samtap
Image 2 Brick
Just bricked some of my cameras by applying the hacks from Image 2 on the v3 firmware. Works fine until you reboot. Camera bricked, orange light stays on, no network activity, even when removing the card. I suppose i need to open the cameras to get serial access.
Just noticed that there is a B written on the processor xD
Sorry to hear that. I've applied the image on a couple of camera's and it worked for me, but it does all depend on the state of various files before you insert the sd-card with the new image. Did you make any modifications yourself? If the fang_hacks.sh script is already on the device, you cannot apply the hack on the status page but you must click 'Apply updates from sd-card' on the status page to copy the new scripts to the device. It would be interesting to find out exactly what went wrong so I can add some protections.
The device should still automatically mount vfat partitions on sdcard, even if everything went tits up with the scripting, cloud apps don't start etc. So you can use snx_autorun.sh to start a telnetd. If the fang_hacks.sh script still runs at boot, you can also rename the *.tmpl files in the bootstrap folder and they will get copied to the device by fang_hacks.sh. This requires the new version of fang_hacks.sh to be on the device...
If you're able to get in, can you please share the contents of /tmp/hacks.log
I have just installed 2 cameras with latest firmware using image 2. Working nicely. No other customizations. However, rebooting without sd-card and the unit does not do anything useful. Does not connect to network. Rebooting with sd-card brings it up again.
@Vennerstrand Interesting, I didn't think to test booting without sd-card :P. I'm assuming you didn't disable cloud apps? Since if you did that it's obvious nothing is started.
I applied it to a one i have been using for about a week( only rtsp modifications) and a completely new one. Ill try a few things to get it up and running again. I made an SD Dump right after I noticed the brick and i'll upload it soon.
@samtap According to README.md rebooting without sd-card should bring back original behavior. Unsure about that. At first, I left the cloud apps running, but it does not change the no sd-card reboot behavior. It will not connect to cloud once hack has been applied. I have not tested to revert hack though. So, DISABLE_CLOUD 1 or 0 does not seem to have any affect on the no sd-card boot.
@Vennerstrand That statement is only still true if DISABLE_CLOUD=0, I'll update README
The software must still be running. Even though I do net see any network activity the IR Script is running as i can trigger the IR lights(by covering the cam)
@samtap Makes sense. I have not manage to have cloud functionality (device showing as online in Mi Home app) once HACKS_ENABLED is set. I will try on a third unit. Maybe its a fw 3 issue? I updated both of mine before applying hack.
@tobilap You'll get that if you use NETWORK_MODE=0 (Cloud) and DISABLE_CLOUD=1. You can't disable cloud and still expect network to be configured by cloud apps. Or perhaps something went wrong with configuring/setting WiFi Client settings? There's also a known issue with AP mode (udhcpd isn't started, fixed on git but not yet in image) but a reboot should bring the previous configuration back online.
@Vennerstrand I haven't had issues with cloud app. You can even change SSID/passphrase of cloud-mode on the webif and the app will take a while (presumably sync the changes) but eventually connects.
Tried multiple configurations, and of course id did not disable the cloud and use cloud mode at the same time oO. Still no activity. Ill setup a kali and start airodump to check if there is no network activity at all or its just some messed up config.
Ok just checking ;-). In case it still runs the snx_autorun.sh (which it should, kernel hotplug doesn't depend on cloud apps or network connectivity), you can probably get network up by placing the right commands in that script.
- You'll need to mount /dev/mmcblk0p2 if it isn't auto-mounted: mount /dev/mmcblk0p2 /media/mmcblk0p2
- Then run /media/mmcblk0p2/data/etc/scripts/01-network connect YourSSID YourPass
- Then start a telnetd to get in Note the manual wifi connection doesn't stick, it's lost after a reboot.
@Vennerstrand I did some testing with booting without the sdcard but could not find anything unexpected.
- If DISABLE_CLOUD=1, it boots but doesn't start anything so not very useful
- If DISABLE_CLOUD=0, it boots, doesn't detect the sdcard and works more or less as if HACKS_ENABLE=0. Cloud apps are started, brings wlan0 online, starts boa and I can connect normally with the Mi Home app and use the webinterface.
Note that by default the 00-stop-cloud script is enabled. So if you have DISABLE_CLOUD=0 and the sd-card is available, the cloud apps are started normally but terminated by the stop-cloud script on the sdcard. If you want to keep the cloud apps alive you'll need to disable the 00-stop-loud script using the webif (or remove its execute-bit manually). And probably also disable rtsp-server since it doesn't start when cloud apps are running.
@samtap I will give it another go here. I was expecting it to work as you are describing. Thanks for testing it!
Did find a small bug where cloud wifi settings are still applied even though a custom network mode is configured. Created new issue #18
I confirm that I too was blocked xiaomi after 2 or 3 reboot to the problem of partition. Now it does not start and the LED remains yellow always
Hi, Mine is Brick too, yellow light always on, no network. I 'll try to modify the in sd card Etc/scriots/ 01-network but not wifi appear in my routeur. is there a solution with making a new image to unbrick?
@iopaza The 01-network script is among the last to run. You are better off changing snx_autorun.sh to debug. You could for example add a bunch of commands to extract information from the device and write it to a logfile on sd-card. Also see my previous comment regarding tmpl files.
It appears to work for most so I have no idea what the issue is. One of you has to figure it out! I can only make a new image if I know what problem to fix.
@samtap Coul you give me the right command i have to add in snx_autorun.sh, because i'm a newbie in prog/ i understood i use to add "mount /dev/mmcblk0p2" or "mount /dev/mmcblk0p2 /media/mmcblk0p2" if the first does not work, but i'dont know where in the script it'll be write ( i'm using notepad ^^) Then i have to add "run /media/mmcblk0p2/data/etc/scripts/01-network connect YourSSID YourPass" in the script i suppose "YourSSID YourPass" to be replace by my real SSID and Password. Finally i have to extablish a telnet connection with Filezilla or Putty for example to modify directly something but which file ? thanks a lot for your help
@iopaza If you are not comfortable with typing commands in a shell it's probably a better idea to wait until we get to the bottom of this and find a solution.
@tobilap Any progress on the serial console?
I'm in #fanghacks on irc.freenode.net in case anyone needs help or info on how to debug. But since I can't reproduce the issue I have no idea why it's not working for you. Perhaps someone should write down exactly what he did, step by step in great detail, and maybe I can spot an error?
To make some progress on this, anyone able to run this? Save as snx_autorun.sh on the vfat partition, insert sdcard after the device is booted. Listen for the hammer sounds, wait a bit and then put the sdcard in a pc, zip the files and upload them to mega (or better: a pastebin site)
#!/bin/sh
LOGDIR="/media/$MDEV/logs"
mkdir -p "$LOGDIR"
cp /etc/fang_hacks.sh "$LOGDIR"
cp /etc/fang_hacks.cfg "$LOGDIR"
cp /etc/os-release "$LOGDIR"
cp /tmp/hacks.log "$LOGDIR"
cp /var/log/* "$LOGDIR"
ifconfig >> "$LOGDIR/ifconfig.log"
iwconfig >> "$LOGDIR/iwconfig.log"
mount >> "$LOGDIR/mount.log"
ps >> "$LOGDIR/ps.log"
dmesg >> "$LOGDIR/dmesg.log"
the problem is that the camera turns on but is unable to boot ... the status LED remains yellow and is not read sd
Ok I thought someone said it just didn't bring network online...
You can force a firmware flash by keeping the setup button pressed when you apply power. It will look for FIRMWARE_660R.bin. Anyone have the guts to try this? A link to the firmware can be found in the comments here: https://github.com/fritz-smh/yi-hack/issues/118
Firmware is available from here: http://111.206.200.99/miio_fw/12c424a07178dceedb4b05130f736757_upd_isa.camera.isc5.bin?GalaxyAccessKeyId=5721718224520&Expires=1492660635000&Signature=1aVB53HQ4pUdZaalxySJfiCb9Ag=
If I can infer the SDK correctly this is the procedure: Just rename it FIRMWARE_660R.bin and put it on (the root of) a clean sd card. Now do the following steps: Unplug your camera, insert SD, push (and hold) reset button, insert power lead, wait a few seconds, release reset button. let the camera do the firmware update. [edit] Tested this method and renaming the bin "FIRMWARE_660R_F.BIN". Did not work! [/edit]
I followed the steps but the camera still does not see the sd device should be reset via serial
I have no idea what I'm doing, but I dumped the ROM from my Camera running version 2.9.0.7 and in there I spotted another file name. Try "FIRMWARE_660R_F.BIN"?
Tested several methods updating the firmware using the sd card. Both naming it FIRMWARE_660R.bin and FIRMWARE_660R_F.bin didn't work. Tried from boot (holding the reset button while booting), tried from booted camera. Niether one was effective.
I checked the dumped iCamera binary (which is referencing FIRMWARE_660R.bin) and this is handling the firmware update. but I can't seem to do the right "magical dance" to get it started.
(further info: test device was on firmware 2.8.3.5 the bin was the 3.0.3.56 intercepted by MacManas)
The bootloader looks for a file to flash long before iCamera starts. Though it is possible that it expects a slightly different image and the one downloaded by the app isn't compatible? I haven't tried since my camera is working fine...
U-Boot 2011.09 (Oct 25 2016 - 01:22:49)
DRAM: 64 MiB
MMC: MMC: 0
SPI FLASH: 16 MB
In: serial
Out: serial
Err: serial
Partition Map for MMC device 0 -- Partition Type: DOS
Partition Start Sector Num Sectors Type
1 2048 204800 b
2 206848 15316992 83
reading FIRMWARE_660R.bin
** Unable to read "FIRMWARE_660R.bin" from mmc 0:1 **
reading FIRMWARE_660R.bin
** Unable to read "FIRMWARE_660R.bin" from mmc 0:2 **
sd_update_fail: no FIRMWARE_660R.bin in the sd
Partition Map for MMC device 0 -- Partition Type: DOS
Partition Start Sector Num Sectors Type
1 2048 204800 b
2 206848 15316992 83
reading FIRMWARE_660R_F.bin
** Unable to read "FIRMWARE_660R_F.bin" from mmc 0:1 **
reading FIRMWARE_660R_F.bin
** Unable to read "FIRMWARE_660R_F.bin" from mmc 0:2 **
sd_update_fail: no FIRMWARE_660R_F.bin in the sd
ERROR: update FIRMWARE_F.bin from sd failed
Hit any key to stop autoboot: 0
roofsr size = 0x6d3070
## Booting kernel from Legacy Image at 00008000 ...
Image Name: Linux-2.6.35.12
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 3038112 Bytes = 2.9 MiB
Load Address: 00008000
Entry Point: 00008040
Verifying Checksum ... OK
XIP Kernel Image ... OK
OK
My cams are working fine too, but they are all on 2.8 since I don't feel for updating yet. I just gave it a try. Interesting that u-boot is searching for the same files. It could be that the OTA bin is different.