Processor | MSD7831S |
Flash | 256MB |
Ram | 256MB |
Kernel version | Linux-3.1.10-mstar (MIPS) |
U-Boot version | 2011.06-svn (Feb 09 2017 - 14:19:35) MBOT-1106.0.10.1376750 |
Hacking and tinkering with Embedded Linux in Mstar's MSD7831S
To make the experience fit your profile, pick a username and tell us what interests you.
We found and based on your interests.
Processor | MSD7831S |
Flash | 256MB |
Ram | 256MB |
Kernel version | Linux-3.1.10-mstar (MIPS) |
U-Boot version | 2011.06-svn (Feb 09 2017 - 14:19:35) MBOT-1106.0.10.1376750 |
uboot_help.txtU-Boot "help" outputplain - 9.46 kB - 02/23/2019 at 23:15 |
|
|
uboot_printenv.txtU-Boot "printenv" outputplain - 3.34 kB - 02/23/2019 at 23:15 |
|
Default u-boot "bootargs" variable for kernel is following:
bootargs=quiet console=ttyS0,115200 ubi.mtd=UBI root=ubi:RFS ubi.mtd=UBILD rootfstype=ubifs rw EMAC_MEM=0x100000 DRAM_LEN=0x10000000 mtdparts=edb64M-nand:2432k@0x180000(MBOOT),2432k(MBOOTBAK),2m(UBILD),4m(BFN),6m(KL),54m(MSLIB),18176k(APP),896k(RTPM),-(UBI) norandmaps BRICK_TERMINATOR_SPI_STATUS_OFFSET=0005D000 LX_MEM=0x7000000 LX_MEM2=0x50000000,0xF600000 PM51_ADDR=0x7100000 PM51_LEN=0x10000 BOOTLOGO_IN_MBOOT ENV_VAR_OFFSET=0xBA000 ENV_VAR_SIZE=0x10000 ENV=NAND SECURITY=OFF
I tried:
Without success. If you have any ideas how to modify kernel's boot arguments to gain root shell on uart please leave comment.
After connecting to serial console the below bootlog can be observed. When message "Starting kernel ..." is spit out then only message is "Hello UART". There is no shell access. Nothing.
ROM UART_115200 AC_ON [3456789ABC][23456789AB][456789ABCDE][3456789ABC]-7697 BIST0-OK[AT][MB][start ub][432] U-Boot 2011.06-svn (Feb 09 2017 - 14:19:35) MBOT-1106.0.10.1376750 DRAM: 256 MiB Hello U-Boot Stack Pointer at: 8ff5dfc0 mem initial, start 0x8e1d0180, len 0x1020000 uboot held at [8f000000~90000000] Now running in RAM - U-Boot at: 8f1f0180 NAND: CIS is found @Blk0 FCIE is set to 54MHz 256 MiB *** Warning - set default for mtdparts, using default environment Creating 1 MTD partitions on "nand0": 0x000000640000-0x000000840000 : "mtd=2" Bad block table found at page 131008, version 0x01 Bad block table found at page 130944, version 0x01 UBI: attaching mtd1 to ubi0 UBI: physical eraseblock size: 131072 bytes (128 KiB) UBI: logical eraseblock size: 126976 bytes UBI: smallest flash I/O unit: 2048 UBI: VID header offset: 2048 (aligned 2048) UBI: data offset: 4096 Can't find "CTRL" partition restore UBI scan UBI: the backup volume was not found UBI: attached mtd1 to ubi0 UBI: MTD device name: "mtd=2" UBI: MTD device size: 2 MiB UBI: number of good PEBs: 16 UBI: number of bad PEBs: 0 UBI: max. allowed volumes: 128 UBI: wear-leveling threshold: 250 UBI: number of internal volumes: 2 UBI: number of user volumes: 1 UBI: available PEBs: 1 UBI: total number of reserved PEBs: 15 UBI: number of PEBs reserved for bad PEB handling: 2 UBI: max/mean erase counter: 203/110 Volume not found! NAND read: device 0 offset 0x180000, size 0xa8 168 bytes read: OK Volume "MPOOL" found at volume id 0 Volume "MPOOL" found at volume id 0 u32EnvRescueOffset = 0x7c000 In: serial Out: serial Err: serial Net: No ethernet found. MAC: 0x8: 0xf7: 0x28: 0x0:0x4f: 0xc6 ####################################################################### # [PROTECT WARNING], miu kernel protect is not enabled on second dram # ####################################################################### Volume "MPOOL" found at volume id 0 Changelist: 001101749 ============= set bootargs =============== Hit any key to stop autoboot: 0 fore uup IRKey [0xff] AC on create Audio SHM data ...[[utopia]] MApi_AUDIO_SetCommand() : Audio system is not ready yet, please try again later [Warning!!]No SRS TSXT license!! [[utopia]] MApi_AUDIO_ReleaseDecodeSystem() : Audio system is not ready yet, please try again later [[utopia]] MApi_AUDIO_ReleaseDecodeSystem() : Audio system is not ready yet, please try again later [[utopia]] MApi_AUDIO_ReleaseDecodeSystem() : Audio system is not ready yet, please try again later [AT][MB][audio_preinit][918] MDrv_PNL_Init u32PnlRiuBaseAddr = bf200000 MDrv_PNL_Init u32PMRiuBaseAddr = bf000000 [_MDrv_PNL_Init_LPLL][305]pstPanelInitData->u16Width=1920, pstPanelInitData->u16Height=1080 [_MDrv_PNL_Init_LPLL][307]u16HTotal=2199,u16VTotal=1124,pstPanelInitData->u16HTotal=2199,pstPanelInitData->u16VTotal=1124, u16DefaultVFreq=600 [_MDrv_PNL_Init_Output_Dclk][350]pstPanelInitData->u16Width=1920, pstPanelInitData->u16Height=1080 [_MDrv_PNL_Init_Output_Dclk][352]u16HTotal=2199,u16VTotal=1124,pstPanelInitData->u16HTotal=2199,pstPanelInitData->u16VTotal=1124, u16DefaultVFreq=600 [AT][MB][panel_pre_init][972] NAND read: device 0 offset 0x5a00000, size 0x10000 65536 bytes read: OK Wait for PM51 standby...........PM51 run ok...........msHdmitx_Disp_Init [XC,Version] no need to patchEDID NOT READY! EDID NOT READY! EDID NOT READY! EDID NOT READY! EDID NOT READY! Rx Support DVI mode only! shift 0 pixels in NTSC mode Create Dolby single part name task failed!![Hal_VE_EnableDI][1453] bEnable = 0, bIsDNR2VE = 0 setHDMITxAnalogTuning: Error: MApi_HDMITx_GetRxDCInfoFromEDID EDID is not ready, at 271 [AT][MB][bootlogo begin][1111] [AT][MB][JPD Decode][1141] [GOP3, PID 0, TID 0x-1][Driver Version]: 0089, BuildNum: 0002, ChangeList: 00524916 [AT][MB][Show Logo][1175] [AT][MB][Play...Read more »
UART header pinout, speed: 115200
Create an account to leave a comment. Already have an account? Log In.
Hi Alexander. Thanks for comment. I didn't even thought about idea of SDR but hey! That would be even more interesting :) Onboard demodulator is MSB1241 but two USB ports are also available.
Regarding linux - using command 'nandbinall' I am able to dump all partitions to bin files. On one of them is root file system in ubifs which looks like that: https://i.imgur.com/yksQy0B.png :) So ultimately it is possible to dump filesystem, mount it under linux, modify initrd and add telnetd but for now I'm looking to do this using only serial console.
Become a member to follow this project and never miss any updates
Nice start to the project, this would be super awesome to hack! I bet it could be modified to add a lot more SDR functionality. The fact it is running Uboot makes us think Linux, but it looks like it's probably running a proprietary OS (although it might be Linux with custom UART output, who knows?)
I will definitely be following this project! Good luck and I hope you find a way to get root!