Duoslow
commented
1 year ago any update ?
Open Regressor opened 1 year ago
Duoslow
commented
1 year ago any update ?
Regressor
commented
1 year ago I desoldered flash, downloaded firmware, changed script, uploaded changed firmware and now it allow to run any script. Also I disabled OTA in firmware to prevent firmware update
faZam-dev
commented
12 months ago @Regressor i saw you desoldered flash etc... Apparently you have more experience about flash chip. So i would like to know if my camera is KO or not because after i tested to hack the camera to add rtsp now it startn't. it is impossible to access at the uboot part i think i corrupted the boot part of flash because i have in uart this :
IPL g2cd6de2 D-01 64MB BIST0_0001-OK Load IPL_CUST from NOR offset:00010000 IPL_CUST header failed! Disable MMU and D-cache [HALT]
danielopereira
commented
11 months ago Hello @Regressor, could you share the files you used to flash it? Also if you could give us an help on how to do it, it would be really appreciated, i have same camera, and i would like to integrate it on HA. Thanks
Regressor
commented
11 months ago @Regressor i saw you desoldered flash etc... Apparently you have more experience about flash chip. So i would like to know if my camera is KO or not because after i tested to hack the camera to add rtsp now it startn't. it is impossible to access at the uboot part i think i corrupted the boot part of flash because i have in uart this :
IPL g2cd6de2 D-01 64MB BIST0_0001-OK Load IPL_CUST from NOR offset:00010000 IPL_CUST header failed! Disable MMU and D-cache [HALT]
If you have same camera model just desolder chip and flash Xiaomi_c200_dump.log.
Regressor
commented
11 months ago Hello @Regressor, could you share the files you used to flash it? Also if you could give us an help on how to do it, it would be really appreciated, i have same camera, and i would like to integrate it on HA. Thanks
Currently I stuck on compiling rtsp/drive applications. There was a lack of free time because of work so it stays without any movement for a month or so.
tovy14
commented
8 months ago Hi @Regressor did you get the time to make a how to? I think everyone would appreciate it
Regressor
commented
3 months ago Ok. I got a freeeeeee time and spent a week trying to get it working. I made a docker image for cross compilation and adapted a https://github.com/thewh1teagle/xiaomi-1080-360-motor-control.git code and it works - I can control motor thru small web page. Then I tried to build streamer (using ingenic sdk). Spent 2 days and then found OpenIPC web site.
I copied squashfs file to sdcard. Mounted it. Mounted (--bind) /dev /proc /tmp /run and some other dirs (including copied /etc to make it writable). Then I made chroot there, exported SENSOR=gc2083 and run majestic. There is no motor, but I can setup gpio pins for ircut, nitght light, night mode, speaker. It just works: I tested rtsp, hls, onvif, snapshots, audio (in and out), video streams, mjpeg and motion detection. OSD not working - core dump.
Still can't figure out how to setup night mode sensor and trying to add motor to it. Then I plan to make full openipc image to flash.
931122
commented
3 months ago Ok. I got a freeeeeee time and spent a week trying to get it working. I made a docker image for cross compilation and adapted a https://github.com/thewh1teagle/xiaomi-1080-360-motor-control.git code and it works - I can control motor thru small web page. Then I tried to build streamer (using ingenic sdk). Spent 2 days and then found OpenIPC web site.
I copied squashfs file to sdcard. Mounted it. Mounted (--bind) /dev /proc /tmp /run and some other dirs (including copied /etc to make it writable). Then I made chroot there, exported SENSOR=gc2083 and run majestic. There is no motor, but I can setup gpio pins for ircut, nitght light, night mode, speaker. It just works: I tested rtsp, hls, onvif, snapshots, audio (in and out), video streams, mjpeg and motion detection. OSD not working - core dump.
Still can't figure out how to setup night mode sensor and trying to add motor to it. Then I plan to make full openipc image to flash.
hi, I want to know how to make audio work
Regressor
commented
3 months ago Ok. I got a freeeeeee time and spent a week trying to get it working. I made a docker image for cross compilation and adapted a https://github.com/thewh1teagle/xiaomi-1080-360-motor-control.git code and it works - I can control motor thru small web page. Then I tried to build streamer (using ingenic sdk). Spent 2 days and then found OpenIPC web site. I copied squashfs file to sdcard. Mounted it. Mounted (--bind) /dev /proc /tmp /run and some other dirs (including copied /etc to make it writable). Then I made chroot there, exported SENSOR=gc2083 and run majestic. There is no motor, but I can setup gpio pins for ircut, nitght light, night mode, speaker. It just works: I tested rtsp, hls, onvif, snapshots, audio (in and out), video streams, mjpeg and motion detection. OSD not working - core dump. Still can't figure out how to setup night mode sensor and trying to add motor to it. Then I plan to make full openipc image to flash.
hi, I want to know how to make audio work
OpenIPC majestic is not open-source :( But it work. Video, microphone and speaker. To get speaker you should setup speaker enable gpio pin 63.
I found this gpio map on MJSXJ14CM:
gpio8 - yellow led gpio9 - blue led gpio49 - night mode light leds gpio50 - disable wifi ? gpio 51 & gpio 54 - ircut drive gpio63 - enable/disable speaker
Sensor gc2083 (i2c 0x37) Processor Ingenic T31L
PTZ is controlled using ioctl calls on /dev/motor
Regressor
commented
2 months ago Final news. I was able to run Thingino on C200 using some hacks (Xiaomi used secureboot to prevent firmware change so it wont boot alien uboot / kernel)
The only way is to solder arduino to uart to automate sf read xxx\;go xxx to execute new uboot over old one and then it boot thingino system. The uart points to solder on C200 board has a size of 0.2mm so if your solder skill not good - throw away this piece of shit (Xiaomi C200) and buy new one from another manufacturer.
Here is the final gpio mapping:
gpio_reset_sens=18 # active low - reset sensor gpio_ircut=51 54 # ircut drive gpio_ir850=49 # IR light leds gpio_led_b=9 # active high - blue led gpio_led_y=8 # active high - yellow led gpio_speaker=63 # active high - enable speaker gpio_wlan=50 # active high - enable wifi gpio_mmc_cd=53 # mmc detection gpio_mmc_power=52 # active low - enable mmc power gpio_otp=11 # secure storage enable
gpio_motor_v=47 48 38 39 # gpios to drive vertical motor gpio_motor_h=59 60 61 62 # gpios to drive horizontal motor
wlandev=8188fu # wifi driver
I got a Xiaomi C200 camera (MJSXJ14CM) opened it and downloaded a dump from 25vq128 spi nand. It looks like they hardened factory mode. Now it looks like this:
So it checks rsa sig before running manu.sh :( I'll try to replace key inside squashfs and check if this helps... Attached dump .bin file (renamed to log)
Xiaomi_c200_dump.log