guino
commented
8 months ago If it's a battery operated device I'd not even waste my time on it. If it's a hardwired device I'd say your best bet is to dump the firmware with a hardware programmer to look at it.
Other than the above, if you can get the firmware version (using the phone app) it may be helpful so we can try a process (without hardware programmer) that is more similar to the firmware version on the device (there are several variations available).
I have no information on that device so it's hard to do anything without it in hands.
djarvis
Hi!
I got a cheap Tuya doorbell, manufacturer is Shenzhen Bilian Electric Co, model is 207-D. I can't find much info about it. I tried the SD card methods you described but nothing took. My goal is to open an RTSP stream.
A port scan shows 21/FTP, 23/TELNET, and 6668/Tuya TCP ports open. No web ports like 80 or 8090 or anything like that.
The FTP port immediately spits back: inetd: can't execute /sbin/sftpd: No such file or directory and then disconnects.
The telnet port I can connect to but it immediately disconnects with no data. An nmap scan shows busybox: 23/tcp open telnet BusyBox telnetd 1.14.0 or later
The 6668 is the Tuya port and I can see various traffic on it when I do things like use TuyApi or some other app to connect.
There are around 20 UDP ports open.
Do you have any ideas or suggestions? I have an extra one of these I'm willing to send to you if you want, or we can work together and I can learn a thing or two.