search

667bdrm / sofiactl

sofiactl is an open source cross-platform tool and sdk to control Sofia powered Hi35xx DVR devices
80 stars 22 forks source link

Enable telnet #13

Open danielkucera opened 3 years ago

danielkucera commented 3 years ago

My device has telnet disabled. I think it could be enabled by OPTelnetControl command but I don't know the syntax. Is there some documentation where this can be looked up?

The strings in Sofia suggest that this should be possible:

$ strings Sofia | grep -i telnet
telnet
OnTelnetControl
OPTelnetControl
TelnetCommand
TelnetDisEnable
TelnetEnable
667bdrm commented 3 years ago

We need to find also command id, without it we cannot execute that command. It should be 2 bytes number, known id list at the top of the source.

667bdrm commented 3 years ago

The latest version has support of OPTelnetControl command based on analysis of Sofia app, but on the my device it reported success command execution but it does not enabled telnet. Maybe need to add correct EnableKey parameter value. You could try to check this command if your dvr has been disabled debug port (9530) and telnet, if something of this enabled I not recommend to execute that command since it could possible disable telnet forever.

danielkucera commented 3 years ago

I've run the command. There seems to be one more port open: Before:

root@orangepipc:~/sofiactl# nmap 192.168.1.123 -p1-65535
Starting Nmap 7.80 ( https://nmap.org ) at 2021-08-14 08:34 UTC
Nmap scan report for 192.168.1.123
Host is up (0.0012s latency).
Not shown: 65530 closed ports
PORT      STATE SERVICE
80/tcp    open  http
554/tcp   open  rtsp
8899/tcp  open  ospf-lite
23000/tcp open  inovaport1
34567/tcp open  dhanalakshmi
MAC Address: 00:12:41:ED:C9:22 (a2i marketing center)

Nmap done: 1 IP address (1 host up) scanned in 4.91 seconds

After:

root@orangepipc:~/sofiactl# nmap 192.168.1.123 -p1-65535
Starting Nmap 7.80 ( https://nmap.org ) at 2021-08-14 08:50 UTC
Nmap scan report for 192.168.1.123
Host is up (0.0023s latency).
Not shown: 65529 closed ports
PORT      STATE SERVICE
80/tcp    open  http
554/tcp   open  rtsp
8899/tcp  open  ospf-lite
12901/tcp open  unknown
23000/tcp open  inovaport1
34567/tcp open  dhanalakshmi
MAC Address: 00:12:41:ED:C9:22 (a2i marketing center)

Nmap done: 1 IP address (1 host up) scanned in 5.65 seconds

But there is not much response:

root@orangepipc:~/sofiactl# telnet 192.168.1.123 12901
Trying 192.168.1.123...
Connected to 192.168.1.123.
Escape character is '^]'.
help
hello
sh
login  
^]
telnet> 
^C^]
telnet> Connection closed.
667bdrm commented 3 years ago

Currently I cannot locate where Sofia opening 12901, maybe it opened by different app or kernel module.