восстановить ZOSI с клона

[tdiz]

Привет, всем.

Описание проблемы и в чём мне нужна помощь. Получилось длинно, зато с картинками вопросы внизу поста.
Купил вот такую камеру ZOSI 1ND-5122M-W-EU https://www.zositech.com/product/1080p- ... y-monitor/ на Ali
Вот что у неё внутри. Камера 2 Мп, Onvif. telnet есть, но пароль неизвестен.

Она поработала неделю и умерла. А именно – включается, вращается вправо-влево, вверх-вниз и щёлкает. Но потом ни звуков, ни реакции. На кнопку ресет не реагирует. Али рекламацию принял, выслали такую же камеру.

Мой план был такой:
1. Зайти через Uboot по UART в мёртвую камеру – получилось
2. Получить хэш пароля root – получилось
3. Подобрать пароль по хэшу – не получилось
4. Запасной вариант – считать флэшку через USB-TTL (СН314a) и найти пароль там – не получилось
5. Зайти в рабочую камеру по telnet c паролем и скачать dump (чтобы не паять и не разбирать)
6. Залить dump в поломанную камеру
Раз я пишу этот пост – значит у меня не получилось и мне нужна ваша помощь. Пожалуйста
Дальше каждый этап подробно.

Этап первый. Считать пароль по UART
1. Припаялся к единственным похожим на RX|TX|GND выводам. Обозначений на схеме не было, но всё сработало.
2. U-boot запаролен. Тогда нажимаю при запуске клавишу и запускаюсь с init . Вот вывод + содержимое некоторых папок.

System startup
U-Boot 2010.06 (Apr 25 2017 - 14:32:57)

Check Flash Memory Controller v100 ... Found
SPI Nor(cs 0) ID: 0xc2 0x20 0x18
Block:64KB Chip:16MB Name:"MX25L128XX"
SPI Nor total size: 16MB
Cannot found a valid SPI Nand Device
MMC:
EMMC/MMC/SD controller initialization.
Card did not respond to voltage select!
No EMMC/MMC/SD device found !
*** Warning - bad CRC, using default environment

In: serial
Out: serial
Err: serial
Hit any key to stop autoboot: 1 0
hisilicon # \\\ & ?
? - alias for 'help'
base - print or set address offset
bootm - boot application image from memory
bootp - boot image via network using BOOTP/TFTP protocol
bootss - boot from snapshot image
cmp - memory compare
cp - memory copy
crc32 - checksum calculation
ddr - ddr training function
ext2load- load binary file from a Ext2 filesystem
ext2ls - list files in a directory (default /)
fatinfo - print information about filesystem
fatload - load binary file from a dos filesystem
fatls - list files in a directory (default /)
getinfo - print hardware information
go - start application at address 'addr'
help - print command description/usage
loadb - load binary file over serial line (kermit mode)
loady - load binary file over serial line (ymodem mode)
loop - infinite loop on address range
md - memory display
mii - MII utility commands
mm - memory modify (auto-incrementing address)
mmc - MMC sub system
mmcinfo - mmcinfo <dev num>-- display MMC info
mtest - simple RAM read/write test
mw - memory write (fill)
nand - NAND sub-system
nboot - boot from NAND device
nm - memory modify (constant address)
ping - send ICMP ECHO_REQUEST to network host
printenv- print environment variables
rarpboot- boot image via network using RARP/TFTP protocol
reset - Perform RESET of the CPU
saveenv - save environment variables to persistent storage
setenv - set environment variables
sf - SPI flash sub-system
tftp - tftp- download or upload image via network using TFTP protocol
usb - USB sub-system
usbboot - boot from USB device
version - print monitor version
hisilicon # setenv bootargs mem=36M console=ttyAMA0,115200 root=/dev/mtdblock2 rootfstype=jffs2 mtdparts=hi_sfc:1M(boot),3M(kernel),11776K(rootfs),512K(config) init=/bin/sh
hisilicon # sf probe 0
16384 KiB hi_fmc at 0:0 is now current device
hisilicon # sf read 0x82000000 0x100000 0x300000

hisilicon # bootm 0x82000000
## Booting kernel from Legacy Image at 82000000 ...
Image Name: Linux-3.4.35
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 1817072 Bytes = 1.7 MiB
Load Address: 80008000
Entry Point: 80008000
Loading Kernel Image ... OK
OK

Starting kernel ...

Uncompressing Linux... done, booting the kernel.
Booting Linux on physical CPU 0
Linux version 3.4.35 (root@ubuntu) (gcc version 4.8.3 20131202 (prerelease) (Hisilicon_v300) ) #17 Thu Apr 20 15:21:02 CST 2017
CPU: ARM926EJ-S [41069265] revision 5 (ARMv5TEJ), cr=00053177
CPU: VIVT data cache, VIVT instruction cache
Machine: hi3518ev200
Memory policy: ECC disabled, Data cache writeback
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 9144
Kernel command line: mem=36M console=ttyAMA0,115200 root=/dev/mtdblock2 rootfstype=jffs2 mtdparts=hi_sfc:1M(boot),3M(kernel),11776K(rootfs),512K(config) init=/bin/sh
PID hash table entries: 256 (order: -2, 1024 bytes)
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Memory: 36MB = 36MB total
Memory: 31616k/31616k available, 5248k reserved, 0K highmem
Virtual kernel memory layout:
vector : 0xffff0000 - 0xffff1000 ( 4 kB)
fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
vmalloc : 0xc2800000 - 0xff000000 ( 968 MB)
lowmem : 0xc0000000 - 0xc2400000 ( 36 MB)
modules : 0xbf000000 - 0xc0000000 ( 16 MB)
.text : 0xc0008000 - 0xc043b000 (4300 kB)
.init : 0xc043b000 - 0xc045b81c ( 131 kB)
.data : 0xc045c000 - 0xc0489000 ( 180 kB)
.bss : 0xc0489024 - 0xc04bf838 ( 219 kB)
SLUB: Genslabs=13, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
NR_IRQS:32
VIC @fe0d0000: id 0x00641190, vendor 0x41
sched_clock: 32 bits at 49MHz, resolution 20ns, wraps every 86767ms
Console: colour dummy device 80x30
Calibrating delay loop... 269.10 BogoMIPS (lpj=1345536)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512
Initializing cgroup subsys freezer
CPU: Testing write buffer coherency: ok
Setting up static identity map for 0x80339040 - 0x80339098
dummy:
NET: Registered protocol family 16
Serial: AMBA PL011 UART driver
uart:0: ttyAMA0 at MMIO 0x20080000 (irq = 5) is a PL011 rev2
console [ttyAMA0] enabled
uart:1: ttyAMA1 at MMIO 0x20090000 (irq = 30) is a PL011 rev2
uart:2: ttyAMA2 at MMIO 0x200a0000 (irq = 25) is a PL011 rev2
bio: create slab <bio-0> at 0
SCSI subsystem initialized
hi-spi-master hi-spi-master.0: with 1 chip select slaves attached
hi-spi-master hi-spi-master.1: with 2 chip select slaves attached
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
Switching to clocksource timer0
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 2048 (order: 2, 16384 bytes)
TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 2048 bind 2048)
TCP: reno registered
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
RPC: Registered named UNIX socket transport module.
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
VFS: Disk quotas dquot_6.5.2
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
NFS: Registering the id_resolver key type
jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
fuse init (API version 7.18)
msgmni has been set to 61
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254)
io scheduler noop registered
io scheduler deadline registered (default)
io scheduler cfq registered
brd: module loaded
Check Flash Memory Controller v100 ... Found.
SPI Nor(cs 0) ID: 0xc2 0x20 0x18
Block:64KB Chip:16MB Name:"MX25L128XX"
SPI Nor total size: 16MB
4 cmdlinepart partitions found on MTD device hi_sfc
4 cmdlinepart partitions found on MTD device hi_sfc
Creating 4 MTD partitions on "hi_sfc":
0x000000000000-0x000000100000 : "boot"
0x000000100000-0x000000400000 : "kernel"
0x000000400000-0x000000f80000 : "rootfs"
0x000000f80000-0x000001000000 : "config"
SPI Nand ID Table Version 2.2
Cannot found a valid SPI Nand Device
himii: probed
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
hiusb-ehci hiusb-ehci.0: HIUSB EHCI
hiusb-ehci hiusb-ehci.0: new USB bus registered, assigned bus number 1
hiusb-ehci hiusb-ehci.0: irq 15, io mem 0x100b0000
hiusb-ehci hiusb-ehci.0: USB 0.0 started, EHCI 1.00
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
hiusb-ohci hiusb-ohci.0: HIUSB OHCI
hiusb-ohci hiusb-ohci.0: new USB bus registered, assigned bus number 2
hiusb-ohci hiusb-ohci.0: irq 16, io mem 0x100a0000
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 1 port detected
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
mousedev: PS/2 mouse device common for all mice
i2c /dev entries driver
hisi_i2c hisi_i2c.0: Hisilicon [i2c-0] probed!
hisi_i2c hisi_i2c.1: Hisilicon [i2c-1] probed!
hisi_i2c hisi_i2c.2: Hisilicon [i2c-2] probed!
usbcore: registered new interface driver usbhid
usbhid: USB HID core driver
TCP: cubic registered
Initializing XFRM netlink socket
NET: Registered protocol family 17
NET: Registered protocol family 15
lib80211: common routines for IEEE802.11 drivers
Registering the dns_resolver key type
usb 1-1: new high-speed USB device number 2 using hiusb-ehci
VFS: Mounted root (jffs2 filesystem) on device 31:2.
Freeing init memory: 128K
/bin/sh: can't access tty; job control turned off
/ # cat /etc/shadow
cat: can't open '/etc/shadow': No such file or directory
/ #
/ # cat /etc/shadowid
uid=0(root) gid=0(root)
/ # / # id
/bin/sh: /: Permission denied
/ # uid=0(root) gid=0(root)
/bin/sh: syntax error: unexpected "("
/ # cat /etc/passwd
root:$1$dNRIgDMy$y9cVILenUGaSEl8q5dlpp0:0:0::/root:/bin/sh
/ #
/ # cat /etc/passwd
/ # uid=0(root) gid=0(root)
/ # / # id
/ # id
/ # cat /etc/shadow
cat: can't open '/etc/shadow': No such file or directory
/ # ls
app font lost+found proc tmpfs
bin home mkimg.rootfs root usr
boot init mknod_console sbin var
config komod mnt share
dev lib nfsroot sys
etc linuxrc opt tmp
/ # ls /tmp
/ # ls /etc
TZ fstab inittab passwd- resolv.conf udev
cgi group mtab profile services udhcpd.conf
fs-version init.d passwd protocols systemmsg wpa-psk.conf
/ #
/ # ls /app
bin.tgz start.sh update web.tgz
/ # ls \bin/bin
addgroup echo ionice mpstat sh
adduser ed iostat mt sleep
ash egrep ip mv ssp_read
base64 false ipaddr netstat ssp_write
btools fdflush ipcalc nice stat
busybox fgrep iplink pidof stty
cat fsync iproute ping su
catv getopt iprule ping6 sync
chgrp grep iptunnel pipe_progress tar
chmod gunzip kill powertop touch
chown gzip linux32 printenv true
conspy hiddrs linux64 ps udevadm
cp hier ln pwd udevd
cpio hiew login reformime umount
cttyhack hil2s ls rev uname
date himc lzop rm usleep
dd himd makemime rmdir vi
delgroup himd.l mkdir rpm watch
deluser himm mknod run-parts wifi_config
df hostname mktemp scriptreplay wpa_cli
dmesg hush more sed wpa_supplicant
dnsdomainname i2c_read mount setarch zcat
dumpkmap i2c_write mountpoint setserial
/ # ls /boot
/ # ls /config
wireless_WPS_param.config wireless_wifi_param.config
/ # ls /etc
/ # ls /tmp
/ # ls
/ # cat /etc/shadow
/ # cat /etc/passwd-
root:ab8nBoH3mb8.g:0:0::/root:/bin/sh
/ # ????
/bin/sh: : not found
/ # passwd
Changing password for root
New password:
Bad password: too short
Retype password:
passwd: can't create '/etc/passwd+': No space left on device
passwd: can't update password file /etc/passwd
/ #
/ # passwd
/ # ????
/ # cat /etc/passwd-
/ # ls /etc
/ # ls /tmp
/ # ls
/ # cat /etc/shadow
/ # cat /etc/passwd
root:$1$dNRIgDMy$y9cVILenUGaSEl8q5dlpp0:0:0::/root:/bin/sh
/ #
/ # cat /etc/passwd
/ # passwd
/ # ????
/ # cat /etc/passwd-
root:ab8nBoH3mb8.g:0:0::/root:/bin/sh
/ # echo "root::0:0::/root:/bin/sh" > /etc/passwd
/bin/sh: can't create /etc/passwd: No space left on device

3. Хэш считан, но пароль какой-то непонятный. Md5.ru знает его, но просит 20$

# cat /etc/passwd
root:$1$dNRIgDMy$y9cVILenUGaSEl8q5dlpp0:0:0::/root:/bin/sh
# cat /etc/passwd-
root:ab8nBoH3mb8.g:0:0::/root:/bin/sh

4. Пытаюсь подменить, облом – ошибка No space left on device. Причём ни passwd, ни cp, mv и даже попытка редактировать start.sh через vi не работают, ошибка одна и та же.

/ # echo "root::0:0::/root:/bin/sh" > /etc/passwd
/bin/sh: can't create /etc/passwd: No space left on device

Про start.sh: думал, т.к. пароль в файле passwd- вроде как helpme, судя по интернетам, то просто подменив им оригинальный passwd (через ln) смогу войти.

Этап второй. Считать SIP 25L12845G.
1. С впаиванием и выпаиванием – боюсь не справлюсь, поэтому через прищепку
2. При подключении – камера включается, вращается вправо-влево, вверх-вниз и щёлкает. Но ни одна программа определить тип микросхемы не может
3. Попытка выбрать вручную MX25L12845G приводит к FFFFF во всём дампе
4. Ну и проблема после этого возникла. Исчез /etc/passwd, т.е. совсем исчез, как и никнейм root.
Вот вывод id и cat

/ # id
uid=0 gid=0(root)
/ # cat /etc/passwd
cat: can't open '/etc/passwd': No such file or directory
(none) login: root
Password:
Login incorrect
Dec 31 20:01:08 login[1126]: invalid password for 'UNKNOWN' on 'console'

ВОПРОСЫ:
1. Как победить ошибку No space left on device?
2. Может кто знает пароль по хэшу $1$dNRIgDMy$y9cVILenUGaSEl8q5dlpp0?
3. Почему программы не определяют тип микросхемы?
4. Получается, что в любом случае придётся припаиваться к рабочей камере, чтобы снять дамп?
5. Какой самый безболезненный путь снять/залить порекомендуете для моего случая?

[dede]

1. никак, файловая система read-only
3. потому что камера работает и ведет обмен с памятью
4. Не обязательно
5. Попробовать слить на SD карту, команда mmc в буте есть, значит и шанс есть.

0. Лог загрузки с нерабочей есть?

[dede]

Пароль на телнет - 123456asj (дешевле, чем на md5ru )

[tdiz]

лог с нерабочей через UART до момента запроса пароля

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.04.19 07:44:43 =~=~=~=~=~=~=~=~=~=~=~=



System startup


U-Boot 2010.06 (Apr 25 2017 - 14:32:57)

Check Flash Memory Controller v100 ... Found
SPI Nor(cs 0) ID: 0xc2 0x20 0x18
Block:64KB Chip:16MB Name:"MX25L128XX"
SPI Nor total size: 16MB
Cannot found a valid SPI Nand Device
MMC:
EMMC/MMC/SD controller initialization.
Card did not respond to voltage select!
No EMMC/MMC/SD device found !
*** Warning - bad CRC, using default environment

In: serial
Out: serial
Err: serial
Hit any key to stop autoboot: 1 0
16384 KiB hi_fmc at 0:0 is now current device

## Booting kernel from Legacy Image at 82000000 ...
Image Name: Linux-3.4.35
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 1817072 Bytes = 1.7 MiB
Load Address: 80008000
Entry Point: 80008000
Loading Kernel Image ... OK
OK

Starting kernel ...

Uncompressing Linux... done, booting the kernel.
Booting Linux on physical CPU 0
Linux version 3.4.35 (root@ubuntu) (gcc version 4.8.3 20131202 (prerelease) (Hisilicon_v300) ) #17 Thu Apr 20 15:21:02 CST 2017
CPU: ARM926EJ-S [41069265] revision 5 (ARMv5TEJ), cr=00053177
CPU: VIVT data cache, VIVT instruction cache
Machine: hi3518ev200
Memory policy: ECC disabled, Data cache writeback
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 9144
Kernel command line: mem=36M console=ttyAMA0,115200 root=/dev/mtdblock2 rootfstype=jffs2 mtdparts=hi_sfc:1M(boot),3M(kernel),11776K(rootfs),512K(config)
PID hash table entries: 256 (order: -2, 1024 bytes)
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Memory: 36MB = 36MB total
Memory: 31616k/31616k available, 5248k reserved, 0K highmem
Virtual kernel memory layout:
vector : 0xffff0000 - 0xffff1000 ( 4 kB)
fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
vmalloc : 0xc2800000 - 0xff000000 ( 968 MB)
lowmem : 0xc0000000 - 0xc2400000 ( 36 MB)
modules : 0xbf000000 - 0xc0000000 ( 16 MB)
.text : 0xc0008000 - 0xc043b000 (4300 kB)
.init : 0xc043b000 - 0xc045b81c ( 131 kB)
.data : 0xc045c000 - 0xc0489000 ( 180 kB)
.bss : 0xc0489024 - 0xc04bf838 ( 219 kB)
SLUB: Genslabs=13, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
NR_IRQS:32
VIC @fe0d0000: id 0x00641190, vendor 0x41
sched_clock: 32 bits at 49MHz, resolution 20ns, wraps every 86767ms
Console: colour dummy device 80x30
Calibrating delay loop... 269.10 BogoMIPS (lpj=1345536)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512
Initializing cgroup subsys freezer
CPU: Testing write buffer coherency: ok
Setting up static identity map for 0x80339040 - 0x80339098
dummy:
NET: Registered protocol family 16
Serial: AMBA PL011 UART driver
uart:0: ttyAMA0 at MMIO 0x20080000 (irq = 5) is a PL011 rev2
console [ttyAMA0] enabled
uart:1: ttyAMA1 at MMIO 0x20090000 (irq = 30) is a PL011 rev2
uart:2: ttyAMA2 at MMIO 0x200a0000 (irq = 25) is a PL011 rev2
bio: create slab <bio-0> at 0
SCSI subsystem initialized
hi-spi-master hi-spi-master.0: with 1 chip select slaves attached
hi-spi-master hi-spi-master.1: with 2 chip select slaves attached
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
Switching to clocksource timer0
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 2048 (order: 2, 16384 bytes)
TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 2048 bind 2048)
TCP: reno registered
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
RPC: Registered named UNIX socket transport module.
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
VFS: Disk quotas dquot_6.5.2
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
NFS: Registering the id_resolver key type
jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
fuse init (API version 7.18)
msgmni has been set to 61
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254)
io scheduler noop registered
io scheduler deadline registered (default)
io scheduler cfq registered
brd: module loaded
Check Flash Memory Controller v100 ... Found.
SPI Nor(cs 0) ID: 0xc2 0x20 0x18
Block:64KB Chip:16MB Name:"MX25L128XX"
SPI Nor total size: 16MB
4 cmdlinepart partitions found on MTD device hi_sfc
4 cmdlinepart partitions found on MTD device hi_sfc
Creating 4 MTD partitions on "hi_sfc":
0x000000000000-0x000000100000 : "boot"
0x000000100000-0x000000400000 : "kernel"
0x000000400000-0x000000f80000 : "rootfs"
0x000000f80000-0x000001000000 : "config"
SPI Nand ID Table Version 2.2
Cannot found a valid SPI Nand Device
himii: probed
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
hiusb-ehci hiusb-ehci.0: HIUSB EHCI
hiusb-ehci hiusb-ehci.0: new USB bus registered, assigned bus number 1
hiusb-ehci hiusb-ehci.0: irq 15, io mem 0x100b0000
hiusb-ehci hiusb-ehci.0: USB 0.0 started, EHCI 1.00
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
hiusb-ohci hiusb-ohci.0: HIUSB OHCI
hiusb-ohci hiusb-ohci.0: new USB bus registered, assigned bus number 2
hiusb-ohci hiusb-ohci.0: irq 16, io mem 0x100a0000
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 1 port detected
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
mousedev: PS/2 mouse device common for all mice
i2c /dev entries driver
hisi_i2c hisi_i2c.0: Hisilicon [i2c-0] probed!
hisi_i2c hisi_i2c.1: Hisilicon [i2c-1] probed!
hisi_i2c hisi_i2c.2: Hisilicon [i2c-2] probed!
usbcore: registered new interface driver usbhid
usbhid: USB HID core driver
TCP: cubic registered
Initializing XFRM netlink socket
NET: Registered protocol family 17
NET: Registered protocol family 15
lib80211: common routines for IEEE802.11 drivers
Registering the dns_resolver key type
usb 1-1: new high-speed USB device number 2 using hiusb-ehci
VFS: Mounted root (jffs2 filesystem) on device 31:2.
Freeing init memory: 128K

_ _ _ _ _ _ _ _ _ _ _ _
\ _ _ _ _ _ ___
/ /__/ \ |_/
/ __ / - _ ___
/ / / / / /
_ _ _ _/ / / \_/ \_ ______
___________\___\__________________

[RCS]: /etc/init.d/S00devs
[RCS]: /etc/init.d/S01udev
Not recognise ACTION:change
Not recognise ACTION:change
Not recognise ACTION:change
[RCS]: /etc/init.d/S10mpp
/etc/init.d/S10mpp: line 5: set_path_before: not found
/etc/init.d/S10mpp: line 6: set_path_before: not found
/etc/init.d/S10mpp: line 13: can't create /tmpfs/netdev: No space left on device
/etc/init.d/S10mpp: line 15: /*PTZ: not found
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x20090030: 0x00000300 --> 0x00004F01
[END]
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x2005003c: 0x00000000 --> 0x000001E2
[END]
[RCS]: /etc/init.d/S80network
[RCS]: /etc/init.d/S90hibernate
----Sensor Type: sc2235 ----
ln: /usr/lib/lib3518sensor.so: No space left on device
Set GPIO0_1
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200F0074: 0x00000000 --> 0x00000000
[END]
Set GPIO7_4
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200F00F0: 0x00000000 --> 0x00000001
[END]
Set GPIO7_5
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200F00F4: 0x00000000 --> 0x00000001
[END]
Set GPIO7_6
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200F00F8: 0x00000000 --> 0x00000001
[END]
Set GPIO3_6
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200F004C: 0x00000000 --> 0x00000000
[END]
Set GPIO0_0
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200F0070: 0x00000000 --> 0x00000000
[END]
Set GPIO0_2
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200F0078: 0x00000000 --> 0x00000000
[END]
Set GPIO1_7#sd led
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200F0098: 0x00000001 --> 0x00000000
[END]
Set GPIO7_7#Alarm door
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200F00FC: 0x00000000 --> 0x00000001
[END]
mmz_start: 0x82400000, mmz_size: 28M
Hisilicon Media Memory Zone Manager
Module himedia: init ok
hi3518e_base: module license 'Proprietary' taints kernel.
Disabling lock debugging due to kernel taint
load sys.ko for Hi3518EV200...OK!
load tde.ko ...OK!
load region.ko ....OK!
load vgs.ko for Hi3518EV200...OK!
ISP Mod init!
load viu.ko for Hi3518EV200...OK!
load vpss.ko ....OK!
load rc.ko for Hi3518EV200...OK!
load venc.ko for Hi3518EV200...OK!
load chnl.ko for Hi3518EV200...OK!
load h264e.ko for Hi3518EV200...OK!
load jpege.ko for Hi3518EV200...OK!
load ive.ko for Hi3518EV200...OK!
==== Your input Sensor type is sc2235 ====
gpio_0_base_addr_virtual:0xfe240000 !
Set Gpio0_6 dir to 1!
Set Gpio0_6 bit to 0!
Set Gpio0_6 bit to 1!
RTL871X: module init start
RTL871X: rtl8188eu v4.3.24_16705.20160509
RTL871X: build time: Oct 17 2017 10:49:14
RTL871X:
usb_endpoint_descriptor(0):
RTL871X: bLength=7
RTL871X: bDescriptorType=5
RTL871X: bEndpointAddress=81
RTL871X: wMaxPacketSize=512
RTL871X: bInterval=0
RTL871X: RT_usb_endpoint_is_bulk_in = 1
RTL871X:
usb_endpoint_descriptor(1):
RTL871X: bLength=7
RTL871X: bDescriptorType=5
RTL871X: bEndpointAddress=2
RTL871X: wMaxPacketSize=512
RTL871X: bInterval=0
RTL871X: RT_usb_endpoint_is_bulk_out = 2
RTL871X:
usb_endpoint_descriptor(2):
RTL871X: bLength=7
RTL871X: bDescriptorType=5
RTL871X: bEndpointAddress=3
RTL871X: wMaxPacketSize=512
RTL871X: bInterval=0
RTL871X: RT_usb_endpoint_is_bulk_out = 3
RTL871X: nr_endpoint=3, in_num=1, out_num=2

RTL871X: USB_SPEED_HIGH
RTL871X: CHIP TYPE: RTL8188E
RTL871X: rtw_hal_config_rftype RF_Type is 3 TotalTxPath is 1
RTL871X: Chip Version Info: CHIP_8188E_Normal_Chip_TSMC_D_CUT_1T1R_RomVer(0)
RTL871X: _ConfigNormalChipOutEP_8188E OutEpQueueSel(0x05), OutEpNumber(2)
RTL871X: EEPROM type is E-FUSE
RTL871X: Boot from EFUSE, Autoload OK !
RTL871X: SetHwReg8188E: bMacPwrCtrlOn=1
bFWReady == _FALSE call reset 8051...
RTL871X: =====> _8051Reset88E(): 8051 reset success .
RTL871X: efuse_read_phymap_from_txpktbuf bcnhead:0
RTL871X: efuse_read_phymap_from_txpktbuf len:135, lenbak:135, aaa:135, aaabak:135
RTL871X: efuse_read_phymap_from_txpktbuf read count:133
RTL871X: EEPROM ID=0x8129
RTL871X: VID = 0x0BDA, PID = 0x0179
RTL871X: Customer ID: 0x00, SubCustomer ID: 0xCD
RTL871X: Hal_ReadPowerSavingMode88E...bHWPwrPindetect(0)-bHWPowerdown(0) ,bSupportRemoteWakeup(1)
RTL871X: ### PS params=> power_mgnt(0),usbss_enable(0) ###
RTL871X: ======= Path 0, Channel 1 =======
RTL871X: Index24G_CCK_Base[0][1] = 0x2c
RTL871X: Index24G_BW40_Base[0][1] = 0x2e
RTL871X: ======= Path 0, Channel 2 =======
RTL871X: Index24G_CCK_Base[0][2] = 0x2c
RTL871X: Index24G_BW40_Base[0][2] = 0x2e
RTL871X: ======= Path 0, Channel 3 =======
RTL871X: Index24G_CCK_Base[0][3] = 0x2c
RTL871X: Index24G_BW40_Base[0][3] = 0x2e
RTL871X: ======= Path 0, Channel 4 =======
RTL871X: Index24G_CCK_Base[0][4] = 0x2c
RTL871X: Index24G_BW40_Base[0][4] = 0x2e
RTL871X: ======= Path 0, Channel 5 =======
RTL871X: Index24G_CCK_Base[0][5] = 0x2c
RTL871X: Index24G_BW40_Base[0][5] = 0x2e
RTL871X: ======= Path 0, Channel 6 =======
RTL871X: Index24G_CCK_Base[0][6] = 0x2c
RTL871X: Index24G_BW40_Base[0][6] = 0x2e
RTL871X: ======= Path 0, Channel 7 =======
RTL871X: Index24G_CCK_Base[0][7] = 0x2c
RTL871X: Index24G_BW40_Base[0][7] = 0x2e
RTL871X: ======= Path 0, Channel 8 =======
RTL871X: Index24G_CCK_Base[0][8] = 0x2c
RTL871X: Index24G_BW40_Base[0][8] = 0x2e
RTL871X: ======= Path 0, Channel 9 =======
RTL871X: Index24G_CCK_Base[0][9] = 0x2c
RTL871X: Index24G_BW40_Base[0][9] = 0x2e
RTL871X: ======= Path 0, Channel 10 =======
RTL871X: Index24G_CCK_Base[0][10] = 0x2c
RTL871X: Index24G_BW40_Base[0][10] = 0x2e
RTL871X: ======= Path 0, Channel 11 =======
RTL871X: Index24G_CCK_Base[0][11] = 0x2c
RTL871X: Index24G_BW40_Base[0][11] = 0x2e
RTL871X: ======= Path 0, Channel 12 =======
RTL871X: Index24G_CCK_Base[0][12] = 0x2c
RTL871X: Index24G_BW40_Base[0][12] = 0x2e
RTL871X: ======= Path 0, Channel 13 =======
RTL871X: Index24G_CCK_Base[0][13] = 0x2c
RTL871X: Index24G_BW40_Base[0][13] = 0x2e
RTL871X: ======= Path 0, Channel 14 =======
RTL871X: Index24G_CCK_Base[0][14] = 0x2c
RTL871X: Index24G_BW40_Base[0][14] = 0x2e
RTL871X: ======= TxCount 0 =======
RTL871X: CCK_24G_Diff[0][0]= 0
RTL871X: OFDM_24G_Diff[0][0]= 2
RTL871X: BW20_24G_Diff[0][0]= 0
RTL871X: BW40_24G_Diff[0][0]= 0
RTL871X: EEPROMRegulatory = 0x0
RTL871X: hal_com_config_channel_plan chplan:0x20
RTL871X: CrystalCap: 0x 6
RTL871X: EEPROM Customer ID: 0x 0
RTL871X: EEPROM : AntDivCfg = 1, TRxAntDivType = 1
RTL871X: Board Type: 0x 0
RTL871X: ThermalMeter = 0x28
RTL871X: rtw_hal_read_chip_info in 280 ms
RTL871X: init_channel_set((null)) ChannelPlan ID:0x20, ch num:13
RTL871X: NR_RECVBUFF: 8
RTL871X: MAX_RECVBUF_SZ: 15360
RTL871X: NR_PREALLOC_RECV_SKB: 8
RTL871X: Enable CONFIG_FIX_NR_BULKIN_BUFFER
RTL871X: rtw_alloc_macid((null)) if1, hwaddr:ff:ff:ff:ff:ff:ff macid:1
RTL871X: pwrctrlpriv.bSupportRemoteWakeup~~~~~~
RTL871X: pwrctrlpriv.bSupportRemoteWakeup~~~[1]~~~
RTL871X: rtw_macaddr_cfg mac addr:e0:09:bf:18:4d:5b
RTL871X: bDriverStopped:True, bSurpriseRemoved:False, bup:0, hw_init_completed:0
RTL871X: rtw_ndev_init(wlan0) if1 mac_addr=e0:09:bf:18:4d:5b
usbcore: registered new interface driver rtl8188eu
RTL871X: module init ret=0
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200f0040: 0x00000000 --> 0x00000002
[END]
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200f0044: 0x00000000 --> 0x00000002
[END]
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200f007c: 0x00000000 --> 0x00000001
[END]
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200f0080: 0x00000000 --> 0x00000001
[END]
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200f0084: 0x00000000 --> 0x00000001
[END]
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200f0088: 0x00000000 --> 0x00000001
[END]
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200f008c: 0x00000000 --> 0x00000002
[END]
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200f0090: 0x00000000 --> 0x00000002
[END]
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x200f0094: 0x00000000 --> 0x00000001
[END]
*** Board tools : ver0.0.1_20121120 ***
[debug]: {source/utils/cmdshell.c:166}cmdstr:himm
0x2003002c: 0x000C4003 --> 0x000B4001
[END]
acodec inited!
insert audio
mipi_init
init phy power successful!
load hi_mipi driver successful!
==== Your input Sensor type is sc2235 ====
Hisilicon Watchdog Timer: 0.01 initialized. default_margin=60 sec (nowayout= 1, nodeamon= 0)
ln: /app/web: No space left on device
ln: /app/bin: No space left on device
chmod: /tmp/bin: No such file or directory
ln: /usr/lib/libnetpt.so: File exists
RTL871X: +871x_drv - drv_open, bup=0
RTL871X: Set RF Chip ID to RF_6052 and RF type to 3.
RTL871X: rtl8188e_FirmwareDownload fw:NIC, size: 15414
RTL871X: rtl8188e_FirmwareDownload: fw_ver=16 fw_subver=0000 sig=0x88e1, Month=11, Date=58, Hour=16, Minute=3c
RTL871X: polling_fwdl_chksum: Checksum report OK! (1, 0ms), REG_MCUFWDL:0x00030005
RTL871X: =====> _8051Reset88E(): 8051 reset success .
RTL871X: _FWFreeToGo: Polling FW ready OK! (1, 0ms), REG_MCUFWDL:0x000300c6
RTL871X: FWDL success. write_fw:1, 50ms
==> rtl8188e_iol_efuse_patch
RTL871X: pDM_Odm TxPowerTrackControl = 1
RTL871X: pDM_Odm TxPowerTrackControl = 1
RTL871X: rtl8188eu_hal_init in 730ms
RTL871X: wlan0Port-0 set opmode = 2
RTL871X: MAC Address = e0:09:bf:18:4d:5b
RTL871X: -871x_drv - drv_open, bup=1
./start.sh: cd: line 109: can't cd to /app/bin
./start.sh: line 110: ./ipcmon.exe: not found
PHY: himii:01 - Link is Up - 10/Half
./start.sh: line 112: ./ipcam.exe: not found
(none) login:

Login timed out after 60 seconds

(none) login:

[tdiz]

спасибо за пароль- вечером попробую
но на нерабочей всё равно куда-то root исчез. буду пробовать

[dede]

Хм, а давайте вывод
mount
df -h
Похоже, что фс таки RW JFFS2 и ее чем-то заполнило под завязку

[tdiz]

вечером смогу точно сказть что он вывел, но вот из вчерашних логов до попытки считать прещепкой

/ # df -h
Filesystem Size Used Available Use% Mounted on
df: /proc/mounts: No such file or directory

[tdiz]

ну и вот пытался понять, какие порты открыты

/ # netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
netstat: /proc/net/tcp: No such file or directory
netstat: /proc/net/tcp6: No such file or directory
netstat: /proc/net/udp: No such file or directory
netstat: /proc/net/udp6: No such file or directory
netstat: /proc/net/raw: No such file or directory
netstat: /proc/net/raw6: No such file or directory
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
netstat: /proc/net/unix: No such file or directory

[dede]

Это у вас логи были с инитом, я предлагаю залогиниться используя пароль , когда все окружение поднято, ну или вручную проинициализировать.

[tdiz]

ок, вечером сделаю!

[tdiz]

1. пароль тот. для рабочей камеры подошёл, значит смогу скачать через dd из /dev/mtdblock0-3. ЕЩЁ РАЗ ОГРОМНОЕ СПАСИБО!!! надо было сразу спросить.
2. но вот с мёртвой проблема. не подходит пароль. я выше писал, что root куда-то пропал. всё выглядит так, что нет пользователя в системе. я даже не представляю, куда двигаться дальше

(none) login: root
Password:
Login incorrect
Dec 31 20:12:06 login[1137]: invalid password for 'UNKNOWN' on 'console'

[dede]

тогда свой инит ставьте и потом примонтировать рут и поудалятьь мусор попробовать