-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OFFLINE: common code base #90
Comments
One additional note for the less familiar with these devices: make sure ppsapp is on the root of the SD card for this to work. |
you are right, shame on me. I hated my math teacher for his "as you already know..." and now I am like him lol
I know, i used it in my offline typ1 version for 4.0.7. This is only temporary. I want the same initrun.sh for the 4.0.7 as it runs on 2.10.5 (entry point before starting the init-script)
thats the plan - an universal code base that works on all devices with an early entry point, so no kill is needed. As always: any help is welcome. |
Ok, i am not smart enough to get an early entry point for initrun.sh on 4.0.7 Using versions of env demo before 4.x ignored my env file completly and booted with the last bootargs. On the 4.x version i wasn't able to get a boot when changing the env file with the "_" to " " hack. I don't know what went wrong, but i know with my trial and errors i have no chance of a success.
All tries were done with the special ending and /proc/cmdline from my device. |
@jonesMeUp the issue I had with some devices (i.e. Merkury720) was that the size of /proc/cmdline was severely reduced compared to the other devices so I could not put 'a lot' of commands in the bootargs (it basically got cut off). Now, I do not have a 4.x firmware device to tell you what size of command line it can take -- I only have the BazzDoorBell (2.9.x), Merkury720 (2.7.x) and the LSC devices I got this past month (2.10.36 and 7.6.32). One way to figure out how much you can put into the boot args is: The available boot argsspace may not be enough to mount the card and run the script (I don't think it was enough on the Merkury720), like I said: I don't have a 4.x firmware device to tell you that. |
@guino Thx for the info of the bootargs size, it explained a lot! Start:
End (max number of chars that works on 4.0.7)
I think thats not enough size to put the SD-Card mounting (with the built in ash replace function) into the bootargs. perhaps |
@jonesMeUp if you have a device with |
first success of testing: |
@jonesMeUp you're probably making it harder by mixing the two parts of the 'hack' command, you should be able to not use the single quote and just do something like:
I still don't know if there's enough space but the single and double quotes were carefully crafted in that command so if you start adding quotes anywhere 'around' the command things will break. |
@guino: Thx for your support. But that was my first try, and it didn't work. For testing reasons, i don't care about the length. I use the standard command Here are 2 of my testings (i think the flash will die soon, because i tested alot):
/proc/cmdline =>
##########################
/proc/cmdline =>
########################## When i get cmdline like:
or
I was happy, becuase it looked right and worked in ash, but doorbell was still laughing. |
@jonesMeUp the flash chip on this devices is rated for at least 100k erase/write cycles -- if you wrote a different setting, tested, repeated 100 times every day, it would take you more than 2 years and 8 months to reach that (pretty sure this testing won't be the cause of death of your device). Regarding the settings, this may actually be a difference in the uboot version on these devices -- I only have a device with 2.9.6 and another with 2.7.6 (no 4.0.x device) so I have no way of checking how the setenv command works on that uboot version -- the hint I gave you about not using quotes was based on the existing hack from here which adds the parameters without quotes (and works), but like I said the uboot version is likely different and may not be handling it the same way. There's also a chance the S80network script has changes on that device compared to mine, I'd have to get a copy of that to compare (might be in the original thread) |
@guino: ok, so i still have 14days left for testing ;) |
@jonesMeUp that S80network is actually in the firmware under /etc/init.d -- the home folder in the SD card does have other scripts which also run (just not from the SD card). You have to either look for the file in telnet under /etc/init.d or you can use this URL which works on older devices: |
@jonesMeUp that is the same file as my devices so similar ip= value should work on it (as long as it doesn't get cut off). What I'm seeing is that your hack line is missing some important \ to escape the " before the T= and before ;eval -- I would also use ; instead of && to both reduce size and to make sure that doesn't cause some other issue. Not to discourage you but I remember I spent a very long time testing/tweaking to get this thing to work -- the mix between the uboot command escaping and processing, along with the shell script escaping and processing and the variable storage (both in uboot and in the shell script) make it for quite a messy solution, but that beats having to open the device and use a hardware programmer or serial adapter, so we use what we can. |
i used ; in some testings, because depending on ' using ; get some errors in ash (i tested proc/cmdline output in ash), && worked always. but i also tested with ; |
So, if the S80network is still the same, it should work when the /proc/cmdline is the same, right? |
@jonesMeUp yes, since S80network is the same it should work the same way IF we can get the /proc/cmdline to look the same. The issue I remember having was not only the size limit of cmdline but also that uboot was 'building' the bootargs parameter at boot time (so whatever I 'saved' as bootargs wasn't being used to boot). So if you look at the env file for 2.7.6 and 4.0.x you'll see that there's an 'ipaddr=' value being set which executes Next, because of how we're setting the bootargs, there's possibly going to be an additional escaping necessary in the hack command in order for the cmdline to come out the way you want it -- and you'll still likely need to have that single quote in there as well to make sure it will work. I don't want to discourage you but this can be a complex endeavor... like I said: the main thing is getting the cmdline to look correct (just like it looks on 2.10.5 firmware). Honestly I didn't think of 'removing' the useless parameters from the cmdline because I always try to maintain as much of the factory settings/files of the device as possible (or people end up making changes and not remembering how to revert them), so that's why I never researched trying to alter the cmdline -- but I also factored in how long it may take to get anything else working. In regards to cmdline: Unfortunately I only have these 2 devices and neither uses the replacement from _ to ' ':
and
The 2.9.6 device is my doorbell which is installed outside (-4C right now) so if it wasn't such a pain to remove it I'd take it out and apply the hack so you could see the cmdline on it, that said: it should be exactly the same as on your 2.10.5 device. |
@guino Telling me about S80network was the hint that saved my weekend! So another few bytes of additional length... |
@jonesMeUp the thing with S80network is you can use it to see if your /proc/cmdline will work (good) but after that you still have to figure out the boot settings to result in the desired cmdline -- I remember this wasn't a fun job, but also remember it being rewarding when I finally had success... getting more functions out of thee devices is always a lot of trial and error, but it's fun if you like a challenge. |
@guino the env file is working right now. It worked the way i was hoping, no need for an expensive copy cmd in the bootargs, the 2.10.5 version from above can be the universal initrun.sh
Yep, my tabletop holds a lot of tooth imprints
Yep, but without your support i never had a chance to make this possible. |
@jonesMeUp nice job! I'm sure you learned a bunch! I hope you got some satisfaction one you saw it working. |
@guino thx. yep, i had to learn and test a lot, but in the end the Infinite-Monkey-Theorem was the solution. I had even tried to solder some wires on a little chip of a broken remote control, but i lost the game. You really made a great job in your work, guides and support! When your hack is released, I will try to add the lsc outdoor camera to the supported list of this thread. |
Hi All
Thank for all your work on this guys, Would this work on my device? devname":"Smart Home Camera", I've tried following along and I can't get the script to start |
@xraive we need more info. |
@jonesMeUp sorry about that, yes to both of your questions. I"ve tried changing the env to match what you mentioned works for 4.0.7 but I'm unable to get initrun.sh to load. The camera boots fine but initrun.sh isn't loaded. /proc/cmdline =>
this loads initrun.sh
Am I missing something? Let me know if there is additional info I can provide you. Thanks for your assistance. |
@xraive thx for your feedback, lets try to find out the problem. perhaps your device don't accept the length of the command-line (my cmdline seems to have a length of 4 more chars). if thats the problem: |
Thanks for following up. Here is what I tried. Works
/proc/cmdline =>
Doesn't work when I add 4 characters.
/proc/cmdline =>
Doesn't Work (I renamed initrun to inirun in the script and the file)
/proc/cmdline => Let me know if you need anytning else. |
@xraive but you misunderstood me. i wanted you to make the cmdline 4 chars shorter for the 2. test. so please try again with '/mnt/mmc01/run.sh' instead of '/mnt/mmc01/initrun.sh' |
@jonesMeUp
/proc/cmdline => |
I'm using Notepad++ as well. Using the same env file as above I get the following.
/proc/cmdline => I added the debug message in run.sh but I don't see the "test1" file created. It looks like run.sh isn't running yet.
I also tried making changes to my env file to also match the one you posted above and I had the same result. See below. /proc/cmdline =>
|
@xraive Part 2 of the env file i posted in the instruction: Part 2 of the env file in your last post: @ALL |
@jonesMeUp
Output of /proc/cmdline
So far I can only get this working with guino's original env file.
What device do you have have? Is there anything else I can provide to further troubleshoot. I really want to get this to work. I also wanted to let you know that I did make sure to check that the boot args were the same before I tried using your env. I must have made a mistake copying and pasting because I did try your initial solution. However I did spot an error in my previous tests. I always had Thank you for all your efforts so far. |
@xraive |
@aladin2000 @xraive |
page it says: really how to do that ? would you like to explain me why we could not use the hosts file for amazon ? |
I'm an old man and in every line of code i have to invested tons of time, |
@aladin2000 I know tuya uses aws servers (for sure/at least to provide firmware update files), so I would expect to see connections to AWS from the device. The only way to use the hosts file to block/modify the address being used by the device is if you know the DNS name the device is trying to access. For instance if you know the device is trying to use 'my.server.com' you could add A lot of basic/ISP routers do not have any 'advanced' settings/firewall features when it comes to outgoing traffic, so not only you need a decent router but you'll need to know how to configure the settings on the specific router which is usually different for each router. Some routers have parental control settings (as suggested by jonesMeUp) which may allow blocking IPs or DNS names, but again you'll need to look up the manual for your router to figure out how to use the settings (if possible at all). |
@jonesMeUp no worries whenever you're upto it and have the free time. I hope you get well soon. Thanks for the update. |
Update |
This is an attempt to make an universal initrun.sh file for offline patched ppsapp that runs on all firmware versions.
The key to this is to find an entry point in the boot sequence right before the ppsapp is started.
Please post your working env file for a currently not supportet firmware to get it work all all devices.
Functions:
Now we go through it step by step.
Requirements
Latest Update
[initrun.sh]
Step 1: Copy needed files to the root of the SD-Card. You will need them for using all functions
Most of them can be found here
ppsMmcTool.txt
,env
andppsFactoryTool.txt
(from guinos hack)busybox
dropbearmulti
jpeg-arm
mqtt_pub
passwd
shadow
(only if you didn't use guinos Hash trick butpasswd -a des <new passwd>
)ppsapp
(modified by you)set
index.html
upload.html
initrun.sh
(from above)cgi-bin
folder (without cleanup.cgi)Step 2: Change the Kernel Bootargs
The part after
bootargs=
must be from your/proc/cmdline
(Read guinos guide)Version 2.10.5: No need for a change of the kernel bootargs. The env file should look like this:
Version 4.0.7
Extend the env file with the
'ip=
partAGAIN: Read guinos guide about editing the env file. I am using Notepad++ which keeps the file ending intact.
Step 3: Write bootargs to the flash
When you have modified the env file, it must be updated in the flash memory of the device.
This is done by switching the device off (cut power) and holding the reset button for 5s while powering on.
Step 4: Have fun, you are done
What is the env file and why it is important?
The env file holds the kernel bootargs and its our way to jump into the boot sequence. The file differs alot between every device.
It's very important that the bootargs fit to your device and that the null byte is at the end of file (read guio's hacking guide)
Why we have to jump into the boot sequence before ppsapp is started?
The main program of the device (ppsapp) has a watchdog timer that restarts ppsapp when it is stalling.
This is also triggered when ppsapp get killed. So we need to get our modified ppsapp started instead of the original one.
Why the "ip=" parameter looks so fuzzy?
The ip parameter is parsed by u-boot bootloader and then its parsed by /etc/init.d/S80network.
So we have to reverse it back to get the initial ip parameter.
[Background knowledge] How i got the correct parameter for the env file
All tests were done with the busybox version recommended by guino.
Setting up a test scenario for env file in /mnt/mmc01/
env_test file holds only the ip part of our test env (this will be the ip part output of a working /proc/cmdline).
On my action door bell (4.0.7) its
ip=\${T//_/\$S}:::::;S=\$\'\\x20\';T="mkdir_-p_/mnt/mmc01;mount_/dev/mmcblk0p1_/mnt/mmc01;/mnt/mmc01/run1.sh&";eval
run1.sh file is a very simply initrun.sh version
test.sh file does the S80network part of our test
When starting test.sh it emulates S80network and should do the mounting of /mnt/mc01 and running run1.sh.
It hopefully says
working!
. Mounting errors can be ignored.If there is no
working!
message you can now edit theenv_test
file until you find the correct string.After this is working we have another layer of string conversation. It's done by u-boot and i didn't find a way to test it
with a simple script, so I was forced to edit the
env
file and restart the doorbell.I did it several times until /proc/cmdline shows the output i created with the test above.
Remember:
It's not a logical string, its a string thats converted twice (by u-boot and S80network) so its a frustrating job.
The text was updated successfully, but these errors were encountered: