Sergey Lepeshkin

If someone interested on this tv box: I've managed to download original firmware image (update.zip) from backup partition. Also I cleaned it from malware (at least I think so) and packed as modified update.zip. Files are located here: https://drive.google.com/drive/folders/1etPmH8ZG4UtPHI3Vf1U9MUHl5_gK_s-E Further info available here (in Russian): https://4pda.to/forum/index.php?showtopic=1016510&view=findpost&p=139209499

@Ducdanh Nguyen, can you contact seller of your tv box and ask if they can provide firmware (or "firmware update") for it?

So i have found what's we dealing with: it is HiSilicon hi3798mv310. See attached proc_version and config.gz. Furthermore, I've installed eset nod32 antivirus on this box and it found some suspicious apps (see photo). I will send them to eset for more thorough analysis. Overall this news is "Not great, not terrible". @Ducdanh Nguyen, I think there is no pre-built armbian or other linux distro images for this chip. I did a brief google search and found only this SDK: https://github.com/JasonFreeLab/HiSTBLinuxV100R005C00SPC050 As it seems to me, you can compile it and get some clean linux for this box. Let us know if it works. BTW, author of this SDK recommend to burn it using HiTool. But HiTool uses UART (only?) to interact with chip, and we don't have UART wired on our board. There are seems to be option to upgrade it from usb flash, but how will this work - idk... Also, here is related discussion: What about debugging by usb - either through enabling Android "Debug over usb" function or booting with reset button pushed - I doubt it will work. Nevertheless, this tv box is usable for its direct purpose. All that should be done, is replacing heatsink and changing firmware to trusted one (without any trojans and viruses). BTW, funny fact: hi3798mv310 have only 3 USB interfaces, but on our board there are 4 USB connectors. LOL! I'm wondering if there any scam museum in the world? If any, this box will be a very interesting piece for them. config.gz proc_version

No, he's problem is much more simpler. He have JTAG and UART wired on his board, so it's not a problem to do virtually anything with his box. Are you sure? Have you successfully connected adb on PC to this tv box using usb cable?

I've managed to pull out some system files out of it. Binaries is ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), so its not Allwinner H313.

Hi! @Ducdanh Nguyen , which port have you used to connect it through adb? Those on the back side (where hdmi and power connectors located), or one of those on the right side (where sd card slot located)? Was it working in standard Android boot mode ("Debug over usb" enabled through "Developer settings") or somehow else? I also own such tv box and this is what I've found crawling web and playing with this device: 1. More PCB pics is here: https://4pda.to/forum/index.php?showtopic=1016510&view=findpost&p=136516719 2. "Heatsink" (just a small piece of thick aluminium foil) is bonded to SoC using 2-sided adhesive tape (I doubt it have good thermal conductivity). I recommend to replace it with more adequate heatsink. 3. SoC seems to be fake. It doesn't have Allwinner logo on it (there are 2 pics attached: one is ours, and one is genuine). 4. There is no AXP PMIC. Instead, there are 3 separate fixed step down converters. 5. There is no transformer in ethernet circuitry! Signals from jack goes directly to SoC. So be careful with static electricity while handling it's ethernet connection. 6. First button, located near "AV" jack, just resets tv box to factory defaults (if power switched on while it's pressed - and after that "update" screen with Chinese text on it will be shown). Purpose of second button (located near "S/PDIF" jack) is mystery for me. Can anyone suppose what it is for? 7. There are two exposed test points on the bottom side of pcb under SoC. Both tied through 10k resistors to +3.3V. After power-on, one of them seems to be some input (current between pin and gnd is about 3.3/10000=0.33mA), and other is definitely driven by something else (current is about 14mA and varying in both directions). I wonder if it's uart tx and rx pins - I'll see it with oscilloscope later. Anyway, shorting this test points together doesn't influence on boot process. 8. It's highly probable there is some backdoor (something like well-known Badbox 2.0). Original firmware exhibits some suspicious network behavior: just after factory reset, once it connected to network, it opens different connections to tcp port 12000 to hosts located in China. If I close outgoing traffic on firewall to tcp port 12000, after a while, it opens similar connections, but to port 9090 to different hosts. It seems to me it's trying to join some botnet. Furthermore, if you compare process list just after first (after factory reset) connection to network, and after it been connected for a while, you will find some new processes, which doesn't belong to Android and have strange names - I think it downloads something without asking user. Summary: this cheap tv box is a full scam. It seems to me manufacturer made all to prevent re-flashing of this device. But it will be very interesting to make something useful out of it.