Skyworth hp4024 (hp40a)

Search This thread
By:
Advanced…
D

Deleted member 11959327

Guest
宫本五藏 said:
To be precise, the setup wizard on the startup screen cannot log in to a Google account.

return
There is a problem with your verified device
Click to expand...
Click to collapse
Is this using the original firmware, or the xiaomi firmware?

If it is the original, is it the same build that is contained in your previously posted emmc dump?

And is it entirely in a virgin state, or have any modifications have been made?

Is there any option to skip google account login during setup? The km2 has the option to skip.
 
宫本五藏

宫本五藏

Member
Nov 13, 2022
16
3
goapy said:
這個是用原裝固件還是小米固件?

如果是原始版本,它是否與您之前發布的 emmc 轉儲中包含的版本相同?

它是完全處於原始狀態,還是進行了任何修改?

是否有任何選項可以在設置過程中跳過谷歌帳戶登錄?km2 有跳過的選項。
Click to expand...
Click to collapse
It is the original firmware, without any skip option, this device is different from the previous s905X2-J device, uboot shell is not available.
 
D

Deleted member 11959327

Guest
宫本五藏 said:
It is the original firmware, without any skip option, this device is different from the previous s905X2-J device, uboot shell is not available.
Click to expand...
Click to collapse

If the u-boot shell is not available, I guess that means that you're not able to dump the emmc using ddbr?

In that case, you can dump the individual partitions by shorting into burn mode, as described here.

Once the firmware on the problematic device is examined for compatibility, it may be possible to flash firmware (just the individual partitions) to solve this problem, from your other device. But not if the bootloader is encrypted.

First step is to dump the individual partitions using burn mode. Refer to the uart log to get the size of each partition. Or, if you already have a dump from the problematic device, post it.
 
R

rompo6

Member
Oct 29, 2022
9
1
goapy said:
If the u-boot shell is not available, I guess that means that you're not able to dump the emmc using ddbr?

In that case, you can dump the individual partitions by shorting into burn mode, as described here.

Once the firmware on the problematic device is examined for compatibility, it may be possible to flash firmware (just the individual partitions) to solve this problem, from your other device. But not if the bootloader is encrypted.

First step is to dump the individual partitions using burn mode. Refer to the uart log to get the size of each partition. Or, if you already have a dump from the problematic device, post it.
Click to expand...
Click to collapse
In 'burn method' how to boot test/dry run bootloader from usb?
 
mazjed

mazjed

Senior Member
Jul 31, 2006
144
7
any help to solve

boot loop



G12A:BL:0253b8:61aa2d;FEAT:F2F939B2:32060;POC:F;RCY:0;EMMC:800;NAND
:81;SD?:20000;USB:8;LOOP:1;EMMC:800;NAND:81;SD?:20000;USB:8;LOOP:2;
EMMC:800;NAND:81;SD?:20000;USB:8;LOOP:3;EMMC:800;NAND:81;SD?:20000;
USB:8;LOOP:4;EMMC:800;NAND:81;SD?:20000;USB:8;LOOP:5;EMMC:800;NAND:
81;SD?:20000;USB:8;????????????G12A:BL:0253b8:61aa2d;FEAT:F2F939B2:
32060;POC:F;RCY:0;EMMC:800;NAND:81;SD?:20000;USB:8;LOOP:1;EMMC:800;
NAND:81;SD?:20000;USB:8;LOOP:2;EMMC:800;NAND:81;SD?:20000;USB:8;LOO
P:3;EMMC:800;NAND:81;SD?:20000;USB:8;LOOP:4;EMMC:800;NAND:81;SD?:20
000;USB:8
 
