ThatUsernameAlreadyExist
commented
5 years ago Try update firmware via Danale App. For my camera Danale shows that 3.1.34 is latest firmware version.
Open zieglerjm opened 5 years ago
ThatUsernameAlreadyExist
commented
5 years ago Try update firmware via Danale App. For my camera Danale shows that 3.1.34 is latest firmware version.
zieglerjm
commented
5 years ago Thanks, but it says I am on the latest, must be a different device.
oughtis
commented
4 years ago If that is a JCO Mini Cube JG-IRVR-C504GT0-N, you might try the username root with password jabsco66. For what it's worth, the board is very similar but it's not the same camera; this one has the Grain Media GM8136 inside.
Less than two hours to crack on my VR GPU with hashcat:
rFK8ZpyICSHg.:jabsco66
Session..........: hashcat
Status...........: Cracked
Hash.Type........: descrypt, DES (Unix), Traditional DES
Hash.Target......: rFK8ZpyICSHg.
Time.Started.....: Sat Oct 12 13:00:30 2019 (1 hour, 41 mins)
Time.Estimated...: Sat Oct 12 14:42:02 2019 (0 secs)
Guess.Mask.......: ?1?1?1?1?1?1?1?1 [8]
Guess.Charset....: -1 ?d?l?u, -2 Undefined, -3 Undefined, -4 Undefined
Guess.Queue......: 5/5 (100.00%)
Speed.#1.........: 863.7 MH/s (96.37ms) @ Accel:16 Loops:1024 Thr:256 Vec:1
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 5273363415040/218340105584896 (2.42%)
Rejected.........: 0/5273363415040 (0.00%)
Restore.Point....: 22118400/916132832 (2.41%)
Restore.Sub.#1...: Salt:0 Amplifier:22528-23552 Iteration:0-1024
Candidates.#1....: 3WS51KJO -> ENET09vi
Hardware.Mon.#1..: N/A
Started: Sat Oct 12 11:51:37 2019
Stopped: Sat Oct 12 14:42:03 2019If a time traveler winds up needing to do this again, here's the basic strategy:
You need to physically reverse engineer a way into the camera. With both these JCO cameras there were some standard 4-pin UART headers that just needed to be soldered on. Theoretically you might have to desolder the flash and dump it that way if there's no serial connection available anywhere on the board.
If you didn't get a firmware dump in step 1, you can escalate the serial connection into control of the device by interrupting the bootloader and messing with the boot arguments. The fastest thing to do at this stage is just set init=bin/sh, boot into root and cat /etc/passwd.
In case it's not clear, you already own the camera at this point, like, physically. You can mess around with it. But probably you want to get the pre-programmed root password out so you don't have to open up the other twelve of these you bought from someone with less desire to figure out how to make them actually work.
Once you have the hash, hashcat will find the password. Based on the two examples we have here, if you want a fast solve these seem likely to be a sequence of lowercase letters followed by a sequence of digits. But any 8-letter password would take max a weekend of VR time.
It should go without saying that there's no in-principle reason why the password is short enough to recover, we are just lucky. In case you are unlucky enough to have a high-entropy password protecting the unencrypted TCP traffic which we leverage into control over the device... I don't know, though, is unlucky the right word there? I can't help but feel like we've strayed into a dark timeline, somehow.
It's like, maybe somewhere on Earth Prime there are some people really similar to us and we''ve paid some other people to make some cameras for us' and the cameras just work, without us' even needing to subvert their design principles a little.
What do you think we' do with all that time? What do you think we' talk about instead of this?
Anyway, that's how you get the password back out of your camera after they put it in.
Password doesn't work. Is there an app you ran to get/crack jco66688?