search

guino / Merkury1080P

Merkury1080P (CW017) Rooting and Customization
77 stars 16 forks source link

Bullet 4S Merkury firmware version: ppstrong-a3-tuya2_merkury-4.0.6.20210310 WITHOUT patched ppsapp #9

Closed williamkennyAK closed 2 years ago

williamkennyAK commented 2 years ago

Here's the output of deviceinfo:

{ "devname":"Smart Home Camera", "model":"Bullet 4S", "serialno":"101088550", "softwareversion":"4.0.6", "hardwareversion":"B4S_V10_A2_2063", "firmwareversion":"ppstrong-a3-tuya2_merkury-4.0.6.20210310", "identity":"M3R0019H5701608572", "authkey":"LB7x0ANcVo7AEwEA1JqPr8KzUP44V2sv", "deviceid":"pp0196ff4a66aeecd128", "pid":"aaa", "WiFi MAC":"84:7a:b6:87:67:35", "ETH MAC":"00:00:00:00:00:00" }

Attached is my ppsapp (zip)

I've been banging my head on the wall trying to patch it and it just keeps rebooting over and over on me.

There does seem to be a match that I've tried, but it just does not work...

Thank you!!! --deleted--

williamkennyAK commented 2 years ago

I'm going to self-close this... Turns out this version already supports ONVIF out of the box. No need to patch ppsapp, just enable onvif_enable=1 in tuya_config.json.

williamkennyAK commented 2 years ago

Confirmed on a second camera.

To recreate, I followed all the steps until patching ppsapp then did the following:

1) telnet into camera 2) modify /home/cfg/tuya_config.json (a) change onvif_enable=0 to onvif_enable=1 (b) change onvif_pwd to the password you wish (plaintext) 3) run the following command: set onvif_enable 1 4) reboot by running the reboot command

That's it, once it rebooted you can access the rtsp stream.

I used the following program to determine the rtsp stream addresses: https://github.com/paullouisageneau/gsoap-onvif

Here's the output:

[2021-09-23 23:36:06] [main.cpp] [26] {error:3 faultstring:Validation constraint violation: tag name or namespace mismatch in element 'env:Fault' faultcode:SOAP-ENV:Sender faultsubcode:(null) faultdetail:(null)} [2021-09-23 23:36:06] [main.cpp] [115] {-------------------Device-------------------} [2021-09-23 23:36:06] [main.cpp] [116] {XAddr:http://192.168.2.207:8000/onvif/device_service} [2021-09-23 23:36:06] [main.cpp] [118] {-------------------Network-------------------} [2021-09-23 23:36:06] [main.cpp] [119] {IPFilter:Y} [2021-09-23 23:36:06] [main.cpp] [120] {ZeroConfiguration:Y} [2021-09-23 23:36:06] [main.cpp] [121] {IPVersion6:Y} [2021-09-23 23:36:06] [main.cpp] [122] {DynDNS:Y} [2021-09-23 23:36:06] [main.cpp] [124] {-------------------System-------------------} [2021-09-23 23:36:06] [main.cpp] [125] {DiscoveryResolve:N} [2021-09-23 23:36:06] [main.cpp] [126] {DiscoveryBye:Y} [2021-09-23 23:36:06] [main.cpp] [127] {RemoteDiscovery:Y} [2021-09-23 23:36:06] [main.cpp] [133] {SupportedVersions:} [2021-09-23 23:36:06] [main.cpp] [137] {2.20 } [2021-09-23 23:36:06] [main.cpp] [141] {} [2021-09-23 23:36:06] [main.cpp] [144] {SystemBackup:N} [2021-09-23 23:36:06] [main.cpp] [145] {FirmwareUpgrade:N} [2021-09-23 23:36:06] [main.cpp] [146] {SystemLogging:N} [2021-09-23 23:36:06] [main.cpp] [148] {-------------------IO-------------------} [2021-09-23 23:36:06] [main.cpp] [149] {InputConnectors:-2075307872} [2021-09-23 23:36:06] [main.cpp] [150] {RelayOutputs:-2075307840} [2021-09-23 23:36:06] [main.cpp] [152] {-------------------Security-------------------} [2021-09-23 23:36:06] [main.cpp] [153] {TLS1.1:N} [2021-09-23 23:36:06] [main.cpp] [154] {TLS1.2:N} [2021-09-23 23:36:06] [main.cpp] [155] {OnboardKeyGeneration:N} [2021-09-23 23:36:06] [main.cpp] [156] {AccessPolicyConfig:N} [2021-09-23 23:36:06] [main.cpp] [157] {X.509Token:N} [2021-09-23 23:36:06] [main.cpp] [158] {SAMLToken:N} [2021-09-23 23:36:06] [main.cpp] [159] {KerberosToken:N} [2021-09-23 23:36:06] [main.cpp] [160] {RELToken:N} [2021-09-23 23:36:06] [main.cpp] [183] {-------------------Media-------------------} [2021-09-23 23:36:06] [main.cpp] [184] {XAddr:http://192.168.2.207:8000/onvif/Media} [2021-09-23 23:36:06] [main.cpp] [186] {-------------------streaming-------------------} [2021-09-23 23:36:06] [main.cpp] [187] {RTPMulticast:Y} [2021-09-23 23:36:06] [main.cpp] [188] {RTP_TCP:Y} [2021-09-23 23:36:06] [main.cpp] [189] {RTP_RTSP_TCP:Y} [2021-09-23 23:36:06] [main.cpp] [196] {-------------------PTZ-------------------} [2021-09-23 23:36:06] [main.cpp] [197] {XAddr:http://192.168.2.207:8000/onvif/PTZ} [2021-09-23 23:36:06] [main.cpp] [26] {error:401 faultstring:HTTP Error faultcode:SOAP-ENV:Server faultsubcode:SOAP-ENV:Server faultdetail:HTTP/1.1 401 Not Unauthorized} [2021-09-23 23:36:06] [main.cpp] [239] {-------------------NetworkInterfaces-------------------} [2021-09-23 23:36:06] [main.cpp] [240] {IPCNetwork} [2021-09-23 23:36:06] [main.cpp] [241] {84-7a-b6-88-10-05} [2021-09-23 23:36:06] [main.cpp] [275] {-------------------MediaProfiles-------------------} }2021-09-23 23:36:06] [main.cpp] [278] {profile0:MainStream Token:IPCProfilesToken0 [2021-09-23 23:36:06] [main.cpp] [288] {RTSP URI:rtsp://192.168.2.207:8554/Streaming/Channels/101} }2021-09-23 23:36:06] [main.cpp] [278] {profile1:SubStream Token:IPCProfilesToken1 [2021-09-23 23:36:06] [main.cpp] [288] {RTSP URI:rtsp://192.168.2.207:8554/Streaming/Channels/102} [2021-09-23 23:36:06] [main.cpp] [314] {-------------------VideoEncoderConfigurations-------------------} [2021-09-23 23:36:06] [main.cpp] [26] {error:401 faultstring:HTTP Error faultcode:SOAP-ENV:Server faultsubcode:SOAP-ENV:Server faultdetail:HTTP/1.1 401 Not Unauthorized} [2021-09-23 23:36:06] [main.cpp] [332] {Encoding:ttVideoEncodingH264} [2021-09-23 23:36:06] [main.cpp] [336] {name:VideoEncoderConfig0 UseCount:1 token:VideoEncoderConfigToken0 } [2021-09-23 23:36:06] [main.cpp] [338] {Width:1920 Height:1080 } [2021-09-23 23:36:06] [main.cpp] [26] {error:401 faultstring:HTTP Error faultcode:SOAP-ENV:Server faultsubcode:SOAP-ENV:Server faultdetail:HTTP/1.1 401 Not Unauthorized} [2021-09-23 23:36:06] [main.cpp] [332] {Encoding:ttVideoEncodingH264} [2021-09-23 23:36:06] [main.cpp] [336] {name:VideoEncoderConfig1 UseCount:1 token:VideoEncoderConfigToken1 } [2021-09-23 23:36:06] [main.cpp] [338] {Width:640 Height:360 }

And Bob's your uncle you have an ONVIF camera that you can now integrate with tensorflow and other utilities... I personally use motioneye and doods along with home assistant. i detect motion with motioneye, send a webhook to home assistant, this triggers doods (tensorflow) which detects objects in frame during motion. If it detects objects, it then sends me a notification via telegram. HIKVISION charges 200-300 per camera for a 1080p camera with less configurable software.

guino commented 2 years ago

@williamkennyAK nice instructions, glad you got it going -- I am just now preparing a patch which seems like it's not required. Sorry I didn't reply earlier I had a hell of a bad day at work yesterday...

williamkennyAK commented 2 years ago

Totally understand. I'm just enjoying exploring these cameras. Cheap, but decent quality.

Thanks for the amazing work, my man.

Marko9831 commented 2 years ago

Confirmed on a second camera.

To recreate, I followed all the steps until patching ppsapp then did the following:

1. telnet into camera

2. modify /home/cfg/tuya_config.json
   (a) change onvif_enable=0 to onvif_enable=1
   (b) change onvif_pwd to the password you wish (plaintext)

3. run the following command:
   set onvif_enable 1

4. reboot by running the reboot command

That's it, once it rebooted you can access the rtsp stream.

I used the following program to determine the rtsp stream addresses: https://github.com/paullouisageneau/gsoap-onvif

Here's the output:

[2021-09-23 23:36:06] [main.cpp] [26] {error:3 faultstring:Validation constraint violation: tag name or namespace mismatch in element 'env:Fault' faultcode:SOAP-ENV:Sender faultsubcode:(null) faultdetail:(null)} [2021-09-23 23:36:06] [main.cpp] [115] {-------------------Device-------------------} [2021-09-23 23:36:06] [main.cpp] [116] {XAddr:http://192.168.2.207:8000/onvif/device_service} [2021-09-23 23:36:06] [main.cpp] [118] {-------------------Network-------------------} [2021-09-23 23:36:06] [main.cpp] [119] {IPFilter:Y} [2021-09-23 23:36:06] [main.cpp] [120] {ZeroConfiguration:Y} [2021-09-23 23:36:06] [main.cpp] [121] {IPVersion6:Y} [2021-09-23 23:36:06] [main.cpp] [122] {DynDNS:Y} [2021-09-23 23:36:06] [main.cpp] [124] {-------------------System-------------------} [2021-09-23 23:36:06] [main.cpp] [125] {DiscoveryResolve:N} [2021-09-23 23:36:06] [main.cpp] [126] {DiscoveryBye:Y} [2021-09-23 23:36:06] [main.cpp] [127] {RemoteDiscovery:Y} [2021-09-23 23:36:06] [main.cpp] [133] {SupportedVersions:} [2021-09-23 23:36:06] [main.cpp] [137] {2.20 } [2021-09-23 23:36:06] [main.cpp] [141] {} [2021-09-23 23:36:06] [main.cpp] [144] {SystemBackup:N} [2021-09-23 23:36:06] [main.cpp] [145] {FirmwareUpgrade:N} [2021-09-23 23:36:06] [main.cpp] [146] {SystemLogging:N} [2021-09-23 23:36:06] [main.cpp] [148] {-------------------IO-------------------} [2021-09-23 23:36:06] [main.cpp] [149] {InputConnectors:-2075307872} [2021-09-23 23:36:06] [main.cpp] [150] {RelayOutputs:-2075307840} [2021-09-23 23:36:06] [main.cpp] [152] {-------------------Security-------------------} [2021-09-23 23:36:06] [main.cpp] [153] {TLS1.1:N} [2021-09-23 23:36:06] [main.cpp] [154] {TLS1.2:N} [2021-09-23 23:36:06] [main.cpp] [155] {OnboardKeyGeneration:N} [2021-09-23 23:36:06] [main.cpp] [156] {AccessPolicyConfig:N} [2021-09-23 23:36:06] [main.cpp] [157] {X.509Token:N} [2021-09-23 23:36:06] [main.cpp] [158] {SAMLToken:N} [2021-09-23 23:36:06] [main.cpp] [159] {KerberosToken:N} [2021-09-23 23:36:06] [main.cpp] [160] {RELToken:N} [2021-09-23 23:36:06] [main.cpp] [183] {-------------------Media-------------------} [2021-09-23 23:36:06] [main.cpp] [184] {XAddr:http://192.168.2.207:8000/onvif/Media} [2021-09-23 23:36:06] [main.cpp] [186] {-------------------streaming-------------------} [2021-09-23 23:36:06] [main.cpp] [187] {RTPMulticast:Y} [2021-09-23 23:36:06] [main.cpp] [188] {RTP_TCP:Y} [2021-09-23 23:36:06] [main.cpp] [189] {RTP_RTSP_TCP:Y} [2021-09-23 23:36:06] [main.cpp] [196] {-------------------PTZ-------------------} [2021-09-23 23:36:06] [main.cpp] [197] {XAddr:http://192.168.2.207:8000/onvif/PTZ} [2021-09-23 23:36:06] [main.cpp] [26] {error:401 faultstring:HTTP Error faultcode:SOAP-ENV:Server faultsubcode:SOAP-ENV:Server faultdetail:HTTP/1.1 401 Not Unauthorized} [2021-09-23 23:36:06] [main.cpp] [239] {-------------------NetworkInterfaces-------------------} [2021-09-23 23:36:06] [main.cpp] [240] {IPCNetwork} [2021-09-23 23:36:06] [main.cpp] [241] {84-7a-b6-88-10-05} [2021-09-23 23:36:06] [main.cpp] [275] {-------------------MediaProfiles-------------------} }2021-09-23 23:36:06] [main.cpp] [278] {profile0:MainStream Token:IPCProfilesToken0 [2021-09-23 23:36:06] [main.cpp] [288] {RTSP URI:rtsp://192.168.2.207:8554/Streaming/Channels/101} }2021-09-23 23:36:06] [main.cpp] [278] {profile1:SubStream Token:IPCProfilesToken1 [2021-09-23 23:36:06] [main.cpp] [288] {RTSP URI:rtsp://192.168.2.207:8554/Streaming/Channels/102} [2021-09-23 23:36:06] [main.cpp] [314] {-------------------VideoEncoderConfigurations-------------------} [2021-09-23 23:36:06] [main.cpp] [26] {error:401 faultstring:HTTP Error faultcode:SOAP-ENV:Server faultsubcode:SOAP-ENV:Server faultdetail:HTTP/1.1 401 Not Unauthorized} [2021-09-23 23:36:06] [main.cpp] [332] {Encoding:ttVideoEncodingH264} [2021-09-23 23:36:06] [main.cpp] [336] {name:VideoEncoderConfig0 UseCount:1 token:VideoEncoderConfigToken0 } [2021-09-23 23:36:06] [main.cpp] [338] {Width:1920 Height:1080 } [2021-09-23 23:36:06] [main.cpp] [26] {error:401 faultstring:HTTP Error faultcode:SOAP-ENV:Server faultsubcode:SOAP-ENV:Server faultdetail:HTTP/1.1 401 Not Unauthorized} [2021-09-23 23:36:06] [main.cpp] [332] {Encoding:ttVideoEncodingH264} [2021-09-23 23:36:06] [main.cpp] [336] {name:VideoEncoderConfig1 UseCount:1 token:VideoEncoderConfigToken1 } [2021-09-23 23:36:06] [main.cpp] [338] {Width:640 Height:360 }

And Bob's your uncle you have an ONVIF camera that you can now integrate with tensorflow and other utilities... I personally use motioneye and doods along with home assistant. i detect motion with motioneye, send a webhook to home assistant, this triggers doods (tensorflow) which detects objects in frame during motion. If it detects objects, it then sends me a notification via telegram. HIKVISION charges 200-300 per camera for a 1080p camera with less configurable software.

What password you use? http://admin:056565099 or http://admin:admin. dos not work. i got the same deviceinfo

guino commented 2 years ago

@Marko9831 you say you got the same deviceinfo from https://github.com/guino/Merkury1080P/issues/9#issue-1005143479 -- in order to get that deviceinfo you must have used http://admin:056565099@ip/devices/deviceinfo or http://admin:admin@ip/devices/deviceinfo -- that user/password combination is only used for the URLs when applying the hack and is used for nothing else after that. The onvif/rtsp user in that firmware is admin and the password is whatever is listed in /home/cfg/tuya_config.json -- the RTSP url should be what was displayed in the log above: rtsp://admin:password@192.168.2.207:8554/Streaming/Channels/101 and rtsp://admin:password@192.168.2.207:8554/Streaming/Channels/102 (admin:056565099 will not work on rtsp). You can probably check the password using this URL: http://admin:056565099@IP/proc/self/root/home/cfg/tuya_config.json (or using admin as password if necessary) -- you should look for the value 'onvif_pwd' in the response.

sanscorp1 commented 2 years ago

I cannot find tuya_config.json in /home/cfg/ When I try the patched repo I also get a bootloop. Without the patched ppsapp in the root of the SD the camera is working.

Do I create the json file or should I look elsewhere?

afleuryg commented 2 years ago

You have to register the camera with the Tuya app to have the tuya_config.json file created in /home/cfg. Also, I wouldn't run the camera without registering it, as if it's not configured, it only launches a process that parse whatever content is shown to the camera to find a wifi configuration QR-Code. The PPStrong app is not launched, and so there is no ONVIF stream.

sanscorp1 commented 2 years ago

Thank you, I got the awnser from Guino earlier and it is working flawlessly now.

afleuryg commented 2 years ago

Thank you, I got the awnser from Guino earlier and it is working flawlessly now. Sorry, just found his comment and your success (in issue #21) after replying to this. I was just pecking around to see if someone found another option to integrate/extract the rstp stream, and as I had the problem with the json file earlier, I thought it would be nice to have the answer below the question... ;-)

sanscorp1 commented 2 years ago

This also works for the mini 16S softwareversion 5.2.4 hardwareversion M16S_A2_V10_MIS firmwareversion ppstrong-a3-tuya2_lsc-5.2.4.20211015

The hack isn't working, it does not copy the ppsapp nor does it look at custom.sh.

guino commented 2 years ago

@sanscorp1 the message above is unclear about what works or not but on the other issue you said you can telnet and use rtsp by modifying the json file - please just update the other issue with details from now on: https://github.com/guino/Merkury1080P/issues/23

sanscorp1 commented 2 years ago

Sorry, I will clarify the topic. This is a new camera, other model then the issues before.

Op zo 20 feb. 2022 16:48 schreef Wagner @.***>:

@sanscorp1 https://github.com/sanscorp1 the message above is unclear about what works or not but on the other issue you said you can telnet and use rtsp by modifying the json file - please just update the other issue with details from now on: #23 https://github.com/guino/Merkury1080P/issues/23

— Reply to this email directly, view it on GitHub https://github.com/guino/Merkury1080P/issues/9#issuecomment-1046265832, or unsubscribe https://github.com/notifications/unsubscribe-auth/AH7NJKXQM5Q7KQXHMJFNVS3U4EELJANCNFSM5ETDIK7A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

richaardvark commented 2 years ago

For those of us new to this/who haven't used telnet since like Windows 95/98 lol, how the heck do I modify the file? It seems like I either have to load some sort of small python editing program onto the device or have to export the file to my client/machine somehow and then use wget and an ftp server on my PC to then again send the file back to the camera? So confused...

guino commented 2 years ago

@richaardvark you can view/modify the config file like this:

login by telnet (assuming you configured it using provided steps) execute cp /home/cfg/tuya_config.json /mnt/mmc01 remove card, place it on computer, edit line in tuya_config.json from "onvif_enable": 0, to "onvif_enable": 1 , save and eject card properly insert card on device, wait a few seconds (i.e. 10s) so the card is mounted execute cp /mnt/mmc01/tuya_config.json /home/cfg Wait 10 seconds to flush cache & reboot device.

richaardvark commented 2 years ago

@richaardvark you can view/modify the config file like this:

login by telnet (assuming you configured it using provided steps) execute cp /home/cfg/tuya_config.json /mnt/mmc01 remove card, place it on computer, edit line in tuya_config.json from "onvif_enable": 0, to "onvif_enable": 1 , save and eject card properly insert card on device, wait a few seconds (i.e. 10s) so the card is mounted execute cp /mnt/mmc01/tuya_config.json /home/cfg Wait 10 seconds to flush cache & reboot device.

Thank you very much! I figured the cp command would be useful but I couldn't figure out how to find some sort of of file structure bridge between the two file systems but that makes sense now, using /mnt/mmc01.

I was also able to eventually figure out that the "vi" command/small text editor tool is present in Busybox/the camera's OS environment as well so I was able to use that to directly modify the tuya_config.json file without having to extract it to my PC, edit it, and then send the modified version back to the camera. Reposting the instructions from @williamkennyAK from above, I'll include the actual commands I entered for anyone else who might find this helpful (update with your device's own actual IP of course):

  1. telnet into camera

telnet 192.168.1.242

  1. modify /home/cfg/tuya_config.json (a) change onvif_enable=0 to onvif_enable=1 (b) change onvif_pwd to the password you wish (plaintext)

vi /home/cfg/tuya_config.json (then use the arrow keys to navigate down from the top of the file to the onvif_enable line and change the 0 to 1. To exit the vi text editor and save your changes, press the escape key and then type ":wq" and press enter.)

  1. run the following command: set onvif_enable 1

set onvif_enable 1

  1. reboot by running the reboot command

reboot

Edit: Came back to say make sure in addition to setting onvif_enable=1 in tuya_config.sh as described above also make sure you have uncommented the onvif line in the custom.sh file:

#/mnt/mmc01/set onvif_enable 1 --> /mnt/mmc01/set onvif_enable 1

I hadn't done that at first. I really wish all these steps could be in one place but I realize it's hard to make that happen given everyone likely/potentially has different hardware/firmware/etc. And this whole thing developed organically as you and others discovered new features/workarounds etc.

guino commented 2 years ago

@richaardvark is it working now? if so, that's all that matters

richaardvark commented 2 years ago

@richaardvark is it working now? if so, that's all that matters

rtsp is working but I can't for the life of me get snap or mjpeg to work :( I tried patching it myself but ran into a dead end. I made a new issue here for my firmware/hardware version.

Tomatensaft9000 commented 2 years ago

hi, how to telnet into camera?

guino commented 2 years ago

@Tomatensaft9000 only way to telnet into the camera is to root it with the steps described here (Assuming you have a Merkury 1080P camera): https://github.com/guino/Merkury1080P#conclusion