Mighty impressive. Apart from looking forward to running custom sw on my device, I've just learned a whole lot. As an EE dabbling in embedded this is fantastic.
@KucharJosef5 жыл бұрын
I'm wondering what keywords are triggering these scam bots
@goosenp5 жыл бұрын
Wow, this part is the most impressive development yet!
@OpenTechLab5 жыл бұрын
And there's more still to come!
@claytonmoore95305 жыл бұрын
This is a great series. Listening to you go through your thought process and research steps is a great learning experience.
@UpcycleElectronics5 жыл бұрын
You're piecing this instruction set together like I'm watching the process. Half of what you say here is Chinese to me, but the more I watch the more puzzle pieces find their way home. Thanks for another epic upload. -Jake
@tedvanmatje5 жыл бұрын
Awesome, awesome! Thanks for the link to that polish bloke's website (which I will be digesting in a wee moment) and for that binview site too. Just had a moment where I had to scrape away a substantial amount of cobwebs - the last time I used assembler was on my old amiga, but all's gravy now :) Watching this has triggered a productive brainfart which is actually productive procrastination, if there is such a thing (an excuse to sit infront of a screen for hours)....thanks mate! This weekend has now taken a turn for the best. Until the next one and thanks for uploading!
@EmilHarder5 жыл бұрын
It's really, really enjoyable and educational to follow your work. Thank you for letting us look over your shoulder and learn from and with you!
@avramitra5 жыл бұрын
Can't wait for the next part! I'm addicted!
@vincei42525 жыл бұрын
Lol. Is it me or can I hear a cat needing attention in the background? At first I thought it was one of my cats :-) 🐈🐈🐈🐈
@OpenTechLab5 жыл бұрын
Yeah she was getting a bit frantic while I was trying to record. She doesn't like being shut out
@pipsqueak20095 жыл бұрын
This is really interesting... looking forward to seeing how far you can get with this
@jrsmile5 жыл бұрын
im really diggin this series, please continue afterwards with more cheap devices :-)
@23RaySan5 жыл бұрын
cool video series. im already excited for episode 4 :)
@danmanmgm5 жыл бұрын
It would be awesome to see a custom fw running on this platform.
@czoknorris5 жыл бұрын
Since you can modify the flasher, why dont you just bypass the checksum computation? Redirect the CPU to Checksum-OK directly.
@OpenTechLab5 жыл бұрын
The problem I discovered is it's not a checksum computation - just a memcmp on whether the data was correctly written to flash. The flasher then triggers a reboot, and the checksum is checked by the real system checksum checker - which we will look at in the next video
@czoknorris5 жыл бұрын
OpenTechLab coool, looking forward.
@Nadox154 жыл бұрын
@@OpenTechLab Very interesting, but where is the code safed for the checksum calculation? (I am pretty sure you will explain it in your 4th video, but I am not that far yet haha)
@konobikundude5 жыл бұрын
I wonder if some of the Kaitai Struct tooling would help with the workflow of visualizing things in-place
@Gengh135 жыл бұрын
So now even hdmi extenders could start mining crypto currencies.
@OpenTechLab5 жыл бұрын
:) - I think the hash rate might be rather disappointing
@NiHaoMike645 жыл бұрын
Not so, the video encode/decode blocks can't really be repurposed for any other use. And keep in mind even a Raspberry Pi has many times the compute power.
@Architector1205 жыл бұрын
i can be wrong but.. it looks like a "C-SKY" architecture..
@OpenTechLab5 жыл бұрын
Wow - great find! There are certainly some striking similarities: github.com/c-sky/csky-doc/blob/master/CSKY%20Architecture%20user_guide.pdf
@nickb22455 жыл бұрын
@@OpenTechLab I found an instruction set list at github.com/c-sky/tools/blob/master/gx6605s/CK610_spec.pdf but I'm not sure it actually lines up.
@anlm15 жыл бұрын
Is there a good community like Discord, IRC, or Forum to talk to people to learn more about how to modify hardware and put your own firmware on it like you are doing in this series? I'm interested in taking old hardware like DVRs, printers, scanners, smartphones, dongles etc into stuff like open linux machines, plotters, reusing smartphones in the place of Arduinos, etc
@programorprogrammed5 жыл бұрын
Fantastic
@TheCADexperts5 жыл бұрын
One ideea and probably I'm way off, but since we are seeing references to other Atmel chips in the text section , is it possible one of those has a known architecture and by finding the corresponding firmware we could then break it down for a known architecture first?
@OpenTechLab5 жыл бұрын
I didn't check, but I think they're all the ids of different flash chips, not processors. If you have a hunch about something, though, be my guest to follow it up!
@yrath50345 жыл бұрын
You big bloody tease.
@pandarojodronero29195 жыл бұрын
just make the checksum-comparition function to always return "true" or correct firmware, so the you can change anything you like in the rest of the file and it wont be overwritten on boot.
@williamsquires30705 жыл бұрын
(@7:37) - You may be looking at interleaved code here, where alternate instructions are loaded into the instruction pipeline; this is common on Intel architectures. If this were a SISD (like the old 8-bit micros), you would expect the instructions to load the value 0x000b9f7d to immediately follow one another, otherwise, the problem is that the “call $pc+(30796*4)” might modify register 3. Given that the chip (as seen from video 1 in this series) has 3 cores (a main core, an a/v core, and a security core), this may even be a 3-way interleave, but this is just a guess.
@philmissy15 жыл бұрын
It would appear ive fallen down the wrong rabbit hole and now im lost and confused. Im very far from your level of knowledge and understanding but it has brought light to the reason I never throw electronics away. I have for years looked at boards similar and well just about every board ever made and wished I could command it to well be my bitch. LOL Gld ive found your channel its very intresting.
@boriskontorovich Жыл бұрын
I think your cat had some thoughts at 14.17....
@DeirdreOByrne5 жыл бұрын
Forgive me for stating the obvious, but can you not just NOP out the call to the checksum check?
@OpenTechLab5 жыл бұрын
Unfortunately not... because it's not actually a checksum check. Just a memcmp that checks the flash upgrade did its job correctly
@DeirdreOByrne5 жыл бұрын
@@OpenTechLab OK - I thought you were looking at the firmware bootstrap, not the flash upgrade. NOPping out the firmware integrity checks is something I've done in the past :D
@OpenTechLab5 жыл бұрын
Yeah I actually tried something along those lines, but of course even if the flasher software is tricked into thinks a hacked firmware image is valid, it won't make any difference to the boot-loader which will load the firmware after rebooting
@DeirdreOByrne5 жыл бұрын
@@OpenTechLab Just out of curiosity - did you check out the function at 82bac? The function you've called "unknown_func()". There be dragons? :)