"Hack" eBay camera to get access to videostream?

Moderator: leecollings

munkiepus
Posts: 3
Joined: Tuesday 13 June 2017 13:16
Target OS: OS X
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by munkiepus »

good work, i actually have ipcam viewer pro for Android on my phone will give it a shot, cheers
munkiepus
Posts: 3
Joined: Tuesday 13 June 2017 13:16
Target OS: OS X
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by munkiepus »

using IPcam viewer and ARC welder, a deskop emulator for android/chrome, i managed to get it running on desktop too. :D

https://developer.chrome.com/apps/getstarted_arc
SA007
Posts: 1
Joined: Sunday 10 December 2017 12:32
Target OS: -
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by SA007 »

I found this topic via google while searching for the password, found that nobody has it so i started hacking it.

Found the telnet password:
Username: root
Password: noty

Found it by hacking into the camera via a path traversal exploit in the web server and running the password hash trough john the ripper.

Some more info so more people find this when searching for it:
passwd:

Code: Select all

root:$6$msTRRedr$e7Fw3JVflNlRZrIbR1f0qlKLpDnbvd4OuyEJEKBIYs04vylb9IrSKUO4Ldg56tdR1Qk5YPUeV/8PjFLiUFRVM1:0:0::/root:/bin/sh
telnet prompt + login:

Code: Select all

# telnet 192.168.x.x
Trying 192.168.x.x...
Connected to 192.168.x.x.
Escape character is '^]'.
IPC365 login: root
Password: 
login: can't chdir to home directory '/root'
Welcome to

    _____    __      ___       __     ___       _     _    _
   |  ___|  /  \    / __ \    /  \   |  _ \    /  \   \ \ / /
   | |___  / /\ \  | /__\ \  / /\ \  | | \ |  / /\ \   \ V /
   |  ___|| |__| | |  _   / | |__| | | | | | | |__| |   \ /
   | |    |  __  | | |  \ \ |  __  | | |_/ / |  __  |   | |
   |_|    |_|  |_| |_|   \_\|_|  |_| |___ /  |_|  |_|   |_|

For further information check:
http://www.faraday.com/



BusyBox v1.19.4 (2014-12-19 12:49:44 CST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

[root@GM]#
burton666
Posts: 85
Joined: Monday 17 August 2015 21:25
Target OS: Raspberry Pi / ODroid
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by burton666 »

Great, maybe this cameramodel could be useful anyway. I am just hoping that someone is able to enable rtsp or similar. And I guess it would be good to be able to disable all default Chinese "Spyware" that always seams to be present on this kind of devices.
Slowfoxtrot
Posts: 2
Joined: Tuesday 20 March 2018 17:49
Target OS: OS X
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by Slowfoxtrot »

What I really need is to change the default username and/or password. There is no way I'm going to expose port 34567 to my WAN with the default admin:123456 still set. How can I change it? I've tried using the CMS and I cannot delete or modify either the admin or guest accounts. I'm guessing I could probably do something via the telnet login but I don't really know where to go.

Thanks!
Slowfoxtrot
Posts: 2
Joined: Tuesday 20 March 2018 17:49
Target OS: OS X
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by Slowfoxtrot »

Also, I'm trying to figure out what kind of video stream is coming down on port 34567. I can't imagine it would be of a type that VLC couldn't handle. If we could figure out what the endpoints are and the stream type I imagine we could get VLC handling it. What are these iOS apps doing under the hood to show the stream?
rickitaly
Posts: 1
Joined: Monday 07 January 2019 13:42
Target OS: NAS (Synology & others)
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by rickitaly »

Hi i also have your same camera and thanks to your tips i could telnet with root/noty ;)
Could you achieve any target? I would like at least to enable some streaming (RTSP... ONVIF) because my camera doesn't even have a web interface! I can just use it with SHOWMO app... and this is really frustrating!
I checked all files on the device but i couldnt find any trace of configuration to enable RTSP or web or something... web folder is there but is empty :-(
Thank you!!
c1c3r0
Posts: 1
Joined: Monday 18 February 2019 9:30
Target OS: Windows
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by c1c3r0 »

I am interested too in this solution. So just posting this if anyone replies:)
Derik
Posts: 1601
Joined: Friday 18 October 2013 23:33
Target OS: Raspberry Pi / ODroid
Domoticz version: BETA
Location: Arnhem/Nijmegen Nederland
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by Derik »

perhaps a list of supported camera's?
In to the wiki?
Xu4: Beta Extreme antenna RFXcomE,WU Fi Ping ip P1 Gen5 PVOutput Harmony HUE SolarmanPv OTG Winddelen Alive ESP Buienradar MySensors WOL Winddelen counting RPi: Beta SMAspot RFlinkTest Domoticz ...Different backups
GianSeven
Posts: 1
Joined: Wednesday 16 August 2023 4:25
Target OS: -
Domoticz version:
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by GianSeven »

For anyone still interested in this. I was able to get an HTTP streaming out of this device. Both audio and video work. I don't know if my device was easier to access but it's really simple. I arrived at this solution randomly but here's what I think:
This camera uses a protocol called dvrip. I've used WebRTC from AlexxIT that you can found on GitHub
This Home Assistant integration uses WebRTC + go2rtc which is able to talk to this protocol I presume
If you are confused from what this "Home Assistant integration" is, look into Home Assistant first.

I'll explain what I did from after the GitHub guide ends
After the configuration (of the 'basic' version) of go2rtc. It gets its own port, 1984.
Write <homeassistant-ip>:1984 in a browser just like you do with :8123 to access Home Assistant
Here click "Add", then open "temponary stream"

Code: Select all

Name: (What you want, you'll need it later, I put IPC365) 
url: dvrip://admin:123456@<IP Address of the camera>?channel=0&subtype=0
Remember that the IP address should be static or this configuration will get broken later on, you can likely do that from your router
Go back to Home Assistant, click on the kebab (3 dots) in the top right to access "Edit dashboard", then on the bottom right "+ Add cards", scroll to the bottom to find "Manual". Paste all of this

Code: Select all

type: custom:webrtc-camera
url: IPC365 <---- The name you had to put in before
ui: true
digital_ptz:
  mouse_drag_pan: true
  mouse_wheel_zoom: true
  mouse_double_click_zoom: true
  touch_drag_pan: true
  touch_pinch_zoom: true
  touch_tap_drag_zoom: true
  persist: true
title: What you want
muted: true
intersection: 0."?"75
background: false
shortcuts:
  - name: Record
    icon: mdi:record-circle-outline
    service: switch."?"toggle
    service_data:
      entity_id: switch."?"camera_record
mode: webrtc,mse,hls,mjpeg
As you can see here "url:" is the name I have given it before in the go2rtc interface

Sorry for bad english but it isn't my first language

Remove the three "?" I've had to put because I put them there because I wansn't able to submit this post because the site thought those were links
User avatar
waltervl
Posts: 5148
Joined: Monday 28 January 2019 18:48
Target OS: Linux
Domoticz version: 2024.7
Location: NL
Contact:

Re: "Hack" eBay camera to get access to videostream?

Post by waltervl »

Thanks.
And how did you connect this to Domoticz after the WebRTC conversion? Domoticz needs a screenshot link to a picture, not a stream.
Domoticz running on Udoo X86 (on Ubuntu)
Devices/plugins: ZigbeeforDomoticz (with Xiaomi, Ikea, Tuya devices), Nefit Easy, Midea Airco, Omnik Solar, Goodwe Solar
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests