Kurz nachdem ich meine Dahua VTO2000A in Betrieb genommen hatte, habe ich diese natürlich gleich mal einer modifizierten Firmware 3.1 gebricked – es gab keine Reaktion über einen der üblichen Ports mehr und das Licht leuchtete daherhaft. Uncool. Ich folgte also diesem Thread und mit leichter Abwandlung kam ich via Telnet zum Ziel. Werbung
Mittels Putty habe ich mich via Telnet auf der IP (Standard ist 192.168.1.110) mit dem Port 23 angemeldet. Nutzername ist in Firmware 3.1 „admin“ und das Passwort ist 7ujMko0 + WebUI Passwort. Also in der Standardauslieferung 7ujmko0admin.
# ps PID Uid VSZ Stat Command 1 root 2820 S init 2 root SW [posix_cpu_timer] 3 root SW [softirq-high/0] 4 root SW [softirq-timer/0] 5 root SW [softirq-net-tx/] 6 root SW [softirq-net-rx/] 7 root SW [softirq-block/0] 8 root SW [softirq-tasklet] 9 root SW [softirq-hrtimer] 10 root SW [softirq-rcu/0] 11 root SW< [desched/0] 12 root SW< [events/0] 13 root SW< [khelper] 14 root SW< [kthread] 28 root SW< [kblockd/0] 29 root SW< [cqueue/0] 30 root SW< [kseriod] 37 root SW< [khubd] 83 root SW [pdflush] 84 root SW [pdflush] 85 root SW< [kswapd0] 86 root SW< [aio/0] 87 root SW< [cifsoplockd] 88 root SW< [cifsdnotifyd] 134 root SW [mtdblockd] 138 root SW< [dm_spi.0] 174 root SW< [dm_spi.1] 207 root SWN [jffs2_gcd_mtd6] 211 root SWN [jffs2_gcd_mtd7] 242 root 10372 S /utils/syshelper 25 349 root SW< [dsp_timer/0] 358 root SW< [spi_mcu_irq/0] 379 root 2424 S /utils/upgraded 380 root 120004 S VideoDaemon 382 root 2824 S /utils/telnetd 384 root 2824 S /bin/sh /etc/init.d/appd 390 root 2132 S feedwdt 391 root 2824 S /bin/sh -- 403 root 2824 S -sh 405 root 2824 R ps
Nun muss man den Upgrade-Prozess „/utils/upgraded“ einmal killen.
# kill -9 379
Nun wird das Upgrade-Tool manuell nochmal gestartet, also einfach „/utils/upgraded“ in die Kommandozeile. Sobald „UPGRADED_MSG: start download file“ erscheint, dann ConfigTool nutzen um via Port 3800 die neue Firmware hochzuladen:
# /utils/upgraded [libdvr] libdvr.so Build time: Jun 16 2016 at 17:09:56. [libdvr] SVN NUM: 7402. UPGRADED_MSG: Do memlock UPGRADED_MSG: lock failure: addrStart=4002b000, addrEnd=40032000 UPGRADED_MSG: lock failure: addrStart=4006f000, addrEnd=40076000 UPGRADED_MSG: lock failure: addrStart=400b3000, addrEnd=400bb000 UPGRADED_MSG: lock failure: addrStart=400bf000, addrEnd=400c6000 UPGRADED_MSG: lock failure: addrStart=401df000, addrEnd=401e7000 UPGRADED_MSG: lock failure: addrStart=401f8000, addrEnd=401ff000 Name: upgraded, bulid date: Dec 19 2014 17:18:02, svn: 448 UPGRADED_MSG: start download file! [libdvr] At the start of getSystemInfo [libdvr] @@@@ buf = 3L03365PAZ0CFA0 UPGRADED_MSG: Second login mode! [libdvr] At the start of getSystemInfo [libdvr] @@@@ buf = 3L03365PAZ0CFA0 [libdvr] At the start of getSystemInfo [libdvr] @@@@ buf = 3L03365PAZ0CFA0 UPGRADED_MSG: Can't Open /mnt/mtd/Config/passwd UPGRADED_MSG: Login success! UPGRADED_MSG: Can't find pid app.sh UPGRADED_MSG: Can't find pid sonia UPGRADED_MSG: Kill 380 successful UPGRADED_MSG: Kill VideoDaemon success! UPGRADED_MSG: reset_watchdog UPGRADED_MSG: Receive A4(alarm) UPGRADED_MSG: reset_watchdog UPGRADED_MSG: Receive A1(alive package) UPGRADED_MSG: reset_watchdog UPGRADED_MSG: Receive A4(alarm) UPGRADED_MSG: reset_watchdog UPGRADED_MSG: Receive A4(alarm) UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_ERR: LINE: 897: Unkonw Command UPGRADED_MSG: reset_watchdog UPGRADED_MSG: Receive A4(alarm) UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: Receive A1(alive package) UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: reset_watchdog UPGRADED_MSG: Received : 13644118, FileSize : 13644118 UPGRADED_MSG: Download Complete UPGRADED_MSG: Do DownLoad success! [libdvr] ####CFG_FLASH_SEC_SIZE=0x10000 [libdvr] NUM_MTDS=11 [libdvr] ####MTD_START[0]=0x2000000 [libdvr] ####MTD_START[1]=0x2040000 [libdvr] ####MTD_START[2]=0x2060000 [libdvr] ####MTD_START[3]=0x2080000 [libdvr] ####MTD_START[4]=0x2280000 [libdvr] ####MTD_START[5]=0x2580000 [libdvr] ####MTD_START[6]=0x2780000 [libdvr] ####MTD_START[7]=0x2820000 [libdvr] ####MTD_START[8]=0x28c0000 [libdvr] ####MTD_START[9]=0x28e0000 [libdvr] ####MTD_START[10]=0x2ee0000 [libdvr] ####MTD_START[11]=0x3000000 UPGRADED_MSG: Flash init success UPGRADED_ERR: LINE: 1074: invalid file: check.img UPGRADED_ERR: LINE: 1074: invalid file: Install.lua UPGRADED_MSG: zip file total size: 13870296 [libdvr] At the start of getSystemInfo [libdvr] @@@@ buf = 3L03365PAZ0CFA0 UPGRADED_MSG: packet.name: VTO2000A, board.name: VTO2000A UPGRADED_MSG: packet.hardver: , board.hardver: UPGRADED_MSG: Verify version success Header CRC Checking ... OK Image Name: custom-x.cramfs.img Image Type: custom-x.cramfs.img (gzip compressed) Data Size: 90176 B, Bytes = 0.09 MB Load Address: 0X2060000 Data CRC Checking ... OK Programing start at: 0X2060000 umount: No such file or directory Upgrade : Complete Total 0%... [libdvr] flash erase: addr=0x2070000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 0%... Header CRC Checking ... OK Image Name: pd-x.cramfs.img Image Type: pd-x.cramfs.img (gzip compressed) Data Size: 45120 B, Bytes = 0.04 MB Load Address: 0X28C0000 Data CRC Checking ... OK Programing start at: 0X28C0000 [libdvr] flash erase: addr=0x28c0000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 0%... Header CRC Checking ... OK Image Name: kernel-x.cramfs.img Image Type: kernel-x.cramfs.img (gzip compressed) Data Size: 1682736 B, Bytes = 1.60 MB Load Address: 0X2080000 Data CRC Checking ... OK Programing start at: 0X2080000 Upgrade : Complete Total 12%... [libdvr] flash erase: addr=0x2210000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 13%... Header CRC Checking ... OK Image Name: romfs-x.cramfs.img Image Type: romfs-x.cramfs.img (gzip compressed) Data Size: 3117120 B, Bytes = 2.97 MB Load Address: 0X2280000 Data CRC Checking ... OK Programing start at: 0X2280000 Upgrade : Complete Total 35%... [libdvr] flash erase: addr=0x2570000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 35%... Header CRC Checking ... OK Image Name: user-x.cramfs.img Image Type: user-x.cramfs.img (gzip compressed) Data Size: 6221888 B, Bytes = 5.93 MB Load Address: 0X28E0000 Data CRC Checking ... OK Programing start at: 0X28E0000 Upgrade : Complete Total 71%... [libdvr] flash erase: addr=0x2da0000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 71%... [libdvr] flash erase: addr=0x2db0000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 72%... [libdvr] flash erase: addr=0x2dc0000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 72%... [libdvr] flash erase: addr=0x2dd0000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 73%... [libdvr] flash erase: addr=0x2de0000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 73%... [libdvr] flash erase: addr=0x2df0000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 74%... [libdvr] flash erase: addr=0x2e00000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 74%... [libdvr] flash erase: addr=0x2e10000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 79%... [libdvr] flash erase: addr=0x2ec0000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 80%... Header CRC Checking ... OK Image Name: web-x.cramfs.img Image Type: web-x.cramfs.img (gzip compressed) Data Size: 1384512 B, Bytes = 1.32 MB Load Address: 0X2580000 Data CRC Checking ... OK Programing start at: 0X2580000 Upgrade : Complete Total 90%... [libdvr] flash erase: addr=0x26d0000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 90%... Header CRC Checking ... OK Image Name: data-x.cramfs.img Image Type: data-x.cramfs.img (gzip compressed) Data Size: 1073216 B, Bytes = 1.02 MB Load Address: 0X2EE0000 Data CRC Checking ... OK Programing start at: 0X2EE0000 Upgrade : Complete Total 97%... [libdvr] flash erase: addr=0x2fe0000,block_nums=1, block_size=0x10000 Upgrade : Complete Total 98%... [libdvr] idestatus =0 Upgrade : Complete Total 100%... UPGRADED_MSG: will reboot system [libdvr] sync....
Done 😉
