Open KhArtNJava opened 3 years ago
Привет, Артур. Получается завести RTSP на mjsxj09cm?
Привет, Артур. Получается завести RTSP на mjsxj09cm?
Пока что не занимался, времени не было... Постараюсь на днях время выкроить, собрать для ipc029 frame grabber.
Спасибо, очень бы хотелось RTSP получить с этой камеры, а если бы прошивка с хаком была и завести эту камеру в home assistant, то вообще бы сказка была =)
Hello bro, can rtsp work on mjsxj09cm now?
You have to change your script :
#!/bin/sh
echo qqq >> /mnt/sdcard/qqq.txt
exec /mnt/sdcard/override.sh &
You have to use exec because there are is no x (execute) bit on the fat file and send it to background with &
@KhArtNJava If you have already read out the flash chip, why don't you change the init.d scripts directly? you can add a hook or call a telnetd / ssh inside the rootfs or data jffs2 partition?
Привет, Артур. Получается завести RTSP на mjsxj09cm?
Пока что не занимался, времени не было... Постараюсь на днях время выкроить, собрать для ipc029 frame grabber.
Дружище привет! Я готов заплатить за взлом этой камеры. Купил себе 2 таких и понял что это развод от Xiaomi. Хочу чистую rtsp и onvif без всяких китайских серверов :) (5 т.р. за взлом готов отдать)
I assume you're using Windows to create the override script. You need to do EOL conversion. If you use Notepad++ go to Edit->EOF conversion -> Unix(LF).
Alternatively run dos2unix -u override.sh
Hi Artur, Can you have any news in your work with RTSP on MJSXJ05CM?
MJSXJ09CM.zip framegrabber from ipc019 https://github.com/telmomarques/xiaomi-360-1080p-hacks/issues/18#issuecomment-774597146 https://github.com/telmomarques/xiaomi-360-1080p-hacks/files/5938292/MJSXJ05CM.zip
Hello, I'm running now MJSXJ09CM with following steps:
setenv bootargs console=ttyS0,115200 root=/dev/mtdblock2 rootfstype=squashfs ro init=/bin/sh LX_MEM=0x3fe0000 mma_heap=mma_heap_name0,miu=0,sz=0x1400000 mma_memblock_remove=1
sf probe 0;sf read 0x22000000 ${sf_kernel_start} ${sf_kernel_size};bootm 0x22000000
mount /dev/mtdblock3 /tmp -t jffs2
echo "#!/bin/sh" >custom_startup.sh
echo "/mnt/sdcard/busybox-armv7l telnetd &" >>custom_startup.sh
echo "mkfifo /tmp/f" >>custom_startup.sh
echo "mkfifo /tmp/s" >>custom_startup.sh
echo "/mnt/data/bin/framegrabber -f /tmp/f -c 0 2>&1 >/dev/null &" >>custom_startup.sh
echo "/mnt/data/bin/framegrabber -f /tmp/s -c 1 2>&1 >/dev/null &" >>custom_startup.sh
echo "/mnt/data/bin/rtspserver -m /tmp/f -s /tmp/s -c /mnt/data/bin/config.json 2>&1 >/dev/null &" >>custom_startup.sh
chmod +x custom_startup.sh
echo "#!/bin/sh"> wpa_event.sh
echo "">> wpa_event.sh
echo "case \"\$2\" in">> wpa_event.sh
echo " CONNECTED)">> wpa_event.sh
echo " pidof framegrabber && echo \"running fg\" || /mnt/data/bin/custom_startup.sh">> wpa_event.sh
echo " PID=\`/bin/pidof udhcpc\`;">> wpa_event.sh
echo " /bin/kill -SIGUSR1 $PID;">> wpa_event.sh
echo " ;;">> wpa_event.sh
echo " DISCONNECTED)">> wpa_event.sh
echo " ;;">> wpa_event.sh
echo "esac">> wpa_event.sh
chmod +x wpa_event.sh
cd /tmp/sound/hk
rm -f 5GHz_wifi_supported
rm -f alarm1
rm -f alarm2
rm -f alarm3
rm -f binding_fail
rm -f binding_success
rm -f booting
rm -f connecting_pease_wait
rm -f ding
rm -f error
rm -f numb_eight
rm -f numb_five
rm -f numb_four
rm -f numb_nine
rm -f numb_one
rm -f numb_seven
rm -f numb_six
rm -f numb_three
rm -f numb_two
rm -f numb_zero
rm -f ota
rm -f pincode_input
rm -f pincode_supported1
rm -f pincode_supported2
rm -f qrcode_success
rm -f qrcode_supported
rm -f reset_success
rm -f waiting_connection
rm -f wifi_connected
rm -f wlan_passwd_err
ln -s ../en/error 5GHz_wifi_supported
ln -s ../en/error alarm1
ln -s ../en/error alarm2
ln -s ../en/error alarm3
ln -s ../en/error binding_fail
ln -s ../en/error binding_success
ln -s ../en/error booting
ln -s ../en/error connecting_pease_wait
ln -s ../en/error ding
ln -s ../en/error error
ln -s ../en/error numb_eight
ln -s ../en/error numb_five
ln -s ../en/error numb_four
ln -s ../en/error numb_nine
ln -s ../en/error numb_one
ln -s ../en/error numb_seven
ln -s ../en/error numb_six
ln -s ../en/error numb_three
ln -s ../en/error numb_two
ln -s ../en/error numb_zero
ln -s ../en/error ota
ln -s ../en/error pincode_input
ln -s ../en/error pincode_supported1
ln -s ../en/error pincode_supported2
ln -s ../en/error qrcode_success
ln -s ../en/error qrcode_supported
ln -s ../en/error reset_success
ln -s ../en/error waiting_connection
ln -s ../en/error wifi_connected
ln -s ../en/error wlan_passwd_err
cd /tmp/sound/cn rm -f 5GHz_wifi_supported rm -f alarm1 rm -f alarm2 rm -f alarm3 rm -f binding_fail rm -f binding_success rm -f booting rm -f connecting_pease_wait rm -f ding rm -f error rm -f numb_eight rm -f numb_five rm -f numb_four rm -f numb_nine rm -f numb_one rm -f numb_seven rm -f numb_six rm -f numb_three rm -f numb_two rm -f numb_zero rm -f ota rm -f pincode_input rm -f pincode_supported1 rm -f pincode_supported2 rm -f qrcode_success rm -f qrcode_supported rm -f reset_success rm -f waiting_connection rm -f wifi_connected rm -f wlan_passwd_err ln -s ../en/error 5GHz_wifi_supported ln -s ../en/error alarm1 ln -s ../en/error alarm2 ln -s ../en/error alarm3 ln -s ../en/error binding_fail ln -s ../en/error binding_success ln -s ../en/error booting ln -s ../en/error connecting_pease_wait ln -s ../en/error ding ln -s ../en/error error ln -s ../en/error numb_eight ln -s ../en/error numb_five ln -s ../en/error numb_four ln -s ../en/error numb_nine ln -s ../en/error numb_one ln -s ../en/error numb_seven ln -s ../en/error numb_six ln -s ../en/error numb_three ln -s ../en/error numb_two ln -s ../en/error numb_zero ln -s ../en/error ota ln -s ../en/error pincode_input ln -s ../en/error pincode_supported1 ln -s ../en/error pincode_supported2 ln -s ../en/error qrcode_success ln -s ../en/error qrcode_supported ln -s ../en/error reset_success ln -s ../en/error waiting_connection ln -s ../en/error wifi_connected ln -s ../en/error wlan_passwd_err
cd /tmp/sound/en rm -f 5GHz_wifi_supported rm -f alarm1 rm -f alarm2 rm -f alarm3 rm -f binding_fail rm -f binding_success rm -f booting rm -f connecting_pease_wait rm -f ding rm -f numb_eight rm -f numb_five rm -f numb_four rm -f numb_nine rm -f numb_one rm -f numb_seven rm -f numb_six rm -f numb_three rm -f numb_two rm -f numb_zero rm -f ota rm -f pincode_input rm -f pincode_supported1 rm -f pincode_supported2 rm -f qrcode_success rm -f qrcode_supported rm -f reset_success rm -f waiting_connection rm -f wifi_connected rm -f wlan_passwd_err ln -s error 5GHz_wifi_supported ln -s error alarm1 ln -s error alarm2 ln -s error alarm3 ln -s error binding_fail ln -s error binding_success ln -s error booting ln -s error connecting_pease_wait ln -s error ding ln -s error numb_eight ln -s error numb_five ln -s error numb_four ln -s error numb_nine ln -s error numb_one ln -s error numb_seven ln -s error numb_six ln -s error numb_three ln -s error numb_two ln -s error numb_zero ln -s error ota ln -s error pincode_input ln -s error pincode_supported1 ln -s error pincode_supported2 ln -s error qrcode_success ln -s error qrcode_supported ln -s error reset_success ln -s error waiting_connection ln -s error wifi_connected ln -s error wlan_passwd_err
6. unmount partition
cd / umount /tmp
7. copy files to sdcard root
8. insert sdcard to camera
9. reboot - disconnect power, connect power
10. now telnet should run, so we can connect
11. copy files [framegrabber,rtspserver,config.json] from sdcard to /mnt/data/bin
cp /mnt/sdcard/framegrabber /mnt/data/bin/ cp /mnt/sdcard/rtspserver /mnt/data/bin/ cp /mnt/sdcard/config.json /mnt/data/bin/
12. reboot - disconnect power, connect power
13. rtsp stream should start at rtsp://<IP_ADDR>:8554/mainstream
Any idea how to compile framegrabber from source? I tried to compile/crosscompile but without success (cannot compile or if it is compiled then it is not running on camera).
Hello! Do you have any update on this issue ? Maybe consider doing a fork like for the mjsxj05cm. BR
Same problem. There is very little left, but here it is =(
Hi all, I recently bought a MJSXJ09CM and custom firmware seems to be the only way to use this cam (dont want chinese servers). I understand that there is a way to hack whith a serial wired disasembled camera, but is it possible to hack/flash the camera only via sdcard ? I successfully hacked an old MJSXJ02HL with another project (full root access with only flash sd), but this model is much better. Many thanks !
@usehelloworld how did you connect the camera to your wifi? there doesnt appear to be anywhere to configure SSID and pass? for some reason mine wouldnt connect with mi home, hence trying to use a custom solution. I have shell access over UART and managed to run your command sequence above, however no wifi makes it kinda useless.
Cheers
Would love to get onvif / rtsp support on the mjsxj09cm model, is it possible with some form of sdcard hack?
one have the solution for hack RTSP MJSXJ09CM
@usehelloworld
I formatted the sd-card as a FAT partition and then copied your 6 files inside the root of it. unplugged the MJSXJ09CM camera and inserted the sd-card inside. plugged it again to the power and tried to telnet local_ip 80
but it rejected the telnet.
I use windows 10. telnet is enabled and usable on the machine. used two different sd-cards with no chance. any idea on how I can solve this issue?
@usehelloworld I formatted the sd-card as a FAT partition and then copied your 6 files inside the root of it. unplugged the MJSXJ09CM camera and inserted the sd-card inside. plugged it again to the power and tried to
telnet local_ip 80
but it rejected the telnet. I use windows 10. telnet is enabled and usable on the machine. used two different sd-cards with no chance. any idea on how I can solve this issue?
@Agha-Shadi remember to "cd /tmp/bin" before 4. step from usehelloworld tutorial :)
Can't get this camera to HA, any updates?
Can't get this camera to HA, any updates?
Рабочего варианта по интеграции в HA нет. Единственное решение RTSP, но я не пробовал, предложил выше usehelloworld, но там паять надо…
Hi. Not sure if this project is complete and if you managed to get this working for the MJSXJ09CM. If so pls can you help me to get RTSP hack on my cameras. Sorry I am a NOOB to this so any help would be appreciated.
Hello. I've already successfully started RTSP on MJSXJ05CM ( https://github.com/telmomarques/xiaomi-360-1080p-hacks/issues/18#issuecomment-734339211 ) and now I am working on mjsxj09cm.
I dumped firmware from camera with CH341A to backup.bin .
My script is
The board of mjsxj09cm is same to MJSXJ05CM board
Here is dump of it backup.zip
The camera has different authorisation in Mi Home process - after QR code it saying in Chinese randomly generated 4 digit password, that you should type in Mi Home App. I used Google Audio Translate to understand those 4 digits.
The problem is that they are possibly changed something in firmware, because it can't start *.sh file from sdcard.
I especially added line in the code
echo 'echo qqq >> /mnt/sdcard/qqq.txt' | sudo tee -a mount/bin/log_diag_platform.sh
To check that it can access sdcard. In result, /mnt/sdcard/qqq.txt created with qqq text, so it can access sdcard.But /mnt/sdcard/override.sh doesn't execute, in log/diagnosis.txt there is an error
Log folder archive log.zip
override.sh
May be they are locked execution of *.sh scripts on sdcard? How to make it run sh scripts?
And yeah, I checked many times, override.sh and busybox are on my sdcard, sdcard are recognizable in Mi Home app in camera settings, camera writing videos on it successfully. The similar configuration works well on MJSXJ05CM.