Will this work on firmware version 5.2.8?

[writemike]

Hello, I just purchased the Merkury 1080P Camera (MI-CW017-101WW) from Walmart, hoping to use this firmware for a local RTSP stream in Home Assistant. After trying several unsuccessful attempts, I noticed that the 5.x firmware version is not mentioned here and wanted to see if any has been successful in re-flashing a 5.2.8 firmware version to get a local RTSP stream?

I did succeed in getting the video stream into HA using the Tuya Integration, but it is slow and I'm sure it is being broadcasted across the Internet as you read this.

$ curl http://admin:admin@192.168.10.223:8090/devices/deviceinfo -s | jq { "devname": "Smart Home Camera", "model": "Mini 11S", "serialno": " ", "softwareversion": "5.2.8", "hardwareversion": "M11S_A5_V10_MIS1", "firmwareversion": "ppstrong-a5-tuya2_general-5.2.8.20220222", "identity": "", "authkey": " ", "deviceid": " ***** ", "pid": "aaa", "WiFi MAC": "9c:1c:37:53:50:6f", "ETH MAC": "9c:1c:37:53:50:6f" }

$ curl http://admin:admin@192.168.10.223:8090/proc/cmdline -s console=/dev/null mtdparts=spi0.0:256K@0x0(BOOT),3072K@0x40000(sys),4288K@0x340000(app),448K@0x770000(cfg),64K@0x7E0000(enc),64K@0x7F0000(sysflg) mem=64M memsize=64M pcbversion=S2S_A5_V10 sensor=mis2006mipi model_name=Mini-11S

[guino]

@writemike based on the information you posted it should likely work with the steps from https://github.com/guino/Merkury1080P#conclusion -- there's almost no risk in trying as it should not break anything if it doesn't work.

[writemike]

Thanks @guino , I have spent a few hours messing around with it and haven't had any luck yet. I was more asking if anyone has been successful in re-flashing a 5.x firmware version to get a local RTSP stream? Have you heard of anyone being successful on the 5.x firmware version? Thanks.

[guino]

@writemike someone was able to root this version (5.2.4) and enable onvif:

ppstrong-a3-tuya2_lsc-5.2.4.20211015	M16S_A2_V10_MIS	ea82f8dee86047a82404b9bdc715ae75	Mini 16S

The above is the only 5.x version for which I have received confirmation of rooting -- many 5.x firmware versions run non-linux firmware (so rooting won't work).

[tateconcepts]

I have the same issue with one from Amazon. The script does run as I see its contents on the SD card but I didn't see the ip=30... and nmap revealed no other access.

"devname":"Smart Home Camera", "model":"Mini 7S", "serialno":"*****", "softwareversion":"5.2.8", "hardwareversion":"M7S_A5_V10_MIS1", "firmwareversion":"ppstrong-a5-tuya2_general-5.2.8.20220222",

[guino]

@tateconcepts unfortunately it is entirely possible that 5.2.8 one one device may run linux and 5.2.8 on another device runs rtos. It is also possible that new/emerging hardware uses different addresses from older device and thus won't work with the existing methods. If you've tried the 1080P process with a few different SD cards then the only way to know for sure would be opening the the device and using UART or a Hardware programmer -- I don't advise either unless you're knowledgeable with electronics and have the required equipment.

[tateconcepts]

Thanks @guino I did follow the directions in (https://github.com/guino/ppsapp-rtsp) and I think I patched all three instructions. I clicked save and then copied the home directory and contents over and then started the camera. However, I still see the following at http://IP:8090/proc/self/root/home/cfg/tuya_config.json

{"version":1,"sleep_mode":0,"alarm_fun_onoff":0,"alarm_fun_sensitivity":1,"alarm_fun_mode_switch":0,"alarm_fun_time_start":0,"alarm_fun_time_end":0,"flip_onoff":0,"light_onoff":1,"night_mode":0,"sound_detect_onoff":0,"sound_detect_sensitivity":0,"watermark_onoff":1,"event_record_time":60,"enable_event_record":2,"record_enable":1,"motion_trace":1,"motion_area_switch":0,"motion_area":"","motion_tracking":0,"cry_detection_switch":0,"humanoid_filter":0,"loudspeaker_vol_pct":100,"flight_main_mode":0,"static_ip_enable":0,"onvif_enable":0,"onvif_pwd":"admin","pan_default":-1,"tilt_default":-1,"sound_light_switch":0}

Maybe I'm not doing something correct?

Attaching ppsapp original SHA1: EBF96F4FFE59152E653A6FC6B62616460C17EC79 home.zip

modified SHA1: B55EDBC5EDCB0E0CBFFAA7654EB8D84E8A728B34 at 0001fcc8 home.zip

[guino]

@tateconcepts The zip files you posted have the same home/app/ppsapp file in them (no difference) -- the ppsapp is for a 4.0.6 firmware ( ppstrong-a3-tuya2_merkury-4.0.6.20210310 -- contrary to what you posted above as "5.2.8" ), so I assume you're working on a different device now ?

If you use Ghidra for anything it will not patch the ppsapp file for you. You have to use a hex editor for that, then you have to place the ppsapp file on the root of the SD card for it to be used, the copy under home/app is just your original/backup.

[tateconcepts]

That's odd. I don't think so.

Here's proc/cmdline

console=/dev/null mtdparts=spi0.0:256K@0x0(BOOT),3072K@0x40000(sys),4288K@0x340000(app),448K@0x770000(cfg),64K@0x7E0000(enc),64K@0x7F0000(sysflg) mem=64M memsize=64M pcbversion=S2S_A5_V10 sensor=mis2006mipi model_name=Mini-7S

devices/deviceinfo

{"devname":"Smart Home Camera","model":"Mini 7S","serialno":"","softwareversion":"5.2.8","hardwareversion":"M7S_A5_V10_MIS1","firmwareversion":"ppstrong-a5-tuya2_general-5.2.8.20220222","identity":"","authkey":"","deviceid":"*****","pid":"aaa","WiFi MAC":"9c:1c:37:ac:1f:fb","ETH MAC":"9c:1c:37:ac:1f:fb"}

[guino]

@tateconcepts Can you try posting a zip of the ppsapp file only?

I have a lot of zip files downloaded that I look at but I know I downloaded it from above (several times) to confirm.

[tateconcepts]

I think what occurred is I used the same SD card to attempt to start my older unit. It likely took the data from that older camera, which oddly enough stated it was Done! on the newer (the older will no longer get an IP address) when using /proc/self/root/mnt/mmc01/hack. At the moment, I'm able to get what I've shared but that's all. I cannot access any other aspects so far.

[guino]

@tateconcepts you can use the same SD card but before using it on another device you have to format it -- if you mix files for different devices I have no idea what can happen and you can possibly damage the device.

If your older device (4.0.6 firmware) doesn't work without SD card it likely has some sort of hardware issue.

[tateconcepts]

Thanks @guino. I'm pretty sure the device overheated, as some of the plastic towards the top caved inward. The lights still work and it acts like its connecting but I never see an address issued or even a wireless association attempt. I did try that in the other device, it seems to not have phased it a bit and will be returned shortly! Thank you for the replies too! Great work on this, maybe I'll find another older model that I can do this with. I really like the size of this as it's the perfect size for a fish tank.

On Sat, Aug 6, 2022 at 11:55 AM Wagner @.***> wrote:

@tateconcepts https://github.com/tateconcepts you can use the same SD card but before using it on another device you have to format it -- if you mix files for different devices I have no idea what can happen and you can possibly damage the device.

If your older device (4.0.6 firmware) doesn't work without SD card it likely has some sort of hardware issue.

— Reply to this email directly, view it on GitHub https://github.com/guino/Merkury1080P/issues/34#issuecomment-1207246554, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHENJWMIW24OFSIWN4VS6OLVX2KGJANCNFSM54CWAAQQ . You are receiving this because you were mentioned.Message ID: @.***>

[tateconcepts]

Update, 2nd from Amazon. This supplier no longer has working cameras. There's also a subreddit on the geenie site along with other bug bounties that likely caused this to no longer work. I think it's time to do another SPI connection @guino and see if this is even possible on this model.

[guino]

@tateconcepts let me know if I can help with anything. If you can find/post the reddit about the bugs I'd like to take a look too.

[tateconcepts]

I was able to locate a suitable model, the same as described in the article and this worked with the 4.0.7 firmware. The bugs listed were probably already resolved. I saw them earlier in the year. https://github.com/IoT-SP-Lab/Merkury_Geenie_Disclosure

[tateconcepts]

@guino useful tool being covered at BH this year. Might be worth looking into here https://github.com/onekey-sec/unblob