.

[tertiumndatur]

Fastboot works fine and I was able to re-flash rootfs, but there is a problem. it looks like they did a kernel level hash check. Kernel command line: root=/dev/dm-0 rootwait ro rfkill.default_state=0 dm-verity.dev_wait=1 dm-mod.create="rootfs,,,ro,0 716800 verity 1 /dev/mmcblk0p10 /dev/mmcblk0p10 1024 1024 358400 358401 sha256 df3d06dd5839912a49d222cc8137cee3856d27b59293360383516edaba58e1a6 a20e4b231bbb4536093c57f666e2c559a0371b8fb362d4f4a70a17dfb3940d3d" systemd.getty_auto=no

which is why we get a kernel panic on any modified rootfs:

device-mapper: verity: sha256 using implementation "sha256-generic"
device-mapper: ioctl: dm-0 (rootfs) is ready
device-mapper: verity: 179:10: metadata block 358401 is corrupted
device-mapper: verity: verification failure occurred: integrity failure
EXT4-fs (dm-0): unable to read superblock
VFS: Cannot open root device "dm-0" or unknown-block(254,0): error -5
Please append a correct "root=" boot option; here are the available partitions:

is there any way we can change the bootargs?

[ounsatn]

Hello, you can make your img with tkg tool which is very great for this :

https://github.com/TheKikGen/MPC-LiveXplore/blob/master/imgmaker/mpcimg , you can add/change your headersbetween lines 150 to 160 in the code of the tool.

for UBoot you can change var with setenv (be careful ) http://ebook.pldworld.com/_semiconductors/Atmel/AT91%20CDROM/Pages/Software/Software_ARM9/LINUX/uboot.html

good luck,

[ClaudioCas]

I was trying to figure out something about Headrush pedalboard upgrades and ended up here (I own a Pedalboard and a Gigboard). Can you briefly explain to me what is possible to achieve on a Headrush? What are the advantages of enabling ssh for example? Is it possible to modify the behavior of the internal software (for example add midi bindings or enable VncServer also for Headrush like MPC?) Are there tools similar to this one that are also compatible with Headrush pedalboards? (which are internally similar to these MPCs) Thanks for your information.

[tertiumndatur]

I was trying to figure out something about Headrush pedalboard upgrades and ended up here (I own a Pedalboard and a Gigboard). Can you briefly explain to me what is possible to achieve on a Headrush? What are the advantages of enabling ssh for example? Is it possible to modify the behavior of the internal software (for example add midi bindings or enable VncServer also for Headrush like MPC?) Are there tools similar to this one that are also compatible with Headrush pedalboards? (which are internally similar to these MPCs) Thanks for your information.

Hi, all of these things can be done. Rootfs Headrush Gigboard / Pedalboard is not much different from MPC, the only problem is the motherboard of Gigboard / Pedalboard which don't have Wifi / BT module and ethernet.

You can customize pedalboards without any problems, like MIDI Assignments inside them. For example you can put software on a Gigboard from Pedalboard and with a midi controller get 16 instead of 8 scenes and much more. As for VNC, ssh is possible, but via USB port, you need to raise the network.

Anyway, all of it is possible, including running software from Prime, Core, Looperboard since the processor is still the same. We can also run software from MPC on Headrush and vice versa. But if you use software from Prime, Core you get terrible sound, because you have to reassign audio ports, to be honest I haven't figured it out yet, but if buy a rear part with ports from Core or Prime and plug it in it will work without problems.

I sold my Headrush Core because it didn’t make sense to keep it, and I couldn’t update its rootfs and get SSH access. The problem was that to do this, I needed to reflash the uboot to be able to interrupt the boot process through the serial port. I decided not to do this and got rid of it.

Right now, I only have the Gigboard with broken USB port, which I tinker with from time to time via UART. I also have some ideas on how to modify it internally. There is an additional USB HOST inside, which is used to connect buttons and LEDs. I want to connect a USB HUB to it, and then connect the buttons and LEDs to the HUB, along with a small Wi-Fi adapter. This way, I might be able to set up a network.

[ClaudioCas]

Thank you for your kind response.

I have quickly analyzed the update code and in my case there is a mapping file of the midi commands accessible so that it is possible to "extend" the midi capability by simply modifying a data file (?).

Is there a community that has created custom firmware for Pedalboard and Gigboard options?

[tertiumndatur]

Yes, MIDI can be expanded simply by changing the M-Audio_Internal_Assignments.qml file you can also change the behavior of footswitch buttons, LEDs, LEDs text, encoders by changing the corresponding file.

Here is an example of changing 1 encoder Up/Down in Pedalboard software via MIDI:

ValueCCAssignment { cc: 106
        channel: assignment.channel
        output: IncDecValueOutput {
            changeAmount: 0.01
            increaseValue: true
            target: PropertyTarget { path: "/Engine/RedirCtrl/Encoder1" }
            autoRepeat: true
            roundRobin: false
            autoRepeatWaitTimeInMS: 50
        }
    }
    ValueCCAssignment { cc: 110
        channel: assignment.channel
        output: IncDecValueOutput {
            changeAmount: 0.01
            increaseValue: false
            target: PropertyTarget { path: "/Engine/RedirCtrl/Encoder1" }
            autoRepeat: true
            roundRobin: false
            autoRepeatWaitTimeInMS: 50
        }
    }

I also pulled out all possible "PropertyTarget" using Ghidra.

There is no such community, but I think I'm not the only one.

[ounsatn]

Hello,

you have a lot of code example in denon prime firmware, In assignments files under /usr/Engine/AssignmentFiles/PresetAssignmentFiles/ , and in the binary itself . Open Engine binary with 7zip, extract .rodata and you'll see qml code with sometimes examples and nice description on how it works, maybe its the same with Evil binary ( Headrush) On my side i have remapped my Akai force to be a Prime 2 , i use in addition an Akai AFX controller to control prime2, and i've done another assignment file. On prime you have a assignment file to define functions and mapping and another on which you can define custom midi messages. The 2 files are linked, and in the assignments you can call function which are in the device file,

I've done an hidden wiki with some details , it's still in progress : wiki

And to edit files i recommend using QT creator from QT , which is very usefull to check & manipulate qml files.

Have fun ;)

[tertiumndatur]

Hello,

you have a lot of code example in denon prime firmware, In assignments files under /usr/Engine/AssignmentFiles/PresetAssignmentFiles/ , and in the binary itself . Open Engine binary with 7zip, extract .rodata and you'll see qml code with sometimes examples and nice description on how it works, maybe its the same with Evil binary ( Headrush) On my side i have remapped my Akai force to be a Prime 2 , i use in addition an Akai AFX controller to control prime2, and i've done another assignment file. On prime you have a assignment file to define functions and mapping and another on which you can define custom midi messages. The 2 files are linked, and in the assignments you can call function which are in the device file,

I've done an hidden wiki with some details , it's still in progress : wiki

And to edit files i recommend using QT creator from QT , which is very usefull to check & manipulate qml files.

Have fun ;)

Interesting. Is it possible to use assignment files to change UI behavior?

[tertiumndatur]

Confirmed everything is just as I thought. I disconnected the USBHOST (buttons of the footswitch) and connected a simple Type A connector and connected a usb hub to it, then connected a load of all sorts of crap and watched the lsusb output. As bad or good as it sounds it works. I put dropbear SSH as well as sftp-server in there (now I can transfer files at 1 MB per second, that's really a lot after the serial port) and also took the vnc framebuffer binary and it worked. VNC works, the only thing is that the Evil program itself doesn't want to run without the footswitch buttons, but I'll solve that when I get the JST PH connectors.

[ClaudioCas]

There is no such community, but I think I'm not the only one.

Thanks a lot. It's all really interesting, but confusing to me. What are the first steps to take to access the headrush system? Via serial connecting the 3 pins directly to the rk motherboard? Is there any tutorial for dummies? ;)

[tertiumndatur]

There is no such community, but I think I'm not the only one. Thanks a lot. It's all really interesting, but confusing to me. What are the first steps to take to access the headrush system? Via serial connecting the 3 pins directly to the rk motherboard? Is there any tutorial for dummies? ;)

You can use a UART-USB: https://www.amazon.com/Serial-Adapter-Signal-Prolific-Windows/dp/B07R8BQYW1/ Photo how to connect (Do not connect the red wire because it is an additional power supply, it is not required.)

I'm using c-kermit:

set line /dev/tty.usbserial-1240
set speed 115200
set carrier-watch off
set handshake none
set flow-control none
connect

In start of boot process you can press Enter and interrupt the boot: printenv bootargs you will see something like: bootargs=root=PARTUUID=24d1deac-3434-1a4e-98d1-68ee2945a5f1 rootwait ro console=ttyS2,115200 rfkill.default_state=0

change bootargs to single user mode and boot, after change root password:

setenv bootargs 'root=PARTUUID=24d1deac-3434-1a4e-98d1-68ee2945a5f1 rootwait ro console=ttyS2,115200 rfkill.default_state=0 single init=/bin/sh'
boot
mount -rw -o remount /
passwd root

[ClaudioCas]

Thanks a lot. These are things I'm not very familiar with, but as soon as I have some time I'll try. How risky are these stocks? In case of "brick" it is always possible to reinstall the original fw from recovery mode (therefore safe?)

[tertiumndatur]

The main thing is not to do anything in uBoot if you don't understand it. In our case we change bootargs on preboot, setenv only sets env arguments for current boot and after reboot they are reset. That's enough to get root access and change root password.

The firmware of Gigboard / Pedalboard reflashes rootfs, i.e. returns the file system to the stock state. (i.e. overwrite all changes in file system to stock).

It should be safe, but everyone does these actions at their own risk. Anyway you will have access to uBoot in case of anything you can reflash directly from it.

[quiknick]

I have been unable to get HeadRush Prime to go into uboot. There is no ability to stop the boot process. It goes all the way into OS just as you stated they changed to gpio-keys. SSH is on by default, but rsa key is used. Not much can be done without getting some kind of system level access, or patch rootfs/kernel. Can you explain how you did it tertiumndatur?

[tertiumndatur]

I managed to overwrite rootfs with fastboot, but I didn't reflash uboot with it because I was afraid of getting a brick. Anyway before you do that you need to save the uboot env.

I also encountered a problem with gpiokeys, but somewhere I saw a picture of an MPC board where they soldered a wire to make the input work. You can try googling it.

The firmware file of the older boards is different from Prime/Core, they started signing their firmware.

Anyway, I sold Headrush Core, and use Headrush Gigboard with Mod Audio (https://github.com/mod-audio) lv2 plugins, which allows me to run Neural Amp Modeler and more.

[ounsatn]

hello can you provide a photo of the serial debug port to see how you've connected it ? thanx

[ClaudioCas]

Anyway, I sold Headrush Core, and use Headrush Gigboard with Mod Audio (https://github.com/mod-audio) lv2 plugins, which allows me to run Neural Amp Modeler and more.

Did you remove the headrush program and replace it with ModAudio? A bit like a big ModDwarf?

I saw that a new Headrush Flex Prime has come out. At first glance it looks identical to the Headrush mx5... could it be that they are the same machine with different software? Headrush Pedalboard and Prime beyond the different inputs, do they have the same motherboard and the same processing power or is the Prime better as Hardware?

[tertiumndatur]

Did you remove the headrush program and replace it with ModAudio? A bit like a big ModDwarf?

No. I can use standard software from Headrush Gigboard and software from Core or Prime. I can also use Mod-audio software and basically make a big Mod-Dwarf. I just made a script that listens to the buttons on initialization that allows me to choose which software I want to use. I can also run a small browser (but it uses a lot of resources) to control Mod-Audio directly from the Gigboard using touchscreen.

I saw that a new Headrush Flex Prime has come out. At first glance it looks identical to the Headrush mx5... could it be that they are the same machine with different software?

It's the same machine with different software.

Headrush Pedalboard and Prime beyond the different inputs, do they have the same motherboard and the same processing power or is the Prime better as Hardware?

They are completely identical in hardware (using Rockchip SoC RK3288) except that the Gigboard / Pedalboard / MX5 doesn't have Wifi, Bluetooth modules on the motherboard. Seems like the only difference between Prime / Core etc is that they have 2gb RAM, while Gigboard / Pedalboard only have 1gb, but even 1gb is enough to work with. About the inputs, as I understand they are STM32-based is connected via I2C bus, but it could also be via USB, I haven't checked that yet.

[ClaudioCas]

Really congratulations on the work you've done! It must be a great satisfaction to be able to master the Headrush hardware so well. Since the hardware is identical, this makes it clear how everything is a question of marketing, instead of releasing an update for the old ones they prefer to resell hardware (at a higher price, by the way).

It's the same machine with different software.

So theoretically (wifi aside) it could be possible to modify an mx5 to Flex. Could the wifi module be added (even internally on a direct usb of the board?) or is it integrated on the motherboard?

[tertiumndatur]

Really congratulations on the work you've done! It must be a great satisfaction to be able to master the Headrush hardware so well. Since the hardware is identical, this makes it clear how everything is a question of marketing, instead of releasing an update for the old ones they prefer to resell hardware (at a higher price, by the way).

Ah, totally forgot Core / Prime have 2GB of memory and Pedalboard / Gigboard only have 1GB. But I don't think it was necessary :)

So theoretically (wifi aside) it could be possible to modify an mx5 to Flex.

You can, but the main thing is that the ports match. I.e. the whole problem is that the ports may not be compatible. For example, in Core software on Headrush Gigboard, the guitar works only through FX RETURN port and the sound is actually more muffled than in normal software. I've already downloaded his firmware and will test his software and come back with an answer :)))

Could the wifi module be added (even internally on a direct usb of the board?) or is it integrated on the motherboard?

I'm still going to do it, haven't checked it yet, I'll have to build drivers for it.

[tertiumndatur]

Really congratulations on the work you've done! It must be a great satisfaction to be able to master the Headrush hardware so well. Since the hardware is identical, this makes it clear how everything is a question of marketing, instead of releasing an update for the old ones they prefer to resell hardware (at a higher price, by the way).

It's the same machine with different software.

So theoretically (wifi aside) it could be possible to modify an mx5 to Flex. Could the wifi module be added (even internally on a direct usb of the board?) or is it integrated on the motherboard?

I did a quick check. It works, the sound is fine, the only thing is that on Gigboard the image is upside down. They also made a webserver where you can edit presets in the browser via WIFI, should be a Core and Prime update soon.

[ounsatn]

Hello, i think i will try it on my akai orce. If image is upside down you can try : export AIR_SCREEN_ROTATION=-90, it works like that on denon prime dj.

if using Qt there is QT_QPA_EGLFS_ROTATION=90 too , and export QT_QPA_EVDEV_TOUCHSCREEN_PARAMETERS=/dev/input/event1:rotate=90 to match touchscreen.