Add camhi (Hi3516CV610 / Hichip PIHC) target#44
Open
josephnef wants to merge 1 commit into
Open
Conversation
Adds a coupler build target for CamHi-app cameras on the Hisilicon Hi3516CV610 SoC, which ship firmware in the proprietary "PIHC" container accepted by the vendor's admin upgrade.cgi endpoint. Reverse-engineered from the vendor ipc_server binary and one live reference device (MPP HI3516CV610_MPP_V1.0.1.0 B040): - pihc_pack.py: PIHC container builder. 512-byte header (PIHC magic, type 4098, six component lengths, six MD5(component||"IPCAM") integrity strings), concatenated components, PK-signature mangle on the zip slot. The Hichip block cipher on the zip component is NOT AES and is left unreversed; the empty-zip path stays under the cipher's 1024-byte threshold so it is never needed. - uboot_env.py: pure-Python mkenvimage fallback (CRC32 + KEY=VALUE env). - _camhi2oipc.sh: wraps an OpenIPC hi3516cv6xx release into a .pkg. Builds a u-boot env that switches init=/bin/sh -> init=/init and relabels the trailing partition to rootfs_data for OpenIPC's overlay; omits boot.img to preserve vendor u-boot (keeps TFTP recovery); aborts if the rootfs exceeds the 3456K partition. - camhi.yml: workflow that self-tests the packer then builds one generic image (sensor left to OpenIPC autodetect / fw_setenv). - tests/test_pihc_pack.py: 19 unit tests mirroring the vendor's header validator (sub_36A70). - tests/test_build_e2e.sh: end-to-end build smoke test against a synthetic release tarball, validating the produced .pkg. - tests.yml: runs both test suites on push/pull_request. - camhi-NOTES.md: verified facts (partition geometry, flash path) vs the open questions. STATUS: UNTESTED ON HARDWARE. The format and partition map are verified by reverse engineering, the packer is unit-tested, but no end-to-end conversion flash has been performed. README marks the target (Untested!). No sensor or root password is asserted — neither was verified on the reference unit.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds a coupler build target for CamHi-app cameras on the Hisilicon Hi3516CV610 SoC. These ship firmware in a proprietary "PIHC" container that the vendor's admin
upgrade.cgiendpoint accepts; this PR builds an OpenIPC.pkgin that container so the camera flashes itself to OpenIPC via its own web upgrade.The format and partition map were reverse-engineered from the vendor
ipc_serverbinary and one live reference device (MPPHI3516CV610_MPP_V1.0.1.0 B040).The container format is verified by reverse engineering and the builder is unit-tested, but no end-to-end conversion flash has been performed. The README marks the target
(Untested!). Do not flash a unit you cannot recover over UART/TFTP.How it works
pihc_pack.py— PIHC container builder: 512-byte header (PIHCmagic, type 4098, six component lengths, sixMD5(component||"IPCAM")integrity strings), concatenated components, PK-signature mangle on the zip slot. The Hichip block cipher on the zip component is not AES and is left unreversed; the empty-zip path stays under the cipher's 1024-byte threshold so it's never needed.uboot_env.py— pure-Pythonmkenvimagefallback so the build runs without u-boot-tools._camhi2oipc.sh— wraps an OpenIPChi3516cv6xxrelease into a.pkg. Builds a u-boot env that switchesinit=/bin/sh→init=/initand relabels the trailing partition torootfs_datafor OpenIPC's overlay; omitsboot.imgto preserve the vendor u-boot (keeps TFTP recovery); aborts if the rootfs overflows the 3456K partition.camhi.yml—workflow_dispatchbuild; self-tests the packer then builds one generic image (sensor left to OpenIPC autodetect /fw_setenv).tests.yml— runs the unit + e2e tests onpush/pull_request.Tests
tests/test_pihc_pack.py— 19 unit tests mirroring the vendor's header validator (sub_36A70).tests/test_build_e2e.sh— end-to-end build against a synthetic release tarball, validating the produced.pkg(magic, type, component layout, all MD5+IPCAM checksums, and theinit=/init+rootfs_dataenv changes).Both are wired into CI via
tests.yml.Verified vs open
.github/workflows/camhi-NOTES.mddocuments the split. Verified: partition geometry (/proc/mtd,/proc/cmdline), PIHC format, the MD5-only integrity scheme, the upload→stage→flash path. Open: that it actually boots OpenIPC,flash_upg.shexact mapping, overlay adoption, whether the ultimate rootfs fits 3456K, and the image sensor.