cannot use on yi v1 upgrade 1080p

[pasagame]

i look on putty this show picture.

https://www.img.in.th/image/CoEq https://www.img.in.th/image/ColN

[xmflsct]

I am sorry, but I haven't figured out RTSP server yet. So only FTP and Telnet are working.

[joshualyon]

@xmflsct I saw your comments in the fritz-smh repository (issue #141) - I haven't had a chance to look into the details of the RTSP server myself, but I am looking forward to any progress that is made!

[xmflsct]

@iamcanadian2222 Should you have any suggestions of how to proceed, please let me know. I do have some difficulties in cross-compiling from official SDK.

[ilzc]

How is the RTSP server going? Could you write down some cross-compiling errors here?

[xmflsct]

@ilzc I can successfully cross-compile the official SDK samples, but when I run the exec on the camera, it is either segmentation fault or "line 1: syntax error: unexpected word (expecting ')')". And I try to cross-compile a simple hello world, then same problem...

[ilzc]

@xmflsct It's probably the file is not executable. try command "file $YourFile" or "readelf -h hello_qt" to see if it's executable or not.

example(excutable): ~/test$ file hello_qt hello_qt: ELF 32-bit LSB executable, ARM, version 1, dynamically linked (uses shared libs), not stripped

[ilzc]

@xmflsct try to remove gcc compile args '-c'.

[xmflsct]

@ilzc Thanks. Yes I tried to use 'file' to see if the output is really an executable. And they were perfect executables but just cannot run properly.

Tomorrow I will try to use some extra arguments to see if that helps. I am not an expert in compiling, therefore I have little knowledge about how to debug stuff...

If you would like to try a bit as well, herewith a link to the official SDK that I found online. 040 is a newer version than 030. https://pan.baidu.com/s/1jI5IvEu https://pan.baidu.com/s/1skZaekd I assumed you are in China. Otherwise I can upload them to somewhere else.

[xmflsct]

@ilzc Just to update. My hello world test has such output: hello: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-uClibc.so.0, not stripped I also tried static link, with no success.

[ilzc]

@xmflsct I don't have a yi-1080 to test right now. Here are some guides. Cross-compile settings: http://blog.csdn.net/cc214042/article/details/52800938 Makefile sample: https://github.com/xuhuashan/hi3518-osdrv/blob/master/Makefile Hope the information above will help you .

[andy2301]

@xmflsct I was able to compile and run some programs for the old 720p camera, using the arm-hisiv100nptl-linux compiler. The same binary works on 1080p camera as well. I used the following to configure and make.

CXX=arm-hisiv100nptl-linux-c++ CC=arm-hisiv100nptl-linux-gcc RANLIB=arm-hisiv100nptl-linux-ranlib STRIP=arm-hisiv100nptl-linux-strip ./configure --host=arm-linux && make

Note: don't use the arm-hisiv200-linux one. The compiled binary is not compatible.

[andy2301]

@xmflsct Also, I was able to make rtspsrv run on the 1080p with the following trick (copied all settings and libraries from 720p). It runs but couldn't serve the 1080p stream to VLC client (segment fault).

1. add the following to /etc/fstab, and then run "mount -a"

echo "tmpfs /dev/shm tmpfs defaults 0 0 \ tmpfs /home/tmpfs tmpfs defaults 0 0 \ tmpfs /home/mmap_tmpfs tmpfs defaults 0 0 \ tmpfs /home/jrview tmpfs defaults 0 0" >> /etc/fstab mkdir /home/jrview mkdir /home/mmap_tmpfs mkdir /home/tmpfs mkdir /dev/shm mount -a

2. create symbolic links

ln -s /tmp/mmap.info /home/mmap_tmpfs/mmap.info ln -s /tmp/view /home/jrview/view ln -s /home/app/busybox /bin/renice

3. extract all libraries required by rtspsvr

libusr.zip cd /tmp/sd /home/app/busybox tar -zxvf /tmp/sd/libusr.tgz cd /home/app /home/app/busybox tar -xvf /tmp/sd/libusr_homeapp.tar

4. run the rtspsrv

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/home/app/libusr ./rtspsrv

rtspsvr runs at a different prot 19761 (default 554). If you bring up a VLC client,

rtsp://mycamIPAddress:19761/ch0.h264

the program will segment fault while struggling to serve the VLC client.

[andy2301]

It appears to me that the rtspsvr approach simply can't handle 1080p streaming. Is there an open source verison of the rtspsvr that we can modify and compile?

I also noticed that the new /home/app/p2p_tnp binary can stream to my YiSmart iOS app in 1080p. It's pretty nice! Wish they open source it (daydreaming...)

[maysamsh]

@andy2301 Still I have to run a terminal to fix my problem? anyway to avoid it?

[andy2301]

@maysamsh avoid what problem? Please elaborate more so that we save time understanding each other.

[maysamsh]

@andy2301 Oh sorry, I thought it was in this topic. Anyway, I restored an image https://github.com/xmflsct/yi-hack-1080p/issues/3#issuecomment-291118970 and now when I turn on the camaera it blinks 3 times and turns into a still yellow color. Is it possible to for you to create an image from your camera and I restore it?

[andy2301]

@maysamsh sorry, i don't know how to create an image. If you know how to, let me know and I can give it a try.

Also, try a google search, I vaguely remember that I saw somebody posted an image online somewhere (can't remember where, and i'm not 100% sure).

[andy2301]

@maysamsh I found a firmware for you. http://www.xiaoyi.com/home/firmware/download/?version=4 Click on "download" of the "2.1.0.0A_201703071456" firmware

[maysamsh]

@andy2301 Thanks but that does not work. @xmflsct knows how to create an image from the camera.

[xmflsct]

@andy2301 Thank you so much for the information! It seems that I have another version (that I forgot where I found it) of rtspsvr which listens on port 8554. It runs smoothly until a connection comes in. My version won't get segmentation fault, but instead, handleCmd_DESCRIBE: get new sps fail. I am still trying to figure out why it is, and if I can fix it somehow.

Concerning p2p_tnp, I can run it, but it seems that I haven't been able to bypass region ban still. Do you have any suggestion there? I tried to change the api call address, which will result in null response. But then, I also cannot use my app to connect to the camera.

@maysamsh Yes, I had done it before. But for now, I would focus on getting rtsp to work. Attached is the home_y20 I used before. Let me know if it is working. Without terminal output, it is difficult to tell whether rootfs of home goes wrong though...

[maysamsh]

@xmflsct Thanks for the file, it flash and at the end blinked in some weird ways, but the result is the same, still yellow. I'm getting a serial-USB connector today and connect it to the cam today or tomorrow.

[xmflsct]

@maysamsh Then we definitely need serial output to understand better things inside... Once we sort that out, we are free. Now I have detached the serial cables and simply use telnet to play with it. :)

[shadow-1]

@xmflsct I have created my own firmware for the Xiaomi 1080p Dome camera and I have gotten around the region ban on the camera. The same implementation will work for the Yi 1080p Home. https://github.com/shadow-1/yi-hack-v3

With regards to issues in compiling. You really need to use arm-hisiv300-linux compiler. Other compilers will not work properly with the chipset used on this camera.

I have successfully compiled live555 rtsp library among other libraries. However I have been having trouble getting the library to stream from a continuously changing file. I can stream video files from the camera without issues. I have read numerous threads on the live555 mailing list with issues streaming live media using unicast protocol. However with no real solutions. Apparently live streaming using live555 library using multicast protocol works without issues, however IP multicast communications doesn't appear to work with this camera when I tested it with iperf.

I haven't had enough free time to really develop a proper opensource RTSP application for these cameras.

[xmflsct]

@shadow-1 Great! I will take a look how you handle region ban issue in your project. :)

I have little knowledge to C, so I am very slow in resolving compiling and running issues... I do have arm-hisiv300-linux installed. And I can (seems to) compile official mpp sample programs without problem, but they won't run as well. :( line 1: syntax error: unexpected word (expecting ")")

If you are familiar with this process, can you try to compile RTSP_stream_server project? People seem to get it working with other versions of Yi camera, yi-hack/issues/118. I tried with their build, but I get illegal instructions.

[shadow-1]

I am familiar with the process. I had a quick read through the thread. Unfortunately that thread is is for a completely different camera, the XiaoFang based on a Sonix chipset.

The big advantage for this chipset is that the Sonix SDK includes an sample RTSP server implementation based on live555 library. So simply compiling the sample allowed RTSP to work, then you just need to tweak the sample to introduce extra features.

HiSilicon does not provide a sample RTSP server with their SDK as far as I can tell, so it will take a little more effort to get it working.

[xmflsct]

@shadow-1 Very clear answer! Thank you so much! Then I won't spend time on that.

By the way, I am trying to run the proxychains4 in your project, but I get illegal instruction. I also try to compile it myself using your config.mak, the same error. I did also copy the .so from locallib folder. What could be wrong here?

[shadow-1]

@xmflsct The big issue with getting proxychains working on HiSilicon based chips is that you need to upgrade uClibc library on the camera. Doing that on a running system is...well complicated. Hence I created a custom firmware image that upgrades uClibc and busybox on the rootfs partition.

However it should compile properly and run without errors (even without upgrading uClibc). However it will only actually work when you upgrade uClibc. I have provided the .config required to make it compile properly without breaking anything on the system when you upgrade.

The filesystem structure could be slightly different between the Yi Dome and the Yi 1080p Home, so the config.mak file may need to be slightly tweaked. Specifically the libdir parameter.

[xmflsct]

@shadow-1 Hmm.. That's pretty annoying though. I was assuming those uClibc were the same, as they appeared to have same version number.. That probably explains why some program I tried also broke with illegal instruction.

Thanks again! With my building embedded system knowledge, I will see what I can try next. And hope @andy2301 might come up with something.

[andy2301]

@shadow-1 thanks for the additional info! Can you confirm if the arm-hisiv300-linux compiled binary would work on this 1080p v1 camera? I'm downloading the SDK.

I confirm that arm-hisiv200-linux compiled binary does NOT run, not even the simplest hello world program. As I said before, arm-hisiv100nptl-linux compiled binary runs very well on both the 720p v1 and the 1080p v1 cameras.

[andy2301]

@shadow-1 also, proxychain is an excellent idea! I'd love to try it out to get rid of the region ban. Currently I'm using a split brain VPN tunnel in DD-WRT router to work around the region ban.

I tried to play around with shadowsocks + torsocks but apparently LD_PRELOAD doesn't work on this camera (torsocks uses LD_PRELOAD). I was able to cross compile shadowsocks with arm-hisiv100nptl-linux, it runs on 720p v1 but throws a runtime error on 1080p v1.

[xmflsct]

@andy2301 arm-hisiv300-linux should work, as the comprehensive documentation suggests. Though I cannot get it working myself, either segmentation fault or line 1: syntax error: unexpected word (expecting ")").

As I described above, our system cannot handle proxychains natively, thus I have tried the methods suggested by other people which works quite well. But please note that, in our system, instead replace .com, we should just replace \check_did.

[andy2301]

@xmflsct Thanks for confirming that arm-hisiv300-linux works.

Yes the check_did hack does work to get rid of the region ban, however, it also prevents the YiHome app from connecting/viewing the 1080p v1 camera remotely. Note that the same check_did hack works with the 720p v1 cameras (with YiHome app works flawlessly). The difference lies in an upgraded p2p_tnp in 1080p v1.

I compared the p2p_tnp output in /tmp/log.txt between 720p and 1080p v1. It seems that they added another layer of secKey verification in p2p_tnp when YiHome app tries to connect to the camera. What happens is that, the api/xiaoyi.com/check_did call initiated from p2p_tnp at startup time sends a secKey to the server. If the secKey were not passed to the server (basically what our check_did hack did), the p2p_tnp process would simply throw an WRONGPWD error when the YiHome app tries to connect.

[shadow-1]

@xmflsct The version number for uClibc doesn't change as the official library hasn't been updated for a very long time. In addition, I wanted to make the absolute minimum of change to the library as the library affects everything running on the camera all the way from the kernel to every application running on the camera.

Something doesn't seem right with your build environment. I can only guess that your compiler is linking against incompatible libraries if you are having so many issues compiling applications to run on the camera.

All the simple region ban hacks no longer work.

@andy2301 Now you understand why you have to upgrade uClibc on the camera. To enable LD_PRELOAD support.

From the startup of the camera (from others), I see the following: Machine: hi3518ev200

I know that you need to compile against arm-hisiv300-linux or arm-hisiv400-linux for HiSilicon hi3518ev200 chipset. arm-hisiv-300-linux is compiled against uClibc whilst arm-hisiv400-linux is compiled against glibc. I can confirm that the kernel and all software on this camera has been compiled against uClibc. Therefore the correct compiler to use is arm-hisiv300-linux.

To save time downloading the SDK from super slow sources. I have already hosted the SDK on my personal box account below: https://app.box.com/s/cibs7n1mgvhqaqjlidtveegu1uajt5yr

[andy2301]

@shadow-1 Awesome! Thanks for sharing the SDK and confirm my theory! I thought I'm going to wait for another day before the SDK download is complete but now I'm already done.

Need to get my serial port connected tonight before I can do anything though. Thanks again!

[shadow-1]

Just for your benefit and for everyone elses. The latest SDK I have to download is Hi3518E_V200R001C01SPC030. The free Box account has a file size limit of 250mb per file, so I had to split the SDK into 6 pieces. You need to download all 6 files starting with Hi3518E_V200R001C01SPC030 to be able to extract the ZIP archive.

I didn't want to delete the other SDKs as they take soooo long to download and they are valid SDKs. However not necessarily for the Hi3518eV200 chipset.

