Open emmexx opened 9 months ago
simonswine
commented
7 months ago @emmexx unsure if you solved your issue in the meantime, but I am in similar position like described in #43, after having flashed the dustbuilder image on a v8 via fastboot.
I do think if you still have the original rootfs.img I could work something out, but unfortunately I managed to overwrite that image backup myself.
So you can't access adb shell, but you have access to uboot shell via pressing S?
emmexx
commented
7 months ago In the meantime I ordered a used board from Aliexpress... It is a v7 version and installing Valetudo was very easy.
I don't know what rootfs.img is, I suppose you mean a backup of the root partition from before bricking the device? I found out I could access the U-boot shell only after bricking the robot, so I don't have any file. If you can give me some directions I can try and make the file available to you.
Yes, I can't access adb shell but I can access u-boot by pressing s after powering up the board. I can access the "linux" shell if I mess with the booting parameters but I don't know what to do from there.
simonswine
commented
7 months ago I suppose you mean a backup of the root partition from before bricking the device?
Yes exactly that.
If you can give me some directions I can try and make the file available to you.
Thank you so much for offering your help. I will try to compile a list of commands, but won't get to it till at least tonight.
simonswine
commented
7 months ago @emmexx
These are the steps that should roughly retrieve images:
## Your machine
# Prepare boot.img for recovery partition
curl -LO https://builder.dontvacuum.me/pkg/firmwares/viomi/v6/3.5.8_0046/c341fa57e47db80bbff2064983b8a4b0_upd_viomi.vacuum.v6.bin
tar xvzf c341fa57e47db80bbff2064983b8a4b0_upd_viomi.vacuum.v6.bin
tar xvzf CRL200S-OTA/target_sys.tar.gz
## TTY Uboot shell, enter fastboot
fastboot_test
## Your machine
# Flash boot.img from v6 onto the recovery partition
fastboot flash recovery target_sys/boot.img
## TTY Uboot shell
# Exit fast boot by CTRL-C
# Now boot recovery
setenv bootargs console=${console} root=${nand_root} rootwait init=/bin/sh ion_cma_list="8m,32m,64m,128m,256m" loglevel=${loglevel} partitions=${partitions}
fatload sunxi_flash recovery 43800000 uImage
bootm 43800000
## TTY once kernel has booted to a shell / #
# Mount file systems
mount -n -t proc none /proc
mount -n -t sysfs none /sys
mount -n -t tmpfs none /tmp
mount -n -t tmpfs none /dev
mkdir -p /dev/pts /dev/shm /tmp/run
mount -vt devpts -o gid=4,mode=620 none /dev/pts
mount -vt tmpfs none /dev/shm
mknod -m 622 /dev/console c 5 1
mknod -m 666 /dev/null c 1 3
mknod -m 666 /dev/zero c 1 5
mknod -m 666 /dev/ptmx c 5 2
mknod -m 666 /dev/tty c 5 0
mknod -m 444 /dev/random c 1 8
mknod -m 444 /dev/urandom c 1 9
mknod -m 666 /dev/android_adb c 10 57
/sbin/init &
/sbin/ubusd &
/sbin/procd &
/etc/init.d/adbd start
## Your machine
# Now it should be possible to use adb shell
adb pull /dev/by-name/boot boot.img
adb pull /dev/by-name/rootfs rootfs.imgTo reverse all changes (also the ones most likely that bricked your board):
## TTY Uboot shell, enter fastboot
fastboot_test
## Reset the overlay over rootfs
fastboot erase rootfs_dataWe also can sync up on a video call/chat for when you run those commands, just in case anything unexpected happens...
emmexx
commented
7 months ago BusyBox v1.24.1 () built-in shell (ash)
/bin/sh: can't access tty; job control turned off
/ #
/ # mount -n -t proc none /proc
/ # mount -n -t sysfs none /sys
/ # mount -n -t tmpfs none /tmp
/ # mount -n -t tmpfs none /dev
/ # mkdir -p /dev/pts /dev/shm /tmp/run
/ # mount -vt devpts -o gid=4,mode=620 none /dev/pts
/ # mount -vt tmpfs none /dev/shm
/ # mknod -m 622 /dev/console c 5 1
/ # mknod -m 666 /dev/null c 1 3
/ # mknod -m 666 /dev/zero c 1 5
/ # mknod -m 666 /dev/ptmx c 5 2
/ # mknod -m 666 /dev/tty c 5 0
/ # mknod -m 444 /dev/random c 1 8
/ # mknod -m 444 /dev/urandom c 1 9
/ # mknod -m 666 /dev/android_adb c 10 57
/ # /sbin/init &
/ # formating /secret to do_check_secret...
cp: can't stat '/secret/bin': No such file or directory
/sbin/ubusd &
/ # /sbin/procd &
/ # /etc/init.d/adbd start
/bin/sh: /etc/init.d/adbd: not foundadbd is in /bin/adbd so I changed /etc/init.d/adbd start to
/bin/adbd start
but...
adb pull /dev/by-name/boot boot.img
* daemon not running; starting now at tcp:5037
* daemon started successfully
adb: error: failed to get feature set: no devices/emulators foundIf I follow the steps I received in the email notification (?), there are different steps after /sbin/procd & I get stuck with a Read-only file system error:
cat > /bin/adb_shell <<"EOF"
> #!/bin/sh
> export ENV='/etc/adb_profile'
> exec /bin/sh "$@"
> EOF
/bin/sh: can't create /bin/adb_shell: Read-only file system
/ # rm /etc/rc.d/S90robotManager
rm: can't remove '/etc/rc.d/S90robotManager': Read-only file systemConcerning the video call, if it can be of any help for you to understand the problem, I live in Italy, let me know when it could be convenient for you.
simonswine
commented
7 months ago @emmexx sorry it has taken a while to get back to you. I do think the root is a bit different to the v6/v7 images.
To start adbd you also need to enable the right android_usb mode.
This should do it (instead of running /etc/init.d/adbd start:
echo 0 > /sys/class/android_usb/android0/enable
echo 18d1 > /sys/class/android_usb/android0/idVendor
echo D002 > /sys/class/android_usb/android0/idProduct
echo adb > /sys/class/android_usb/android0/functions
echo 1 > /sys/class/android_usb/android0/enable
/sbin/adbd -DThen hopefully the adb pull will work on your machine.
Separately I have send you an email with my contact details, we could look into potential issues when you run those commands.
Thank you again!
glanthimos
commented
4 weeks ago In the meantime I ordered a used board from Aliexpress... It is a v7 version and installing Valetudo was very easy.
I don't know what rootfs.img is, I suppose you mean a backup of the root partition from before bricking the device? I found out I could access the U-boot shell only after bricking the robot, so I don't have any file. If you can give me some directions I can try and make the file available to you.
Yes, I can't access adb shell but I can access u-boot by pressing s after powering up the board. I can access the "linux" shell if I mess with the booting parameters but I don't know what to do from there.
Can you please give me details about the used v7 board you bought from aliexpress? I think it is the only solution for my v8 as well unfortunately. How did you search for the board?
emmexx
commented
4 weeks ago @glanthimos
Can you please give me details about the used v7 board you bought from aliexpress? I think it is the only solution for my v8 as well unfortunately. How did you search for the board?
I browsed Aliexpress, read some comments and checked the images to be sure that the board was ok for my robot. This is the link to the aliexpress vendor that I found. The price was reasonable, I paid 18.68€.
Before giving in and order a replacement board I'd like to know if I did something wrong or I'm simply unlucky. I followed the directions given in the github page and in itooktheredpill article Before using the viomi-rooting script I tried manually. I detached the battery, connected a usb data cable to the microusb port, pressed the home button, connected the usb cable to my pc, waited about one second, pushed about ten times the power button and so on, to no avail, in dmesg no android device appeared. I tried at least 20 times. At almost every trial I heard the "Turning on", "Device connected" and "Setup completed" voice messages.
After that I tried using the script, I thought I was missing something and the script could help me. I run
NEW_V8=1 ./viomi-root.shand followed the instructions, again to no avail. After some more trials I realized that there were no more voice messages. I checked the cable, turned off and on the vacuum and noticed that the power and home leds were blinking slowly and nothing happened when pushing the buttons, no voice, no poweroff, no vacuum trying to go home. I found out that I could turn off the robot by pressing some random combination of the 2 buttons and of the front bumper button and after that keeping the Power button pushed for at least 10 seconds. I could enter a test mode by pressing the Home and Power buttons together, the leds turned orange and stopped blinking, but still no voice and I'm not sure the test mode was working because without the voice cues is impossible to understand what to do.I don't understand what happened, the script probably didn't even get to the adb shell part since the right usb device never appeared. Could plugging and unplugging the usb cable damage the software or the board?
I read @mLupine article on unbricking the robot by disassembling it but it is an old article, links to the firmware are broken and even trying to shortcircuit the emmc memory didn't work for me. Anyway I connected the uart pins on the board to a usb to ttl device connected to my pc.
After reading a lot of articles, comments and issues I found out that I could access the U-boot shell but I don't know what can I do from there. I tried fastboot_test and fastboot devices, as suggested by mLupine, and it did work, the device is listed but I don't have the suggested firmware, I can't flash anything and I'm not sure it would be a good idea.
I read articles from @dgiese but they don't seem to apply to my model. This article has some commands that I used to try to bypass the login but, again, I don't know what to do from there.
I even cracked a root password I found in /etc/shadow (it's tina) but it doesn't work when I use it in the shell login.
I'd like to know if there is something I can do to unbrick the robot. As I wrote I can access th U-boot shell, I can access the openwrt terminal by forcing the robot to boot with some wrong parameter, but I don't know what to do from there.
Is there something I can check to try to understand what went wrong? Is there something I can flash (using fastboot) to let the robot start again?
The following is the output in the u-boot shell that I can access using the usb to ttl device