search

mcchas / g2h-camera-mods

Modifying the G2H camera with rtsp, security and not to call home
MIT License
107 stars 14 forks source link

Hostname script not enabling RTSP #7

Closed alukii closed 3 years ago

alukii commented 3 years ago

Hi,

First off, thanks for taking the time to do this! Telnet access was successful.

Was unable to get RTSP running using the hostname file. After a few hours of tinkering i noticed that the changes weren't being made the the relevant files.

The line test -f /etc/tar_app.sh_save || cat << EOF > /etc/tar_app.sh doesn't change tar_app.sh as the save file is created in the earlier command and this only executes if the save file isn't there.

Same for the previous command test -f /etc/normal.xml_save || cat << EOF > /etc/normal.xml

I modified it to execute by changing to test -f /etc/tar_app.sh_save && cat << EOF > /etc/tar_app.sh and test -f /etc/normal.xml_save && cat << EOF > /etc/normal.xml

Not sure if there is something i'm missing.

However I have a problem that i hope you might be able to shed some light on. During this time tinkering, a simple copy paste error meant that I now have an unbootable device.

Modifying the tar_app.sh file, I missed the cd off cd /local. So i think it did a chmod on root /. So now during boot i get init: skipping insecure file /init.rc so it hangs and nothing loads.

Wondering if you have any ideas on how i could recover from this? I'm a bit over my head on this one.

Thanks again for your work!

[edit]

Seems i was mistaken.. Hexdump code is fine.

mcchas commented 3 years ago

The instructions were not that clear in this area (this was all hacked together in a day) - but if you run the script it won't be possible to re run it without manually deleting those save files. That file test logic is there to prevent the files been written to twice.

Sounds like you definitely may have made init world writable. As the bootloader is locked there is no real interactive way in. If you scan through the firmware it may be possible to boot directly from the SD card... otherwise you might need to remove the flash and modify the permissions this way - it's is easier than it sounds!

alukii commented 3 years ago

Thanks. I just can't see the logic that actually writes to /etc/normal.xml and /etc/tar_app.sh as the first command copies the file to _save and the second command only runs if the _save file isn't there, which it always will be from the first command.

Something like this makes more sense to me, which i have put in mine. test -f normal.xml_save || cp normal.xml normal.xml_save && cat << EOF > normal.xml .......

Ok, down the rabbit hole i go... I assume i will need a SPI flash programmer, so i just ordered a CH341A USB module.

I guess that i will need to mount the mtdblock partition for rootfs and modify permissions that way? Any references you can recommend to read up on while i wait for it to arrive?

ads1230 commented 3 years ago

test -f /etc/normal.xml_save || cp /etc/normal.xml /etc/normal.xml_save && cat << EOF > /etc/normal.xml

if _save is not found then make save and write new normal.xml

Not tested, in theory it should resolve the issue.

alukii commented 3 years ago

Yes that’s what I’m using and it works

mcchas commented 3 years ago

Thanks. I just can't see the logic that actually writes to /etc/normal.xml and /etc/tar_app.sh as the first command copies the file to _save and the second command only runs if the _save file isn't there, which it always will be from the first command.

That's a great point, these commands would never run, I'll fix this. I'm surprised you're the first to find this problem!

Ok, down the rabbit hole i go... I assume i will need a SPI flash programmer, so i just ordered a CH341A USB module.

You won't need a programmer, you can use a raspberry Pi (or even esp8266, I used a PI Zero) and a SOIC clip. I recommend the Pi as the flash will connect directly to its SPI interface and tools are readily available on raspbian OS.

mcchas commented 3 years ago

I guess that i will need to mount the mtdblock partition for rootfs and modify permissions that way? Any references you can recommend to read up on while i wait for it to arrive?

Sounds like a good place to start. My first thought would be to backup the flash and then poke around but a fail-safe method might be to restore a known good firmware image over the top. I can send you one if needed

alukii commented 3 years ago

You won't need a programmer, you can use a raspberry Pi (or even esp8266, I used a PI Zero) and a SOIC clip. I recommend the Pi as the flash will connect directly to its SPI interface and tools are readily available on raspbian OS.

Ok. Got one any, was cheap and has a SOIC clip. Was just going to hook it up to my server, but have a PI4 and some esp8266's laying around.

Sounds like a good place to start. My first thought would be to backup the flash and then poke around but a fail-safe method might be to restore a known good firmware image over the top. I can send you one if needed

Thanks.. Will see how i go and will let you know. Did you just pry it open after taking of the bottom mount?

mcchas commented 3 years ago

Did you just pry it open after taking of the bottom mount?

Yes it comes apart fairly easily