[maysamsh]

@andy2301 Could you manage to create an image of your camera?

[andy2301]

@shadow-1 thanks! Yes, I downloaded all the zip splits of Hi3518E_V200R001C01SPC030 and extracted.

@maysamsh Unfortunately I lost my telnet access to my camera, after I upgraded to 2.1.0.0A_201703071456. 1) If you just want your camera back without any hack, you should try to manually upgrade to the version 2.1 (2.1.0.0A_201703071456), as I mentioned in previous post. I also tried the image/dump file created by @xmflsct but it doesn't work for me. So I don't see a point for me to create another image, even if I get my command line access back through serial port. 2) if you want the 2.0 firmware, we should wait together to see if somebody has a copy, as I indicated in issue #5.

[maysamsh]

@andy2301 Seems the default framework does not work, nothing happens when I boot the cam with the SD which contains the firmware. I have tried all possible names, "home", "home_y20", "home_y20m" and none of them worked.

[andy2301]

@maysamsh I upgraded through the YiHome app, it will be a big thing if the default "manual upgrade" approach doesn't work any more. It could be but I have no way to confirm as I don't have another (different) official firmware to try it on.

I'd suggest you get a serial port cable and try to troubleshoot the problem in your current firmware (without upgrade or restore at all). Just see what's going on with your camera.

[maysamsh]

@andy2301 I'll do it tomorrow [hopefully]

[andy2301]

@shadow-1 I compiled successfully the uClibc 0.9.33.2 using hisiv300 compiler, with source code and the uClibc ".config" file from your yi-hack-v3 repository.

But I found it's the same version as used in /lib/uClibc. So I'd like to confirm a few things with you: 1) Does this compiled version offer LD_PRELOAD over the one that comes with the firmware? I see the proxychains-ng uses the same LD_PRELOAD trick as Torsocks. 2) I noticed that we're replacing the /lib/uClibc libraries under the rootfs. Is it safe to replace the old one with the newly compiled version? I mean it's rootfs, so if I screw up it could brick the camera completely. 3) Do I need to replace libm-0.9.33.2.so and libpthread*.so files for the LD_PRELOAD to work?

Thanks for your instructions!

[shadow-1]

@andy2301 I deliberately compile the same version of uClibc (however with additional features enabled). To answer your queries:

1. The compiled version of uClibc includes LD_PRELOAD support.
2. Just as you managed to fix your home partition by copying a file onto the microsd card and booting the camera. You can upgrade and restore the rootfs using exactly the same method. So it is safe to flash the rootfs partition.
3. To get LD_PRELOAD to work, you only need to replace the dynamic linker. That is, you only need to replace ld-uClibc.

---

I will compile a version of my custom firmware for this camera. I already have it fully tested and working for the Yi 1080p Dome camera. It is a trivial change to make it work for the Yi 1080p Home.

[andy2301]

@shadow-1 thanks a lot! I was able to upgrade the uClibc library and get LD_PRELOAD working. In fact, it works even without a reboot (of course it sustains after reboots). I simply replaced the current /lib/ld-uClibc*.so with the newly cross-compiled ld-uClibc one. BOOM! LD_PRELOAD works, proxychains-ng works, torsocks works too!

[andy2301]

I gave this a try but no dice. https://github.com/haoweilo/RTSP_stream_server

I was able to cross-compile the live555 media server, but not the RTSP_stream_server. The latter requires alsa sound library support but our sdk doesn't have it. live555 media server runs on the camera, but it segment-faulted while streaming a m4e/mp4 video file.

We're back to square one. I noticed that the original rtspsvr prints out sth like this: rtspsvr v2 MP77V 4pda.ru So, can we assume that the guys in 4pda.ru (a forum with lots of enthusiasts for Xiaoyi cameras) have the source code and cross-compiled the rtsp server? Or maybe they just hacked the binary?

[maysamsh]

Is it possible to create an image which bypasses region check?

[xmflsct]

@andy2301 And all three versions of rtspsvr in this project are based on the one from MP77V. They can run on 1080p, but does not open up port in the new version of the system. And I try to find back any source code, but sadly all links posted by MP77V on 4pda.ru returned 404. This path seems to be a dead end. The hp_ipc I provided in my project seems to start from too low level that is very difficult to get it running in the first place, and might trigger watchdog somehow. We need to find a higher level one like rtspsvr.

[xmflsct]

@ilzc I just push an update for RTSP streaming of 720p, thanks to @andy2301's development!

[guerrerocarlos]

@andy2301 found the source code for rtspsvr: https://github.com/shengang1006/rtspsvr