GoPro HERO7 Silver & GoPro HERO7 White Research

The GoPro HERO7 White & Silver are completely different beasts from previous GoPro cameras. Based upon yet another image processor, Qualcomm Snapdragon 624, the architecture is a Qualcomm Snapdragon reference design with the GoPro application layer. Here is a quick psuedo-teardown of the GoPro HERO7 White & Silver. 

Hardware Name Tasmania perhaps originally named Popoyo

Design Wins

Takeaways

1. Completely Linux Android based code. The software that used to run on the RTOS is now a binary that runs in linux called gpcam.
2. Silver and White revisions run the same code base. There is a single resistor value read that determines the camera model. I'm unsure if the GPS Antenna & module are installed on the White revision. 

Further Testing

Conversion

Theoretical: Hard code "drv_get_prod_id" to return '0' for a White revision to work as a Silver. Seems White version has a "lite" processor so perhaps this will not work. With that said, since GoPro is worried about inventory, they possibly have the same motherboard for both cameras. In the future, dependent upon sales, they could cost reduce the white to the "slower" processor. It's doubtful, but a possibility. 

Root Access

gpcam looks for test commands on /tmp/t_cmd_sock. Luckily a test app at /usr/bin/t interfaces to this socket. Using one of the numerous shell vulnerabilities* that remain from previous GoPro revisions, a user can do something like this to enable ADB over USB:

/usr/bin/t 't frw usb set_usb_class' 

Not sure if the second t is needed yet but debugging can still be done to the alias /tmp/fuse_d  or /mnt/sdcard 

With that said /mnt/gopro has many nifty possible keys. 

ADB over USB should give you root access to the camera where you can test what happens with a modified gpcam binary. gpcam logs to the ADB logging subsystem. 

More Information

Hypoxic HERO7 Github Repo
* There is no contact to disclose vulnerabilities to GoPro.