How do we get this project moving again?

[WillCoffin]

Just picked up an M1 and love that you have made some progress towards getting some custom firmware implemented! I would love to help where I can. I have development experience but not specifically with camera firmware, but I am always looking to learn new things. I have experience with Node, Javascript, Arduino Dev, Linux Dev (mostly scripts), and general front/back-end web dev.

My goals would be:

• Add clean HDMI video output, ideally while also recording but if it's not powerful enough to encode and output over HDMI at the same time I would settle for just a clean HDMI output while not recording.
• Increased bitrate to at least 100Mb/s from the default 75.
• Ability to adjust custom color profiles would be great too, but I have no knowledge of how this is done in camera. I do have experience creating and implementing LUT's though.
• The last one is a long shot because it doesn't seem to be the same or similar chip as the action cameras, but adding external microphone via USB port would be fantastic. Otherwise, I will work on a hardware hack to add a 3.5mm port (probably easier than firmware).

What do you think about feasibility for any of these? If they are available in the chipset I imagine it's not impossible with firmware. But not knowing what chip it uses its hard to tell what options might be available.

Let me know if this is still interesting to you and how I can help :)

[protyposis]

I also don't have a lot of experience with camera firmware but help is always appreciated! The main issue right now is that within the decompression stage of the firmware unpacker, I was not able to determine where the first 18 bytes come from. This prevented me from writing a firmware packer that combines all extracted parts into a single firmware file that can be installed on the camera. So this is the first thing that needs to be solved.

Assuming this was solved and a firmware file can be generated, then increasing the bitrate should be quite simple to do. Also modding a 3.5mm mic port should be easily possible but of course unrelated to the firmware tools.

The other goals would probably take a huge amount of effort if they have to be added from scratch, especially without the SDK. So I'd say they are unrealistic goals. I have never tried the HDMI output but if it basically works and it's just a matter of hiding the UI overlay then this should be possible as well.

[kartun83]

@protyposis . Wild guess, but who knows ... Do you have any evidence how those 18 bytes should look like ? This lines are 36, aka 18*2, so may be worth a try ? private String a = "41106dd9-25ad-477b-a884-5038b6de4649"; private String b = "41106day-25ad-477b-a884-5038b6de4649"; private String c = "41106dax-25ad-477b-a884-5038b6de4649"; private String d = "41106dax-25ad-477b-a884-5038b6de4649"; private String e = "41106dax-25ad-477b-a884-5038b6de4649"; private String f = "41106dax-25ad-477b-a884-5038b6de4649"; private String g = "41106dax-25ad-477b-a884-5038b6de4649"; private String h = "41106dax-25ad-477b-a884-5038b6de4649"; private String i = "41106da0-25ad-477b-a884-5038b6de4649"; private String j = "41106da1-25ad-477b-a884-5038b6de4649"; private String k = "41106da2-25ad-477b-a884-5038b6de4649"; private String l = "41106da3-25ad-477b-a884-5038b6de4649"; private String m = "41106da4-25ad-477b-a884-5038b6de4649"; private String n = "41106da5-25ad-477b-a884-5038b6de4649"; private String o = "41106da6-25ad-477b-a884-5038b6de4649"; private String p = "41106da9-25ad-477b-a884-5038b6de4649"; private String q = "41106dac-25ad-477b-a884-5038b6de4649"; private String r = "00002902-0000-1000-8000-00805f9b34fb";

[protyposis]

I have absolutely no idea. I know the addresses of the bytes that are read, but not their content, and the problem is that the data that is reconstructed during decompression is unfortunately no human-readable text or anything similar that can be used to guess the required data.

What are these UUIDs, where do they come from?

[kartun83]

I've decompiled mirorrless camera app from xiaomi and seems that this app use this uuids to determine software version or something related. I've been searching for WiFi init sequence. Отправлено через BlackBerry Hub для Android От: notifications@github.comОтправл.: 3 марта 2018 г. 23:41Кому: yi-mirrorless-firmware-tools@noreply.github.comКому: reply@reply.github.comКопия: kartun@yandex.ru; comment@noreply.github.comТема: Re: [protyposis/yi-mirrorless-firmware-tools] How do we get this project moving again? (#2) I have absolutely no idea. I know the addresses of the bytes that are read, but not their content, and the problem is that the data that is reconstructed during decompression is unfortunately no human-readable text or anything similar that can be used to guess the required data. What are these UUIDs, where do they come from?

—You are receiving this because you commented.Reply to this email directly, view it on GitHub, or mute the thread.

[kartun83]

@protyposis sorry to bother you, but still. There are lots of constants at the beginning of firmware.0, so possibly there could be one required ? test.txt

[protyposis]

You're not bothering me at all. I was already looking into these constants and unfortunately their positions did not match the positions from where the decompression algorithm reads the first few bytes.

The basic problem is, even if that was the correct data, I did not find a way to actually validate that so I have no way of knowing if the decompressed data is correct. Maybe there is a checksum for the decompressed data somewhere but the only way to figure that out might be to repack the extracted firmware, upload it to the camera and see what happens (i.e. see if it declines the firmware file or just flashes it and possibly bricks the camera).

[protyposis]

Since there is a checksum for the compressed data I assume chances are rather low that there is a checksum for the uncompressed data and the risk of bricking the camera is rather high (also given the fact that it doesn't seem to be very well engineered).

[protyposis]

I have added the compression algorithm so the only thing missing now is the code to repackage all sections into a single firmware file.

During writing of the compression algorithm I figured out that the mysterious 18 byte offset is simply the maximum lookup length of the LZSS algorithm, meaning there is no missing initialization data. Decompression and compression have been validated and work correctly.

[protyposis]

Added the repack command that repackages all extracted firmware sections back into a flashable firmware file. Flashing to camera not tested yet!

[kartun83]

Great news!

[samuelcabral]

Is this project dead?

[pureaxis]

hoping for some progress as well

[protyposis]

Please don't expect any progress from me. As explained elsewhere there's an issue in the recompression algorithm whose cause I cannot identify. So unless somebody else figures it out, this project is dead.

[afanofosc]

Here is perhaps the SOC used in the camera: http://otladka.com.ua/index.php?product_id=264&page=shop.product_details&category_id=18&flypage=vmj_naru.tpl&option=com_virtuemart&Itemid=71

http://otladka.com.ua/components/com_virtuemart/shop_image/product/EV-AT9X35-1.png http://otladka.com.ua/components/com_virtuemart/shop_image/product/EV-AT9X35-3.png http://otladka.com.ua/doc/9x35-nano/user_manual_EV-9X35-NANO_rev1_0_english.pdf

[thestig4242]

Flashed the recompressed 3.2 firmware today, everything is working fine.

[thestig4242]

I also took photos of the board, but nothing came up searching the markings http://imgur.com/gallery/ZfwEQnl

[protyposis]

Flashed the recompressed 3.2 firmware today, everything is working fine.

Thanks for the report!

[crypticsymmetry]

Has anyone tried any of the "potential firmware hacks?" And Have Any before and after results? Very interested to see what increasing bitrate and less compressed jpegs look like.

[jml12286]

🙏🤗

[joshykim95]

Hey Just commenting in during the quarantine. Got a lot of free time now. Just reading up on the project and will be trying to contribute any way that I can.

[pl4za]

Would be great it this would allow an increase in the video bitrate as in the yi 4k action cameras.

[Charleseh]

I have created an account on Github just to keep up with this project. It is absolutely imperative that this comparatively deadbeat camera gains the ability to (extremely far-fetched) become akin to the Black Magic Pocket Cinema Camera 4k. If this camera could just have a couple more features I might actually take it out over the Lumix G7.

[9lo01]

any news in 2021? Greetings!

[negativesymptomatic]

Hey! I'm also interested in modding this cam, but i have no experience in firmware manipulating, I'm a webdev. Anyway, I'm going to clone the project just to spend some time tricking with the code

[protyposis]

As far as I'm concerned, this project is dead for good. I replaced my M1 with a Canon M50 quite some time ago which is a bit more expensive but a 1000 times better. I couldn't be happier with this choice and can only recommend everybody to not waste any more time with this crappy brick of hardware :)