USB capture of AM8251 firmware update #1
Comments
|
@floe thanks for keeping me in the loop, however I don't have any of such devices so I don't think I am going to do any serious work on that. I might take a peek just to see if there is anything familiar, but no promises. |
|
Well, I was thinking that maybe the AM7xxx series uses the same protocol, so it might still be useful for you. I'm also pretty sure that the USB dump contains a sequence where parts of the firmware are read from the device (to check version numbers), so that may offer an easy way to dump firmware from more than one different Actions Micro device. In any case, for anyone interested, here's the link to the PCAP file: http://floe.butterbrot.org/external/usb.pcap |
|
Hey Florian,
|
|
Yes, IIRC I checked the s1mp3 tools, but the endpoints of the ADFU mode on AM8251 don't match those expected by the s1mp3 protocol. |
|
Ah, just for the records, the am7xxx USB projector I've got does not even use USB mass storage, so I don't think It can use the same SCSI protocol I see in the dump, some other am7xxx devices might tho. When reversing the protocol of my projector I also looked at the disassembled windows binaries to get hints about the data formats, maybe this can be useful in your case too. BTW I wonder if it'd be easier to handle this protocol at the SCSI level with the "sg" driver http://sg.danny.cz/sg/ and letting the USB Mass storage layer take care of the USB details (USBC, USBS, etc.), rather than talking USB directly with the device using libusb. The sg driver should allow custom SCSI commands, but I never tried. Ciao, |
|
That looks promising, although I'm not sure if the protocol is just accidentally decoded as SCSI. At least, none of the standard Linux SCSI drivers (including sg) bind to it, and the interface class is 0xFF... |
|
I've seen that there are some other devices perform firmware updates over a SCSI-like protocol, but they are actually SCSI devices so I don't know how similar this is; anyway here is where I saw it: |
|
Interesting, good find... maybe @scanlime would like to have a look at the present PCAP dump sometime? |
|
Hi guys ! Please look at the Comments thread where I was directed from, by the very clever and helpful author, Hauke 😁😁 So:
Do you think the ezcast already has LIRC to which such a IR RC could directly input keystroke codes, or LIRC could be installed? Any help with this using SSH or other access method I would greatly appreciate ! After all hacking is what advances the state of art 🐵🐵🐵 |
|
I looked at the update application and I can tell you that pretty much similar to what is described here with some commands added; I can tell you that the dump follows the USB mass storage bulk only transfer (a little explanation here). There is also a project that is doing the same with a board with a similar processor here. |
|
Appreciate that. 😀Heard of Linaro. |
I did a bit of experimentation with my AM8251-based HDMI streaming adapter, and captured a firmware update over USB using libpcap on a Windows VM. It's rather large (~100 MB), so I thought I'd ask first if anybody would be interested in looking at the dump file? I think it should be possible to reverse-engineer the ADFU protocol from that, or at least get a decent start... /cc @ao2
The text was updated successfully, but these errors were encountered: