Canon DryOS is well known and hacked on by both the Magic Lantern (for EOS) and CHDK (for PowerShot/IXUS) projects, in case you want to try to play with the Canon units software. It's also used in Canon's scanners (CanonScan/LIDE) and video cameras (Legria). It will probably have a development boot mode as well, most Canon DryOS products do.
@liljasere7 жыл бұрын
Your videos are always great examples of quality over quantity please never change mike
@andrewnambudripad7627 жыл бұрын
Whoa Mike, 1: depending on the file system, you can probably recover the deleted data (odds are the files' inodes were marked for deletion and wont actually get removed until more content replaces it), 2: that NAND bug seems to be repairable also (if it's just a SMD flash device, you can throw a new unit on, partition it and be right as rain.. didnt seem like those were critical hardware faults, so don't continue using the second unit as a parts salvage...)
@donpalmera7 жыл бұрын
>depending on the file system, you can probably recover the deleted data You wrote a lot but didn't spend the 2s to look at the text and see it's ubifs..
@andrewnambudripad7627 жыл бұрын
Fair point there Donny boy. I'm no Reiser (for one, I've yet to murder my wife) but I took a look at the docs on Ubifs and it looks pretty bog standard. It has options for LZO but other than that it's about as complicated as one would expect for a flash FS (i.e. not very) re: recoverability. I'd need to see what mount parameters are there (it's in /etc/fstab) to ensure there wasn't anything crazy wasn't configured in, along with the boot parameters (check initramfs and the bootloader) like encryption it is a medical device after all) out-of-the-box wasn't configured but a byte-for-byte recovery. (Each write file i/o the kernel pushes to flash reduces his chances by uh I'd guess disksize-exp(1/ops) hence why putzing around in a blind attempt to fix it might be bad, unless he's configured to mount in -ro) Assuming he hasn't monkeyed with it since then his chances are very high. That being said, even if he has mucked it all to hell, he might have some way to salvage it -- this looks promising -- midsamsung.com/download/system-software/ has a dl for a set of firmware (in the "Detector firmware.zip" there are 43x43, 35x43 and 30x25 subfolders with two bin's eah so I'm assuming there are revisions for different sizes), but I'm not sure if it matches his model etc. The third avenue I'd pursue is actually contacting a Samsung medical reselelr and asking for a copy. These are high dollar items so the CSR's are generally pretty helpful if you posture as though you actually legitimately purchased this device (and the aux components) and you've been "really happy with them thus far, and are looking to upgrade our units soon enough, but this is really chaffing me!!!". Dr Mike from Massachusetts General Hospital's Radiology is quite upset (I was previously watching that on my Nexus w/ a 4" screen & my dog was hogging my bed at the time, but by all means if you've got a spare GSM phone with a larger screen to replace it, I'd readily welcome it it ;))
@donpalmera7 жыл бұрын
Hey Andy boy. If you had looked a little harder instead of trying so hard to get that unfunny reiser joke into a comment finally you would have noticed that almost all the options for ubifs are set at creation and not mount time. ubifs is a lot more complicated than jffs etc. I doubt Mike is going to spend a ton of time working through all the structure etc to find some files off of the NAND. If it was a secure boot situation there would have been noticeable messages about it from uboot as it would be responsible checking the kernel and initramfs signatures after itself was checked by the boot rom in the chip. Google "uboot FIT" if you want to know more.
@Wolfie1231237 жыл бұрын
14:19 That's uh, a squeaky chair you've got there, mate.
@zvpunry19717 жыл бұрын
I don't think it was the chair. It was probably a neon transformer from a Italian company whose name I have forgotten.
@Ba1tuks7 жыл бұрын
Yep, that was quite noticeable. :-)
@TheSkytherMod7 жыл бұрын
You sir, are my hero.
@rdbanks28237 жыл бұрын
I’m so glad someone else noticed that! Haha
@collingtech17 жыл бұрын
very strange indeed, but rather deceiving, you see, i dont think its a chair issue related noise, appears to be some sort of vent or maybe some uncalibrated pressure valve
@DUIofPhysics7 жыл бұрын
"Some of the may have been dropped." Ouch... I can't imagine having to tell your boss that you dropped a £30k piece of equipment and they now need to buy a new one...
@SeanBZA7 жыл бұрын
Just add it to some patient's bill......
@mikeselectricstuff7 жыл бұрын
Could have been after they were scrapped of course
@ellenmadden83437 жыл бұрын
I think the answer is you don't tell anyone and pray to several deities that nobody finds out what actually happened.
@xrtnn7 жыл бұрын
insurance will cover
@gillianseed44197 жыл бұрын
they can afford it
@DextersTechLab7 жыл бұрын
Excellent video Mike, really looking forward to see future work on these!
@sdshlanta7 жыл бұрын
It looked like that first one had a web server running on port 80
@NickStallman7 жыл бұрын
It also had port 21 FTP I think I saw and 23 Telnet
@JJayzX7 жыл бұрын
Nick Stallman I saw telnet also.
@GiddeonFox7 жыл бұрын
Telnet was open and the boot sequence printed something about telnet starting, oh boy
@cleverca227 жыл бұрын
for the units ive worked with, the charge/comms cable is used to set the WPA name/key, and then all comms happen over wifi, and the docking station only provides power the ones ive used lack IR ports, and the dock cable is only used for pairing, and not normal charging
@rkan27 жыл бұрын
Do you know which software they connect to or do the devices themselves have a web server one pulls the images from?
@cleverca227 жыл бұрын
dont know the exact software used, but it had to download the image after every shot, the detector has only 1 frame worth of storage
@Wimpzilla7 жыл бұрын
For electronics plebs like me, you are truly a master, i admire you. Thanks you again for sharing this awesome kind of stuff, really interesting, instructive, motivating. You are the best Mike!
@Sigmatechnica7 жыл бұрын
The Cesium iodide might not be that toxic but the Thallium it's likley doped with is very much so.
@peterstalin74637 жыл бұрын
You are right, bro. The lethal dosage of caesium iodide is relatively high 1500mg/kg against 0.1 to 9.4mg/kg for Thallium according to the data of cdc.
@goamarty6 жыл бұрын
@ Peter Stalin: So the CsI alone is only 8 times more toxic than table salt and in the range of vitamine A. Of course Thallium is really bad stuff, AFAIK a very nasty death.
@alexwood0205897 жыл бұрын
Hi Mike, really interesting stuff! I reverse engineer embedded systems for a living, got to admit it’s fun to watch someone else wrestle with the same issues I do, day in and day out lol. As for recovering your lost files, I have a couple of suggestions. First off, if you can, use the nand subsystem in uBoot to extract the entire raw contents of the flash memory via the serial port. It’s slow, but reliable and easy to write a script to do it for you, page by page and store the results. Once you have that backup, try and find a firmware update package online and attempt to update the device. If this works, it will replace your missing files. If not, you might be able to extract the update package using a tool called binwalk and find your missing files, put them on an SD card and transfer them back over to the DUT. If you can’t find an update package, it’s a bit harder! You need to use the nandsim kernel module for Ubuntu to create a simulation of the nand flash device on the DUT in your PCs ram, then copy the raw data from the nand device you extracted into the simulation. You can then mount that simulation on your pc and run a suit of data recovery tools on it to “undelete” the data. I have done this successfully once or twice. There are some really easy to follow online tutorials. Good luck! I look forward to seeing your next video on these. Alex
@alexwood0205897 жыл бұрын
There are probably easier ways of extracting the raw flash given that you have an sd card socket on the DUT. UBoot can mount sd cards and transfer data, but it’s not uncommon for manufacturers to nerf the stock uBoot and remove most of the functionality for “security” reasons. Daft really as the most secure option would be to just remove the uBoot CLI all together. I’m used to systems where the only data extraction option is the serial port, so I like that method even if it takes over night. Also, if the flash is in a friendly package, you could just desolder it and use a chip programmer to extract its contents (I use this method a lot too).
@KallePihlajasaari9 ай бұрын
@@alexwood020589 Your brain must be full of interesting stories. Somewhat envious of your skills.
@tuopeeks7 жыл бұрын
always wanted a look in one of these, thanks.Even better if you get one working.
@TKomoski7 жыл бұрын
Cool bit of kit Mike and how you come up with this med stuff is cool. Solder on *Mike*
@rdbanks28237 жыл бұрын
I’ve been waiting to see that break-out flex after you posted on Twitter! Pretty good resolution from the laser printer!
@douro207 жыл бұрын
DRYOS is used in Canon digital cameras as well. It's fully POSIX compliant.
@iwtommo7 жыл бұрын
I havent watched it yet but REVERSE ENGINEERING THANK YOU MIKE
@WhileTrueCode7 жыл бұрын
the IR is used for sharing panels across rooms- the clinical use scenario is to be able to grab any panel and IR flash it to sync it to that room. the cable connector may serve the same purpose (if present in a charging station) or even to be used permanently if mounted within an enclosure. most panels of this design do support a "non-integrated" or "passive" triggering mode which means it will detect presence of xray to halt the clearing process and subsequently readout an image (every manufacturer seems to implement this differently). "integrated" whereby a synchronization cable from some piece of the system runs to the xray generator is used for inducing a delay upon exposure request so the panel can clear, then when finished, release the exposure. occasionally an additional signal from the generator is used to signal the exposure has completed so the panel may begin readout immediately, but often it is just a preset time delay from trigger to readout. note that "passive" tends to always have some limitation over "integrated" regardless of manufacturer- usually in the form of nonconfigurable exposure window or, even worse, by false-triggering due to mechanical shock or non-triggering due to insufficient dose registration. all the above is specific to static, eg. single, imaging. dynamic/fluoro imaging is not supported in every static imaging device, and i'd be surprised if any of these devices would support a dynamic mode without being integrated to generator.
@johnwilson76607 жыл бұрын
On the wireless canon systems I've used, an image would be generated whether any xrays hit the detector or not. So, I would assume that the control panel would tell the detector when to start making the image and when to stop. There was always a consistent delay of a couple of seconds after the exposure had ended before an image would appear on the screen, whether the exposure was half a second long or 5 seconds long.
@WhileTrueCode7 жыл бұрын
if u got an image without any exposure hitting the plate then it's definitely integrated. 5sec (breathing?) is a long time, did you still get a decent shot?
@johnwilson76607 жыл бұрын
Long exposures are better for tubes that either can't get enough electricity at one time to power the tube, or tubes that can't handle the heat generated by a big exposure. I remember maxing out a portable machine one time on a 500 lb patient. I ended up having to make two exposures on the same cr imaging plate to get a decent image. Long exposures can work against you if you are looking at the intestines as you can't really keep them from moving around. However, they can be helpful while a patient is breathing as it can help to blur some things out. If you want to see a lateral thoracic spine, transthoracic humerus, or a pa sternum well, you want the patient to breathe normally so the ribs and the lungs move around and get blurred out into an even density while the spine/sternum/humerus stays still and gets better detail.
@TheSlinq7 жыл бұрын
And the first one had port 80 open on the netstat, didn't you open a browser?!?
@Yannique17 жыл бұрын
Thank you Mike, I can't wait to see this thing putting out images!
@AdrianTripp7 жыл бұрын
haha I heard it too!
@johnwilson76607 жыл бұрын
I had always wondered what was behind those strips on the sides of the canon image receptors. I had been told it just had something to do with being able to tell when it had been dropped. Supposedly you could drop one from waist height and it would be ok. I think I remember the cost of a new receptor was around $80,000 usd for the hospital in 2014.
@doitaljosh7 жыл бұрын
The Samsung one has the same processor found in the beaglebone black single board computer. Totally hackable.
@malgailany7 жыл бұрын
41:10 Is davinci-mdio in the boot sequence has something to do with the Da Vinci surgical robot system?
@donpalmera7 жыл бұрын
No. TI has a series of SoCs with some video processing IP or something in them that are called davinci. Someone wrote a driver of the MDIO controller (used to talk to ethernet phys) on them and that driver works for the same controller used in later products.
@mikeselectricstuff7 жыл бұрын
No it's a TI thing - graphics processing I think
@uzaiyaro7 жыл бұрын
DRYOS is a realtime OS used by Canon in mostly their digital cameras, high end webcams, that sort of thing. It replaced VxWorks donkeys years ago, and supposedly has a simulated dev environment for debugging. It has a USB interface and drivers for remote file systems and network services like a video server. There is a small hacking community for some of their digital cameras through a project called Magic Lantern. Unfortunately, my 7D Mk II is not supported and may take a very long time, if it ever is. Something about reversing the architecture of three (yes, three!) seperate CPUs - two DIGIC 6 CPUs that do the heavy lifting, and a either another DIGIC 6 or a DIGIC 5 dedicated to autofocus and exposure. Each of these DIGIC processors contains an ARM Cortex R4 and 3 other smaller ARM variants apparently, but reversing of this chips is only in it's infancy. Hope this helps clarify one or two things about DRYOS, and what it tends to be used on.
@JackZimmermann7 жыл бұрын
Next time, use the "dd" command to copy the entire partition into an image on the SD-card...
@rocketman221projects7 жыл бұрын
Just be sure to triple check that you have the input and output the right way around.
@rkan27 жыл бұрын
Yes... Always in these cases.. Just make a goddamn backup with something (usually dd if available..)
@Spirit5327 жыл бұрын
See if you can read the flash from the dead unit, maybe it still has the files you deleted on the freshly dead unit. It says it's corrupted, but it prompts you to stop the autoboot and could kick you out into a similar prompt.
@pdrg7 жыл бұрын
Have to wonder what the three downvoters expected when you delivered exactly what you claimed. Really fascinating to not just see, but to also see someone with enough ability to really press into something I'd have to give up at a much higher level. Thank you
@alikamel-94622 жыл бұрын
Hello Mr. Mike, I'm a medical engineer from Egypt, I will make a youtube motion graphics video explaining the components of the Flat panel detector, may I use screenshots from this video to make it more clear?
@vankhiemtran7086 Жыл бұрын
Have you published that video? Can I see it?
@khronscave7 жыл бұрын
7:50 That TDK part there looks strikingly similar to an Ethernet isolation transformer. Two little caps on the output side and two differential pairs look like a 100Mbps connection, part of that multi-way i/o thing.
@khronscave7 жыл бұрын
13:20 Confirmed :P
@imeakdo77 жыл бұрын
34:33 those same coax cables are used in NEC's supercomputers
@TheSiodmy7 жыл бұрын
was worth the watch for the "aaaah!" once you mounted the SD card :)
@MrSaydo177 жыл бұрын
80C can't do auto sense acquisition but the 701c can. Totally correct that the 701C is the newer generation. The IR is used to pair the panel with the acquisition software. The scintillator is cesium that is grown on the glass.
@rowlandcrew7 жыл бұрын
Mike, the CsI is encapsulated and protected from: visible light (the dark absorbent non reflecting material and the aluminum to stop light entry), and shock ( dropping the panel will crack the CsI that will show up as the equivalent of bone fractures). CsI is non-hygroscopic so it is fairly inert against moisture infiltration and thermally stable against cracks forming from rapid temp changes. As for operational flow, xray machines are either pulsed or steady state, but result in so few photons/pixel that the LCD needs to integrate the CsI light. the comms really do not effect the image, just whatever locally works for data extraction is what the technicians use. there will possibly be some triggering for when to erase and read since there will be a dark image. saturation is not usually an issue because relative to emulsion film, these panels have much larger dynamic range. the minimal function is on the order of clear and read, with calibration mostly to do with weak pixels or maybe dead ones. If you want to play more, let me know.
@liquidsnake57764 жыл бұрын
Do you know what do these panels checks in a dark calibration ? Mine was working but since this test doesn't pass I can't use it anymore.
@rowlandcrew4 жыл бұрын
@@liquidsnake5776 When "dark" (meaning no xrays impinging, except background) the panel will still make counts, somewhat randomly across pixels in the image plane. There is a "gain" setting that may be in the form of the bias on the pixels or panel, or maybe amplifier gain on the ccd, or maybe a threshold setting. The point is to adjust the gain or threshold so the count rate across the panel is much lower than the count rate from using the panel. There also will be some assymetry check across the pixels to make sure there is not a high count region which could obscure image features. I am sure there will be other health checks.
@amlandatta4uni7 ай бұрын
23:17 The gate drivers, where can someone find those? I have been looking for these everywhere. Any links?
@AntonBabiy7 жыл бұрын
Many laptops also use coax for their lvds lcd cable but the outside shielding layer is thick foil
@marcan427 жыл бұрын
Ideally the first thing you do on a device like this is take a full backup of the raw flash (which can be tricky depending on exactly what kind of flash it is - eMMC and other high-level interfaces are easy and standard, but NAND flash like in this case is trickier and requires specific tools). However, in lieu of that, there is a universal method of doing proper file-level backups on Linux. This is less ideal for backup/restore purposes, but it's great to get a dump of all the files off the device and into a form you can look into on a PC (and in a pinch it'll still save your ass if you break something, though restoring might be more involved). It has the advantage that it can create mostly-consistent backups while the system is running (individual files that are changing might not perfectly match, but you won't get any wide-spread corruption like if you tried to take a raw disk image of a running system). What you want to do is make a tar archive of the various filesystems on a device. Doing it directly doesn't work, because various filesystems are mounted on top of each other and pseudo filesystems will ruin your day. The trick is to use bind mounts. mkdir /mnt/root mount --bind / /mnt/root cd /mnt/root tar cvzpf /mnt/sdcard/root.tar.gz . cd / umount /mnt/root ... will make an "alias" of the root filesystem (/) at /mnt/root, but, crucially, *without* any of the other filesystems that are mounted below it. So you get the root filesystem and only the root filesystem. Then it gets archived into /mnt/sdcard/root.tar.gz, which you can extract on a PC (assuming you mounted the SD card on that directory in advance). The 'p' ensures that filesystem permissions are properly preserved. After you're done, undo the bind mount. You'll want to repeat this for any other filesystem mounts shown by the 'mount' command, that aren't pseudo filesystems (usually anything that has a "real" device name). /dev may or may not be a temporary filesystem, but it is safe to archive if you want to take a look at the device node tree. /proc and /sys are system information filesystems; always ignore those, as they are not real and will probably result in errors as their contents change all the time and are dynamically constructed. Anything with type "tmpfs" is a ramdisk, but safe to archive if you feel like peeking at whatever files are there. You can skip the bind mount part if a given filesystem has no other filesystems mounted at subdirectories. This is often the case for most things other than the root filesystem itself.
@Liam-bs7cu7 жыл бұрын
In theory you might be able to boot the good one from the SD (standardish boot image for Sitara) then image the NAND and then re-flash the image on the broken one.
@SamGallagher7 жыл бұрын
33:06 That's some length matching on the diff pairs I figure?
@imeakdo77 жыл бұрын
33:09 that FPGA looks pretty modern... is it from 2013 or 2016?
@rkan27 жыл бұрын
He said the newer Samsung was from 2014.
@Dustycircuit7 жыл бұрын
The OP-amp's are probably part of the reference circuitry for the ADC's on the FF-cable. Needs to be super quiet.. Schhhh
@muzammilsagiАй бұрын
What is the password of Cxdi 70c fpd.?
@Vidicon317 жыл бұрын
very cool device. would love to play around with them. Can you post the data/serial dumps?
@Veptis5 ай бұрын
If only there were a larger used market for these. I don't want the scintillatior - I want to make a large format digital camera for visible light. And I am susprised nobody has tried that yet.
@ramous51825 ай бұрын
exactly what I was thinking earlier today, would be a really cool project!
@ligius37 жыл бұрын
Healthy mix of hardware and software hacking. In uBoot you can copy one partition over the other, I assume one of them is factory default, one of them is recovery and one of them is the main (upgraded). You could potentially copy the factory over the main one. You could also potentially boot factory firmware by holding a pin grounded. For getting into uBoot, you can try various key sequences at startup (ESC, space, etc) or check to see if a pin needs to be grounded. Search for "Linux Core U-Boot User's Guide Texas Instruments".
@ligius37 жыл бұрын
Had a look through the boot screen, it looks like you need to press any key to break into uBoot env. It also boots into mode C1 (normal), I suspect you can force it into factory reset mode, you have to read the datasheet of the chip. There has to be a way to recover from bad upgrades, but it might be possible that some critical parameters will be lost (unlikely). uBoot seems to be booting from 0xb8000 which you can see at timestamp 1.268s is RAMDISK.This is the kernel, it has a backup. It then mounts mtd14 ("app filesystem", offset 0x5d4000) which doesn't seem to have a backup. I think you might have deleted files from this one, as you can't delete files from "kernel". If you get lucky, you can perhaps image the file system partition from the bad unit onto the hacked unit using the mtd* utilities in uBoot. Either way, doing dumps of the systems with uBoot will let others help with the experiment.
@flatfrog69rr717 жыл бұрын
Hi Mike Maybe the Xraytony channel might know more about this ? Thanks
@iamdarkyoshi7 жыл бұрын
Can't wait until the next video. You're going to create your own image capture board aren't you :P
@GLITCH_-.-7 жыл бұрын
Please please try everything to get one working! What kind of x-ray source do you have? oh, and what microscope do you use?
@membola Жыл бұрын
pity to throw out the cesium iodide, i would have bought that. been trying to find somewhere to get it at a decent price to make my own detector.
@caseymuni40975 жыл бұрын
Did you have any luck getting an image acquisition software?
@trogper7 жыл бұрын
It doesn't seem to me to be intended for medical use. I'd expect more sealing and no grooves from the front.
@johnwilson76607 жыл бұрын
The receptor sizes are 14 x 17, which is the most common size used in medical imaging. I routinely used a disposable cassette cover (giant sandwich bag) and grid to help protect any image receptor I was using. The canon receptors are sealed up pretty well from my experience. That groove along the front edge was tight enough to keep the blood, sweat, and tears from getting inside, at least from what I could tell. Some of the older film and cr cassettes that had to come apart to get to the film or image plate weren't water tight, and had plenty of nooks and crannies you could get body fluids into.
@madbstard17 жыл бұрын
Lovely teardown especially if you've ever had to lie on top of one for an x-ray :)
@proluxelectronics74197 жыл бұрын
It would be nice if the GUI's are basically Cannon/Samsung WIFI printer/scanner software bundles...
@hygri6 жыл бұрын
It's dhcp'd an IP address and it's running a webserver! Connect to it!
@KeenanTims7 жыл бұрын
Almost everything in the medical imaging world speaks DICOM, which a pretty ponderous suite of protocols and formats covering medical image exchange and storage. A decade ago I worked on the software side of this industry, so I don't know much about how they're used clinically, but based on what I can find, it looks like the Canon product does have a workstation component (it doesn't communicate directly with the PACS using DICOM). But my assumption would be that it still does generate DICOM internally, and might even speak to the workstation using it. If you can figure out how to get the thing to register an acquisition, maybe that's helpful information, hopefully all the stuff between the cassette and the workstation isn't all proprietary BS... For fiddling with DICOM, I like dcmtk, which includes a lot of single-purpose tools to modify/convert DICOM image files, as well as a simple server (storescp) that can receive images over DICOM from a modality like this. You're also going to want a decent viewer that allows easy manipulation of dynamic range level (gain)/window, since these typically take 10-14b images. Mango is a pretty nice Java thing for this.
@MrSaydo177 жыл бұрын
They don't generation dicom internally, the acquisition software generates dicom files for transport only. They are held in a raw state before transmission. This way they can fiddle with the image, masking it or processing it in some way, before it's sent to the PACS.
@johnwilson76607 жыл бұрын
The image generated should be a jpeg at some point along the way. I don't know if the image receptor does that or if the windows machine running the canon software does. I don't think it gets a dicom wrapper until it is told to export it that way.
@RWBHere7 жыл бұрын
At time stamp 7.489715, did you change the country ID to CA, or was that the existing code? As for the CRC errors, can you run fsck to try to fix things? Thanks Mike.
@RWBHere7 жыл бұрын
It could also be advantageous to format that SD card with a linux partition, because the MS-DOS one will discard all file permissions, since it still cannot recognise them. The backup would be useless without the permissions, etc.
@saeedehghaffari80195 жыл бұрын
Hey Mike, thanks for the great video.. Can you tell me some tips to follow to make it hard for anyone to do a reverse engineering on a detector? For instance, is it safe to have JTAG pins on the FPGA board?
@DrTune7 жыл бұрын
Hey mike, the flat flex board you whipped up; how did you drill all those holes; you have a CNC pcb drill?
@mikeselectricstuff7 жыл бұрын
No holes. header is surface soldered.
@bfx81857 жыл бұрын
I have some Varian and Trixell detectors at work :) Those Trixells are pretty good because they are realy quick and connected thru the optic fiber. Varian is similar wireless like you have on the bench. I'm also surprised that there is no password to linux. All our detectors is protected by admin account.
@donpalmera7 жыл бұрын
The root console is a standard feature of busybox configured by copy and pasting some examples. It shouldn't really matter unless the serial port is accessible outside the unit.
@rkan27 жыл бұрын
Passwords are useless if you have access to serial ports (and the device itself)
@Sixta167 жыл бұрын
Heleho, BFX se taky kouká! Zdarec chlape a všecko nej do 2018!
@khikaru78464 жыл бұрын
Soo, did you scrap the firmware yet? It was unbelievably easy I was shocked it just mounted some vfat just like that. But what happened there, I've expected it to run as overlay or squashfs or something, yet you think you've managed to write into the flash like that? usually doesn't happen afaik
@TheSlinq7 жыл бұрын
You didn't do `ps aux`!
@unmanaged7 жыл бұрын
whats with the db9?
@animeshghosh38257 жыл бұрын
Happy New Year Mike
@cnxunuo7 жыл бұрын
just got an older generation samsung one, booting up with no error, however did not send ethernet pulses, tried a new PHY chip, both ethernet LED wont lit up, computer cant reginize the ethernet....
@hinz17 жыл бұрын
Nice to see some actual repairwork instead of destructive teardown. But I would wear some gloves for that, you never know what nasty fluids were spilled on there.
@AureliusR6 жыл бұрын
Those DC-DC modules at 7:20 cost about $25 each in single quantity. That drops to $15 in 100 quantity... jeez no wonder these things cost 10-20k.
@Sixta167 жыл бұрын
Mikeselectricstuff, that is some AwesomeStuff.
@douro207 жыл бұрын
If these were GE panels they would had spared no expense optimising them, sometimes to the point where end up having issues in the field they will spend millions trying to fix...
@eekpie7 жыл бұрын
take a peek at the UBOOT stuff you can usual dump or flash from TFTP via ethernet before boot. Maybe able to ignore the 'bad blocks' and whiff the data back
@eekpie7 жыл бұрын
couldn't spot a prompt but smashing keys when uboot is loading usually drops you into it
@mikeselectricstuff7 жыл бұрын
Yes but no good if you don't have the code to TFTP into it. There are commands set up to set up the unit from scratch but they need to pull files from a server
@donpalmera7 жыл бұрын
If you can get into uboot you should be able to mount the SD card and take and image of the nand and then run the ubifs recovery commands on it to get some stuff back. Alternatively it's possible only the part with the kernel/ramdisk are busted and you'll be able to pull the root filesystem from it and combine it with the working kernel etc you have from the other unit.
@youdonotknowmyname96633 жыл бұрын
Well I am not that surprised that there is no "ADC chip". You can use an FPGA, some OpAmps and some passive components to make a delta sigma ADC.
@polprog7027 жыл бұрын
43:25 i hope that eth0 mac is not hardcoded the same on every unit... that would cause some ARP mayhem! hehe
@DAVIDGREGORYKERR7 жыл бұрын
Might be bluetooth on the cannon ones.
@johnwilson76607 жыл бұрын
I think I remember a sales rep saying they had, or they were going to try to get, images to cast onto a slave monitor with bluetooth 4 or 5 years ago.
@Chriva7 жыл бұрын
Never underestimate the power of Chili con carne, Mike ;)
@willynebula61937 жыл бұрын
Those micro coax would the core conductor be platinum looked very shiny
@AureliusR6 жыл бұрын
no, just tinned copper, *maybe* silver but I doubt it. cost would be way too high and the signals aren't high speed enough to need it.
@MrSaydo177 жыл бұрын
Yay I work with these every day.
@mikeselectricstuff7 жыл бұрын
Can you get hold of the PC software (assuming it runs on a PC)?
@technotarius44446 жыл бұрын
I write backend and integrate solution for integrate Rayance TFT in medical software.
@phillrullzXBL7 жыл бұрын
Its painful seeing so many different color Solder masks...
@simonstergaard7 жыл бұрын
Ahh, that info heavy fast talking. Love it!
@yumiwatanabe4407 жыл бұрын
just few comments on "linux" side of things: 1) you will probably mess things up if you just try to copy everything to that SD card for few reasons - first is "symlinks" thise are havely used in non-windoze world and not supportead by FAT/FAT32 filesystems 2)entryes in /dev /proc /sys and other pseudofiles - when you try to copy it nonsense will happen for example you would just fill entire flashcard with endless content of /dev/zero soooo... more practical way is to copy entire fs as an image and then boot PC into any linux and just mount that image from what i see here you need to copy content of ubi0:app ubi1:secure_data and /dev/root those ubi0 and ubi1 are probably in /dev/... somewhere feel free to PM me if you need more details
@tameem-alwasbi2 жыл бұрын
Pleas my Dr I need from u concet with u for important thing 🥰
@jekader7 жыл бұрын
Didn't even know these sensors existed. Fun to see though that a 20k$ device is powered by linux shell scripts. Too bad it mounts filesystems in R/W mode so it can be FUBAR'ed easily. Well, I hope we're still going to see this work.
@johnwilson76607 жыл бұрын
The ge xray systems I've used ran on Linux. I'm sure they cost several hundred thousand dollars each.
@stilbenenet11817 жыл бұрын
Linux shell can complete unambiguous names. Works with commands and filenames. Try it out by pressing .
@donpalmera7 жыл бұрын
>Linux shell can A number of shells run on linux. Quite often the shell compiled into busybox that runs systems like that will have tab completion disabled.
@vadzimdambrouski52117 жыл бұрын
Can you actually name some devices that have busybox, but no tab completion? As far as I can remember, every system I've seen just runs default ash with completion enabled.
@stilbenenet11817 жыл бұрын
Yeah, maybe there are some ancient systems without. Anyways typing whole paths is such tedious thing, it's always worthy checking out if it's enabled.
@donpalmera7 жыл бұрын
Vadzim Dambrouski sure, the renesas rz1 system I have on my desk that runs completely from embedded SRAM.
@vadzimdambrouski52117 жыл бұрын
Good to know, thanks
@EasyCookingASMR6 ай бұрын
Nice
@peterperkon50987 жыл бұрын
that last linux looks very much like openwrt.
@rkan27 жыл бұрын
Every linux looks like Linux.. Openwrt is just a minimized version, as is this, but probably not as much.
@peterperkon50987 жыл бұрын
Have you noticed the gpio vfs layout? The network name? ubifs? You may be right that every gnu linux may look the same to you.
@thcoura7 жыл бұрын
Now i know from where Microsoft got the idea to Surface
@dimsu64968 ай бұрын
It´s not a good idea to open the protection layer of the CsI:Tl scintillator. First of all, it is really dangerous for health; secondly, it must be utilized as high-toxical material, under special protocol and control.
mike, please use a tripod ! the wobbly camera and movement of the objects ruin an otherwise interesting video
@Blowcrafter5 жыл бұрын
but i think he is. or maybe he is levitationg the camera ;)
@quertize7 жыл бұрын
PSHSHSH. Yep.
@technotarius44446 жыл бұрын
Rayance TFT has more trivial protocol and some useful bugfeatures for grab FW from TFT. And Rayance has bugged API for Windows. If you have experience for this vendor like this comment.
@EasyCookingASMR6 ай бұрын
Im from india
@ReactsIII5 жыл бұрын
Wow that was fantastically stupid to just pick at the scintillator. CsI is definitely not great to inhale and the film is doped with thallium(very small concentration). Please do more research in the future before diving in headfirst, your video was great.
@vinaybhaskarchandratre77625 жыл бұрын
Thallium is doped, inhalation is not that risk, only if CsI is in now in powder .
@ReactsIII5 жыл бұрын
Vinay Bhaskar Chandratre I'm sure picking it apart generated lots of little dust particles.
@cliveramsbotty60777 жыл бұрын
yeah i pissed shit and vomited that one panel into liquid damage oblivion sorry mike
@vincei42527 жыл бұрын
first
@Knaeckebrotsaege7 жыл бұрын
mike is always first, so stfu
@bloodyl_uk7 жыл бұрын
Evidently the "Woopdy effin doo" crowd aren't here yet, a bit slow those lot, they'll turn up eventually.