ds2k5
March 5, 2022, 7:37am
21
How to get Data from the exported files ?
34128798 0x208C39E Unix path: /sys/devices/system/cpu
$ file 208C39E
208C39E: data
example: there are some text infos in the file: 208C39E
$ head -30 208C39E
/sys/devices/system/cpu%d
failed to %s %d's affinitygetpid %d's %s affinity mask: newcurrent%xbad mask '%s'cpubad -s: '%s'timeout pid %d signal %d
+-<>/%'%s' to '%lld' %02d:%02d:%02d up %d day%s, %2d:%02d, %d min, %d user%s, load average: %.02f, %.02f, %.02f
set_name_typeVLAN_PLUS_VIDDEV_PLUS_VIDVLAN_PLUS_VID_NO_PADDEV_PLUS_VID_NO_PAD%s: unknown '%s'WARNING: VLAN 1 does not work with many switches.
remset_flagset_egress_mapset_ingress_mapSuccessful %s on device %s
procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu----
%*s/proc/uptime %*llu/proc/statcpu intr ctxt procs_running procs_blocked /proc/meminfoMemFree: Buffers: Cached: SwapFree: SwapTotal: /proc/vmstatpgpgin pgpgout pswpin pswpout %llu%nNo %sin %s
PATH%08llx: readsyntax error()|&===>>=<<=!=+*%%lldnon-integer argumentdivision by zero%.*sbad pid '%s'/proc/%d/stat/proc/%dcwdrtdroottxtexe/proc/%d/%s/proc/%d/fd/%s%s (readlink: %s)/proc/%d/fdinfo/%spos: %lld flags: %o0t%lldFIFOLINKsock0%03o%ld,%ld/proc/net/tcp/proc/net/tcp6/proc/net/udp/proc/net/udp6/proc/net/raw/proc/net/raw6/proc/net/unix%*p: %*X %*X %*X %*X %*X %lu %nunixsocketUNKNOWNESTABLISHEDSYN_SENTSYN_RECVFIN_WAIT1FIN_WAIT2TIME_WAITCLOSECLOSE_WAITLAST_ACKLISTENCLOSINGIPv4IPv6TCP %s:%d->%s:%d (%s)TCP [%s]:%d->[%s]:%d (%s)%s %s:%d->%s:%d%s [%s]:%d->[%s]:%dUDPRAW %*d: %x:%x %x:%x %x %*x:%*x %*X:%*X %*X %*d %*d %ld %*d: %8x%8x%8x%8x:%x %8x%8x%8x%8x>%x %x %*x:%*x %*X:%*X %*X %*d %*d %ld/proc/%d/maps%*x-%*x %*s %llx %s %ld %n00:00mem/proc/%d/fdNOFD%s (opendir: %s)%-9s %5d %10s %4s%c%c %7s %18s %9s %10s %s
COMMANDPIDUSERFDTYPEDEVICESIZE/OFFNODENAME%-9s %5s %10s %4s %7s %18s %9s %10s %s
--More--(%d%% of %lld bytes)--More----More--(Next file: %s):::::::::::::::::::::::
%s
:::::::::::::::::::::::
rq(Enter:Next line Space:Next page Q:Quit R:Show the rest)OPENDIR: failed to open /procUnknown signal '%s'missing argumentmax argument > 1/proc/%s/cmdline/proc/%s/comm/proc/%s/stat%*u %*s %*c %u %*u %u %s(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)(only servers)(w/o servers)tcpudprawActive UNIX domain sockets
Proto RefCnt Flags Type State I-Node PID/Program Name Path
Proto RefCnt Flags Type State I-Node Path
/proc/net/routeKernel IP routing table
Destination Gateway Genmask Flags %s Iface
MSS Window irttMetric Ref Use%63s%lx%lx%X%d%d%d%lx%d%d%d
sscanf0.0.0.0%-15.15s %-15.15s %-16s%-6s%5d %-5d %6d %s
%-6d %-2d %7d %s
GHRDMDAC/proc/%d/cmdline%d/%ssocket:[[0000]:
Proto Recv-Q Send-Q %-51s %-51s%-23s %-23sLocal AddressForeign Address State User Inode ( PID/Program Name %d: %x:%x %x:%x %x %x:%x %*X:%*X %*X %d %*d %ld:*:%s:%d%3s %6d %6d %-51.51s %-51.51s %-23.23s %-23.23s %-11s %-10s %-11d %d: %8x%8x%8x%8x:%x %8x%8x%8x%8x:%x %x %x:%x %*X:%*X %*X %d %*d %����C�D�TL��Zq߀��A�ȡ���Z���46)��{����(ځ�*�a:0�!����/��Ӭsz�����)`����W
ds2k5
March 5, 2022, 8:20am
22
Found some Information in the Files:
Hardware name: Amlogic (DT)
Linux version 4.9.113-06205-g19b66befa67d-dirty (ming.liu@droid16-sz) (gcc version 6.3.1 20170109 (Linaro GCC 6.3-2017.02) ) #21 SMP PREEMPT Sun Oct 31 00:23:44 CST 2021
RTW: rtl8821cs v5.8.1.2_35313.20191016_COEX20191014-4141N
RTW: rtl8821cs BT-Coex version = COEX20191014-4141
Bluetooth: Core ver 2.22GRl
stem mtdblock.ro_fspart_2nd=chrome loglevel=0 quiet logo=,loaded,androidboot.selinux=enforcing androidboot.firstboot=1 jtag=disable androidboot.hardware=amlogic androidboot.bootloader=U-Boot 2015.01-gfe79c6daed-dirty androidboot.build.expect.baseband=N/A androidboot.slot_suffix=normal defendkey=0x08300000,0x100000 androidboot.serialno=29432/A0SF24639 androidboot.deviceid=29432/A0SF24639 androidboot.country=WW android.debuggable=1 android.secure=0 console=ttyS0,115200 no_console_suspend earlycon=aml_uart,0xff803000 androidboot.rpmb_state=0 reboot_mode=cold_boot
OAmlogic (DT) <!�dBooting Linux on physical CPU 0x0���dLinux version 4.9.113-06205-g19b66befa67d-dirty (ming.liu@droid16-sz) (gcc version 6.3.1 20170109 (Linaro GCC 6.3-2017.02) ) #21 SMP PR
squashfs: version 4.0 (2009/01/31) Phillip Lougher���\4�-fuse init (API version 7.26)
Meson chip version = RavC (25:C - 43:0)�e�8�dDetected VIPT I-cache on CPU1�Z�8�dCPU1: update cpu_capacity 1024Ce�D+�dCPU1: Booted secondary processor [410fd034]XI 8�dDetected VIPT I-cache on CPU2- J 8�dCPU2: update cpu_capacity 1024�J D+�dCPU2: Booted secondary processor [410fd034]M��
\B�-CPU features: detected feature: Kernel page table isolation (KPTI*
amlogic_a113ro.build.productMi Smart Speaker 2020ro.build.description+s420-user 1.52 OPENMASTER 1.52.54 test-keysro.build.fingerprint7Xiaomi/s420/s420:1.52/OPENMASTER/1.52.54:user/test-keys�PROPvOCE����`
ds2k5
March 6, 2022, 1:39pm
24
Try to boot the Firmware Image qith qemu but did not have success
qemu-img convert -f raw -O qcow2 MISpeaker.bin MISpeaker.qcow2
qemu-system-aarch64 -cpu cortex-a53 -machine type=virt-6.2 -m 512 -append 'console=ttyAMA0,38400 keep_bootcon' -monitor stdio -kernel android_kernel.img -drive index=0,id=system,file=MISpeaker.qcow2 -netdev user,id=mynet -device virtio-net-device,netdev=mynet
Any hints ?
ds2k5
March 8, 2022, 7:39am
25
Found a Document
RealSite: 1420 (1429) there is JTAG
Some hints how to find a connector on the board ?
ds2k5
March 8, 2022, 8:29am
26
axg_s420_v1_gva#amlmmc list
SDIO Port B: 0
SDIO Port C: 1
axg_s420_v1_gva#amlmmc env
herh
uboot env amlnf_env_read : ####
aml_nand_read_rsv_info:444,read nenv info to 330000
axg_s420_v1_gva#amlnf fip_info
sub cmd fip
new argv[1] fip_info
do_fip_ops(): argc 2
arg 0: amlnf
arg 1: fip_info
tpl infos:
copies 4, size/copy 0x200000
axg_s420_v1_gva#clkmsr
[ 0][ 0 MHz] am_ring_osc_clk_out_ee[0]
[ 1][ 0 MHz] am_ring_osc_clk_out_ee[1]
[ 2][ 0 MHz] am_ring_osc_clk_out_ee[2]
[ 3][ 0 MHz] A53_ring_osc_clk
[ 4][ 0 MHz] gp0_pll_clk
[ 5][ 0 MHz] gp1_pll_clk
[ 6][ 0 MHz] 0
[ 7][ 167 MHz] clk81
[ 8][ 0 MHz] 0
[ 9][ 0 MHz] 0
[ 10][ 0 MHz] 0
[ 11][ 0 MHz] 0
[ 12][ 0 MHz] 0
[ 13][ 0 MHz] 0
[ 14][ 0 MHz] 0
[ 15][ 0 MHz] 0
[ 16][ 0 MHz] 0
[ 17][ 0 MHz] sys_pll_div16
[ 18][ 0 MHz] sys_cpu_clk_div16
[ 19][ 0 MHz] 0
[ 20][ 0 MHz] rtc_osc_clk_out
[ 21][ 0 MHz] 0
[ 22][ 0 MHz] 0
[ 23][ 456 MHz] mmc_clk
[ 24][ 0 MHz] 0
[ 25][ 0 MHz] 0
[ 26][ 0 MHz] 0
[ 27][ 0 MHz] 0
[ 28][ 1 MHz] Cts_sar_adc_clk
[ 29][ 0 MHz] 0
[ 30][ 0 MHz] 0
[ 31][ 0 MHz] MPLL_CLK_TEST_OUT
[ 32][ 0 MHz] 0
[ 33][ 0 MHz] 0
[ 34][ 0 MHz] 0
[ 35][ 0 MHz] 0
[ 36][ 0 MHz] 0
[ 37][ 0 MHz] 0
[ 38][ 0 MHz] 0
[ 39][ 0 MHz] 0
[ 40][ 0 MHz] mod_eth_tx_clk
[ 41][ 0 MHz] mod_eth_rx_clk_rmii
[ 42][ 0 MHz] mp0_clk_out
[ 43][ 400 MHz] fclk_div5
[ 44][ 0 MHz] cts_pwm_B_clk
[ 45][ 0 MHz] cts_pwm_A_clk
[ 46][ 0 MHz] cts_vpu_clk
[ 47][ 0 MHz] ddr_dpll_pt_clk
[ 48][ 0 MHz] mp1_clk_out
[ 49][ 0 MHz] mp2_clk_out
[ 50][ 0 MHz] mp3_clk_out
[ 51][ 24 MHz] sd_emmc_clk_C
[ 52][ 24 MHz] sd_emmc_clk_B
[ 53][ 0 MHz] 0
[ 54][ 0 MHz] 0
[ 55][ 0 MHz] 0
[ 56][ 0 MHz] 0
[ 57][ 0 MHz] 0
[ 58][ 0 MHz] 0
[ 59][ 0 MHz] 0
[ 60][ 0 MHz] 0
[ 61][ 0 MHz] gpio_clk_msr
[ 62][ 0 MHz] 0
[ 63][ 0 MHz] 0
[ 64][ 0 MHz] 0
[ 65][ 0 MHz] 0
[ 66][ 0 MHz] audio_slv_lrclk_c
[ 67][ 0 MHz] audio_slv_lrclk_b
[ 68][ 0 MHz] audio_slv_lrclk_a
[ 69][ 0 MHz] audio_slv_sclk_c
[ 70][ 0 MHz] audio_slv_sclk_b
[ 71][ 0 MHz] audio_slv_sclk_a
[ 72][ 0 MHz] cts_pwm_D_clk
[ 73][ 0 MHz] cts_pwm_C_clk
[ 74][ 0 MHz] wifi_beacon
[ 75][ 0 MHz] tdmin_lb_lrclk
[ 76][ 0 MHz] tdmin_lb_sclk
[ 77][ 55 MHz] Rng_ring_osc_clk[0]
[ 78][ 48 MHz] Rng_ring_osc_clk[1]
[ 79][ 43 MHz] Rng_ring_osc_clk[2]
[ 80][ 38 MHz] Rng_ring_osc_clk[3]
[ 81][ 0 MHz] Cts_vapbclk
[ 82][ 0 MHz] Cts_ge2d_clk
[ 83][ 0 MHz] 0
[ 84][ 0 MHz] audio_resample_clk
[ 85][ 0 MHz] audio_pdm_sysclk
[ 86][ 0 MHz] audio_spdifout_clk
[ 87][ 0 MHz] audio_spdifint_clk
[ 88][ 0 MHz] audio_lrclk_f
[ 89][ 0 MHz] audio_lrclk_e
[ 90][ 0 MHz] audio_lrclk_d
[ 91][ 0 MHz] audio_lrclk_c
[ 92][ 0 MHz] audio_lrclk_b
[ 93][ 0 MHz] audio_lrclk_a
[ 94][ 0 MHz] audio_sclk_f
[ 95][ 0 MHz] audio_sclk_e
[ 96][ 0 MHz] audio_sclk_d
[ 97][ 0 MHz] audio_sclk_c
[ 98][ 0 MHz] audio_sclk_b
[ 99][ 0 MHz] audio_sclk_a
[ 100][ 0 MHz] audio_mclk_f
[ 101][ 0 MHz] audio_mclk_e
[ 102][ 0 MHz] audio_mclk_d
[ 103][ 0 MHz] audio_mclk_c
[ 104][ 0 MHz] audio_mclk_b
[ 105][ 0 MHz] audio_mclk_a
[ 106][ 0 MHz] pcie_refclk_n
[ 107][ 0 MHz] pcie_refclk_p
[ 108][ 0 MHz] audio_locker_out
[ 109][ 0 MHz] audio_locker_in
ds2k5
March 8, 2022, 8:53am
27
There is a CHIP:
5805
What is this, can not find a information about this Chip
ds2k5
March 11, 2022, 11:56am
28
axg_s420_v1_gva#mtdparts
0x000000000000-0x000000200000 : "bootloader"
0x000000800000-0x000001000000 : "tpl"
0x000001000000-0x000001a00000 : "recovery"
0x000001a00000-0x000002600000 : "boot"
0x000002600000-0x000003600000 : "system"
0x000003600000-0x000007a00000 : "chrome"
0x000007a00000-0x000007e00000 : "factory"
0x000007e00000-0x000010000000 : "data"
axg_s420_v1_gva#ubi part data
axg_s420_v1_gva#ubi getVolName data 0
axg_s420_v1_gva#ubifsmount ubi0:${volName}
axg_s420_v1_gva#ubi info
axg_s420_v1_gva#ubi info
UBI: MTD device name: "data"
UBI: MTD device size: 130 MiB
UBI: physical eraseblock size: 131072 bytes (128 KiB)
UBI: logical eraseblock size: 126976 bytes
UBI: number of good PEBs: 1038
UBI: number of bad PEBs: 2
UBI: smallest flash I/O unit: 2048
UBI: VID header offset: 2048 (aligned 2048)
UBI: data offset: 4096
UBI: max. allowed volumes: 128
UBI: wear-leveling threshold: 4096
UBI: number of internal volumes: 1
UBI: number of user volumes: 1
UBI: available PEBs: 0
UBI: total number of reserved PEBs: 1038
UBI: number of PEBs reserved for bad PEB handling: 38
UBI: max/mean erase counter: 3/1
axg_s420_v1_gva#ubifsls
<DIR> 440 Thu Feb 17 06:43:49 2022 .chrome.overlay
<DIR> 352 Thu Feb 17 06:43:42 2022 .system.overlay
<DIR> 224 Thu Jan 01 00:00:07 2015 .system.work
<DIR> 1304 Thu Jan 01 00:04:12 2015 .data
<DIR> 440 Thu Feb 17 06:43:36 2022 recovery
<DIR> 224 Thu Jan 01 00:00:07 2015 .chrome.work
axg_s420_v1_gva#ubi part factory
axg_s420_v1_gva#ubi getVolName factory 0
axg_s420_v1_gva#ubifsmount ubi0:${volName}
axg_s420_v1_gva#ubi info
UBI: MTD device name: "factory"
UBI: MTD device size: 4 MiB
UBI: physical eraseblock size: 131072 bytes (128 KiB)
UBI: logical eraseblock size: 126976 bytes
UBI: number of good PEBs: 32
UBI: number of bad PEBs: 0
UBI: smallest flash I/O unit: 2048
UBI: VID header offset: 2048 (aligned 2048)
UBI: data offset: 4096
UBI: max. allowed volumes: 128
UBI: wear-leveling threshold: 4096
UBI: number of internal volumes: 1
UBI: number of user volumes: 1
UBI: available PEBs: 0
UBI: total number of reserved PEBs: 32
UBI: number of PEBs reserved for bad PEB handling: 2
UBI: max/mean erase counter: 30/15
axg_s420_v1_gva#ubifsls
<DIR> 288 Mon May 25 18:02:27 2020 bt
<DIR> 232 Mon May 25 18:02:30 2020 etc
18 Thu Jan 01 00:00:07 2015 mac_addr
<DIR> 312 Mon May 25 18:02:27 2020 wifi
<DIR> 368 Thu Jan 01 00:01:53 2015 .chrome.overlay
<DIR> 352 Thu Jan 01 00:01:47 2015 .system.overlay
<DIR> 224 Thu Jan 01 00:00:55 2015 .system.work
<DIR> 1232 Thu Jan 01 00:01:03 2015 .data
4 Thu Aug 05 13:06:44 2021 persist_fdr_count
10 Thu Jan 01 00:00:09 2015 serial.txt
2275 Thu Jan 01 00:00:15 2015 client.key.bin
4262 Thu Jan 01 00:00:15 2015 client.crt
<LNK> 23 Thu Jan 01 00:00:08 2015 sounds
4262 Wed Jul 01 08:27:03 2020 model.crt
<DIR> 160 Mon May 25 18:02:27 2020 sealing_test
9 Thu Sep 03 06:20:59 2020 sw-version
1675 Wed Jul 01 08:27:03 2020 model.key.bin
<DIR> 224 Thu Jan 01 00:00:55 2015 .chrome.work
axg_s420_v1_gva#ubifsls etc/dropbear/
805 Mon May 25 18:02:30 2020 dropbear_rsa_host_key
axg_s420_v1_gva#ubi info l
Volume information dump:
vol_id 0
reserved_pebs 26
alignment 1
data_pad 0
vol_type 3
name_len 6
usable_leb_size 126976
used_ebs 26
used_bytes 3301376
last_eb_bytes 126976
corrupted 0
upd_marker 0
name rootfs
Volume information dump:
vol_id 2147479551
reserved_pebs 2
alignment 1
data_pad 0
vol_type 3
name_len 13
usable_leb_size 126976
used_ebs 2
used_bytes 253952
last_eb_bytes 2
corrupted 0
upd_marker 0
name layout volume
mic-s
August 13, 2022, 8:59am
29
@ds2k5 were you able to flash it successfully?
ds2k5
August 13, 2022, 12:23pm
30
unfortunately no
did no found a way to export/dump the firmware
@ds2k5 I guess I managed to dump the flash. I also managed to connect a USB stick which can be used from u-boot, so basically I should be able to write modified data to the flash. But right now I am out of ideas what to do next. I created an issue here where I post my progress and asked for help.
jesus19
October 18, 2023, 8:49pm
32
alguien posee el esquematico de este dispositivo?
slh
October 18, 2023, 11:06pm
33
The preferred language in the OpenWrt forum is english.
Thanks!
