disclaimer: you do it at your own risk. make sure you have a backup!
- MJSXJ02CM camera with 4.0.9_0409 firmware
- SPI flasher with SOIC8 clip (I use CH341A)
- linux host with:
- dd
- binwalk
- squashfs-tools
- flashrom
flashrom -p ch341a_spi -r 02_backup.bin
cp 02_backup.bin 02_backup_4.0.9_0409.bin
binwalk -e 02_backup.bin
You can use just dd
and unsquashfs
for extracting rootfs. I use binwalk because of the analysis of the entire firmware.
Replace _02_backup.bin.extracted/squashfs-root/etc/init.d/S49factory
with:
#!/bin/sh
if [ -f /mnt/sdcard/manu_test/manu.sh ]
then
touch /tmp/factory_mode
/mnt/sdcard/manu_test/manu.sh
fi
Remove any occurrence of umount /mnt/sdcard
in init scripts.
For FW 4.0.9_0409 it's just a file: _02_backup.bin.extracted/squashfs-root/etc/init.d/S12copylog
In the case of other FW version you can check the occurrences by: grep -ri 'umount /mnt/sdcard' _02_backup.bin.extracted/squashfs-root
Then re-pack rootfs:
cd _02_backup.bin.extracted
mksquashfs squashfs-root ../rootfs_patched.bin -comp xz
cd ..
create the beginning of the system image:
cp 02_backup.bin 02_backup_patched1.bin
dd if=rootfs_patched.bin of=02_backup_patched1.bin bs=1 count=7667764 seek=2490368 status=progress
then combine with the rest:
cp 02_backup.bin 02_backup_patched_final.bin
dd conv=notrunc if=02_backup_patched1.bin of=02_backup_patched_final.bin status=progress
compare original dump with final:
binwalk 02_backup.bin > backup.log
binwalk 02_backup_patched_final.bin > final.log
diff -c final.log backup.log
The only difference should be in the creation date of Squashfs. If not, stop here and see what's wrong.
before that, make sure you have a backup!
flashrom -p ch341a_spi -w 02_backup_patched_final.bin
For MJSXJ05CM camera, you can follow: telmomarques/xiaomi-360-1080p-hacks#18 (comment)
happy hacking!
I can downgrade the firmware to use the custom software and revert back to the original backup without issues.
On the chip, you can see the circle dot. Make sure the red line on your clip is on the opposite side of the chip. Can you check your clip is in right direction? My working clip: