HowTo: Flash original Xiaomi firmware from sdcard (factory reset)

Via SSH / Serial

1. Download firmware file "upd_isa.camera.isc5.bin.extracted" from: firmware v3.0.3.56
2. Extract the file and place the files in the root of your SDCard on the first (FAT) partition "mmcblk0p1"
3. Connect with Serial to the camera (via PUTTY, Serial 115200) Or if the device is hacked, activate Dropbear and connect via SSH to the camera.
4. Login to the camera using "root/ismart12"
5. Place the SDCard in the device (it should mount the SDCard on /media/mmcblk0p1)
6. Copy the file "0.elf" to the folder "/tmp"
7. Rename "snx_autorun.sh" on the SDCard to another name, fi: "snx_ar.sh"
8. cd /tmp
9. Execute the executable: "./tmp/0.elf" (!!not from the sdcard!!)
10. Check the output for "fwupdate end!"
11. Eject SDCard
12. Reboot device with: reboot

Via SDCard

1. Download firmware file "upd_isa.camera.isc5.bin.extracted" from: firmware v3.0.3.56
2. Extract the file and place the files in the root of your SDCard on the first (FAT) partition "mmcblk0p1"
3. Rename "0.elf" to "FIRMWARE_660R.bin"
4. Push setup button while powering up the device. The device should auto reboot after flashing.

The device should now be factory reset. Thus requires the setup process (setup button, qr code scan, etc.)

It should give the following output on the console:

image table size:0x0000003c
index:0
reservations:0x12345678
offset:0x00005e84
size:0x00001000
flash start address:0x00001000
flash end address:0x00001fff

index:20
reservations:0x12345678
offset:0x00006e84
size:0x002e5c54
flash start address:0x000c0000             
flash end address:0x003bffff

index:40
reservations:0x12345678
offset:0x002ecad8
size:0x006d3070
flash start address:0x003c0000             
flash end address:0x00abffff

fwupdate end!

Technical background: Apparently the 0.elf file is a combination of:

• flash writer code
• ????? image (address: 0x00001000, 4.096 bytes)
• kernel image (address: 0x000C0000, 3.038.292 bytes)
• rootfs image (address: 0x003C0000, 7.155.824 bytes)