Closed jymbob closed 6 years ago
Hi, I just try tonight, and it doesn't work .. :-(
I wanna hack this model too
I have this model too, I can help you if you need anything tell me
OK I undesstand I am so enthusiastic, in my level :
Post teardown pictures ==> OK, I can do that
Intercept firmware update ==> How to do that ? with what tool ?
I'll see if I can get anything out of the serial console this evening
On Mon, 6 Nov 2017, 15:50 chris777c, notifications@github.com wrote:
OK I undesstand I am so enthusiastic, in my level :
-
Post teardown pictures ==> OK, I can do that
Intercept firmware update ==> How to do that ? with what tool ?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/235#issuecomment-342190368, or mute the thread https://github.com/notifications/unsubscribe-auth/AD9NFRQvurIQfJVaFitZ7BvI7v7QDy13ks5szyq4gaJpZM4P4QLa .
Ok thank you
Hm. Think I've identified the RX and TX pins but my soldering's appalling, so I haven't got to a console yet. It looks like it's using the same SoC as the Mijia 360 720p, which this project has working, however I couldn't get ssh access working on mine, and reflashing the 360 firmware appears to have left me with a non-functional camera - I still have a working one, so I'll persevere for a bit longer!
Thank you for you work
Hi, I also have Chuangmi 720p camera and would like to make it work locally, for example through RTSP, without Internet connection. Do you have any update? thank you
Hi; I also have 3 pcs :-( I was little bit stupid and I didn't think that it is a closed system without open streaming protocolls. Thanks before
the same for me: I found out that it works only through Internet. I hope that, as already done for other Xiaomi cameras, it's possible to load some kind of RTSP server to stream the video locally. I look forward to receiving some good news...
Hi Larry, any news? How did you succeed in connecting serial interface ? thank you
This is very joyful. Could you share the solution of the hacking with we?
Great ! Could you give us details ? Is it possible to load and run a local RTSP server ?
@LarryN3t Could you share the solution? I also wish to connect to this camera. Thanks a lot!
Very great news! Could you please share the solution? It looks like you are the only one that made it.
Thanks a lot!
Please, please share your solution if one exist :-/
This camera make me crazy ...
anyone had solved this?
I ordered one. I will get FH working on if its possible. However gearbest takes a few weeks to get it.
On Fri, Jan 19, 2018 at 4:17 PM, Bernardo Amaral notifications@github.com wrote:
anyone had solved this?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/235#issuecomment-359091370, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOJM-pt6eQuTXcaMIhUarHH8AOxxZK3ks5tMQZegaJpZM4P4QLa .
Thank you for feedback but I tried telnet with putty, his show me "Connection refused"
Yes, absolutely same happened with me too. telnet - l root 192.168.3.101 23 telnet: unable to connect to remote host: Connection refused.
Thank you, it's work, I am extract img from camera.
Where do you take the .img ? The link don't work any more :-(
Where did LarryN3t disappear? His img is working.
So please, where can I found it ? I'm a poor newbies completly lost
This is a link where you can download larryN3t's image for 24 hours. Unfortunetelly my dropbox is full so I can't keep it there.
https://www.dropbox.com/s/qm4squv21ik4bob/tf_recovery.img?dl=0
Thank you very much
Thank you , I 'm reading on your link the procedure to load the new image.
Has anybody tested it ?
@jymbob when you say "For Chuangmi 720 camera download tf_recovery.img, transfer to an SD card and boot" , do you mean to copy " tf_recovery.img" file on the SD without uncompressing it , correct? Should we prepare an sd-card with two partitions as explained below or is not needed ? Could you please clarify? Thank you very much
I haven't actually tried it yet, just repeating what the OP wrote here. I will endeavour to try it and update the readme. As I said, my main concern was making sure the image was accessible somewhere.
If anyone has any feedback, I'm happy to update the readme.
On Tue, 23 Jan 2018, 09:18 rap1, notifications@github.com wrote:
@jymbob https://github.com/jymbob when you say "For Chuangmi 720 camera download tf_recovery.img, transfer to an SD card and boot" , do you mean to copy " tf_recovery.img" file on the SD without uncompressing it , correct? Should we prepare an sd-card with two partitions as explained below or is not needed ? Could you please clarify? Thank you very much
— You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/235#issuecomment-359728394, or mute the thread https://github.com/notifications/unsubscribe-auth/AD9NFQUCj9S0nuz6wLKWRxyTJ7B3TbLYks5tNaPQgaJpZM4P4QLa .
Try https://sourceforge.net/projects/win32diskimag to er/files/latest/download To copy the .img to the SD card Choose the file, the destination, and click write I'm trying to see how tell the cam to boot to the SDcard
Thank you lilipfem ! Let us know if you succeed in booting from the SD card
No it's does'nt work. It's not a boutable image :-(
Found some time. You don't need to unpack the image. Simply put it on the root of an SD card. The camera checks for this file on bootup
Steps to get telnet access:
Given we now have root access, we should hopefully be able to run a local RTSP server.
On Tue, 23 Jan 2018 at 13:57 lilipfem notifications@github.com wrote:
No it's does'nt work. It's not a boutable image :-(
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/235#issuecomment-359798144, or mute the thread https://github.com/notifications/unsubscribe-auth/AD9NFb_h2FRTWpOcc7EsI0PscilfLc1eks5tNeVVgaJpZM4P4QLa .
Great news ! Thank you very much for sharing the procedure :) Maybe the RTSP server is already present in the image (url: rtsp://device-ip/unicast) , could it be ?
Thank you @jymbob for your help. I can now open tenet on the cam and that's all :-( i answer root for the login and after only a # prompt Everywhere i saw that i would have to connect with a url like http://192.168.1.19/cgi-bin/status
Else i try with VideoStation of Synology and vlc and nothing work
..how did you format the SD ? FAT16, FAT32 or other ?
If the question is for me, FAT32 ...
I also have a FAT32 formatted SD and now I can also open telnet on the cam :) Now we should understand how to run a local RTSP server..
Following this with anticipation! I have gotten telnet working, whats involved in getting an rtsp server running, i know a bit of linux stuff but not so much about these prebuilt firmware images. Happy to help if anyone can point me in the right direction.
I’m also stuck after i got telnet access.
Next
But when I used http://192.168.1.9/cgi-bin/status nothing happens. Also http://192.168.1.9/cgi-bin/hello.cgi is not doing anything.
However, I can make a telnet connection. Is there a way to activate the hack using telnet? Or I’m doing something wrong. The current firmware on my camera is 3.3.6_2017092810 and the camera is still working using the app
The fang hack is designed for different firmware. I'm talking with the guys who hacked the mijia 1080 which is similar firmware. It looks like we need to recompile the rtsp library against the SoC SDK. I've had some success getting a few things running manually on the camera (ssh, httpd) but we're still a way off a nice turnkey solution. There are a lot of parts to the process which are new to me, and I've only got limited time available. If anyone has experience creating uboot images that'd be a great help.
On Sun, 28 Jan 2018, 23:08 Tom Steenbakkers, notifications@github.com wrote:
I’m also stuck after i got telnet access. I format a SD card with FAT32 and but the image tf_recovery.img on it. Switch off the camera. Put the SD card in the camera and power it on. When the blue light stopped blinking I checked with Fing and now the telnet protocol is there on port 23. Next I removed the card, and downloaded the Image to write directly to a sd-card using Win32 Disk Imager. The I removed the power from the camera, but the power back on and when the blue light stopped blinking I inserted the card. But when I used http://192.168.1.9/cgi-bin/status nothing happens. Also http://192.168.1.9/cgi-bin/hello.cgi is not doing anything. However, I can make a telnet connection. Is there a way to activate the hack using telnet? Or I’m doing something wrong. The current firmware on my camera is 3.3.6_2017092810 and the camera is still working using the app
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/235#issuecomment-361105092, or mute the thread https://github.com/notifications/unsubscribe-auth/AD9NFQmxUink5bNN0pHleQ1Eg3_9jtguks5tPP34gaJpZM4P4QLa .
I noticed that on Fang hacks, they use "snx_rtsp_server", we could try to use the same executable and see if it runs, or if we need to recompile it , where can we find the SoC SDK ? @jymbob did you have any news from the guys who hacked the mijia 1080 ?
I've found what looks like an SDK for the Grain Media chipset (I don't know any Chinese). A search for "gm813x sdk" should give you some download links. The rtsp server for the mijia 1080p is here
Is there any news ? A solution founded ?
not yet, has anyone found a solution for loading RTSP server ?
Hi any progress with RTSP server?
Hi. Any good news?
Just picked up a pair of "Chuangmi" cameras from GearBest - https://www.gearbest.com/ip-cameras/pp_701750.html
They're using the same app, and appear to be very similar in setup.
My FTDI is in the post so I may be able to provide some debugging information if that's helpful.