Support for Mijia 360 1080p?

[pronsta]

Hi,

Will this hack work with the 1080p version?

Thanks

[350d]

Same question! Planning to order 1080p version right now.

[ghoost82]

Do you mean this camera https://github.com/niclet/xiaomi_hack? If yes it looks like it uses another entrypoint for the hack. But as I own only the 360 720p so this means I can not say this for sure. Maybe the hack can ported maybe not.

[pronsta]

yes that the one. I hope someday with cam will be supported. thanks!

[magidel]

... I think the 1080p version is this: https://it.aliexpress.com/item/Original-Xiaomi-Mijia-Smart-Camera-IP-Camera-Camcorder-360-Angle-Panoramic-WIFI-Wireless-720P-Magic-Zoom/32819122739.html

[Theliel]

Are different Cameras.

This Camera 360 mijia 720p is MJSXJ01CM. The new model is mijia 360 1080p, MJSXJ02CM, not the oldest 360 camera, (niclet hack), that is JTSXJ01CM

Im very interested in port the hack to MJSXJ02CM, I really need some extra features. My cam should arrive in a week, maybe we can find some luck

[magidel]

Are different Cameras.

This Camera 360 mijia 720p is MJSXJ01CM. The new model is mijia 360 1080p, MJSXJ02CM, not the oldest 360 camera, (niclet hack), that is JTSXJ01CM

Im very interested in port the hack to MJSXJ02CM, I really need some extra features. My cam should arrive in a week, maybe we can find some luck

I'm really interested into MJSXJ02CM cam, any news?

[Theliel]

I dont have MJSXJ02CM yet, but I'm already have some interesting stuff...

Platform: MSC313E Sensor: SC2235

The Bad news:

MJSXJ02CM use android based firmware and different platform, new camera use ARM MStar. Old SDCard entry point is useless now, although partition layout its similar. MJSXJ01CM hack wont work

Telnet/SSH is disabled and non binary present

The Good News:

At preliminary glance, we will have a much more easy script execution at boot time. With script execution, we should be able to do the rest.

My next steps, once my camera arrive:

1º. check if I can confirm all this 2º. check if ADB is working, maybe another easy shell access. 3º. check script execution at boot time

If work:

4º. Cross compile tools to work with the new platform 5º. We can reuse/adapt MJSXJ01CM scripts

[magidel]

Great! ;) We await trust ! ^_^

[sergiobug]

I have MJSXJ02CM version, any news about this model??

[Theliel]

I have MJSXJ02CM version, any news about this model??

Sorry but... Did you read the previous comments?? stop asking again and again please. Im sure that any news (mine or from any other) would be posted.

[Theliel]

Update:

Finally my MJSXJ02CM arrived

-After some problems with QR code (dont like WIFI with long WPA/PSK), was updated to last 209 version. The fists attempt was failed, maybe last firmwares are out of luck, but i will work the next days on it.

-After a successful downgrade, I was able to execute some command line, but putting camera in manufacture mode, not useful after all, because in this mode camera dont work, not camera, not wifi... nothing.

-Some more attempts and I was able to execute any code and boot camera in normal mode -Once in a working state and able to execute code at boot time, so I only just had to copy to my SD a generic non-limited arm7 busybox (basically, to use telned), edit boot script to up telnetd and... working!!

/ # uname -a
Linux mijia_camera 3.18.30 #1 PREEMPT Wed Jun 6 15:00:59 CST 2018 armv7l GNU/Linux
/ # ls -la
total 5
drwxr-xr-x   17 root     root           299 Jun  6 09:02 .
drwxr-xr-x   17 root     root           299 Jun  6 09:02 ..
drwxr-xr-x    2 root     root          1069 Jun  1 11:01 bin
lrwxrwxrwx    1 root     root            14 Jun  1 11:01 data -> /mnt/data/data
-rw-r--r--    1 root     root           132 Jun  1 11:01 default.prop
drwxr-xr-x    9 root     root          1600 Jan  1  1970 dev
drwxr-xr-x   10 root     root           634 Jun  6 09:02 etc
drwxr-xr-x    3 root     root          1305 Jun  1 11:01 lib
lrwxrwxrwx    1 root     root             3 Jun  6 08:43 lib32 -> lib
-rwxr-xr-x    1 root     root            81 May 31 04:37 linuxrc
drwxr-xr-x    2 root     root             3 May 31 04:37 media
drwxr-xr-x    4 root     root            41 May 31 04:37 mnt
drwxr-xr-x    2 root     root             3 May 31 04:37 opt
dr-xr-xr-x   78 root     root             0 Jan  1  1970 proc
drwx------    2 root     root             3 May 31 04:37 root
drwxr-xr-x   14 root     root           360 Jan  1  1970 run
drwxr-xr-x    2 root     root           978 Jun  6 09:01 sbin
dr-xr-xr-x   11 root     root             0 Jan  1  1970 sys
drwxrwxrwt    2 root     root           200 Sep 28 17:10 tmp
-rw-r--r--    1 root     root          4026 Jun  1 11:01 ueventd.rc
drwxr-xr-x    6 root     root            87 May 31 04:37 usr
drwxr-xr-x    4 root     root           108 Jun  6 09:02 var

Next Steps:

-Compiling any binary should be "easy"... -Once all is (more or less) working, try with the latest firmware -If new firmware is "impossible", I, maybe, could inject some line in rw partition to survey firmware update, so should be possible: Any FW -> Downgrade -> Apply "hack" -> Update -More to come...

[Theliel]

Update:

The latest firmwares need a "factory" key, similar to others Xiaomi Cameras.

In this case, our script file is compressed in tar. Our tar is md5 hashed and stored in another file. That file is signed with RSA key (private). In reverse, the system verify the sign with the public key and decode the content. Now compare md5 stored hash again md5 from the original file. If match, go on, tar is extracted and executed.

With the private key, we could sign any file, but without them, is a little more difficult. I have one or two ideas to "bypass" that, but should be necessary anyway to force a downgrade, is not possible begin the hack for now) from latest firmwares.

[Theliel]

Update:

-SSH and SFTP Servers working now. -Unable to port hack to latest firmware (maybe possible, maybe not)

[kiltaiga]

Nice theliel !! i've not received mine but i will try to help !

[magidel]

We cheer for you! ^_^ theliel

[esalimster]

I have the same camera, i read amzing job theliel, keep working

[vitt76]

@Theliel, thanx for your job, but any news? Having the same camera 1080p

[Theliel]

im on vacation now. For now, "hack" work well for 3.4.2_0062 (ssh/sftp/busybox). RTSP server is not ready yet in the other hand... platform is different, so we need find (internally) the original video streaming and passthrough it to a RTSP server (compiled for our device)

[vitt76]

@Theliel, can we test something? ))

[nmhung1985]

Hi, is this project for MJSXJ01CM 720p? (As I read on some merchant sites, they said MJSXJ01CM is 1080p?!!)

Btw, at first I was thinking of buying the MJSXJ02CM. But as I saw no hack for it, I started to consider finding the cam that works with this hack. However, reading this issue discussion, I think there would be hope for me with the MJSXJ02CM. Maybe I'll wait for some time :)

[pronsta]

@Theliel is your hack compatible with the JTSXJ01CM model or you know any current that which works with the model? thanks

[Theliel]

My hack probably only work with MJSXJ02CM, so... others cameras, different hacks, probably.

[19Homer73]

Is there something we can do / test, to support you? Can we test the MJSXJ02CM "hack"? Where can we download it?

[GuyKh]

I'm too keen to try something... I have MJSXJ02CM and it's soooo slow!!! Probably sends all the video through China servers or something..

[overload08]

Hi @Theliel . Very good job ! I have this camera for few month and I would to try your custom firmware. Where I can find it ? Thank's !

[andy2301]

@Theliel Appreciate the progress you've made! Can you please share how you got to execute script during boot time? I have the 5FCNxxx version of Yi 1080p camera, and it uses the same Mstar MSC313E platform. A few people had bricked their camera because obviously Xiaoyi switched the platform from Hisilicon to Mstar MSC313E.

[Theliel]

@Theliel Appreciate the progress you've made! Can you please share how you got to execute script during boot time? I have the 5FCNxxx version of Yi 1080p camera, and it uses the same Mstar MSC313E platform. A few people had bricked their camera because obviously Xiaoyi switched the platform from Hisilicon to Mstar MSC313E.

Hi @andy2301

Is not about platform dependent, is about each maker/developer add some backdoors. Platform is very important especially to compile binaries that may be necessary, but the role that it plays when it comes to gaining access is secondary. The role that it plays when it comes to gaining access is secondary. It would be necessary to see if there is a backdoor in the camera, and once this is discovered, access through it.

Another option would be directly an exploit against the camera itself. In any case, without the camera in question, it is impossible to know more.

[dragos-durlut]

How to unbrick MJSXJ02CM From here https://en.miui.com/thread-3547398-1-1.html

1.Download the firmware file “tf_recovery_0062.img” . file is here https://goo.gl/DhgbLH 2.Copy the file“tf_recovery.img” to the root folder of TF card

3. Cut off the power source of camera 4.Put the TF Card in camera 5.Connect the camera to a power source 6.The “Yellow light on” means the camera is installing the new firmware,which will last for 2 minutes. When the firmware finish update, the status light will become “flashing yellow”(if you have bound the camera to mi home app, the status light is “flashing blue” to “constantly blue”.

[mister-wise]

@Theliel any update?

[spondyman]

Hello everyone . I'm a little scared of everything I read about it. I bought a MJSXJ02CM me too ..... And for me also the qr code does not work. And I read this comment: https://www.amazon.in/gp/customer-reviews/R3GPH49A6GNJBJ/ref=cm_cr_arp_d_rvw_ttl?ie=UTF8&ASIN=B07HJD1KH4

Help :-(

[diuleiloumei]

hi I bought TWO units too.

apparently after 20 times to trying to connect, I managed to connect but unable to use the camera at all.

[spondyman]

Thank you very much ... I made a screenshot and I sent it by mail on a computer .... and as if by magic oulahup barbatruc OvO. it worked the first time. So : Thank you, thank you, thank you, thank you very much. :-)

[GuyKh]

@Theliel - sorry for the picking, but is there any progress with the hack for MJSXJ02CM?

[Theliel]

nothing new. SSH/SFTP is working, i can't apply the hack to newer firmware version (for now), and i want to add a RTSP server

[adi32k]

Can you provide the steps you took to have SSH access so we can also help with the other steps (RTSP server)?

[ftc2019]

@Theliel why you not public your hack for this camera? ssh access its very good may be for rtsp server use official decision some vendors for custom direct streaming?

[nmhung1985]

@ftc2019 Be patient, buddy. A responsible dev would not want anybody's device got bricked, hence his delay. It's your rush that even makes him more hesistant to publish the tools before he can be sure things work well.

[GuyKh]

I'm waiting (very impatiently as you can see) for RTSP server for the MJSXJ02CM. So if there's anything we can offer to help - please say

[fliphess]

I made some changes to the rtspd.c so it supports snapshotting, recording and motion detection. Have a look at my fork if you want to implement something similar.

[dragos-durlut]

I made some changes to the rtspd.c so it supports snapshotting, recording and motion detection. Have a look at my fork if you want to implement something similar.

I assume this comment is directed at @Theliel in order to help him with development, right ?

[fliphess]

@dragos-durlut It was mostly meant for @GuyKh as he was in a hurry and adding another rtspd to the build instead of the one from the toolchain is easy by copy pasting from other forks where people are still making progress on.

[GuyKh]

@fliphess, not sure if I understand.

I'm generally speaking a Java / JS dev - and I find the hardware parts hard to handle. Is your fork is something I can try?

[RangerFX4]

hi, guys any development on the JTSXJ01CM?

[kir4h]

Looking forward to RTSP server :)

Camera seems really good for the price, but I have two main issues:

• Cloud-only approach, where I can only access it through their servers (there is also a p2p connection mode from what I read, but it doesn't come handy). Triggers privacy flags.
• Motion detection lacks configuration in terms of the duration of the recording. I end up having always 9 seconds fragments (if there is a way to configure this I haven't found it)

[overload08]

@Theliel , can you share your hack ? May be someone can help you...

[telmomarques]

@Theliel, it would be awesome if you could share what you have so far. I'm also looking forward for RTSP support and would love to help.

[jaytxrx]

Can anyone share the image of the PCB inside this camera ?

[hotplug]

Looking forward to RTSP server :)

Camera seems really good for the price, but I have two main issues:

• Cloud-only approach, where I can only access it through their servers (there is also a p2p connection mode from what I read, but it doesn't come handy). Triggers privacy flags.
• Motion detection lacks configuration in terms of the duration of the recording. I end up having always 9 seconds fragments (if there is a way to configure this I haven't found it)

If you put an SD-card, it will unlock the copy to a windows share and records are longer than the free cloud records.

[telmomarques]

Can anyone share the image of the PCB inside this camera ?

I have a MJSXJ02CM that I don't mind opening to take photos if that helps porting the hack to this camera. Is this the case?

[telmomarques]

Still had to open it up, I'm trying to get to a serial console. Here's some pictures.