Hi

[Geotv123]

Hi @misaalanshori, I was reading through your comment on bcaller´s v380patch discussion https://github.com/bcaller/v380-ipcam-firmware-patch/issues/6 I've been trying to get a root on my v380 camera but so far no success. I have access to the flash and i have a bin dump of the flash chip, I can also write to the chip.

My question is, how did you "modify the firmware directly" to get root? I changed the u-boot variables to =\bin\sh but gave error. Used setenv to try to mount a different t roots but also error, failed sign check. I appreciate your help, and apologize for writing here but i couldnt find a easier way to contact you. Hope its not taking too much of your rime and thanks in advance.

Regards

[misaalanshori]

Its been quite a while since i did this, but I learned some stuff from here https://www.youtube.com/watch?v=hV8W4o-Mu2o and then i made a python script that will take in a map of the firmware file and split them, and also another one that combines them back. and for getting root, I think I might have extracted the shadow file, put in my own password and then recombined the firmware.

Its been quite a long time since i did this so i have forgotten most of the details. I kinda gave up since i haven't found that lost driver file.

[Geotv123]

Thank you for replying, I managed to get that far myself in the last two days. I haven’t written the flash yet but I got it to boot from a second partition on my SD card With U-boot.

Which driver do you need? I have three different V380 cameras and a few different bins I could look through. Let me know if you still need the driver and maybe a photo of the board if you have or the name. Thanks again for explaining, I spent a lot of time trying to go the patch route but only got one of my cameras working that way. Two days ago I got the other two but I’m still trying to modify some stuff.

Best Regards

[misaalanshori]

I was looking for the drivers/kernel modules for the wifi chipset. The WiFi Module/chipset is the HR6022 With AltoBeam ATBM6022. The files were lost after I tried installing the wrong patch.

Here is a picture of the module in the camera

It looks like they change the wifi module in these quite often, so I haven't found the same module again

[misaalanshori]

but I got it to boot from a second partition on my SD card With U-boot. What OS/kernel did you boot into? I was also trying to somehow build and boot my own Linux kernel on the camera, but I didn't really get that far

[Geotv123]

I didn’t modify anything yet. It’s stock u-boot. I copied the rootfs mtdblock4 I think, and extracted /etc, edited and burnt it to sd card.

I looked through my files and the only file I found that I don’t know the driver name is modules.zip

They seem to put the wifi drivers in a separate partition/file system. It’s mounted to /ext Binwalk names it squashfs-root-2. I’ll keep looking for other ones. Have you tried the ak98_kernel from onyx-intl on github here?

[Geotv123]

I got how to boot from SDcard from here: https://ricardojlrufino.wordpress.com/2022/02/15/hack-ipcam-anyka-booting-rootfs-from-sdcard/

with this command:

setenv bootargs console=ttySAK0,115200n8 root=/dev/mmcblk0p2 rw rootwait rootfstype=squashfs init=/init mem=64M memsize=64M

[Geotv123]

Technically, the wifi board is usb connected as there is an OTG driver, but I haven’t gotten that far.

[Geotv123]

I just found this post: https://ipcamtalk.com/threads/help-firmware-v380e2_c2-mvt3610s2.61206/

It seems to be the same model as yours. Here it is, binwalk extracted as squashfs-root-1 on this model 9083h.ko.zip

Good luck, I hope it works for you, let me know how it goes.

[misaalanshori]

I copied the rootfs mtdblock4 I think, and extracted /etc, edited and burnt it to sd card.

Ah okay that sounds simpler.

Technically, the wifi board is usb connected as there is an OTG driver, but I haven’t gotten that far.

Yeah it looks like thats how the wifi module is connected. Probably made it easy for them to switch modules in production

I just found this post: https://ipcamtalk.com/threads/help-firmware-v380e2_c2-mvt3610s2.61206/

Okay, thank you so much. It has been a really long time since I did this, I don't even remember where my files are now. But I might try messing around with this again sometime soon.