R

rompo6

Member
Oct 29, 2022
9
1
mazjed said:
any help to solve

boot loop



G12A:BL:0253b8:61aa2d;FEAT:F2F939B2:32060;POC:F;RCY:0;EMMC:800;NAND
:81;SD?:20000;USB:8;LOOP:1;EMMC:800;NAND:81;SD?:20000;USB:8;LOOP:2;
EMMC:800;NAND:81;SD?:20000;USB:8;LOOP:3;EMMC:800;NAND:81;SD?:20000;
USB:8;LOOP:4;EMMC:800;NAND:81;SD?:20000;USB:8;LOOP:5;EMMC:800;NAND:
81;SD?:20000;USB:8;????????????G12A:BL:0253b8:61aa2d;FEAT:F2F939B2:
32060;POC:F;RCY:0;EMMC:800;NAND:81;SD?:20000;USB:8;LOOP:1;EMMC:800;
NAND:81;SD?:20000;USB:8;LOOP:2;EMMC:800;NAND:81;SD?:20000;USB:8;LOO
P:3;EMMC:800;NAND:81;SD?:20000;USB:8;LOOP:4;EMMC:800;NAND:81;SD?:20
000;USB:8
Click to expand...
Click to collapse
check if you can write armbian image to usb(try all ports) & boot

github.com

GitHub - ophub/amlogic-s9xxx-armbian: Armbian for Amlogic and Rockchip. Support a311d, s922x, s905x3, s905x2, s912, s905d, s905x, s905w, s905, rk3588, rk3568, rk3399, rk3328, etc. including install to EMMC and update related functions.

Armbian for Amlogic and Rockchip. Support a311d, s922x, s905x3, s905x2, s912, s905d, s905x, s905w, s905, rk3588, rk3568, rk3399, rk3328, etc. including install to EMMC and update related functions...
github.com github.com
 
  • Like
Reactions: mazjed
mazjed

mazjed

Senior Member
Jul 31, 2006
144
7
Any how my Device still breckd i can't help any more . i will try the hdmi port , but i don't have time
 
M

mirosslav

New member
May 25, 2009
1
1
U-Boot

g12a_u212_v1#printenv

EnableSelinux=enforcing
Irq_check_en=0
active_slot=normal
androidboot.dtbo_idx=0
avb2=1
baudrate=115200
bcb_cmd=get_avb_mode;get_valid_slot;
boot_part=boot
.........................

g12a_u212_v1#reboot recovery

msg502187645-4179.jpg


let's go
 
Last edited:
  • Like
Reactions: syneoa
K

kalehrl

Senior Member
Nov 22, 2017
812
335
mirosslav said:
U-Boot

g12a_u212_v1#printenv

EnableSelinux=enforcing
Irq_check_en=0
active_slot=normal
androidboot.dtbo_idx=0
avb2=1
baudrate=115200
bcb_cmd=get_avb_mode;get_valid_slot;
boot_part=boot
.........................

g12a_u212_v1#reboot recovery

View attachment 5827301

let's go
Click to expand...
Click to collapse
As your log shows, the box has Android verified boot active so if you change just 1 byte on a partition, it won't boot. I really don't see how it can be circumvented 😔
 
  • Like
Reactions: mazjed
dankatapich

dankatapich

Member
Feb 17, 2023
8
0
Hi i have the hph07 the one with all the ports but its running android 8 with full access to the settings, and developer mode free to enable, it can be sellected custom launcher (but needs to press a custom programed button on the remote right after it start the android os, becuse im forced to keep the main iptv app and dont touch it in order to dont avoid the warranty from the cable provider) i have a little strugle bc i want to install android tv or something that works with chromecast bc in the site manufactuare has a lable chromecast enabled but mine dosent have it for the fact that it is android not android tv, you can enable adb on it, all that without even openig it (it has a skyworth testing software and other left over from the testing proces) in the developer mode has some processes that some of them idk for what they are it can kill the processes and still works, one of them is skyworth update software runnig 24/7, in the left over testing stuff is a flashing tool for the hdcp, and hardware testing software, it can sideload apps without a problem, i will love to share a firmware dump but i really dont want to open the stb, i will buy one second Hand and test further on that, if anyone has an intrest of me sending one second hand box to them it can dm me, when the chromecast bilt in app is instaled it shows untrusted device so idk, thats all i have for now, any questions below i will respond as soon as posible



Some pictures from what i have done to my box and what i saved from the left overs:
 

Attachments

  • Screenshot_20230217_132715_File Manager +.jpg
    Screenshot_20230217_132715_File Manager +.jpg
    509.6 KB · Views: 73
  • Screenshot_20230214-162352.png
    Screenshot_20230214-162352.png
    148.2 KB · Views: 71
  • Screenshot_20230217-134129.png
    Screenshot_20230217-134129.png
    64.1 KB · Views: 62
  • Screenshot_20230217-134222.png
    Screenshot_20230217-134222.png
    151.3 KB · Views: 48
  • Screenshot_20230217-134234.png
    Screenshot_20230217-134234.png
    153.3 KB · Views: 48
  • Screenshot_20230215-183945.png
    Screenshot_20230215-183945.png
    730.5 KB · Views: 45
  • Screenshot_20230217-133928.png
    Screenshot_20230217-133928.png
    85 KB · Views: 46
  • Screenshot_20230217-133942.png
    Screenshot_20230217-133942.png
    88.8 KB · Views: 37
  • Screenshot_20230217-133956.png
    Screenshot_20230217-133956.png
    88.6 KB · Views: 31
  • Screenshot_20230217-134004.png
    Screenshot_20230217-134004.png
    97.1 KB · Views: 31
  • Screenshot_20230217-134037.png
    Screenshot_20230217-134037.png
    120.5 KB · Views: 26
  • Screenshot_20230217-134138.png
    Screenshot_20230217-134138.png
    65.6 KB · Views: 24
  • Screenshot_20230217-134212.png
    Screenshot_20230217-134212.png
    110.7 KB · Views: 64
Last edited:
You must log in or register to reply here.

Similar threads

H
I review the MXQ Pro Android box, and skewer it for misusing Kodi's name
Replies
0
Views
13K
H
hpka
S
[S905x] Skip's Mi TV Box (USA) Tools v1.00 (Android TV MDZ-16-AB)
Replies
14
Views
11K
bzz11g
bzz11g
K
Skype with Logitech cam , cannot get it to work?
Replies
0
Views
270
K
Kevyk

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 2
    K
    kalehrl
    Hi guys. I have a Skyworth hp4024 (hp40a) which is the same as Strong Leap-s1 or Mecool KM2. It is probably based on s905x2 and the RAM is DDR4 - at least that's what the system info on the box says. I got it from my iptv provider but I can't get out of a factory launcher so the box is useless except for iptv. There is no reset button, developer options can't be enabled because it says 'developer options are not available for this user' so I can't connect to it via adb. Can you help me figure out short pins on the box? I tried shorting some but the box wasn't recognised in the burning tool.

    PXL_20220402_084741661.jpg PXL_20220402_084704078.jpg
    View
    2
    D
    Deleted member 11959327
    mazjed said:
    its still recognized from the usb burning tool if i could make rom img from the super backup it will be great
    Click to expand...
    Click to collapse
    It won't work because that is the password protected type of worldcup connection. There are two types of worldcup connections. For this device, only the second type (with the uart response shown) can work because of the password protection.

    mazjed said:
    not working
    Click to expand...
    Click to collapse
    I've used this method, so I know that it works. Did you have the bootloader start at 0h offset or 200h offset?

    To be sure, you can dump the whole emmc to a micro sd card.
    View
    2
    D
    Deleted member 11959327
    This means that the bootloader is corrupted.

    Did you try to flash an alternative bootloader? Any alternative bootloader can't work because it will either be encrypted differently, or not encrypted at all. Which means that the encryption won't match the original bootloader.

    It can be fixed by copying the original bootloader to a micro sd card, not as a file, but as a raw device.

    Using dd in linux would work. From block device to block device. Do you know how to do this?

    Which device is this again?
    View
    2
    宫本五藏
    宫本五藏
    Connect TTL to start UBOOT

    setenv bootfromrecovery 0

    setenv bootfromnand 0

    setenv start_ mmc_ autoscript "run switch_bootmode"

    setenv start_ usb_ autoscript "if fatload usb 0 11000000 aml_autoscript; then autoscr 11000000; fi; if fatload usb 1 11000000 aml_autoscript; then autoscr 11000000; fi;"

    setenv start_ autoscript 'if usb start; then run start_ usb_ autoscript; fi; run start_ mmc_ autoscript; '

    setenv bootcmd 'run start_ autoscript'

    saveenv
    View
    2
    D
    Deleted member 11959327
    iAbdul said:
    Has anyone found the eMMC short pin?
    Click to expand...
    Click to collapse

    See here. But it takes trial and error to get a good burn mode connection on any given attempt. Sometimes the short will result in a dfu (usbdl mode) connection, which won't work. So you may need to try repeatedly to get a working burn mode connection by tapping the points during the early boot process.
    View

New posts