-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Compatibility with Mijia 1080p MJSXJ05CM ? #18
Comments
Looks like you found out it isnt compatible :) Try to find the recovery image for your camera type. |
Yes indeed 😅 I'm trying to find a recovery image but I'm struggling. I opened a post on the Xiaomi forum, I hope someone can help me (https://c.mi.com/thread-2609368-1-0.html). I started to disassemble the camera to connect a serial port. As soon as possible, I will solder the serial port and I will post the result. Thx |
A firmware hack is possible, but requires some tools:
Basic steps are:
|
The flash chip is located right beside the camera sensor, it is necessary to partially remove the lens: It might occur that the SOIC clip will also power up the camera, this will interfere the flash programming. One solution is to cut HOLD (pin7) and VCC (pin8) to reduce power delivery, this can be done with some dupont wires: |
@Jayah59 Have you successfully hacked MJSXJ05CM yet ? I also want to hack but don't know what to do :) |
@Jayah59 @phamthanhtri @none815 firmware update didn't complete and my MJSXJ05CM bricked. I want to hack with tf_recovery.img file. If you have for 05CM, can you share? |
@ahmetikbal you can use this file to reset camera into stable version (https://drive.google.com/open?id=1ve6XlBEiZebJV6ukJ0Oiu7DePw2JCsWj). I still haven't hacked yet |
RIght, so i have version mjsxj05cm, could the firmware posted by @phamthanhtri be hacked so telnet can be enabled? at least that would be a start towards getting rtsp working i guess :) |
still nothing at MJSXJ05CM hack? |
I have managed to un-brick my MJSXJ05CM with https://drive.google.com/file/d/1ve6XlBEiZebJV6ukJ0Oiu7DePw2JCsWj/view Any update on the hack? |
|
How did you flash this chip with cutted 7 and 8 wires? My programmer didn't detect chip when these wires are cutted |
I am also waiting for MJSXJ05CM flash. Don't want to open the camera up. Thanks :) |
none815, can you tell us please, what flash chip installed in MJSXJ05CM? As I understand, it's SPI flash. But what is series/number of the chip? What's flash size in that chip? |
@none815 I did flash the chip like you suggested but it didn‘t work properly. Any suggestion what the steps are necessary after resetting the camera? |
I did a little bit of research and the Chip seems to be the cFeon Q32B-104HIP, 32Mbit SPI Serial Flash, SOIC-8 or also many times referenced as EN25Q32B. https://www.kean.com.au/oshw/WR703N/teardown/EN25Q32B%2032Mbit%20SPI%20Flash.pdf Does this help? |
Hello everyone, So I tried @none815 method and it worked well. I did a few modification though, instead of having the script launched by the diagnosis launcher, I modified wifi_start, which allows me to run my script on boot, instead of on reset. I'm still working on getting the current hacks to run, runsvdir doesn't seem to work yet ... Thanks ! |
Hi slock82, I am stuck with runsvdir as well... As we are using a newer firmware they might have blocked the system from running binaries from sdcard. what do you think? |
Hello everybody, today my programmer arrived and I managed to successfully flash the spi-flash with the by @none815 described method. Cam is powering up correctly and re-setup went fine. But now I'm stuck with the mentioned override.sh script. telnet is to be run by busybox I can confirm the statement from @slock83, that the MJSXJ05CM (IPC019) has a 16MB Flash EN25QH128, same as in my CMSXJ16A (IPC016). Thanks in advance! |
New busybox would contain runit (runsv/dir). Also my MJSXJ05CM uses Camera model 'ipc019' not ipc009, we would have to recompile the mija-framegrabber. |
Thanks a lot @twosky2000! That did the trick. Telnet is up and running. But there is not yet any progress getting rtsp to work on 'ipc019', right? |
@aeremichev Hi! Do you have a working backup of your flash drive? |
Hi does anybody have a copy of 05 hack.zip Whoever's Google Drive the zip comes from Is being rate Limited And it looks like Google has fixed all of the standard bypasses and workarounds. |
Is it not the same here?
https://github.com/cmiguelcabral/mjsxj05cm-hacks/tree/dev/sdcard/hacks
…On Thu, 4 Feb 2021, 14:58 Sean Taylor, ***@***.***> wrote:
Hi does anybody have a copy of 05 hack.zip Whoever's Google Drive the zip
comes from Is being rate Limited And it looks like Google has fixed all of
the standard bypasses and workarounds.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#18 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAIKVTXUJ4J2ITBXAT62NTS5KRYBANCNFSM4JM7SLMQ>
.
|
Oh I should really learn to follow the conversation better I didn't realise that that was where it was from |
Hi, I can't get it to work in home assistant, what is your configuration? |
It was the problem that chromium does not reproduce h265 |
Will someone do me a favor to re-upload this file? https://drive.google.com/file/d/1GQGvkmFvJO_DF_vFNlVTC7ymFry8EjnJ/view?usp=sharing because it's down This one did not work for me https://github.com/cmiguelcabral/mjsxj05cm-hacks/tree/dev/sdcard/hacks |
MJSXJ05CM.zip |
I tried to downgrade to 3.4.2_0062 from 3.5.1.0052 firmware, but when i powered it camera was standing with yellow led without any moves. Then i have to unbrick using 3.5.1.0052 firmware again. Is possible to downgrade from 3.5.1.0052 to 3.4.2_0062? Maybe have a wrong firmware file? Anybody can share the 3.4.2_0062 firmware, apart the file of this web? |
@KhArtNJava I've red all your thread but not quite sure, can you confirm that you're flashing using the programmer? Am I correct? |
I'd like to know how to set WiFi credentials so that it doesn't need to scan a QR code again.. |
Just to be clear, my camera bricked too using described method (Mi Home Security Camera 360 1080p Model: MJSXJ05CM).
|
Hi all...i have a MJSXJ06CM with china firmware.... i want to flash global firmware....i have dump with ch341 and now i need help to create a script to change in global firmware....someone can help me please to create a script? @rezmus it told me i need to replace kernel / rootfs / data. |
what firmware version on your camera? |
I checked it's 3.5.1_0052 |
Hi, Do i need to do something with the file before flashing it or do i need another file? |
You can't use a tf_recovery.img to flas directly your spi chip. The tf_recovery.img has 3 partitions and a signature, your spi flash has 6 partitions. |
Thanks for your answer. In the meantime I managed to flash a modified version of the 4.0.9_0426 firmware onto my camera. |
Hi everyone, |
How did you managed to do it? |
I wasn't able to downgrade the firmware and use the normal hack procedure. I have created a modified image and flashed it with my CH341A programmer. There seems to be no way to hack the camera without disassembling it. But if you manage to hack it, there is a way to set up the camera without using the Xiaomi app. While looking at the scripts on the camera, I found a way to configure the camera's wifi without the app (mjsxj05cm). To get this working you have to uncomment line 118 and 119 ("echo $ssid" and "echo $passwd" in the funtion "get_ssid_passwd") in the in the wifi start script at /mnt/data/bin/wifi_start.sh. From now on it is possible to set the wlan configuration with the following commands:
The following commands can be used to display lists of available parameters:
|
Hello, I have a little problem, when I put the file "tf_recovery.img" in my SD card (8GB) and then put it on when my camera turns off and then I turn it on, it ignores the SD card and the camera starts normally. When I retrieve the SD card and look at the file, it is renamed to "tf_recovery.img.bak". How can I solve this problem? Thanks Model: 05CM |
@colder1989 |
I want to use CH341A write firmware to flash chip. |
Two cameras came with the same firmware and the MAC addresses became the same and they conflict in the wifi network. The backup was not saved. How to fix it? Or can anyone throw off their backup? |
Hello. |
hi |
Hi !
Is this compatible ?
I tried downloading tf_recovery.bin to sdcard and flashing but it did not work and I worse, I think my camera is bricked ...
LED amber is not blinking, it is permanent on and the camera does not move.
Same observation without sd card
The text was updated successfully, but these errors were encountered: