Go. Pro HERO5 Tear Down and Software Study HYPOXICWell, it lasted a whole week, but I had to pop the hood on the new Go. Pro HERO5 Australia Streaky MP and see what makes it tick. Lets start with the hardware. Finally had a chance to sit down and hack the TPLink TLMR3040 Wireless unit. In case you missed it, with a little bit of work you can setup the TPLink TLMR3040 to. Considering what a creepshow Bluray was on its roll out with all the firmware and disc issues, remember the blujava menu problems HDCP. LOL. UPDATE Godox have now released the new G1 firmware update software, which now replaces the original Java based upgrade software discussed below. With Godox. Still cameras. The following digital cameras allow photos to be taken and saved in at least one raw image format. Daemon Tools Pro Enhanced 4 4. Some cameras support more than one, usually a. Sony-NEX-5-e1344769223203.jpg?itok=sSY7DCvL' alt='Sony Nex 5 Firmware Hack' title='Sony Nex 5 Firmware Hack' />Go. Pro completely apart. Note the cover is on with tape, and ultrasonically welded around the LCD no need for that hole, but its tough. The lens just twists off. Components. Ambarella A9. GoPro HERO5 Tear Down and Software Study. Posted by Mark Kirschenbaum on Oct 11, 2016. The Food and Drug Administration announced today that 465,000 pacemakers installed in the US have a security vulnerability that could be exploited to make the device. Panasonic unveil the impressive S35 EVA1 Sony announce they are developing a full frame digital cinema camera. The Sony a6300 is the companys latest midrange mirrorless camera. Like the a6000 it still offers 24MP resolution but the autofocus ability, video capability, build. Sony Nex 5 Firmware Hack' title='Sony Nex 5 Firmware Hack' />SE7. Dual Core Cortex ARM A9 with 4k Image processor. SONY IMX1. 17. Same sensor as Go. Pro HERO4. MICRON MT2. UZ4. B8. DZZHGPB 1. Combo 4. Gb NAND Flash 8. Gb Mobile LPDDR3. AMS AS3. 71. 6Power Management ICublox UBX M8. M8 concurrent GNSS chips GPSFocal. Tech 3. 30. 6DMB Touchcontroller. Qualcomm QCA9. 37. Bluetooth 4. 1. CONEXANT CX2. ADCTI TPD1. 3S5. 23. RSVRHDMI PHYBosch BMI1. Gyro Sensor. Sitronix ST7. RGBx. 48. 0 dot 2. K Color Display Driver. Sitronix ST7. 57. COG 1. 28x. 12. 9 Front Panel LCDATMEL SAM D2. E1. 6AEncryption Identify Friend or Foe, HEROBUS driver. ATMEL ATSHA2. 04. AOn accessories to ensure authentic i. Most likely on batteries too via 1 wire. Bottom Side of the Go. Pro HERO5. The hardware for the most part is understandable. Ambarella A9se. 7 Processor 8. Gb NAND, 8. Gb of DDR3 6. Qualcomm for wireless, ublox for GPS, and AMS again for power monitoring and charging. Mechanically this thing is tough. The face is on there tight and the heatsink mounting face appears to be made out of magnesium. The body is injected molded plastic. There are 3 mics with waterproof channels, and a speaker. The GPS antenna is located above the lens. Go. Pro HERO5 GNSS module with antenna on back side Encryption DRMThe surprise is the Atmel SAM D2. E1. 6 part Australia MCU which is used for Identify Friend or Foe Challenges and to offload some of the smarts talking to HEROBUS GCCB Protocol devices. It also coordinates all the USB C PD power delivery controller and USBC pin muxing. When an accessory is detected by communications over CC1, authentication is done to a ATSHA2. A over i. 2c on the TXTX pins. Once authorized, D D pairs, become their appropriate functionality. VCONN also remains active. Weve done a through all analysis on  this encryption, but will keep it internally. The first devices that use the new HEROBUS are Go. Pro Karma, a Spherical Camera solution, a display port dongle for the Session, and the Gantry Pro 3. The MCUs bootloader and app are encrypted and theyve code protected the device. It appears Atmels appnote was followed so perhaps they used the default keys of C0. DE or Go. Pro. Go. Pro. X ray of the Go. Pro HERO5 Motherboard. Update None the less, circumvention is possible, but will take some work. The Atmel D2. 1 datasheet specifically warns of VDDANA BOD brown out detect being on and expect it possible to glitch the fetching of the code protect bits during power on reset. In fact, if a SWD probe is connected, this BOD test is disabled so it may be possible to boot the MCU without code protection. When a datasheet warns this much, you know there is a hole. Sure the Chinese are on it right now after Go. Pro Inc. left a carrot out on the third party batteries then swiped it away with the v. Thats a lot of inventory they have to throw away and sure they are not happy. Speaking of which, the battery is also polled for an authentication response. Wire communication is going on between these two, but we havent looked into the protocol yet. Right now I believe its just a, are you there Just FYI the 4 lines leading up to the battery are BATT, BATT , Thermistor, one wire comm. UPDATE  Go. Pro HERO5 BLACK version 1. I dont have any HERO5 third party batteries to test out, but it appears this test is done within the Atmel MCU and probably to a ATSHA2. The HEROBUS is now over USB C via the PD CC1 2 channel. Once the device is determined, it can enable I2. C, SPI, USB, I2. S etc. The USB C debug accessory is not enabled so communication to the RTOS or Linux needs to be done slyly. Kirkwood Go. Pro KARMA uses MTP over USB to control the camera once the PD determines the Kirkwood via the Sentinel is inserted. Find out more on our Go. Pro HERO5 Interfaces article. Fun facts The fly controller on the KARMA is called Sentinel and the Wi. Fi remote, running Android, is called Buckhorn. Stabilizer is Coyote. Karma Grip is Slingshot. Licensed Software. Fluent. Soft SDK v. Voice Recognition. Adobe XMP Metadata organization. Code Names. Its always fun to uncover the hardware code names. Here they are Go. Pro HERO5 Black. Australia Streaky Go. Pro HERO5 Silver Not ReleasedSquirrels. Go. Pro HERO5 Session. Margaret River. Go. Pro Fusion. Superbank or Popoyo. Go. Pro HERO6. Chones. Calibration. Man there is a lot of calibration done on these things at the factory. Bad Pixels, Vignette, Gyro, Audio, White Balance, and Communication. Calibration is done via the pogo pins and is not accessible without a firmware mod. Wireless. You probably didnt realize, but BLE Bluetooh low energy stays on after the camera has been powered off. Luckily, BLE takes almost no energy but the Go. Pro will shut down BLE after 8 hours. This low power connection allows your phone and controllers such as the REMO Code named Sniper to power on the camera without the drain of Wifi. Gone is the blinking blue LED, because honestly it doesnt matter anymore. As a note, most BLE devices last a couple years with a coin cell battery. According to Abe Kislevitz, after 8 hours BLE shuts off and the battery only drains 2. Communication Protocols. Weve taken a look at the protocols which exist in the Go. Pro HERO5. Take a look at our Go. Pro HERO5 Interfaces. Futures. The Spherical Camera and third party wired devices will shortly be released. Go. Pro does not release their full API even to official developers so feel they will keep the multi camera solutions in house and only allow wired solutions for those select application they choose. BLE is a super nice interface and we expect a few aftermarket BLE Go. Pro devices to ship. Its apparent, with the lack of 3rd party solutions, that Go. Pro did not give their Developer Program any forewarning about the HERO5. Sounds like they got Go. Pro HERO5s in early October too. Closing Remarks. Were honestly ticked with the Developer Program. All I can say is stay tuned. Nothing illegal with releasing an API Google vs Oracle Lexmark vs. Static Control. For the meanwhile here is our github Go. Pro HERO5 repo with some of the linux dumps. Listen up Go. Pro Inc. On December 1. 4th 2. Go. Pro provided their open source libraries used in the Go. Pro HERO5. It is located here Go. Pro HERO5 Linux and GPL Libraries. LEGAL This product andor service is not affiliated with, endorsed by, or in any way associated with Go. Pro Inc. or its products and services. Go. Pro, HERO, and their respective logos are trademarks or registered trademarks of Go. Pro, Inc. HEROBUS and BACPAC are trademarks of Go. That HBO Game of Thrones Hack Was Worse Than We Thought. Well, this isnt terribly surprising. According to the latest dispatch from Variety, the hackers who broke into HBOs servers and stole 1. Game of Thrones script, also stole employee data. More specifically, the hackers made off with thousands of Home Box Office HBO internal company documents. Thats bad. Thanks to a DMCA takedown notice, we now know that the HBO cyber heist not only included secret information about shows but also information about HBO employees. This update comes as a result of a disclosure made by a security company recently tasked with preventing links to the stolen content showing up on Google. Variety reports The hackers appear to have also leaked personal information of a senior HBO executive. That information, published online in a text document, contains access information to dozens of online accounts, including paid newspaper subscriptions, online banking, and personal health services. At least one of these accounts may also have given the hackers access to the executives work email. An image file published as part of the leaks appears to show screenshots of HBOs internal administration tools, listing employee names and email addresses and their functions within the organization. Eeeegggghhhhhh thats really bad. This revelation makes the HBO hack look a lot more like the dreaded Sony hack of 2. Sony executives Amazon purchases. Initially, it appeared that the recent HBO hack was most impactful for the theft and possible leak of Game of Thrones data. The digital thieves also allegedly released unseen episodes of Ballers, Insecure, and Room 1. George R. R. Martins dragon studded epic might. The new disclosure, Variety reports, also includes, Two episodes of Barry, the hit man comedy starring Bill Hader that is not scheduled to air until 2. Lets be honest, though. None of the leaked episode data could be nearly as damaging as private information about HBO employees. If the personal banking details of one HBO executive have already been released, theres a good chance that the hackers have more data like that. And frankly, the notion of such sensitive information finding its way on to the internet is very, very bad for HBO. For now, at least, it looks like HBO is working hard to contain the dissemination of the leaked information. To the companys credit, links to download the stolen data havent made it on to mainstream internet forums like Reddit, though it certainly might in the coming hours and days. Lets hope not, though. It might be fun to know whats going to happen next on Game of Thrones. Its no fun for unsuspecting HBO employees to deal with the disaster of their most personal information being shared around the web. Update 4 4. 5pm HBO corporate is now reassuring staff that their email inboxes were not implicated in the attack. As Entertainment Weekly reported, chairman Richard Plepler told HBO staff in an email As promised, I wanted to update you on our recent cyber incident and where we currently stand. There has been and will continue to be an enormous amount of speculation in the media. It is important to understand that, as is often the case, things you read may very well not be true. Many people have expressed particular concern about our e mail system. At this time, we do not believe that our e mail system as a whole has been compromised, but the forensic review is ongoing. We are also in the process of engaging an outside firm to work with our employees to provide credit monitoring and we will be following up with those details. Meantime, continue to do the excellent work which defines this company across all departments and know that the appropriate teams are working round the clock to manage our way through this difficult period. That said, we still dont know if the hackers managed to get ahold of any emails. Thats up to the hackers to reveal at this point.