Hi, I haven’t logged in to here for a very long time. Now that Neato has shut down, are there any hacking projects like custom firmware?
Sent from my iPhone using Tapatalk
Catching up
-
CodaCM
- Robot Master
- Posts: 172
- Joined: November 5th, 2022, 11:58 am
- Location: Minnesota, USA
- Contact:
Re: Catching up
It was so recent that I don't think any custom Firmware has been released yet. It would be cool to see some though. Volwerk will continue to support Neato products for 5 years but IDK if there will be any new updates to the already buggy Neato custom Linux Firmware in that timeframe. Probably the XVs and non-wifi Botvacs will get their own custom firmware since they are older and you can use Neato Control on them to upload stuff and commands.MyVisionWasBl0ck3d wrote:Hi, I haven’t logged in here for a long time. Now that Neato has shut down, are there any hacking projects like custom firmware?
Sent from my iPhone using Tapatalk
Coda
Most "Active" Forum Mod
Website Question? Check out the FAQ section.
Roomba/Scooba Question? Check out the READ FIRST section.
Neato Question? Check out the Support Tools list I made.
Before posting, check out the improved Search engine. Your question might have been answered already.
Most "Active" Forum Mod
Website Question? Check out the FAQ section.
Roomba/Scooba Question? Check out the READ FIRST section.
Neato Question? Check out the Support Tools list I made.
Before posting, check out the improved Search engine. Your question might have been answered already.
Re: Catching up
I bought a second neato for this, but i'm no hackerman so i'm walking blind here. I found this paper, which describes a boot menu which might allow to load a generic ipl which then can print out memory.
The paper said neato patched that in Version 4.4.0-72 by skipping the boot menu, but i also saw threads around here for downgrading the firmware so i hope if the ipl was updated it also can be downgraded if some older firmware update contains a ipl update.
I haven't yet got my 3.3V rs232usb adapter, but i want to see whether that bootmenu is still there or whether it returns when resetting or downgrading, if yes someone who worked with QNX Momentics or a beaglebone might be able to compile something that is bootable and dumps the upper 2gb as in the paper, then we have to only hope the firmware still doesn't clear memory on reboot.
________________________
Edit:
So turns out the D7connected i bought has 4.5.3 (according to update process documented in slogs.bin1) so it's already patched. When i reset with left and front bumper (or when i downgraded to 4.2.0 idk) the bootloader version in neatotoolio went from "90c973a5", which seems to be the patched one, to "46878" but the bootmenu still reports "ARCHES Board (05.0x90c973a5)". So seems the bootloader doesn't get overwritten or 4.2.0 update doesn't contain one. On reboot with testmode on and open dustbin it says "press enter twice for boot menu" but doesn't react to pressing enter twice, with dustbin closed it just states "not factory"
I haven't found a older update than 4.2.0 that might contain a ipl update, it still generates dumps with 4.5.3 filenames so i guess that means ipl didn't get downgraded, so the findings in the paper are still patched. I'm open for ideas but tbh i hope for someone with a never updated beyond 4.2.0 neato.
The paper said neato patched that in Version 4.4.0-72 by skipping the boot menu, but i also saw threads around here for downgrading the firmware so i hope if the ipl was updated it also can be downgraded if some older firmware update contains a ipl update.
I haven't yet got my 3.3V rs232usb adapter, but i want to see whether that bootmenu is still there or whether it returns when resetting or downgrading, if yes someone who worked with QNX Momentics or a beaglebone might be able to compile something that is bootable and dumps the upper 2gb as in the paper, then we have to only hope the firmware still doesn't clear memory on reboot.
________________________
Edit:
So turns out the D7connected i bought has 4.5.3 (according to update process documented in slogs.bin1) so it's already patched. When i reset with left and front bumper (or when i downgraded to 4.2.0 idk) the bootloader version in neatotoolio went from "90c973a5", which seems to be the patched one, to "46878" but the bootmenu still reports "ARCHES Board (05.0x90c973a5)". So seems the bootloader doesn't get overwritten or 4.2.0 update doesn't contain one. On reboot with testmode on and open dustbin it says "press enter twice for boot menu" but doesn't react to pressing enter twice, with dustbin closed it just states "not factory"
I haven't found a older update than 4.2.0 that might contain a ipl update, it still generates dumps with 4.5.3 filenames so i guess that means ipl didn't get downgraded, so the findings in the paper are still patched. I'm open for ideas but tbh i hope for someone with a never updated beyond 4.2.0 neato.
- Attachments
-
- woot19-paper_ullrich.pdf
- (1.95 MiB) Downloaded 256 times