liemoth icon indicating copy to clipboard operation
liemoth copied to clipboard

Published 20 hours ago verified publisher icon petabyt

Ambarella A9 and the Yi4k

Open psolyca opened this issue 2 years ago • 4 comments

I leave this message on DashCamTalk but maybe here is better.

I'm the creator of the hackish firmware for the Yi4k which main goal was to debug the firmware and enable some features, thist more in the Linux part. I'd like to hack the RTOS part. This cam is based on A9. I'm not familiar with C but I can do some little things. What do you need to begin ? Also, if you have a chan (Matrix or Discord), I can join.

psolyca avatar Jul 27 '22 12:07 psolyca

The first step would be to get a memory dump, then try and find a ASH command to hack on. I chose the cardmgr command. ashp is a basic preprocessor for ASH scripts. The main feature is to generate writeb commands that inject a binary file.

petabyt avatar Jul 27 '22 17:07 petabyt

You'll need to find a few stubs (like https://github.com/petabyt/liemoth/blob/3c15be953d5bab3406cd7325677686059c643d13/platform/activeondx.h#L72-L91), with Ghidra.

petabyt avatar Jul 27 '22 17:07 petabyt

Thanks I have more than just the memory dump ^^ I have already used Ghidra to disassemble the RTOS, get lots of functions and also add the memory dump to the disassembly.

Edit : Base_addr = 0xA0100000

psolyca avatar Jul 27 '22 19:07 psolyca

~~Could you send me the firmware (or RTOS) used to find these stubs ?~~ Seen some links in header files... Some are missing on my side and I'd like to see if there are some signatures I can find. ~~You can send it to damien dot gaignon at gmail dot com~~ Thanks

psolyca avatar Sep 09 '22 13:09 psolyca