Ambarella A9 and the Yi4k

[psolyca]

I leave this message on DashCamTalk but maybe here is better.

I'm the creator of the hackish firmware for the Yi4k which main goal was to debug the firmware and enable some features, thist more in the Linux part. I'd like to hack the RTOS part. This cam is based on A9. I'm not familiar with C but I can do some little things. What do you need to begin ? Also, if you have a chan (Matrix or Discord), I can join.

[petabyt]

The first step would be to get a memory dump, then try and find a ASH command to hack on. I chose the cardmgr command. ashp is a basic preprocessor for ASH scripts. The main feature is to generate writeb commands that inject a binary file.

[petabyt]

You'll need to find a few stubs (like https://github.com/petabyt/liemoth/blob/3c15be953d5bab3406cd7325677686059c643d13/platform/activeondx.h#L72-L91), with Ghidra.

[psolyca]

Thanks I have more than just the memory dump ^^ I have already used Ghidra to disassemble the RTOS, get lots of functions and also add the memory dump to the disassembly.

Edit : Base_addr = 0xA0100000

[psolyca]

Could you send me the firmware (or RTOS) used to find these stubs ? Seen some links in header files... Some are missing on my side and I'd like to see if there are some signatures I can find. You can send it to damien dot gaignon at gmail dot com Thanks