Your videos are fantastic! I really love the way you show the whole physical process without delving too much into the theoretical details. I already have a grasp on the underlying concepts so just observing your workflow with commentary is wonderful!
Love the channel. I was originally electronics technician and my work changed me to an IT guy so this is got the love for all the fun things. Keep up the good work..
I've always been very cautious with all types of IP Cameras ...would be interesting to see what you come up with regarding not only these Chinese cameras ...but also the more 'legit' cameras ...let's see what acronym agencies have their claws into our privacy.
I'm not the least bit concerned about China. With domestic products, I'm going to assume Moss@d or some Unit 8200 outfit has its grubby mitts all over them.
Another great video for sure. My only recurring request would be to make the videos longer. I’d love to see you continue digging into the firmware analysis / exploring the flash contents. I know you’ll make more videos, but it’d be great to be able to watch more of your initial analysis.. keep making the iot hacking videos, we love em!
Great choice of subject. I have a few of these surveillance items that are definitely sketchy on some level. Even my fancy bird feeder might just as well been intended to spy on the customer as be used to watch birds. I wish I wasn't just a spectator though. There is so much to learn.
I'm hooked on these videos! I've always wanted to reverse engineer Chinese made tech to see what data it sends back to China. I'm really excited to see future videos, keep it up!
I wouldn't discount the libraries too soon. It'd be a good way to hide stuff and have access to absolutely everything passing into them. They are open source, so can be modified to have anything included.
Неплохо Мэт. Молодец. Теперь осталось собрать свой evil/autoupdatechek под MIPS протестировать в QEMU , запаковать всё обратно и залить обратно в чип 😅
Please make a video when you reverse those binaries. The firmware extraction part is cool but it’s not always clear what the goal of extracting it is. I liked the netgear router one because discovering the passwords is a practical reason to want the firmware.
Nice content as always. You can check some cheap Chinese drone cameras also like Eachine E58. They have wifi camera but can be connected only to their proprietary app so if you can read/modify the firmware they can be more versatile.
I just discovered your channel. I am a software developer and DIY electroics is my hobby. The quality of your content is just amazing. I have a bunch of IoT devices that are cloud based, but they are still connectced to my local hosted home assistant. Would be could to follow along your journey and to hack my own devices. Thank you
Really enjoy these. My first EPROM reader/writer used a similar ZIF socket but you needed a UV light to erase the chip. Any recommendations on a decently priced microscope? My eyes are old too...
i think i got a similar camera from looting, idk how to get it working tho as it doesnt have any markings, this video is super cool showing off how it's builded up
My tuya camera also has this ingenic t31 chip. I have also seen them a lot and it contains a riscV mcu core along side the mips! I managed to even disable the tuya app stack and enable telnet and rtsp!
If you're just looking for what the device is doing on the network and where it's sending data, wireshark may be a better option. You can configure your router so all the packets get sent through your Linux host as a gateway. Also the "autoupdate" binary is probably something that checks for and installs updates to the firmware. I would be suspicious if it does more, but I wouldn't automatically assume so.
Thanks for the video. What I always wanted to know is can the firmware be modded, put back on the device and make it you own, with out all the report back to home?
I always wondered how these "hacked IP cam" videos ended up on the web... But if people end up putting them in their bedrooms - I guess that's their bad to some degree?
Just in a process of reversing different camera that sells where I am for good money. I was hoping that it will have similar chip that yours have T__ of MIPS architecture. Since I was planning to run Thingino firmware on it. Thingino is pretty cool project though. You might be interested in it. Anyway... Mine is running ARM AK3918 SoC, so Thingino firmware is not an option. So I am looking for a way how to stop it from sending data to China and use something like RTSP on LAN only.
@@309electronics5 I Kinda went head on with dumping the firmware first. What you are mentioning should be possible, since there is some sort of config file that lists all services and other options like resolution etc., including RTSP with bool option next to it. I didn't yet have time to analyze device while it's running. Might get to do it later this week. Though I am hoping to have some option for modifying the firmware and either removing all embedded URL's the camera tries to talk to or I might try to just firewall-block all traffic to WAN coming from the camera, though I am not sure how that would work.
That will work exactly as you stated. Camera nic has xyz ipaddy and ALL packets from said ip get dropped at the fw. If you WANT it to send traffic through fw set rule for specific ip at other end though I would suggest allowing certain inbound traffic from explicitly listed addresses
looks like a simple remote access platform where you can download the clips to your phone without taking a risk to open your router port to the internet side. But that hardcoded ip address will fail overe the years if they go out of business.
I know that might be a bit much, but do you have any material on that? I wanted to do something similar but when going beyond the settings of routers networking gets difficult
@@mattbrwn no egress or ingress... Only access to my other vlans. Dns resolves every domain name to a local ip. Also forwarding ntp to a local ntp server. My wifi ap has the ability to assign different ssids to different vlans. One SSID is just typical. One has dhcp with a set dns to pinhole... The third is basically a black hole that can only access IPs on first VLAN
@@al_lazy3519 you can't really do this with a normal router. One got an edgerouter pro 8 and a unifi ac pro access point and a 48 port Cisco PoE managed switch.
@@xenoxaos1 That is pretty cool setup. I am in process of replacing all my routers with OpenWRT capable routers, which to my knowledge supports VLANs. Though I havent thought about blocking all the WAN traffic on the VLAN specifically for the IPCams purposes. Just by an accident you don't have any blog article showing how you did that? :-)