Mod possibilities

[schneemaier]

Hi,

thanks for your software. This is the first time i was able to look into the firmware content for this device.

I am curious if you have been able to do any meaningful modifications.

My main goal would be to somehow get mjpg stream out from the device instead of the default h264. Also if it would be possible to replace the web interface which only works with internet explorer.

Thanks

[stokie-ant]

After getting a terminal and removing the hard coded root password I didn't really go much further.

I did try pulling video from the dvrhelper program running on port 34567 which is what the activex internet explorer program connects to. This only seems to serve up raw h264 but it seems something has been done to the stream and it ends up a corrupted video.

One posibility would be to write/find a program which can be included into the firmware that will transcode the rtsp stream into mjpeg. Fffmpeg would be good for this but I don't know how stripped down and small it could be made and whether our cpu could handle real time transcoding.

Maybe I'll look into this but I can't promise anything as I am busy with family

[schneemaier]

Thanks. So far i was able to connect to the serial port and modify uboot, so it enables telnet by default. While the system was up i tried to find the camera device in /dev, but was not successful. I found this SDK which claims support for the platform, but so far did not have time to dig into it: https://github.com/TuyaInc/TUYA_IPC_SDK/tree/master/Stable/arm-eabi-uclibc

I was able to connect to the h264 stream on port 554 (standard rstp stream) in the past.

[biemster]

Awesome work indeed. I'm trying to do exactly the same as @schneemaier , managed to get ipc_chip_info included in the firmware and running, and the tweaks done. So off to a good start. Did you continue modding? I'll post back here when I make some progress.

[schneemaier]

I had not time to play with it as i had other things to do. Maybe during long boring winter nights....

[biemster]

I've started creating some utils (just ftp client for now but will move to video stuff soon), with a description on how to compile them, on a repo of my own: https://github.com/biemster/xm510-utils Please follow that if you're interested in my progress, I won't spam this issue further.

[stokie-ant]

I did have a go at building a stripped down ffmpeg but the binary was a bit too big. I included it into a firmware image and flashed it expecting the camera to refuse to flash if the image was too big but no, it wrote straight past the cramfs partition and over the JFFS2 which put the camera out of action until I took it down and plugged int the serial terminal. I can't remember what was happening with it but I fixed it by re-creating that partition. If memory serves, I had to create an empty JFFS2 image called mtd-x.jffs2.img, add an entry for it to the installdesc file then add a line to the script to include it in the image. I think I flashed the image using uboot. If not then I may have just used uboot to write the raw image to the flash. I will get around to modding the script to include this sort of rescue but it will have to have a big fat warning as it will erase all settings

[biemster]

looking forward to that mod! Did you use upx to compress your ffmpeg executable? I usually get a compression ratio of about 50%, so quite significant. Also, which toolchain did you use?

[stokie-ant]

I think upx is a great idea. I saw this only a few days ago in another device which had all its big binaries upx packed. I'll revisit this sometime in the future. I used buildroot 2014.8 with gcc and headers to match the device kernel for a toolchain