Closed jonesMeUp closed 2 years ago
I just tried the hash site for telnet password and it worked fine on my device ( https://unix4lyfe.org/crypt/ as provided in step 9), that is assuming you used the 'Calculate' button in front of the 'DES Crypt' label. If this is different on your camera it may be helpful to figure out what's different. The hash on these devices should be something like 'UU8EbDbJeGJwM' -- I don't believe it supports the MD5 type hashes.
i came from the merkury 1080p site where i got the new files and went back here to do the hack.
my divice is a Smart Home Camera Bell 8S
with softwareversion 4.0.7
and busyBox v1.20.2
perhaps its only on newer devices with newer busybox, i don't know.
but the merkury720 way didn't worked for me. i used the des crypt, not the md5.
p.s: forgot my raspiZero keyboard adapter in the usb slot and it colsed the topic for me :(
@jonesMeUp I only have a Merkury720 (2.7.6) and a Bell 8S (2.9.6) so it is possible that 4.x firmware may have something different but I had not heard any complaints about not being able to use telnet with password until now. I'll keep this in mind and point anyone with issues to try what you posted - thanks.
well, it seems that i have a bitchy device, ppsapp makes also problems here. it runs flawless without hack, but when i insert the sd-card with the hack, it needs 1-2min and it reboots. the log is full off connection tries to tuya server. looks to me if its a kind of panic button: "lets restart and i can talk to tuya again..." but as i use dmesg for the ring event i can live without ppsapp, but motion detection would be nice, of course...
thanks for your great project
the "no password" solution for telnet is still working, but generating the hash for the paswd file doesn't work here anymore. solution: generate a new password by
passwd -a des admin
and copy the /etc/passwd and /etc/shadow file to /mnt/mmc01/ change custom.sh to copy them back to /etc/ now telnet and ssh can be used with the new password.