Willing to help reflash it or gain root access

[aminehmida]

Sorry if this is not the right place to write this. I have the exact same hardware as you described but in a different form factor and I am willing to help reverse engineer this this and hopefully be able to put more trusted and open firmware on it. I will share more info about my unit and happy to test anything if you need.

[mishaturnbull]

Hey there --

Thank you for reaching out! Because you mentioned you have a slightly different form factor than we do, I'd recommend first maybe taking a look at some of the other related repos around. Most of the Hi3518-based cameras I've seen on the internet take the form of the device pictured here (that device has a related GitHub repository as well, similar to what I've done here).

Unfortunately, it seems that the web-based frontend already has a wide variety of different features that will affect the camera's operation drastically depending on hardware features. For example, there is a feature that seems to relate to an IR remote (which, from what I can tell, may allow remote code execution if fed commands over IR) which my camera simply has no facilities for.

It may be worth taking a look at the meta directory to see for sure if the camera has the same setup. While the chipset on the other camera I mentioned is the same (Hi3518 seems to be quite common), the configurations seem to vary wildly per device. The repo I linked to mentions that he was able to gain root access over ports 23 or 9527, neither of which are open at all on my device.

[aminehmida]

Hey, thanks for the replay!

I can confirm that my camera is almost the same as the one you shared here:

• Same default ip configuration in AP mode: 192.168.10.1
• Same info in the about page including version, firmware, etc ...
• 2 Physical buttons + SD card / no reset button
• Same web ui ASP pages
• Same chipset
• Same open ports: Checked with nmap
• No IR input but the product description claims it has IR led for night vision

Here is a link to the amazon product

[aminehmida]

Here is a screenshot from the about web page. I can share more info if needed but I am very confedent that we have the same firmware with minor changes if any.

[aminehmida]

I did some digging in the internet and this http://www.p2plivecam.com/ looks to be the firmware/software manufacturer

[mishaturnbull]

That's awesome! Looking at the screenshots you uploaded, I can confirm that mine is running identical software. I've managed to acquire yet another similar camera (this one's red!) but haven't yet had a chance to power it up yet. Unfortunately, it seems to be in need of some resoldering before it will power up; however, I am hopeful that this may provide some insight into other features used by the camera (it came with a 433MHz remote control -- check out the file /433m_cfg.asp in our camera's webserver). I'll make sure to upload that file to the cam_src directory next time I have the device powered on.

The only difference I can tell from your description is that you mentioned two physical buttons. The device I have has one physical switch, which powers on/off the device, and one physical button (hold to factory reset). Do you happen to know what the buttons on your device do?

Thanks again for the help! Impressive find with the p2plivecam site, I'll see if I can find anything interesting there besides what they're hosting over HTTP.