Closed marine1988 closed 4 years ago
Hi @marine1988
I deprecated my project because @fliphess had done more work and was continuing the project. I wasn't aware they'd taken their repo offline. I'll see if I can get in touch and find their latest version.
So, it looks like the old project has been archived but is still available here: https://github.com/fliphess/miicam
I've also forked it so if that goes offline there's still a copy available
I've archived the project because I was made aware that there are a few serious security vulnerabilities in the firmware that I cannot fix without building a new buildroot, a self-build custom linux image for the camera and at this moment I don't think it's worth the time and effort for a 12 dollar camera that is too lightweight to add some real useful features like live camera viewing.
I don't want to be the cause of the next worldwide DDOS attack that is using cheap underdeveloped Chinese camera's, so I think it's better to archive the project and move on with our lives: You can buy much better alternatives that support a fully open source firmware at the moment.
In a few years I might start building on a custom buildroot image to build a very low feature rtsp + auth + tls only camera project without all the additional requirements but until then I wouldn't recommend using my firmware anymore as it's too old.
Sorry, I had a lot of fun and learned a lot working on the project, but my camera's are now in the same box as my old casette player, my VCR and my pager :)
12$ can be a lot for some people :( but nyes You now have better cameras!
I must admit $12 might sounds like a nice price for a cheap camera, but instead you should ask yourself: What is included in the package for that price? And the answer to that question is a bit unsettling as it's not much.
The main problem here is that the security of the product is included in the price of the software. In other words: there hasn't been much effort to secure the camera and as a result the consequences of that "price reduction" are not with the original developers but instead with the users of the camera.
With that in mind, I currently don't feel comfortable working on the camera anymore as it is just a matter of time before things go very bad and eventually the results of said very bad will be partly my problem. (Either as a developer or indirect as an internet user)
If I can't solve these issues or if I don't feel responsible for these security issues (even though introduced by the original creators) while still offering this custom firmware to users, I'm a big part of a problem I don't want to be part of and in that case it's better to deprecate the project than to keep continuing working on it while offering a fake sense of security.
I don't want to say: "It's all your own responsibility", (even though the software is delivered "as is") because that will be the same thing the original creators did: Make something crappy, ship it and let other people carry the damage.... That's just not how I want it to be, as there is already enough crappy electronics made just for self-enrichment on the market.
@fliphess I have three chuangmi cameras and, of course, it's sad news that you close this project. Especially after they updated the firmware and now old hacks doesn't work (at least for me) and they won't downgrade. But you are right about "own responsibility" and I think everybody should respect that. What camera can you suggest instead? I can't find any open-source camera on the market, probably you can suggest something?
@badggit Have a look at the dafang project: They use their own buildroot and are able to update even the device drivers and the kernel :)
They have the same problem of original firmware creators trying to block their alternative, but it's still manageable and as the hardware is much faster, it can handle some cool things like live viewing and fast snapshotting :)
@fliphess thanks, of course I saw that repo, but I think it's almost the same way - endless fight with Xiaomi and co. And in fact, Xiaomi wins, as I understand, because they don't have a new signature for the last 2 years. I thought you know some good inexpensive non-Xiaomi cameras with open-source software.
About hardware - I have two types of Chuangmi cameras: CMSXJ17A (Xiaobai Smart Camera 1080p) and CMSXJ27A (Imilab C10). Both can provide 1080p in real-time and the hardware looks not that bad imho. The only problem is that they won't work without internet connections (I blocked them on my router) and that is unsecure. Unfortunately, I can't find a hack to fix that. Also tried your https://github.com/fliphess/miicam and https://github.com/epalzeolithe/chuangmi-720p-hack hacks, but without any luck - cameras just ignore tf_recovery.img and rename it to tf_recovery.img.bak No idea what should I do now :(
Just throw em away :)
Hehe, not that fast! Actually, CMSXJ17A is pretty good camera, because I also received an old CMSXJ01C 720p camera and now I understand why you advice to throw it in the trash :)) The good news is that I hacked it almost without the problem, so now I have CMSXJ01C with working RTSP - thanks to you and your firmware! Let's see if I can do the same with CMSXJ17A, because it's quality is much better. But probably they using new signature and it's impossible to hack the bootloader.
I still have that camera and you firmware is the only way to connect it do home assistant . So if you dont want too keep going with project because you have money to buy batter cameras please let the other people use your code!