Open beefyfoot opened 2 years ago
virmaior
commented
2 years ago looks like they aren't attempting to download it from your device.
This could also be a result of more aggressive work from Wyze to stop this such that the check whether or not that's a safe firmware that happens before the camera tries to download anything is failing.
beefyfoot
commented
2 years ago Yes, the DNS is spoofed on the entire local network.
Here is the debug output:
Found local config file, including into firmware update archive... Upgrade/config.inc Requirement already satisfied: requests in /usr/lib/python3/dist-packages (2.25.1) send: b'POST /app/v2/device/get_device_list HTTP/1.1\r\nHost: api.wyzecam.com\r\nUser-Agent: okhttp/3.8.1\r\nAccept-Encoding: gzip, deflate\r\nAccept: /\r\nConnection: keep-alive\r\nContent-Length: 495\r\nContent-Type: application/json\r\n\r\n' send: b'{"access_token": "lvtx.L4YLMGHE/jIRlQ9oJBwyxV4lxgucaAPG5x+KcANL/5e7utZTvg62paas/f0+bVnswstWqtWv7b91G+ohnG68wIChU9MzRfT3JQeq1riFhvGozBB1HEbjk5i8Se8yThccTZSuYAcsWzZ2F0YNxa4Bgmm43OeAK50EVk0qCcJ6XukNPzEBUHdZn+0c5tmDBvRt3N2EqwAhg==", "app_name": "com.hualai", "app_version": "2.11.40", "phone_system_type": "2", "app_ver": "com.hualai_2.11.40", "phone_id": "bc045543-0cb4-4a21-9b03-cc50f3c31d41", "sc": "a626948714654991afd3c0dbd7cdb901", "sv": "f0ef3f988133430aaf14f8f00add6d2d", "ts": 1630067079000}' reply: 'HTTP/1.1 200 OK\r\n' header: Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Cache-Control, Accept, authorization, content-type header: Access-Control-Allow-Methods: POST,GET,OPTIONS header: Access-Control-Allow-Origin: header: Cache-Control: no-cache header: Content-Type: application/json; charset=utf-8 header: Date: Fri, 27 Aug 2021 12:24:39 GMT header: Expires: -1 header: Pragma: no-cache header: Server: Microsoft-IIS/8.5 header: X-AspNet-Version: 4.0.30319 header: X-Powered-By: ASP.NET header: Content-Length: 2112 header: Connection: keep-alive send: b'POST /app/v2/device/get_device_info HTTP/1.1\r\nHost: api.wyzecam.com\r\nUser-Agent: okhttp/3.8.1\r\nAccept-Encoding: gzip, deflate\r\nAccept: /*\r\nConnection: keep-alive\r\nContent-Length: 552\r\nContent-Type: application/json\r\n\r\n' send: b'{"access_token": "lvtx.L4YLMGHE/jIRlQ9oJBwyxV4lxgucaAPG5x+KcANL/5e7utZTvg62paas/f0+bVnswstWqtWv7b91G+ohnG68wIChU9MzRfT3JQeq1riFhvGozBB1HEbjk5i8Se8yThccTZSuYAcsWzZ2F0YNxa4Bgmm43OeAK50EVk0qCcJ6XukNPzEBUHdZn+0c5tmDBvRt3N2EqwAhg==", "app_name": "com.hualai", "app_version": "2.11.40", "phone_system_type": "2", "appver": "com.hualai2.11.40", "phone_id": "bc045543-0cb4-4a21-9b03-cc50f3c31d41", "sc": "a626948714654991afd3c0dbd7cdb901", "sv": "81d1abc794ba45a39fdd21233d621e84", "ts": 1630067079000, "device_mac": "2CAA8E305155", "device_model": "Unknown"}' reply: 'HTTP/1.1 200 OK\r\n' header: Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Cache-Control, Accept, authorization, content-type header: Access-Control-Allow-Methods: POST,GET,OPTIONS header: Access-Control-Allow-Origin: * header: Cache-Control: no-cache header: Content-Type: application/json; charset=utf-8 header: Date: Fri, 27 Aug 2021 12:24:39 GMT header: Expires: -1 header: Pragma: no-cache header: Server: Microsoft-IIS/8.5 header: X-AspNet-Version: 4.0.30319 header: X-Powered-By: ASP.NET header: Content-Length: 2593 header: Connection: keep-alive
Device type: Camera (WYZEC1-JZ) Device name: Porch Cam Firmware version: 4.28.4.49 IP Address: 192.168.88.170
Pushing firmware to this device? [y/N]:send: b'POST /app/v2/auto/run_action HTTP/1.1\r\nHost: api.wyzecam.com\r\nUser-Agent: okhttp/3.8.1\r\nAccept-Encoding: gzip, deflate\r\nAccept: /\r\nConnection: keep-alive\r\nContent-Length: 771\r\nContent-Type: application/json\r\n\r\n' send: b'{"access_token": "lvtx.L4YLMGHE/jIRlQ9oJBwyxV4lxgucaAPG5x+KcANL/5e7utZTvg62paas/f0+bVnswstWqtWv7b91G+ohnG68wIChU9MzRfT3JQeq1riFhvGozBB1HEbjk5i8Se8yThccTZSuYAcsWzZ2F0YNxa4Bgmm43OeAK50EVk0qCcJ6XukNPzEBUHdZn+0c5tmDBvRt3N2EqwAhg==", "app_name": "com.hualai", "app_version": "2.11.40", "phone_system_type": "2", "app_ver": "com.hualai_2.11.40", "phone_id": "bc045543-0cb4-4a21-9b03-cc50f3c31d41", "sc": "a626948714654991afd3c0dbd7cdb901", "sv": "011a6b42d80a4f32b4cc24bb721c9c96", "ts": 1630067083000, "provider_key": "WYZEC1-JZ", "action_key": "upgrade", "instance_id": "2CAA8E305155", "custom_string": "", "action_params": {"url": "http://s3-us-west-2.amazonaws.com/wuv2/upgrade/WLPP1/firmware/1.2.0.80a.bin", "md5": "52dd42193695d28cb2a9ddea1e9879a4", "model": "WYZEC1-JZ"}}' reply: 'HTTP/1.1 200 OK\r\n' header: Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Cache-Control, Accept, authorization, content-type header: Access-Control-Allow-Methods: POST,GET,OPTIONS header: Access-Control-Allow-Origin: header: Cache-Control: no-cache header: Content-Type: application/json; charset=utf-8 header: Date: Fri, 27 Aug 2021 12:24:43 GMT header: Expires: -1 header: Pragma: no-cache header: Server: Microsoft-IIS/8.5 header: X-AspNet-Version: 4.0.30319 header: X-Powered-By: ASP.NET header: Content-Length: 182 header: Connection: keep-alive send: b'POST /app/v2/device/get_device_info HTTP/1.1\r\nHost: api.wyzecam.com\r\nUser-Agent: okhttp/3.8.1\r\nAccept-Encoding: gzip, deflat e\r\nAccept: /*\r\nConnection: keep-alive\r\nContent-Length: 552\r\nContent-Type: application/json\r\n\r\n' send: b'{"access_token": "lvtx.L4YLMGHE/jIRlQ9oJBwyxV4lxgucaAPG5x+KcANL/5e7utZTvg62paas/f0+bVnswstWqtWv7b91G+ohnG68wIChU9MzRfT3JQeq1riFhvGozB B1HEbjk5i8Se8yThccTZSuYAcsWzZ2F0YNxa4Bgmm43OeAK50EVk0qCcJ6XukNPzEBUHdZn+0c5tmDBvRt3N2EqwAhg==", "app_name": "com.hualai", "app_version": " 2.11.40", "phone_system_type": "2", "appver": "com.hualai2.11.40", "phone_id": "bc045543-0cb4-4a21-9b03-cc50f3c31d41", "sc": "a6269487 14654991afd3c0dbd7cdb901", "sv": "81d1abc794ba45a39fdd21233d621e84", "ts": 1630067087000, "device_mac": "2CAA8E562C6C", "device_model": "U nknown"}' reply: 'HTTP/1.1 200 OK\r\n' header: Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Cache-Control, Accept, authorization, content-type header: Access-Control-Allow-Methods: POST,GET,OPTIONS header: Access-Control-Allow-Origin: * header: Cache-Control: no-cache header: Content-Type: application/json; charset=utf-8 header: Date: Fri, 27 Aug 2021 12:24:47 GMT header: Expires: -1 header: Pragma: no-cache header: Server: Microsoft-IIS/8.5 header: X-AspNet-Version: 4.0.30319 header: X-Powered-By: ASP.NET header: Content-Length: 2680 header: Connection: keep-alive
Device type: Camera (WYZEC1-JZ) Device name: Garage Cam Firmware version: 4.28.4.49 IP Address: 192.168.88.171
Pushing firmware to this device? [y/N]:send: b'POST /app/v2/auto/run_action HTTP/1.1\r\nHost: api.wyzecam.com\r\nUser-Agent: okhttp/3.8.1\ r\nAccept-Encoding: gzip, deflate\r\nAccept: /\r\nConnection: keep-alive\r\nContent-Length: 771\r\nContent-Type: application/json\r\n\r\ n' send: b'{"access_token": "lvtx.L4YLMGHE/jIRlQ9oJBwyxV4lxgucaAPG5x+KcANL/5e7utZTvg62paas/f0+bVnswstWqtWv7b91G+ohnG68wIChU9MzRfT3JQeq1riFhvGozB B1HEbjk5i8Se8yThccTZSuYAcsWzZ2F0YNxa4Bgmm43OeAK50EVk0qCcJ6XukNPzEBUHdZn+0c5tmDBvRt3N2EqwAhg==", "app_name": "com.hualai", "app_version": " 2.11.40", "phone_system_type": "2", "app_ver": "com.hualai___2.11.40", "phone_id": "bc045543-0cb4-4a21-9b03-cc50f3c31d41", "sc": "a6269487 14654991afd3c0dbd7cdb901", "sv": "011a6b42d80a4f32b4cc24bb721c9c96", "ts": 1630067102000, "provider_key": "WYZEC1-JZ", "action_key": "upgr ade", "instance_id": "2CAA8E562C6C", "custom_string": "", "action_params": {"url": "http://s3-us-west-2.amazonaws.com/wuv2/upgrade/WLPP1/f irmware/1.2.0.80a.bin", "md5": "52dd42193695d28cb2a9ddea1e9879a4", "model": "WYZEC1-JZ"}}' reply: 'HTTP/1.1 200 OK\r\n' header: Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Cache-Control, Accept, authorization, content-type header: Access-Control-Allow-Methods: POST,GET,OPTIONS header: Access-Control-Allow-Origin: * header: Cache-Control: no-cache header: Content-Type: application/json; charset=utf-8 header: Date: Fri, 27 Aug 2021 12:25:01 GMT header: Expires: -1 header: Pragma: no-cache header: Server: Microsoft-IIS/8.5 header: X-AspNet-Version: 4.0.30319 header: X-Powered-By: ASP.NET header: Content-Length: 182 header: Connection: keep-alive Press Ctrl+C when all the updates are done... ......................................................................................................
virmaior
commented
2 years ago I only have V3s (so both a different model and no RTSP firmware). I have no knowledge of whether it ever worked on RTSP firmware. Does the camera go into "firmware-receptive" mode? (i.e., does the status light flash red and it eventually reboot).
Vendo232
commented
2 years ago I only have V3s (so both a different model and no RTSP firmware). I have no knowledge of whether it ever worked on RTSP firmware. Does the camera go into "firmware-receptive" mode? (i.e., does the status light flash red and it eventually reboot).
Hi I`m trying to do the DNS hack, what am I doing wrong?
the dnsmaq is running from 192.168.1.245 PC where the script is running from is 192.168.1.76 V3 is 192.168.1.174
V3 while in this DNSMASQ loop is blinking orange ( red + blue )
Vendo232
commented
2 years ago is DNS spoofing still working?
HclX
commented
2 years ago Wyze blocked DNS spoofing in latest firmware by adding https checks. Their server side is still pushing the update link to the device, but device will not download firmwares if the download link is http, or https but with invalid certificate.
mosin
commented
2 years ago Is there any way to install this anymore? The NFS solution was so much better than setting up a RTSP server.
Vendo232
commented
2 years ago As of December 28 2021 the WyzeCameraLiveStream still works
just downgraded from RTSP firmare to 4.36.0.228 to run WyzeCameraLiveStream
installed DNS server using Dnsmasq following this guide: dnsmasq spoofing
my dns server: 192.168.1.245 ( raspberry pi 4 using raspbian lite ) running script: 192.168.1.143 ( Ubuntu in VM ) here I installed wyze_hacks_0_5_08.zip
run dnsmasq or some other DNS server and spoof s3-us-west-2.amazonaws.com to the computer you will run the script from. In my case, I used a rasbperry pi for dns serving. This involved (1) adding a line to hosts of s3-us-west-2.amazonaws.com 192.168.11.4 (2) changing the DNS server choice on the DHCP server to the ip of your spoofing DNS server (in my case 192.168.11.11)
Manually set the url inside the to http://s3-us-west-2.amazonaws.com/wuv2/upgrade/WLPP1/firmware/1.2.0.80a.bin
The port used must be port 80 (since it's checking urls I doubt it will work with another port). Note that the default port if you use remote_install.sh is not 80 On OSX, I had to use sudo to avoid getting "PermissionError: [Errno 13] Permission Denied"
Flashing command: sudo python3 ./wyze_updater.py --token ~/.wyze_token --debug update -m WYZEC1-JZ -m WYZECP1_JEF -m WYZE_CAKP2JFUS -m WYZEDB3 -f ./firmware.bin -p 80
I got the remote_install to run with the following output but I did not hear anything on the camera nor I think it is doing anything. What could be wrong? Please note, I have RTSP firmware on wyze v2 cameras. Appreciate that.
Device type: Camera (WYZEC1-JZ) Device name: Porch Cam Firmware version: 4.28.4.49 IP Address: 192.168.88.170
Pushing firmware to this device? [y/N]:y INFO:root:Serving firmware file './firmware.bin' as 'http://s3-us-west-2.amazonaws.com/wuv2/upgrade/WLPP1/firmware/1.2.0.80a.bin', md5=ed4d8396792cb7ee65583d558b2b6c25 INFO:root:Checking device, mac=2CAA8E562C6C
Device type: Camera (WYZEC1-JZ) Device name: Garage Cam Firmware version: 4.28.4.49 IP Address: 192.168.88.171
Pushing firmware to this device? [y/N]:y Press Ctrl+C when all the updates are done... ...............................................................................................................................................
p/s I did the dns spoofing and the patch -- https://github.com/HclX/WyzeHacks/issues/132#issuecomment-881757205