ElbowsForDays
New Member
A friend of mine bricked his Livestream Broadcaster a while back and gave it to me to try and un-brick it. I have an interest in hardware hacking and am actively trying to learn as much as possible but my experience is limited.
Connecting to it's serial port, I can see that it is stuck in a boot loop and reboots before giving access to a shell. I have a Flashcat XPORT and desoldered the Micron NAND chip in order to try and re-flash it with the correct firmware.
Using the XPORT, I first extracted the contents using all the available protocol options. I.e. combined, separated and segmented. I am not sure what the difference between them are so I extracted the NAND data with all settings to be sure. What are the different options? Are they to do with the OOB data? The NAND contents actually seems to contain the correct firmware so maybe something small has been overwritten when he went to flash the wrong firmware and it might be fixable.
I have downloaded the correct firmware and extracted it using binwalk. There is a partitions file listing all the partition sizes and numerous .bin files.
These include nand-bootloader.bin, nand-initrd.img, nand-kernel.img and nand-rootfs.tgz. These are the main partitions that I need to flash.
There are also a bunch of other files for installing and upgrading the firmware.
I have tried flashing these to the NAND chip and then reading it back and comparing it to the original bricked NAND data and they all seem like they are in the right place except the nand-rootfs.tgz. Looking at the upgrade scripts, it seems that this is extracted onto the flash. Can anyone tell me how I can extract this onto the NAND chip using flashcat software? I can untar the nand-rootfs and it extracts the typical linux filesystem folders and files but I am unsure how to flash this structure to the NAND.
Also, I have a question in regard to the bricked firmware I extracted. Does flashcat read the NAND including all the OOB data? If i do a binwalk on the extracted NAND data it all looks as it should and recognizes all the files that I'd expect but if I try to extract it using binwalk, I get a number of compressed files and some folders that have dev and root subfolders that are empty. e.g.
1240240.cpio 189F040.gz 2334483.tar 9979240.cpio A143040.gz cpio-root cpio-root-1 mkfs.jffs2.1.gz
1579240.cpio 1D43040.gz 9640240.cpio 9C9F040.gz A734483.tar cpio-root-0 cpio-root-2
Trying to extract any of the compressed files just gives errors saying they don't appear to be valid compressed files. Is this due to OOB data? Do I need to strip out the OOB data from the .bin files that flashcat produces from reading the NAND?
TLDR:
1/ What is the difference between Segmented, Separated and Combined when reading Nand flash.
2/ How do I extract the nand-rootfs.tgz onto the flash?
3/ Do I need to strip out OOB data from bins produced by flashcat when reading a NAND or does flashcat do that?
4/ Also, When writing binaries to NAND using flashcat, do I first have to insert OOB data?
Thanks for any help. It is much appreciated.
Connecting to it's serial port, I can see that it is stuck in a boot loop and reboots before giving access to a shell. I have a Flashcat XPORT and desoldered the Micron NAND chip in order to try and re-flash it with the correct firmware.
Using the XPORT, I first extracted the contents using all the available protocol options. I.e. combined, separated and segmented. I am not sure what the difference between them are so I extracted the NAND data with all settings to be sure. What are the different options? Are they to do with the OOB data? The NAND contents actually seems to contain the correct firmware so maybe something small has been overwritten when he went to flash the wrong firmware and it might be fixable.
I have downloaded the correct firmware and extracted it using binwalk. There is a partitions file listing all the partition sizes and numerous .bin files.
These include nand-bootloader.bin, nand-initrd.img, nand-kernel.img and nand-rootfs.tgz. These are the main partitions that I need to flash.
There are also a bunch of other files for installing and upgrading the firmware.
I have tried flashing these to the NAND chip and then reading it back and comparing it to the original bricked NAND data and they all seem like they are in the right place except the nand-rootfs.tgz. Looking at the upgrade scripts, it seems that this is extracted onto the flash. Can anyone tell me how I can extract this onto the NAND chip using flashcat software? I can untar the nand-rootfs and it extracts the typical linux filesystem folders and files but I am unsure how to flash this structure to the NAND.
Also, I have a question in regard to the bricked firmware I extracted. Does flashcat read the NAND including all the OOB data? If i do a binwalk on the extracted NAND data it all looks as it should and recognizes all the files that I'd expect but if I try to extract it using binwalk, I get a number of compressed files and some folders that have dev and root subfolders that are empty. e.g.
1240240.cpio 189F040.gz 2334483.tar 9979240.cpio A143040.gz cpio-root cpio-root-1 mkfs.jffs2.1.gz
1579240.cpio 1D43040.gz 9640240.cpio 9C9F040.gz A734483.tar cpio-root-0 cpio-root-2
Trying to extract any of the compressed files just gives errors saying they don't appear to be valid compressed files. Is this due to OOB data? Do I need to strip out the OOB data from the .bin files that flashcat produces from reading the NAND?
TLDR:
1/ What is the difference between Segmented, Separated and Combined when reading Nand flash.
2/ How do I extract the nand-rootfs.tgz onto the flash?
3/ Do I need to strip out OOB data from bins produced by flashcat when reading a NAND or does flashcat do that?
4/ Also, When writing binaries to NAND using flashcat, do I first have to insert OOB data?
Thanks for any help. It is much appreciated.