Open kulokoy opened 6 years ago
samtap
commented
6 years ago I'm sure it runs as it's the same hardware but they will likely block device-id if it's not sold by them (same as iSmartAlarm).
I've contacted them to ask about open-source community/support. It would be nice to join forces, as they do sell a device that makes extensive use of open-source software (Linux) already.
kulokoy
commented
6 years ago That's what i thought, it could be the same as the ismartalarm that they selling here in europe but 3x higher price than the wyze cam. Hopefully someone could port it to xiaofang. As what you said its better if they will provide open source code of the FW..
tomsbrinkis
commented
6 years ago I really hope, someone could make this happen - port Wyze firmware to xiaomi cameras, becaus i have 3 cameras at home that does not work.
samtap
commented
6 years ago According to Wyze they're using the same design, but different components inside. Someone should do a teardown guide with pics so we can check the differences. I doubt there're much differences, perhaps a different wifi chip?
jat255
commented
6 years ago Hi everyone, I was previously unfamiliar with this project, but I scooped up one of the Wyze cams and it arrived last night. I disassembled it to see what was inside, and took some photos of the journey. Hopefully they can be of some help in figuring out if this camera will be compatible. The photos are in an imgur album. Let me know if you have any questions on the hardware side!
samtap
commented
6 years ago Thanks, looks identical and even has the same PCB markings like iSC which clearly refers to iSmartAlarm Cam or whatever.. Would you happen to have a ftdi usb adapter to connect to the GND, TX, RX visible here: https://i.imgur.com/s4LAp5V.jpg (you don't even need to solder wires if you can get them through the holes, a c-grid header works great) That would allow to capture the boot log and check for fw differences. I don't believe the price of only 20 bucks allows for any research/development, so it's likely just config stuff to use their cloud/app instead of Xiaomi/iSmartAlarm.
jat255
commented
6 years ago Unfortunately, I don't... I've never done any sort of bare PCB/firmware hacking type stuff, so even taking apart the camera was a little bit of a learning experience. Fortunately it still worked when I put it all back together.
I agree with you though, unless they have some sort of massive VC funding, I can't see how they would rewrite a bunch of code for this with such a low price point.
jat255
commented
6 years ago Actually, I forgot I have a couple of these: https://docs.getchip.com/chip.html#pin-headers
I bought two of them but never really got around to using them for anything. Would that work? I'd need a decent amount of hand-holding, clearly.
samtap
commented
6 years ago It's probably doable with the device you linked, if you can flash the right software on it. You can get ready to use stuff for things like Arduino or esp8266, but I'm not familiar with the CHIP board.
Edit: I took a closer look and it seems to be some kind of raspberry pi clone. So if you have Linux and SSH running on it, you can probably attach some wires between UART1 pins and the camera and use something regular like gnu screen or minitel on Linux instead of more low-level software like arduino/esp8266 would need.
jat255
commented
6 years ago While it sounds like a fun project, I'm not sure I'll have time to get around to trying to hack it together. Hopefully someone with some more hardware abilities will come along.
wsmlby
commented
6 years ago is it possible to run this hack on the Wyzecam hardware? I push prepared the sdcard, put it in after the device boot, and I heard the sound and in "/cgi-bin/hello.cgi" i can see sdcard content("snx_autorun.sh" etc), however, the status page gives 404.
Can you share how do you find out the "snx_autorun.sh" is what it runs at boot for fang? maybe wyzecams are using different name for the startup script?
ril3y
commented
6 years ago Mine has shipped. Well tear it down once I get it.
On Sat, Nov 4, 2017 at 8:56 PM, wsmlby notifications@github.com wrote:
is it possible to run this hack on the Wyzecam hardware? I push prepared the sdcard, put it in after the device boot, and I heard the sound and in "/cgi-bin/hello.cgi" i can see sdcard content("snx_autorun.sh" etc), however, the status page gives 404.
Can you share how do you find out the "snx_autorun.sh" is what it runs at boot for fang? maybe wyzecams are using different name for the startup script?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/243#issuecomment-341941197, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOJM08CRzYXzpP4qd-nbHespr_w9RXUks5szQfHgaJpZM4QFkS3 .
dustinsterk
commented
6 years ago FCC submissions can be seen here: https://fccid.io/2ANJHWYZEC1/Internal-Photos/Internal-Photos-3565884
The partner company creating them is: http://www.hualaikeji.com/en
jat255
commented
6 years ago @dustinsterk I guess I didn't have to tear mine apart, then... 😄
Also, this is totally unrelated, but I found this entertaining:
dustinsterk
commented
6 years ago @jat255 your pictures are much clearer! :)
samtap
commented
6 years ago The snx_autorun.sh 'backdoor' was pretty obvious and easy to find by reading the scripts of the original XiaoFang. Because it was so easy to get basic access to the cam, figuring out how other stuff works didn't take much effort. By now, we know all the details and can just build our own firmware, that doesn't require snx_autorun.sh to kickstart things. Bits and pieces of how to do this are unfortunately scattered across lots of github issues, wiki etc, but people have been able to build their own firmware (i.e. @ykhandler). I would be surprised if you can't just flash this to a WyzeCam and make it work (wifi may require a different driver). Obviously you won't be able to connect with their cloud, but fang-hacks should work fine.
My goal isn't to build my own firmware and never has been. I prefer running stuff off the sdcard as I don't have to worry about limitations of internal flash, opening up a lot of possibilities. One of them is higher potential for re-use on other cams.
ril3y
commented
6 years ago RIght we have the SDK's and the build scripts from the vendor but what mechanism is there to actually flash it the device? I am not talking auto_run.sh trickery but camera out of box without opening it up. Did I miss something? Is this known? BTW I got my wyze last night. Hope to play with it this weekend.
On Tue, Nov 7, 2017 at 4:05 PM, PatrickM notifications@github.com wrote:
The snx_autorun.sh 'backdoor' was pretty obvious and easy to find by reading the scripts of the original XiaoFang. Because it was so easy to get basic access to the cam, figuring out how other stuff works didn't take much effort. By now, we know all the details and can just build our own firmware, that doesn't require snx_autorun.sh to kickstart things. Bits and pieces of how to do this are unfortunately scattered across lots of github issues, wiki etc, but people have been able to build their own firmware (i.e. @ykhandler https://github.com/ykhandler). I would be surprised if you can't just flash this to a WyzeCam and make it work (wifi may require a different driver). Obviously you won't be able to connect with their cloud, but fang-hacks should work fine.
My goal isn't to build my own firmware and never has been. I prefer running stuff off the sdcard as I don't have to worry about limitations of internal flash, opening up a lot of possibilities. One of them is higher potential for re-use on other cams.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/243#issuecomment-342621988, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOJM7ZPPCS6TNKW4aFv9OSdhjUAjODsks5s0MYvgaJpZM4QFkS3 .
kvcoates
commented
6 years ago Where did you get SDK's from? which vendor
ril3y
commented
6 years ago I found the sdk on a Chinese filesharing site like media fire. This was from the company that makes the SoC. I have seen links to other sdks on other issues.
On Thu, Nov 9, 2017 at 7:03 AM, kvcoates notifications@github.com wrote:
Where did you get SDK's from? which vendor
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/243#issuecomment-343134866, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOJM7NPq-BVKQV4gDskUGSrKkbpcb1jks5s0uokgaJpZM4QFkS3 .
kvcoates
commented
6 years ago can you share the link/files with me please?
samtap
commented
6 years ago @ril3y It runs uboot so you simply provide a firmware image on sdcard (FIRMARE_660R.bin) and it is flashed before boot. The only modification required for fang-hacks is in the boot scripts: prevent it from starting iCamera and instead run the fang-hacks.sh script (which in turn mounts and starts stuff on sd-card, if present). If you intercept a firmware update, extract the image and modify some bootscripts, add fang-hacks.sh etc, repackage it, you don't even need to build a complete fw image with the SDK.
ril3y
commented
6 years ago @PatrickM have you verified this? The repackaging / reflashing part? The uboot Firmware_660.bin is specific to fang bootloader code I assume then. Who knows what other cameras with the same hardware have compiled. Has someone done this?@kvcoates i will look around tonight for you.
Thanks.
On Thu, Nov 9, 2017 at 8:19 AM, PatrickM notifications@github.com wrote:
@ril3y https://github.com/ril3y It runs uboot so you simply provide a firmware image on sdcard (FIRMARE_660R.bin) and it is flashed before boot. The only modification required for fang-hacks is in the boot scripts: prevent it from starting iCamera and instead run the fang-hacks.sh script (which in turn mounts and starts stuff on sd-card, if present). If you intercept a firmware update, extract the image and modify some bootscripts, add fang-hacks.sh etc, repackage it, you don't even need to build a complete fw image with the SDK.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/243#issuecomment-343151955, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOJM3cF690s-dnZmDjoJBBJ8tfY5d3Cks5s0vvkgaJpZM4QFkS3 .
samtap
commented
6 years ago @ril3y Nope not me but I've seen others like I mentioned before. The problem is with the rest of the stuff, i.e. the Xiaomi binaries won't work on a Wyze cam, you'd have to obtain an original fw image for all cams and modify it the same way. So what I really need is a image that only contains some updates for /etc and leaves the rest as is. Not sure if that can even be done from uboot. The official OTA updates are flashed using an application, not via uboot.
lokkju
commented
6 years ago I'll just leave this here...
https://d1fk93tz4plczb.cloudfront.net/UpgradeKit/1508232228/img_wyze_snx_sys_3.9.1.42.img
kvcoates
commented
6 years ago @lokkju Greate, except not loading? might just be having the saturday morning blues!, how did you load the ISO onto camera?
tam481
commented
6 years ago Hello guys, I'm slightly confused. Is the aim to get fang-hacks to work on the Wyze or to get the Wyze firmware on the Xiaomi Xiaofang in order to use Whyze's app? I'd love to put Wyze's firmware on mine and use their app but also put the SD card in with fang-hack to stream RTSP
dustinsterk
commented
6 years ago I have dug in a little with their app/api calls. Being able to load their firmware onto a non Wyze specific device may prove challenging, nor am I advocating/suggesting this, as is an exploit of their cloud infrastructure. The app calls seem to pass a bunch of metadata and MAC address of each camera along with some camera specific identifiers. I would assume each camera also has private keys for encryption to access video on AWS.
Personally, I would rather focus on unlocking RTSP, SFTP, on the exiting Wyze hardware so that you have the ability to use their device with or without the AWS cloud integration.
samtap
commented
6 years ago All versions of the cam (iSmart/Xiaomi/Wyze) presumably use the same mechanism to pair with cloud: some unique identification stored in nvram. You can easily clone that to a different cam, but you can't connect two cams with the same id to a cloud. One will simply get disconnected when the other one connects. Even if you're able to generate correct id's yourself, you are effectively exploiting their cloud infrastructure. The cloud infrastructure you don't own or pay for, but are allowed to use free of charge. By doing this, you are risking even more blocks and feature limits are put into place for the rest of us.
dustinsterk
commented
6 years ago For $19.99 (plus shipping), honestly the camera and apps work incredibly well...Wyze did a fantastic job and I hope they continue to gain market share. I 100% agree with you that no one should work to exploit their infrastructure, they already have an incredible product for the price - just buy direct from them!
My fear is that they have undercut their pricing too far to obtain users and with the included 14 day AWS storage the company will not survive. Enabling RTSP and other functionality will ensure these devices will remain useful should something like this happen (and I really hope it does not).
dustinsterk
commented
6 years ago Has anyone connected to the hardware on the Rx Tx pins via serial cable? If so, is the root password the same as xiaofang?
ril3y
commented
6 years ago no its root ismart12
Its almost identical to the Fang app. Clearly they used it as a base to tune it to their needs.
Riley
On Wed, Nov 15, 2017 at 5:00 PM, dustinsterk notifications@github.com wrote:
Has anyone connected to the hardware on the Rx Tx pins via serial cable? If so, is the root password the same as xiaofang?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/243#issuecomment-344742668, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOJM3OGn3vvl4hAeWbvgYlx2tMIhdU6ks5s218JgaJpZM4QFkS3 .
samtap
commented
6 years ago @ril3y root/ismart12 is the same as on XiaoFang. Let me know if you need help, if Wyze cam doesn't accept that.
ril3y
commented
6 years ago @PatrickM oh I think @dustinsterk wanted to know if it was the same. The wyze does in fact accept that. Its also running the "iCamera" bin vs the iSCSI ( cant remember the other bin name)
On Thu, Nov 16, 2017 at 8:00 AM, PatrickM notifications@github.com wrote:
@ril3y https://github.com/ril3y root/ismart12 is the same as on XiaoFang. Let me know if you need help, if Wyze cam doesn't accept that.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/243#issuecomment-344915611, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOJM4JGjD1OXErN1k1-95JAPSi5qXZ1ks5s3DHVgaJpZM4QFkS3 .
samtap
commented
6 years ago @dustinsterk I expect they will soon start selling other home automation/security products and a subscription service for a cloud interface to manage/monitor all of them. It's just your typical vendor lock-in scheme. Note they're ex-amazon employees so they may have a special deal on AWS, or even if they don't it's not really expensive if you set things up a certain way.
@ril3y Ok so if they didn't even take the effort / have the skills to change the root passwd, it's safe to conclude they just changed some minor cloud-connection details, switching Xiaomi for AWS. As far as I've seen, on all firmware versions the boot scripts run /etc/app/iSC3S, just on the more recent versions that binary has decreased a lot in size and is just a wrapper that in starts iCamera etc., and then terminates itself.
ril3y
commented
6 years ago PatrickM,
No iCamera is their app they are running on the camera (WYZE). It does not terminate. Its almost Identical to the iSC3S bin with some AWS stuff changes. I know I have been reversing them both.
On Thu, Nov 16, 2017 at 8:10 AM, PatrickM notifications@github.com wrote:
@dustinsterk https://github.com/dustinsterk I expect they will soon start selling other home automation/security products and a subscription service for a cloud interface to manage/monitor all of them. It's just your typical vendor lock-in scheme. Note they're ex-amazon employees so they may have a special deal on AWS, or even if they don't it's not really expensive if you set things up a certain way.
@ril3y https://github.com/ril3y Ok so if they didn't even take the effort / have the skills to change the root passwd, it's safe to conclude they just changed some minor cloud-connection details, switching Xiaomi for AWS. As far as I've seen, on all firmware versions the boot scripts run /etc/app/iSC3S, just on the more recent versions that binary has decreased a lot in size and is just a wrapper that in starts iCamera etc., and then terminates itself.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/243#issuecomment-344918123, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOJMx7ai2tiJVjMQf65CuRchD_W2-K6ks5s3DRigaJpZM4QFkS3 .
samtap
commented
6 years ago Even the naming of iCamera, iSC3S, the ismart12 passwd etc. all imply it was developed by/for the iSmartAlarm Spot. The XiaoFang runs the same. I get the impression cloud connection, pairing etc. is handled by other binaries (i.e. the miio-client stuff on XiaoFang). (PS. A while ago I spend some time checking out contents of iSmartAlarm firmware. I found the same binaries just the miio stuff replaced by something else)
ril3y
commented
6 years ago Side note did you ever get GDB compiled for this device? Or were you able to successfully use gdbserver and remote debug it? I have been fighting cross compilers for a day or 2 now.
On Thu, Nov 16, 2017 at 8:27 AM, PatrickM notifications@github.com wrote:
Even the naming of iCamera, iSC3S, the ismart12 passwd etc. all imply it was developed by/for the iSmartAlarm Spot. The XiaoFang runs the same. I get the impression cloud connection, pairing etc. is handled by other binaries (i.e. the miio-client stuff on XiaoFang).
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/243#issuecomment-344922132, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOJM3q6uj5yDFpHD88Gj540dlYO1ncXks5s3Dg9gaJpZM4QFkS3 .
dustinsterk
commented
6 years ago Thanks to all, this information is very useful.
samtap
commented
6 years ago Seems when I reply to a comment-notification email it doesn't get added to this thread? :( @ril3y There's a 32-bit gdb build in the SDK and gdbserver is conveniently included in the firmware. So it's pretty straightforward to (remote) debug as long as you make sure to compile with debug flags (and don't strip binaries).
ril3y
commented
6 years ago Can you link me that toolchain. I have one but not sure its the same. I build gdbserver on my own. What I have not got working is GDB built for x86 with the ability to debug armv5 (remote). Convoluted bit time!
On Thu, Nov 16, 2017 at 9:50 AM, PatrickM notifications@github.com wrote:
Seems when I reply to a comment-notification email it doesn't get added to this thread? :( @ril3y https://github.com/ril3y There's a 32-bit gdb build in the SDK and gdbserver is conveniently included in the firmware. So it's pretty straightforward to debug as long as you make sure to compile with debug flags (and don't strip binaries).
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/243#issuecomment-344945202, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOJM7djp0sChDlmQ04utBQ2DUeCLgwOks5s3EuYgaJpZM4QFkS3 .
dustinsterk
commented
6 years ago After reading this thread, I would now really love to be able to disable the cloud service: https://www.reddit.com/r/wyzecam/comments/7cykgf/wyzecam_sending_data_to_servers_other_than_aws/
wsmlby
commented
6 years ago Shall we have a separate issue for discussing fang-hacks on WyzeCam?
dustinsterk
commented
6 years ago I would agree, anyone else?
trevorcobb
commented
6 years ago i would be very interested in retrofitting firmware that will enable rtsp on my wyzecam, so if that requires starting another issue to discuss, i'm all in favor.
aaronsilber
commented
6 years ago I opened #268 for further discussion about porting fang-hacks to the Wyze devices.
Great insight so far! I spent a lot of time reversing the Android client, trying to get a stream out of the device, but with the stock firmware you are stuck using the ThroughTek P2P service.
julian-alarcon
commented
6 years ago I have a little concern, so the root credentiasl are root/ismart12 . And the cam has SSH open by default and it's conected to Internet, so.. Anybody could login your Camera and do whatever they want!??
If this is true, is possible to change it? Also,, changing credentials will affect login of Apps or firmare updates?
ril3y
commented
6 years ago Openssh is not installed on the WYZE. If you have openssh running on your WYZE then there is something very odd going on. At least the default version does not have it running. What makes you think this is the case?
On Fri, Dec 1, 2017 at 2:38 PM, julian-alarcon notifications@github.com wrote:
I have a little concern, so the root credentiasl are root/ismart12 . And the cam has SSH open by default and it's conected to Internet, so.. Anybody could login your Camera and do whatever they want!??
If this is true, is possible to change it? Also,, changing credentials will affect login of Apps or firmare updates?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/samtap/fang-hacks/issues/243#issuecomment-348594347, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOJM_YV4bsS9-fkvr0rCdMTvBT8aekuks5s8FWagaJpZM4QFkS3 .
samtap
commented
6 years ago Anyone know where I could order a WyzeCam, for shipping to Europe?
dariopb
commented
6 years ago @samtap : I got a boot dump from the wysecam. I boot the cam, then I insert the hacks sd (logs at the end and I attached the file as well):
U-Boot 2011.09 (Sep 15 2017 - 20:19:00)
DRAM: 64 MiB MMC: SD Card not detect mmci_host_init error - -1
SPI FLASH: 16 MB In: serial Out: serial Err: serial GPIO[2] is high Hit any key to stop autoboot: 0 roofsr size = 0x6c3070
Image Name: Linux-2.6.35.12 Image Type: ARM Linux Kernel Image (uncompressed) Data Size: 3038112 Bytes = 2.9 MiB Load Address: 00008000 Entry Point: 00008040 Verifying Checksum ... OK XIP Kernel Image ... OK OK
Starting kernel ...
Uncompressing Linux... done, booting the kernel.
Linux version 2.6.35.12 (fedora@localhost.localdomain) (gcc version 4.5.2 (SONiX GCC-4.5.2 Release 2011-12-06) ) #30 Sun May 21 23:35:25 PDT 2017
CPU: ARM926EJ-S [41069265] revision 5 (ARMv5TEJ), cr=00057177
CPU: VIVT data cache, VIVT instruction cache
Machine: SONiX SN98600 Development Platform
Memory policy: ECC disabled, Data cache writeback
CPU: found ITCM 16k @ ffff4000, enabled
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 16256
Kernel command line: console=ttyS0,115200 root=/dev/mtdblock2 init=/linuxrc mem= 64M isp=10M vc=12M vo=0M mtdparts=snx-spi:768k(uboot),3072k(kernel),7168k(rootfs ),4096k(rescue),1024k(etc),256k(userconfig)
PID hash table entries: 256 (order: -2, 1024 bytes)
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Memory: 64MB = 64MB total
Memory: 36836k/36836k available, 28700k reserved, 0K highmem
Virtual kernel memory layout:
vector : 0xffff0000 - 0xffff1000 ( 4 kB)
fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
DMA : 0xffa00000 - 0xffe00000 ( 4 MB)
vmalloc : 0xc4800000 - 0xe0000000 ( 440 MB)
lowmem : 0xc0000000 - 0xc4000000 ( 64 MB)
modules : 0xbf000000 - 0xc0000000 ( 16 MB)
.init : 0xc0008000 - 0xc0026000 ( 120 kB)
.text : 0xc0026000 - 0xc04ec000 (4888 kB)
.data : 0xc050a000 - 0xc0535440 ( 174 kB)
SLUB: Genslabs=11, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
Hierarchical RCU implementation.
RCU-based detection of stalled CPUs is disabled.
Verbose stalled-CPUs detection is disabled.
NR_IRQS:96
Console: colour dummy device 80x30
console [ttyS0] enabled
Calibrating delay loop... 200.29 BogoMIPS (lpj=1001472)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512
CPU: Testing write buffer coherency: ok
NET: Registered protocol family 16
0x00a00000 bytes system memory reserved for isp device at 0x005ec000
0x00c00000 bytes system memory reserved for vc device at 0x00fec000
bio: create slab
RTL871X: USB_SPEED_HIGH RTL871X: CHIP TYPE: RTL8188E RTL871X: rtw_hal_config_rftype RF_Type is 3 TotalTxPath is 1 RTL871X: Chip Version Info: CHIP_8188E_Normal_Chip_TSMC_D_CUT_1T1R_RomVer(0) RTL871X: _ConfigNormalChipOutEP_8188E OutEpQueueSel(0x05), OutEpNumber(2) RTL871X: EEPROM type is E-FUSE RTL871X: Boot from EFUSE, Autoload OK ! RTL871X: SetHwReg8188E: bMacPwrCtrlOn=1 bFWReady == _FALSE call reset 8051... RTL871X: =====> _8051Reset88E(): 8051 reset success . RTL871X: efuse_read_phymap_from_txpktbuf bcnhead:0 RTL871X: efuse_read_phymap_from_txpktbuf len:111, lenbak:111, aaa:111, aaabak:111 RTL871X: efuse_read_phymap_from_txpktbuf read count:109 RTL871X: EEPROM ID=0x8129 RTL871X: VID = 0x0BDA, PID = 0x0179 RTL871X: Customer ID: 0x00, SubCustomer ID: 0xCD RTL871X: Hal_ReadPowerSavingMode88E...bHWPwrPindetect(0)-bHWPowerdown(0) ,bSupportRemoteWakeup(1) RTL871X: ### PS params=> power_mgnt(0),usbss_enable(0) ### RTL871X: ======= Path 0, Channel 1 ======= RTL871X: Index24G_CCK_Base[0][1] = 0x2f RTL871X: Index24G_BW40_Base[0][1] = 0x31 RTL871X: ======= Path 0, Channel 2 ======= RTL871X: Index24G_CCK_Base[0][2] = 0x2f RTL871X: Index24G_BW40_Base[0][2] = 0x31 RTL871X: ======= Path 0, Channel 3 ======= RTL871X: Index24G_CCK_Base[0][3] = 0x2e RTL871X: Index24G_BW40_Base[0][3] = 0x30 RTL871X: ======= Path 0, Channel 4 ======= RTL871X: Index24G_CCK_Base[0][4] = 0x2e RTL871X: Index24G_BW40_Base[0][4] = 0x30 RTL871X: ======= Path 0, Channel 5 ======= RTL871X: Index24G_CCK_Base[0][5] = 0x2e RTL871X: Index24G_BW40_Base[0][5] = 0x30 RTL871X: ======= Path 0, Channel 6 ======= RTL871X: Index24G_CCK_Base[0][6] = 0x2d RTL871X: Index24G_BW40_Base[0][6] = 0x2f RTL871X: ======= Path 0, Channel 7 ======= RTL871X: Index24G_CCK_Base[0][7] = 0x2d RTL871X: Index24G_BW40_Base[0][7] = 0x2f RTL871X: ======= Path 0, Channel 8 ======= RTL871X: Index24G_CCK_Base[0][8] = 0x2d RTL871X: Index24G_BW40_Base[0][8] = 0x2f RTL871X: ======= Path 0, Channel 9 ======= RTL871X: Index24G_CCK_Base[0][9] = 0x2d RTL871X: Index24G_BW40_Base[0][9] = 0x2f RTL871X: ======= Path 0, Channel 10 ======= RTL871X: Index24G_CCK_Base[0][10] = 0x2d RTL871X: Index24G_BW40_Base[0][10] = 0x2f RTL871X: ======= Path 0, Channel 11 ======= RTL871X: Index24G_CCK_Base[0][11] = 0x2d RTL871X: Index24G_BW40_Base[0][11] = 0x2f RTL871X: ======= Path 0, Channel 12 ======= RTL871X: Index24G_CCK_Base[0][12] = 0x2d RTL871X: Index24G_BW40_Base[0][12] = 0x2f RTL871X: ======= Path 0, Channel 13 ======= RTL871X: Index24G_CCK_Base[0][13] = 0x2d RTL871X: Index24G_BW40_Base[0][13] = 0x2f RTL871X: ======= Path 0, Channel 14 ======= RTL871X: Index24G_CCK_Base[0][14] = 0x2d RTL871X: Index24G_BW40_Base[0][14] = 0x2f RTL871X: EEPROMRegulatory = 0x0 RTL871X: hal_com_config_channel_plan chplan:0x20 RTL871X: CrystalCap: 0x18 RTL871X: EEPROM Customer ID: 0x 0 RTL871X: EEPROM : AntDivCfg = 0, TRxAntDivType = 3 RTL871X: Board Type: 0x 0 RTL871X: ThermalMeter = 0x17 RTL871X: rtw_hal_read_chip_info in 280 ms RTL871X: init_channel_set((null)) ChannelPlan ID:0x20, ch num:13 RTL871X: NR_RECVBUFF: 8 RTL871X: MAX_RECVBUF_SZ: 4000 RTL871X: NR_PREALLOC_RECV_SKB: 16 RTL871X: Enable CONFIG_FIX_NR_BULKIN_BUFFER RTL871X: rtw_alloc_macid((null)) if1, hwaddr:ff:ff:ff:ff:ff:ff macid:1 RTL871X: rtw_macaddr_cfg mac addr:c0:6d:1a:04:71:fb RTL871X: bDriverStopped:True, bSurpriseRemoved:False, bup:0, hw_init_completed:0 RTL871X: rtw_ndev_init(wlan0) if1 mac_addr=c0:6d:1a:04:71:fb usbcore: registered new interface driver rtl8188eu RTL871X: module init ret=0 Set hostname ... right_count=3 value=0 last_value=0 right_count=3 value=0 last_value=0 right_count=3 value=0 last_value=0 right_count=3 value=0 last_value=0 right_count=3 value=0 last_value=0 right_count=3 value=0 last_value=0 right_count=3 value=0 last_value=0 right_count=3 value=0 last_value=0 right_count=3 value=0 last_value=0 right_count=3 value=0 last_value=0 not in singleboard test starting pid 615, tty '/dev/ttyS0': '/sbin/getty -L ttyS0 115200 vt100'
iSmartAlarm login: strResult = NETRELATED_MAC : 94513D12FF7694513D12FF76B01G0003 , strlen = 52 acDevInfo = 94513D12FF7694513D12FF76B01G0003, acDevInfolen = 32 cLenValue = 3 nLenType = 1 [APP] close this file not 3.0.3.53 3.9.1.52 [APPUP] state ok file exist , exec version_compare_handler [APPUP] get app in rootfs ver:3.9.1.52 [APP] close this file [APPUP] get app in os release ver:3.9.1.52 [APPUP] get Rootfs sys ver:3.9 [APPUP] get Release sys ver:3.9 camera_app_file_exist camera_app_file_exist [APPUP] sys version is same, release > appInRoot OK strResult = NETRELATED_MAC : 94513D12FF7694513D12FF76B01G0003 , strlen = 52 acDevInfo = 94513D12FF7694513D12FF76B01G0003, acDevInfolen = 32 cLenValue = 3 nLenType = 1 /etc/rc/md_cnt_gop_multiple 3
/etc/rc/md_ratectl_en 1
snx_rtc_read_elapsed_second:293: not ready to read time msg_queue_remove_by_key_a: No such file or directory msg_queue_remove_by_key_a: No such file or directory msg_queue_remove_by_key_a: No such file or directory /etc/app/test_UP /etc/app/test_UP /etc/app/test_UP START START /bin/sh: can't create /sys/block/mmcblk0/queue/scheduler: nonexistent directory [MAC] = 94513D12FF7694513D12FF76B01G0003 1111111111111111111111111111111111111 write mac addr 1111111111111111111111111111111111111 write mac addr 1111111111111111111111111111111111111 write mac addr 1111111111111111111111111111111111111 write mac addr 1111111111111111111111111111111111111 write mac addr 1111111111111111111111111111111111111 write mac addr g_nMsgQueueIdg_nMsgQueueIdg_nMsgQueueId = 0 RTL871X: LeaveAllPowerSaveModeDirect..... RTL871X: rtw_net_set_mac_address(wlan0): Set Mac Addr to 94:51:3d:12:ff:76 Successfully killall: wpa_supplicant: no process killed killall: udhcpc: no process killed killall: udhcpd: no process killed RTL871X: +871x_drv - drv_open, bup=0 RTL871X: Set RF Chip ID to RF_6052 and RF type to 3. RTL871X: rtl8188e_FirmwareDownload fw:NIC, size: 15414 RTL871X: rtl8188e_FirmwareDownload: fw_ver=16 fw_subver=0000 sig=0x88e1, Month=11, Date=58, Hour=16, Minute=3c killall: hostapd: no process killed RTL871X: polling_fwdl_chksum: Checksum report OK! (1, 0ms), REG_MCUFWDL:0x00030005 RTL871X: =====> _8051Reset88E(): 8051 reset success . RTL871X: _FWFreeToGo: Polling FW ready OK! (1, 0ms), REG_MCUFWDL:0x000300c6 RTL871X: FWDL success. write_fw:1, 90ms ==> rtl8188e_iol_efuse_patch RTL871X: pDM_Odm TxPowerTrackControl = 1 RTL871X: pDM_Odm TxPowerTrackControl = 1 RTL871X: rtl8188eu_hal_init in 1050ms RTL871X: wlan0Port-0 set opmode = 2 RTL871X: MAC Address = 94:55:35:15:f5:75 RTL871X: -871x_drv - drv_open, bup=1 ADDRCONF(NETDEV_UP): wlan0: link is not ready cmd is ifconfig wlan0 hw ether 94:51:3D:12:FF:76 cmd is ifconfig wlan0 hw ether 94:51:3D:12:FF:76 cmd is ifconfig wlan0 hw ether 94:51:3D:12:FF:76 cmd is ifconfig wlan0 hw RTL871X: (2)871x_drv - drv_close, bup=1, hw_init_completed=_TRUE ether 94:51:3D:12:FF:76 RTL871X: indicate disassoc RTL871X: -871x_drv - drv_close, bup=1 RTL871X: rtw_reset_securitypriv(wlan0) - End to Disconnect RTL871X: rtl8188e_set_FwJoinBssReport_cmd mstatus(0) killall: telnetd: no process killed 1077679312 1078727888 [pbkey] = unwkembXoe4csNShPfSy1kRdTpjhI1s8BfvkGSPZRWkYYvi+HkawIRkchqZqeukjtzqW7FDffTw4DkBeXVVj19Xx0qzLzqXHqC/y7r5XBt/ko7TfMzjoBegvUN4RMVwKhm8ohk2XM885e4eTEhEGDrXk2Ig0DqKaSX3ygF7t+ks=AQAB00004269 [SET ENR] : INIT App INFO XXXXXXXXXXXXXXXXXXXXXXXXXX uuuuuuuuuuuuuuuuuuuuu000 serialport_open success serialport_open: success [SET] [start] [1] [SET] [indicator] [1] [SET] [nightVision] [2] [SET] [bitRate] [30] [SET] [res] [1] [SET] [fps] [10] [SET] [horSwitch] [1] [SET] [verSwitch] [1] [SET] [osdSwitch] [1] [SET] [logSd] [1] [SET] [logUdisk] [1] [SET] [telntSwitch] [2] [SET] [recordType] [1] [SET] [MASwitch] [2] [SET] [MALevel] [5] [SET] [AASwitch] [2] [SET] [AALevel] [5] [SET] [SASwitch] [2] [SET] [CASwitch] [2] [SET] [TBStart] [0] [SET] [TBDuration] [1440] [TZ] read from /etc/tz is GMT+08:00 a the TZ file is the same do not change TZ nRead acBuf[nReadLen-1] = a nRead acBuf[nReadLen-1] = a [START] test CONFIG_INFO_FIRMWARE = 3.9.1.52 [START] Cam_firmware_HTTP = 3.9.1.52 [START] CONFIG_INFO_FIRMWARE = 3.9.1.52 <<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> <<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> FIRM WARE VERSION : 3.9.1.52
<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> g_stConfigTable[0] Wifi_Mode = D g_stConfigTable[1] Wifi_Active = y g_stConfigTable[2] Wifi_IP = 192.168.1.68 g_stConfigTable[3] Wifi_Subnet = 255.255.255.0 g_stConfigTable[4] Wifi_Gateway = 192.168.1.1 g_stConfigTable[5] Wifi_DNS = 192.168.1.1 g_stConfigTable[6] Wired_IP = 192.168.1.68 g_stConfigTable[7] Wired_Mode = D g_stConfigTable[8] Wired_Subnet = 255.255.255.0 g_stConfigTable[9] Wired_Gateway = 192.168.1.1 g_stConfigTable[10] Wired_DNS = 192.168.1.1 g_stConfigTable[11] Alarm_Motion_Switch = n g_stConfigTable[12] Alarm_Motion_Sensitivity = 5 g_stConfigTable[13] Alarm_Motion_Region = 0,0;0,0 g_stConfigTable[14] Alarm_Audio_Switch = n g_stConfigTable[15] Alarm_Audio_Sensitivity = 5 g_stConfigTable[16] Alarm_Audio_SmokeYXMOD = 200 g_stConfigTable[17] Alarm_pir_Switch = n g_stConfigTable[18] Light_Net = y g_stConfigTable[19] Light_Night = y g_stConfigTable[20] Video_IPS = 30 g_stConfigTable[21] Video_Bright = 7 g_stConfigTable[22] Video_Constract = 3 g_stConfigTable[23] Video_Hflip = 1 g_stConfigTable[24] Video_Vflip = 1 g_stConfigTable[25] Video_Rate = 50 g_stConfigTable[26] Video_Sample = 10 g_stConfigTable[27] Video_OSD = n g_stConfigTable[28] Audio_Channel = 1 g_stConfigTable[29] Audio_Sample = 8000 g_stConfigTable[30] Audio_Volume = 1 g_stConfigTable[31] Device_State = u g_stConfigTable[32] Config_Version = g_stConfigTable[33] HW_Version = g_stConfigTable[34] SW_Version = g_stConfigTable[35] Server_URL = api.wyzecam.com g_stConfigTable[36] P2p_UID = 6FJLW8ZF7UTMXRNK111A g_stConfigTable[37] Camera_Type = iSC5 g_stConfigTable[38] Camera_Mqtt_Server = bzycn.ismartalarm.com g_stConfigTable[39] Camera_UID = YHH3LWJYU9PF6621111A g_stConfigTable[40] Camera_AP_Key = g_stConfigTable[41] Camera_AP_Station = 0 g_stConfigTable[42] Camera_following = 0 g_stConfigTable[43] Camera_set_cruise = 0 g_stConfigTable[44] Camera_control_cruise = 0 g_stConfigTable[45] Camera_following_sensivity = 1 g_stConfigTable[46] Xiaomi_Server_Str = ++++++++++++++++++++++++++++++1 Come Create Video Capture Thread! current thread stack size:1048576 set thread stack size:819200
====================== I INSERTED THE CARD HERE ===================
login state ok 7777777777777777777777777777777 1512364457 (ISP)fps modify == 10 --> 8 ubIdx = 23, fps = 8 priv->uwMaxExpL = 4500, info->frame_rate = 8 set i frame ubIdx = 21, fps = 10 priv->uwMaxExpL = 3600, info->frame_rate = 10 (ISP)fps modify == 8 --> 10 (ISP)fps modify == 8 --> 8 ubIdx = 23, fps = 8 priv->uwMaxExpL = 4500, info->frame_rate = 8 set i frame ubIdx = 21, fps = 10 priv->uwMaxExpL = 3600, info->frame_rate = 10 (ISP)fps modify == 8 --> 10 (ISP)fps modify == 8 --> 8 ubIdx = 23, fps = 8 priv->uwMaxExpL = 4500, info->frame_rate = 8 set i frame ubIdx = 21, fps = 10 priv->uwMaxExpL = 3600, info->frame_rate = 10 (ISP)fps modify == 8 --> 10 snx_sd_irq_cd:243: card_remove = 1 data = 0 snx_sd_irq_cd:268: card_remove = 0 data = 0 mmc_rescan:1159 = 0 mmc0: new high speed SD card at address bdb1 mmc_add_card:259 = 0 mmcblk0: mmc0:bdb1 SD02G 1.83 GiB mmcblk0: p1 p2 mmc_add_card:265 = 0 add@/devices/platform/snx_sd/mmc_host/mmc0/mmc0:bdb1add_device_information is :add@/devices/platform/snx_sd/mmc_host/mmc0/mmc0:bdb1
after reading hid device:
hid device not found!
[SD] parse_sd_action_file nTime = 1512364483, nType = 1 ReadBuf add
[SD] add_action_handler() check_if_have_sd_in_hardware result= 1 (ISP)fps modify == 10 --> 8 ubIdx = 23, fps = 8 priv->uwMaxExpL = 4500, info->frame_rate = 8 set i frame Step 1 read: KNAME FSTYPE mmcblk0 mmcblk0p1 vfat mmcblk0p2 ext2 mmcblk0p1 vfat mmcblk0p2 ext2
[SD] Step1 have mmcblk nBlkIdx = 0 Step1 have mmcblk nPtIndex = 1 [SD] Step1 nFilesysType is 1 [SD] Step2 /media/mmcblk0p1 not exist, create it ls: 2: No such file or directory SD can Insert ^-^ ls: 2: No such file or directory [SD] Step3 Mount oKSD can Insert ^-^ [SD] parse_sd_action_file nTime = 1512364483, nType = 1 ReadBuf add
SD path is /media/mmcblk0p1/,11111111 Insert !!!!! getVersionSD /media/mmcblk0p1/version.ini /media/mmcblk0p1/FIRMWARE_660R.bin [CC] [SET] fd = 1, 0 1 mount -o remount,rw /media/mmcblk0p1/ [CC] [WAIT_EXEC] fd = 1 [remount] mount -o remount,rw /media/mmcblk0p1/ SD have free Total:/media/mmcblk0p1/, 98, Left:91 sd_insert_handle sd_insert_handle sd_insert_handle sd_insert_handle sd_insert_handle sd_insert_handle [RECORD] AUTO_TASK_STATE_START AUTO_TASK_STATE_START [AUTO] set_auto_task_cur_state 1 Create_File_Path : /media/mmcblk0p1/record/20171203/21/14.mp4 Auto Record ready to create file /media/mmcblk0p1/record/20171203/21/14.mp4 Guozhixin ertyu /media/mmcblk0p1/record/20171203/21/14.mp4 ------------MP4 Save Head witch 1920 ---------------- ------------MP4 Save Head height 1080 ---------------- joseph_mp4_config->width joseph_mp4_config->heightjoseph_mp4_config->height 1920 1080 joseph_mp4_config->width joseph_mp4_config->heightjoseph_mp4_config->height 1920 1080 joseph_mp4_config->width joseph_mp4_config->heightjoseph_mp4_config->height 1920 1080 InitMp4Encoder InitMp4EncoderInitMp4EncoderInitMp4EncoderInitMp4Encoder 111111 InitMp4Encoder InitMp4EncoderInitMp4EncoderInitMp4EncoderInitMp4Encoder end XXXXXXXXXXXXXXXXjoseph_mp4_config->audio XXXXXXXXXXXXX 1 [AUTO] set_auto_task_cur_state 2 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@ 0 6253 @@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ XXXXXXXXXXXXXXXXjoseph_mp4_config->video XXXXXXXXXXXXX 2 ubIdx = 21, fps = 10 priv->uwMaxExpL = 3600, info->frame_rate = 10 (ISP)fps modify == 8 --> 10 !!!Hello World!!! Play Music /usr/share/notify/binbin.wav [SNX-AUDIO] playback file /usr/share/notify/binbin.wav open OK logSaveFile CountFile /tmp/log.txt /media/mmcblk0p1/log_94513D12FF76_s.txt SPEAKER_MUSIC_SAVE_LOG_OK [SD state] ^ ^ set_sd_card_state = 3 SD have free Total:98, Left:90 get_addr_by_info_my: success api.wyzecam.com to 52.42.93.243 test_connect_cloud self connect server success add@/devices/virtual/bdi/179:0add_device_information is :add@/devices/virtual/bdi/179:0
after reading hid device:
hid device not found!
add@/devices/platform/snx_sd/mmc_host/mmc0/mmc0:bdb1/block/mmcblk0add_device_information is :add@/devices/platform/snx_sd/mmc_host/mmc0/mmc0:bdb1/block/mmcblk0
login state ok 7777777777777777777777777777777 1512364492
after reading hid device:
hid device not found!
add@/devices/platform/snx_sd/mmc_host/mmc0/mmc0:bdb1/block/mmcblk0/mmcblk0p1add_device_information is :add@/devices/platform/snx_sd/mmc_host/mmc0/mmc0:bdb1/block/mmcblk0/mmcblk0p1
after reading hid device:
hid device not found!
add@/devices/platform/snx_sd/mmc_host/mmc0/mmc0:bdb1/block/mmcblk0/mmcblk0p2add_device_information is :add@/devices/platform/snx_sd/mmc_host/mmc0/mmc0:bdb1/block/mmcblk0/mmcblk0p2
after reading hid device:
hid device not found!
Auto close_auto_record_file frame: 16179 6397 update storage 90 98 90 Here we should need to know if need to remove it Create_File_Path : /media/mmcblk0p1/record/20171203/21/15.mp4 Auto Record ready to create file /media/mmcblk0p1/record/20171203/21/15.mp4 Guozhixin ertyu /media/mmcblk0p1/record/20171203/21/15.mp4 ------------MP4 Save Head witch 1920 ---------------- ------------MP4 Save Head height 1080 ---------------- joseph_mp4_config->width joseph_mp4_config->heightjoseph_mp4_config->height 1920 1080 joseph_mp4_config->width joseph_mp4_config->heightjoseph_mp4_config->height 1920 1080 joseph_mp4_config->width joseph_mp4_config->heightjoseph_mp4_config->height 1920 1080 InitMp4Encoder InitMp4EncoderInitMp4EncoderInitMp4EncoderInitMp4Encoder 111111 InitMp4Encoder InitMp4EncoderInitMp4EncoderInitMp4EncoderInitMp4Encoder end XXXXXXXXXXXXXXXXjoseph_mp4_config->audio XXXXXXXXXXXXX 1 [AUTO] set_auto_task_cur_state 2 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@ 0 6403 @@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ msg_queue_rcv time: 5A24D9D5, id: 0, type: 2001, cmd: 2009 [test_UP] 01echo 1 > /proc/sys/vm/drop_caches XXXXXXXXXXXXXXXXjoseph_mp4_config->video XXXXXXXXXXXXX 2 login state ok 7777777777777777777777777777777 1512364527 (ISP)fps modify == 10 --> 8 ubIdx = 23, fps = 8 priv->uwMaxExpL = 4500, info->frame_rate = 8 set i frame ubIdx = 21, fps = 10 priv->uwMaxExpL = 3600, info->frame_rate = 10 (ISP)fps modify == 8 --> 10
samtap
commented
6 years ago Nice boot log but what should I do with it? ;-) Seems I can't buy a wyzecam anywhere for a reasonable price. Though I'm pretty sure it just works the only issue is getting the scripts on the device without needing serial console.
Hi just wondering if its possible to use wyze cam firmware to xiaofang camera? I've seen the demo of the product and its literally same as xiaofang except for the app which is modified mi home in english version which is nice and working well.
https://www.wyzecam.com/product/wyze-cam/
Its only available in US so american who bought xiaofang cam before are lucky that they can buy a proper working security camera without problem in security and geo blocking. Hope somebody can port wyze FW to XioFang Cam.