Sprite_tm

Tue, 17 Dec 2024 14:44:12 +0100

Sprite_tm

sprite_tm@social.spritesmods.com

So I got a cheap kiddie camera from Taobao; our li'l one is interested in cameras but a bit too small for anything that can break. To proper Chinese tradition, the UI is a mess: I don't want my camera to play mp3s, movies or games, thankyouverymuch. So I decide to hack the firmware to simplify things.

Opening it up, the chip is an HX3302. Nothing on the web about that. Chip next to it is a Spansion 4MiB SPI flash. Nice, let's dump that. Yay, plaintext strings, that means the firmware is uncompressed and unencrypted. Let's chuck it into Ghidra.

Waitasec, what ISA is this? It's not anything I recognise. cpu_rec gives me the terminal equivalent of a blank stare, isadetect.com comes up with various guesses with extremely low confidence. Hm, that's me stuck.

Anyone wants to see if they recognize this, or if they have better tools available? Firmware dump is at #^http://meuk.spritesserver.nl/tmp/cam_orig_fw.bin .

Tue, 17 Dec 2024 15:22:04 +0100

Marcus Müller

funkylab@mastodon.social

@sprite_tm is it this camera? https://www.amazon.co.jp/-/en/Colofree-Recording-Charging-Silicone-Protective/dp/B0CB44GYB1 awesome taste ^^

Tue, 17 Dec 2024 15:24:04 +0100

Sprite_tm

sprite_tm@social.spritesmods.com

@Marcus Müller Probably this one #^https://www.amazon.co.jp/-/en/Yireal-Childrens-Digital-Megapixels-Turtles/dp/B0C4DT635G but I'd very much not surprised if it uses the same SoC.

Tue, 17 Dec 2024 15:32:21 +0100

Marcus Müller

funkylab@mastodon.social

@sprite_tm hm, just judging by strings, seems to contain libavforma (Lavf) and libsndfile. Aside from the LGPL and potential GPL violation, um there's *three* different Lavf version strings in there. This is truly the vendorest of firmwares.