Close

U-Boot

A project log for Hacking MSD7831S based DVB-T tuner

Hacking and tinkering with Embedded Linux in Mstar's MSD7831S

A.MnemonicA.Mnemonic 02/23/2019 at 23:030 Comments

After connecting to serial console the below bootlog can be observed. When message "Starting kernel ..." is spit out then only message is "Hello UART". There is no shell access. Nothing.

ROM

UART_115200
AC_ON

[3456789ABC][23456789AB][456789ABCDE][3456789ABC]-7697


BIST0-OK[AT][MB][start ub][432]

U-Boot 2011.06-svn (Feb 09 2017 - 14:19:35)  MBOT-1106.0.10.1376750


DRAM:  256 MiB


Hello U-Boot
Stack Pointer at: 8ff5dfc0
mem initial, start 0x8e1d0180, len 0x1020000
uboot held at [8f000000~90000000]
Now running in RAM - U-Boot at: 8f1f0180
NAND:  CIS is found @Blk0
FCIE is set to 54MHz
256 MiB
*** Warning - set default for mtdparts, using default environment

Creating 1 MTD partitions on "nand0":
0x000000640000-0x000000840000 : "mtd=2"
Bad block table found at page 131008, version 0x01
Bad block table found at page 130944, version 0x01
UBI: attaching mtd1 to ubi0
UBI: physical eraseblock size:   131072 bytes (128 KiB)
UBI: logical eraseblock size:    126976 bytes
UBI: smallest flash I/O unit:    2048
UBI: VID header offset:          2048 (aligned 2048)
UBI: data offset:                4096
Can't find "CTRL" partition
restore UBI scan
UBI: the backup volume was not found
UBI: attached mtd1 to ubi0
UBI: MTD device name:            "mtd=2"
UBI: MTD device size:            2 MiB
UBI: number of good PEBs:        16
UBI: number of bad PEBs:         0
UBI: max. allowed volumes:       128
UBI: wear-leveling threshold:    250
UBI: number of internal volumes: 2
UBI: number of user volumes:     1
UBI: available PEBs:             1
UBI: total number of reserved PEBs: 15
UBI: number of PEBs reserved for bad PEB handling: 2
UBI: max/mean erase counter: 203/110
Volume  not found!

NAND read: device 0 offset 0x180000, size 0xa8
 168 bytes read: OK
Volume "MPOOL" found at volume id 0
Volume "MPOOL" found at volume id 0
u32EnvRescueOffset = 0x7c000
In:    serial
Out:   serial
Err:   serial
Net:   No ethernet found.
MAC:  0x8: 0xf7: 0x28: 0x0:0x4f: 0xc6
#######################################################################
# [PROTECT WARNING], miu kernel protect is not enabled on second dram #
#######################################################################
Volume "MPOOL" found at volume id 0

Changelist:	001101749
============= set bootargs ===============
Hit any key to stop autoboot:  0 
fore uup IRKey [0xff]
AC on
create Audio SHM data ...[[utopia]]      MApi_AUDIO_SetCommand() : Audio system is not ready yet, please try again later

 [Warning!!]No SRS TSXT license!! [[utopia]]      MApi_AUDIO_ReleaseDecodeSystem() : Audio system is not ready yet, please try again later
[[utopia]]      MApi_AUDIO_ReleaseDecodeSystem() : Audio system is not ready yet, please try again later
[[utopia]]      MApi_AUDIO_ReleaseDecodeSystem() : Audio system is not ready yet, please try again later
[AT][MB][audio_preinit][918]
MDrv_PNL_Init u32PnlRiuBaseAddr = bf200000
MDrv_PNL_Init u32PMRiuBaseAddr = bf000000
[_MDrv_PNL_Init_LPLL][305]pstPanelInitData->u16Width=1920, pstPanelInitData->u16Height=1080
[_MDrv_PNL_Init_LPLL][307]u16HTotal=2199,u16VTotal=1124,pstPanelInitData->u16HTotal=2199,pstPanelInitData->u16VTotal=1124, u16DefaultVFreq=600
[_MDrv_PNL_Init_Output_Dclk][350]pstPanelInitData->u16Width=1920, pstPanelInitData->u16Height=1080
[_MDrv_PNL_Init_Output_Dclk][352]u16HTotal=2199,u16VTotal=1124,pstPanelInitData->u16HTotal=2199,pstPanelInitData->u16VTotal=1124, u16DefaultVFreq=600
[AT][MB][panel_pre_init][972]

NAND read: device 0 offset 0x5a00000, size 0x10000
 65536 bytes read: OK
Wait for PM51 standby...........PM51 run ok...........msHdmitx_Disp_Init
[XC,Version] 
 no need to patchEDID NOT READY! 
EDID NOT READY! 
EDID NOT READY! 
EDID NOT READY! 
EDID NOT READY! 
Rx Support DVI mode only! 
shift 0 pixels in NTSC mode 
Create Dolby single part name task failed!![Hal_VE_EnableDI][1453] bEnable = 0, bIsDNR2VE = 0
setHDMITxAnalogTuning: Error: MApi_HDMITx_GetRxDCInfoFromEDID EDID is not ready, at 271

[AT][MB][bootlogo begin][1111]
[AT][MB][JPD Decode][1141]

[GOP3, PID 0, TID 0x-1][Driver Version]: 0089, BuildNum: 0002, ChangeList: 00524916
[AT][MB][Show Logo][1175]
[AT][MB][Play Melody][1249]

NAND read: device 0 offset 0xc40000, size 0x536528
 5465384 bytes read: OK
## Booting kernel from Legacy Image at 803fffc0 ...
   Image Name:   Linux-3.1.10-mstar
   Image Type:   MIPS Linux Kernel Image (uncompressed)
   Data Size:    5465320 Bytes = 5.2 MiB
   Load Address: 80000000
   Entry Point:  803e2500
-usb_stop(USB_PORT0)
-usb_stop(USB_PORT1)
   Loading Kernel Image ... OK
[AT][MB][start kr][1748]

Starting kernel ...

Hello UART

 Ok, so lets try to "Hit any key to stop autoboot":


(...)

In:    serial
Out:   serial
Err:   serial
Net:   No ethernet found.
MAC:  0x8: 0xf7: 0x28: 0x0:0x4f: 0xc6
#######################################################################
# [PROTECT WARNING], miu kernel protect is not enabled on second dram #
#######################################################################
Volume "MPOOL" found at volume id 0

Changelist:	001101749
============= set bootargs ===============
Hit any key to stop autoboot:  0
Password:

 It needs password! Well, that isn't what I expected.

Anyway without going into much details I've prepared special update file binary and successfully dumped ram to external usb drive then extracted password which is:

If you also have password protected uboot then please let me know, I will then put info about my method of pass extraction.

(...)
Volume "MPOOL" found at volume id 0

Changelist:001101749
============= set bootargs ===============
Hit any key to stop autoboot:  0  0
Password: **********
kenya# version

U-Boot 2011.06-svn (Feb 09 2017 - 14:19:35)
mips-linux-gnu-gcc (Sourcery G++ Lite 4.3-51) 4.3.2
GNU ld (Sourcery G++ Lite 4.3-51) 2.18.50.20080215

kenya#

Discussions