Factory mode from a QR code

[alexbgreat]

I had some notes from when I broke Merkury 720p cameras a couple years ago.

One thing I saw in the firmware that never worked was entering factory mode from a QR code. Turns out, it was just my cameras.

Make a qr code that says:

{"p":"Your Wifi password here","s":"Your SSID","t":"_MEARI56565099"}

and show it to the camera when it's in pairing mode, and it should switch to factory mode and enable HTTP on 8090. Tested on a Geeni Doorpeek / Bell 12S

{"devname":"Smart Home Camera","model":"Bell 12S","serialno":"000000000","softwareversion":"4.0.7","hardwareversion":"BE12S_A2GC1_915","firmwareversion":"ppstrong-a3-tuya2_general-4.0.7.20210513","identity":"11111111111111111","authkey":"aaaaaaaaaaaaaaa","deviceid":"aaaaaaaaaa","pid":"aaa","WiFi MAC":"sssssss","ETH MAC":"dddddddddd"}

[guino]

@alexbgreat that's kind of cool, but one thing to be aware is that 'factory mode' in most recent devices might prevent it from enabling RTSP/ONVIF functions (this is why on these versions we need to remove the ppsFactoryTool.txt file after we root it). It does make me wonder if we can use that QR feature for anything else (I'll have to look in the code when I have a chance).

[bi-os-050]

Make a qr code that says:

{"p":"Your Wifi password here","s":"Your SSID","t":"_MEARI56565099"}

This JSON is actually a bit familiar to me, I looked through some source code of the mobile app, and I found the QR code format used for pairing the device and connecting to the local Wi-Fi network is

String qrTxt = "{\"p\":\"" + wifiPassword + "\",\"s\":\"" + wifiSsid + "\",\"t\":\"" + token + "\"}";

Which would be {"p":"mysupersecretpassword","s":"mytotallyuniquessid","t":"mylegittoken"}

So I am going to make an educated guess that the token is just a session token which it looks for a camera with a matching one to avoid getting connected with some other rando's camera, but if the token is "_MEARI56565099", it is taken like the ppsFactoryTool.txt file instead and opens port 8090.