i’m trying to reverse the binary with bk7231tools but it doesn’t work, how did you revese it?
Edit: I menaged to extract the binary and obtained the app pattern and bootloader patter with their decrypted version, the decrypted version gives no result with bi walk, but the normal version of the app pattern scan gives different files
I’m trying to extract the firmware from the MCU, but I think I found out something strange if you check the datasheet the bk7231 only have 2mb of flash while the bk7252 have 4mb, and trying to extract the 4mb from the flash with the bk7231tools gives an error, it may be that the firmware that some user posted could be not the entire firmware
Could you please create an ‘issue’ on the github?
Anyway, i’ll check
Is there someone who successfully reversed the firmware?
The bk7252 MCU uses arm9
issue created, thanks
Hello datajam, I have cameras starting with DGOC and DGOB, don’t know which key to use.
Did try linux terminal command: sudo node run.js
This is the result:
node run.js
class PPPP extends EventEmitter {
^
etc.
Any suggestions, tips?
closed by mistake,
but reopened,
Thanks
I got A9 Camera fake server and go2rtc running on a dedicated raspberry pi.
But only the A9 camera requires a reboot after some time.
some one already automated the A9 camera gone off for lunch detection and reboot?
Hi, I read your post. I also have an IP camera like your E-WF-19, and upon opening it I noticed that mine doesn’t have IR LEDs. In the photo you posted you can only see the connector. Would you be so kind as to be able to tell me and show me what type of LEDs are mounted? I’d like to mount them too. If you have a chance to reply to me. I thank you.
Hi all, I just started a personal project to have an open firmware for this camera based on the chip BK7252.
I’ll try to do it from the original SDK published, there is some code already for the audio and video processing, but the devboard for which they were written is different from the PCB used in the camera I have.
I also expect some hardware heterogeneity, so one configuration or implementation will not fit all models or camera sensors…
It is not ready to work or even test yet, but for now, I can compile a new firmware and upload it to the board. I can also unbrick broken bootloaders, uploading directly to the internal SPI flash of the chip.
It’ll be a lot of work, but it’s a better solution than dealing with the broken protocol the original vendor implemented…
@daniel-dona sound very cool. How did you managed to flash the chip? Could you share some diagrams please?
That’s nice! That’s what I tried and posted some posts above. I successfully flashed the code but I could not get it to engage the Wi-Fi because the boot got into a loop for a misconfiguration of the buttons.
I got a new camera with this chip, I dumped the contents in the SPI flash and looks like this is some variation of the XR872 chip from XRADIO
Magic at the beginning of the flash matches “AWIH” and there are also references to this SDK GitHub - XradioTech/xradio-skylark-sdk: Xradio wireless MCU rtos SDK,supporting XR872 and XR808
Pinout looks different, this chip is QFN-68 (17 pin per side) and all other XRADIO chips are QFN-40 or QFN-52, can be a custom one, or a new one that is not documented yet…
I had this problem the very first time, there is an example code for buttons in the SDK that can be removed, is the one that have the logic inverted for the power button…
Hello!
I’m also having troubles with UART on A9-01-HO model.
I don’t have a USB TTY converter and I tried serial communication using an Arduino Zero using this code: #define LIM (100)// Serial2 pin and pad definitions (in Arduino files Varian - Pastebin.com
The schematics would look like:
Arduino Zero Camera
GND -> GND
Pin 10 (TX) -> RX
Pin 12* (RX) -> TX
Problem for me is that I only get “Password:” output from the camera whatever the command I give. I’ve tried “admin”, “(empty password)”, “root”, but neither of the combinations didn’t work.
I’ve also found this written on the camera board: a9_001_v1.3_20230417 (maybe revision number or sth) and the processor seems XF16 P2054EA67C1
Any clues about this?
Output examples:
Message to send is: help****Message to send is:
Password:Message to send is: admin*****Message to send is:
Password:Message to send is: 12345*****Message to send is:
Password:Message to send is: password********Message to send is:
sorry my ignorance, but I’ve noticed Tuya sells a very similar model, isn’t it enough to replace this camera’s firmware and add it as any other Tuya device to HA?
try to simply connect EN pin to GND physically and then connect the tx and rx