Xiaomi console access
- Thread starter balrog
- Start date
The russians are having fun with it, there's a RAW shooting script I can't download for some reason (google translate fails me):
http://translate.googleusercontent....647390&usg=ALkJrhjegmqP8WgvmaV_mimXEwzl5GACGA
I telnet'd in and poked about. Looks to be running similar stuff as gopro and sjcams on the ambarella a7. Runs http://cherokee-project.com/ for the web server. The IP address (.42.1) is hard-coded in several places.
The / partition mounts read-only.
processes...
netstat
The amba_mq_handler I suspect is what will need to be tweaked to be able to trigger things.
All the good things happen on startup in the /etc/init.d/S50network script...
Will look more later, if anyone can read Russian, see if you can download that RAW shooting script...
http://translate.googleusercontent....647390&usg=ALkJrhjegmqP8WgvmaV_mimXEwzl5GACGA
I telnet'd in and poked about. Looks to be running similar stuff as gopro and sjcams on the ambarella a7. Runs http://cherokee-project.com/ for the web server. The IP address (.42.1) is hard-coded in several places.
The / partition mounts read-only.
Code:
/etc/init.d # mount
rootfs on / type rootfs (rw)
ubi0:linux on / type ubifs (ro,relatime)
devtmpfs on /dev type devtmpfs (rw,relatime,size=18816k,nr_inodes=4704,mode=755)
none on /dev type tmpfs (rw,relatime)
proc on /proc type proc (rw,relatime)
devpts on /dev/pts type devpts (rw,relatime,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw,relatime,mode=777)
tmpfs on /tmp type tmpfs (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
a on /tmp/fuse_a type fuse.a (rw,nosuid,nodev,relatime,user_id=0,group_id=0)
1 on /tmp/fuse_d type fuse.1 (rw,nosuid,nodev,relatime,user_id=0,group_id=0)
z on /tmp/fuse_z type fuse.z (rw,nosuid,nodev,relatime,user_id=0,group_id=0)
a on /pref type fuse.a (rw,nosuid,nodev,relatime,user_id=0,group_id=0)
none on /sys/kernel/debug type debugfs (rw,relatime)
tmpfs on /var/www/live type tmpfs (rw,relatime)
tmpfs on /var/www/mjpeg type tmpfs (rw,relatime)
1 on /var/www/DCIM type fuse.1 (rw,nosuid,nodev,relatime,user_id=0,group_id=0)processes...
Code:
574 root 0:00 [mtdblock11]
579 root 0:00 [mtdblock12]
584 root 0:00 [mtdblock13]
596 root 0:00 [ubi_bgt0d]
608 root 0:00 [lkvfs_bh 0]
651 root 0:00 vffs /tmp/fuse_a -l a -o big_writes -o atomic_o_trunc -s
654 root 0:00 vffs /tmp/fuse_d -l d -C 1 -o big_writes -s
657 root 0:00 vffs /tmp/fuse_z -l z -s
672 root 0:00 ombra
678 root 0:00 amba_mq_handler
679 root 0:00 /usr/bin/AmbaStreamSVC
681 root 0:00 /usr/bin/lu_lnxfio_stream
685 root 0:00 /usr/bin/amba_qrconfig
695 root 0:00 [kworker/0:2]
696 root 0:00 [cfg80211]
722 root 0:00 [mmcqd/0]
742 root 0:00 telnetd
745 root 0:00 network_message_daemon
759 root 0:00 cgiBridge
825 root 0:00 [wl_event_handle]
829 root 0:00 [dhd_watchdog_th]
830 root 0:00 [dhd_dpc]
831 root 0:00 [dhd_sysioc]
832 root 0:04 [ksdioirqd/mmc1]
879 nobody 0:00 dnsmasq --nodns -5 -K -R -n --dhcp-range=192.168.42.2,192.168.42.6,infinite
956 root 0:00 cherokee-worker -a -C /etc/cherokee.conf -j -s -d
1208 root 0:01 -sh
1854 root 0:00 [sh]
1855 root 0:00 ps fax
1856 root 0:00 morenetstat
Code:
/etc/init.d # netstat -pltn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:7878 0.0.0.0:* LISTEN 745/network_message
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 956/cherokee-worker
tcp 0 0 0.0.0.0:8787 0.0.0.0:* LISTEN 745/network_message
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 879/dnsmasq
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 742/telnetd
netstat: /proc/net/tcp6: No such file or directoryThe amba_mq_handler I suspect is what will need to be tweaked to be able to trigger things.
All the good things happen on startup in the /etc/init.d/S50network script...
Code:
#enable Network daemon
[ -x /usr/bin/ombra ] && (ombra > /dev/null 2>&1)
#enable Webupload daemon
[ -x /usr/bin/dvf2web ] && dvf2web --daemon
#enable AmbaStreamer
if [ -f /usr/bin/AmbaStreamSVC ]; then
/usr/bin/AmbaStreamSVC &
fi
#enable AmbaMqueue daemon
if [ -x /usr/bin/amba_mq_handler ]; then
amba_mq_handler
fi
#enable lnxfio_stream daemon
if [ -x /usr/bin/lu_lnxfio_stream ]; then
nice -n -20 /usr/bin/lu_lnxfio_stream
fi
#enable amba_qrconfig daemon
if [ -x /usr/bin/amba_qrconfig ]; then
/usr/bin/amba_qrconfig
fi
#for bootup speed, some modules are preloaded before hibernate
if [ -x /usr/local/share/script/preload.sh ]; then
/usr/local/share/script/preload.sh
fi
if [ -x /usr/local/share/script/bt_preload.sh ]; then
/usr/local/share/script/bt_preload.sh
fi
#for ar6004 WoWLAN
mount -t debugfs none /sys/kernel/debug/
#Apply TCP tuning parameters
if [ -x /usr/local/share/script/tcp_script.sh ]; then
/usr/local/share/script/tcp_script.shWill look more later, if anyone can read Russian, see if you can download that RAW shooting script...
Actually that IP is not hardcoded at all, only place where i saw it defined was in /pref/wifi.conf which is RW filesystem and you can easily change the IP range. And yes, i did it already, but it cannot hook to your network. Yet.
nutsey
Well-Known Member
Oh yeah we are ) Here is the script aimed to get max from the cam. It enables both JPEG+RAW still capture and 1296p30 @30Mbits video. There is also a script for auto RAW capture.
Nutsey - what's the script for auto raw capture?
And anyone know which raw decoder works for these ambarella raw files?
I also saw a HDR script on the russian site but could not download it.. anyone been able to download the attachments from that forum?
And anyone know which raw decoder works for these ambarella raw files?
I also saw a HDR script on the russian site but could not download it.. anyone been able to download the attachments from that forum?
nutsey
Well-Known Member
Use raw2dng tool to convert RAW files to Adobe DNG format. Drag&drop RAW files to its window.
Here is HDR script. It generates 6 JPEG files with various shutter and ISO fixed to 100. Join them to HDR in any suitable soft.
nutsey
Well-Known Member
Check the nickname of the guy who posts scripts there 😉))
Okay, thanks! 🙂
Emm...nutsey, what is the meaning of the parameter in "raw2nef.ini" configuration file? Can I adjust it?
nutsey
Well-Known Member
It describes format of our RAW file (frame size, bayer byte order etc.), nothing really to adjust there.
The sleep function is in seconds. I managed to modify it to millisecond from a script, just to make led blinking and beeping better. The sleep funcion basically works by taking the number you typed and multiplies it by 1000, so I just NOPed the multiply by 1000 line 😉
I will post it later for 1.0.12 fw if you want. For now I have it only for 1.0.9 which I'm experimenting on.
I will post it later for 1.0.12 fw if you want. For now I have it only for 1.0.9 which I'm experimenting on.
nutsey
Well-Known Member
Hi! "sleep 0.x" works fine and there is a usleep command in ms 😉
No, it doesn't from an autoexec script.
Sleep milliseconds sample script for 1.0.12 fw. Just blinking front led and some beeps.
https://github.com/funneld/XiaomiYi/tree/master/autoexec.ash/1.0.12-fw/sleepMillisecondsHack
https://github.com/funneld/XiaomiYi/tree/master/autoexec.ash/1.0.12-fw/sleepMillisecondsHack
Code:
#convert sleep to milliseconds hack
writew 0xC0155712 0x0000Then how could I change back to normal 1 second, within the same ash code?
added:
I've tested, the first sleep 100 doesnot work as MS, but as S, so the Yi Cam wait for a long time (100s) then blink the red & blue.
Code:
#beep and blink front LED
#LEDs
#12 shutter
#114 WIFI
#6 front blue
#54 front red
sleep 100 <---- here run as Second, not Milisecond.
t gpio 6 sw out0
t gpio 54 sw out1so after I changed it to
Code:
sleep 1
Last edited: