zsgx1hacks icon indicating copy to clipboard operation
zsgx1hacks copied to clipboard

Published 20 hours ago verified publisher icon ant-thomas

BootDump & info

Open Hug0Vincent opened this issue 5 years ago • 1 comments

Hi, thank you for your incredible work it's gonna help me a lot for reversing my own camera. I was just wondering, how did you manage to get the bootdump file ? Did you use the serial port on the camera or redirect the output of start.sh or p2cam ?

And do you know for what the http server is used for ?

Hug0Vincent avatar Mar 28 '19 07:03 Hug0Vincent

Hey Hug0! If you have working SDHack, so you can dump the SPI flash with the following command: busybox nanddump -f mtdX.dump /dev/mtdX

Repeat that, with alle mtd devices. After that, you can simple create a full image .. cat mtd0.dump mtd1.dump mtd2.dump mtd3.dump mtd4.dump >> fullDump

Binwalk can then examine the image.

Attention, you can not transfer this image to the camera with a hardware flasher. If you want modify the rootfs, then you can unpack the mtd2.dump file with the following command unsquashfs mtd2.bin.

After modify you can repack ist with mksquashfs ./squashfs-root/ rootfs_new.bin -b xxxxx -comp xz

Then write it to the mtd2 device like this command busybox flashcp -v -p rootfs_new.bin /dev/mtd2

roema avatar Jun 10 '19 10:06 roema