DrSchottky

Yes, surely it's an easier way, but that's just a starting point for something more complicated where I won't flash a clean image (but a customized one that should be different from the OS used for flashing) and, last but not least, I'm interested in knowing where the problem is UPDATE: Ok, I reflashed it and now it works So flashing through dd seems fine From serial monitor I see that sometime it hangs on U-Boot SPL 2018.11-armbian (Feb 08 2019 - 11:35:32 +0100) DRAM: 512 MiB Trying to boot from MMC2 that's what was happening before, but it's another kind of problem (looks like u-boot for h5 has a few issues)

Hi all, I'm experimenting with OPi Zero 2+ and I would like to flash onboard eMMC with a fresh Armbian (from a clean img, not from running system). What I did is booting from SD, downloading an Armbian img and dd'ing it into emmc device file, being sure it would have been enough since is what we do (I think?) when we write img to SD cards. I found out it won't boot unless I manually flash sunxi-spl.bin at 0x2000. What am I missing? Isn't that supposed to be flashed with image? Is dd a proper method to flash a clean image on mmc from a running system? Thank you

Hi all, I would like to let you know that I successfully added to nexmon (framework to patch broadcom WiFi's driver+fw and add functionalities, like monitor mode) support for Orange Pi Zero 2+ (H3 and H5) running the latest Armbian (kernel next) Both boards have AP6212A as WiFi chipset, that is based on same Broadcom core of Raspberry Pi 3B/0W (bcm43430a1). What I did is basically porting brcmfmac's patches to 4.19 and compiling the Arm toolchain (for firmware cross-compiling) for aarch64. It ain't much but it's honest work I kept airodump running for a few hours and it seems stable. If you want to take a look/try it you can find the code here Greetings

Hi, unfortunately no, I'm still looking at sbrom source. I'm even having problems compiling the fuse burner (it gives me linking error in your implementation of printf). Could you tell me how did you manage to compile it? By the way yes, toc0 header has a debug flag to enable debug prints, but as far as I can see from a sbrom dump they've been removed in production. What about trying to debug sbrom code by making a fel-bootable image containing part of that code?

I'm interested in secure boot too. @xeniter did you make any progress?

Although I suggest you to buy one of that dongles if you really want to go with Zero Plus2 be sure to buy the H3 version, since Nexmon doesn't come with aarch64 support

I suggest you to buy one of the mentioned 8812AU USB dongles or, if you want to use the embedded WiFi, a Zero Plus2 H3 w/ Nexmon. RTL8189FTV should support monitor mode (it's mostly a matter of drivers), but I never tested it so I can't guarantee.

Hi all, I'm doing experiments with WiFi monitor mode on AP6212(bcm43430)-based boards with nexmon (driver/fw patching framework for wifi monitor mode). I tried it on OPi Zero Plus 2 (Kernel 4.14) and it works pretty much "out of the box", but sometime crashes. I'm still investigating about it, since the same fw+driver work flawlessy on RPi Is there anyone else who played around with it?

Ok, thanks for the hint. Oh, since I haven't found one I made a little tool to dump the bootrom from userspace (tested on Armbian for H2+/H3, but should work on other SoCs too). I leave it here, just in case someone wants to play with this stuff

Thank you, but I don't get how DTs could help me to understand BROM internals (my goal atm is to understand all the steps from reset vector to BT0/TOC0/FEL)

Hi Tido, I know the basic theory behind DTs, but never wrote one from scratch nor played that much with them

Hi there, I've just got my first H3 board (OPi Zero +2) and I'm interested in learning how boot process works in detail, with a focus on Security ID features. As far I can see there's not that much documentation about S/NBROM (essentially linux-sunxi's Wiki and Allwinner-info git repo) and what's supposed to be H3's NBROM (header 1100, 1100, 1633) looks like slightly different from A10's one (from git) at first glance. Is there anyone here who has already worked on it and/or has info/symbols/pseudocode/whatever might speed up the reversing process? Thank you!