[Filipe] has been playing around with custom firmware for inexpensive IP cameras. Specifically, he has been using cameras based on a common HI3815 chip. When you are playing around with firmware like this, a major concern is that you may end up bricking the device and rendering it useless. [Filipe] has documented a relatively simple way to backup and restore the firmware on these cameras so you can hack to your heart’s content.
The first part of this hack is hardware oriented. [Filipe] cracked open the camera to reveal the PCB. The board has labeled serial TX and RX pads. After soldering a couple of wires to these pads, [Filipe] used a USB to serial dongle to hook his computer up to the camera’s serial port.
Any terminal program should now be able to connect to the camera at 115200 baud while the camera is booting up. The trick is to press “enter” during the boot phase. This allows you to log in as root with no password. Next you can reset the root password and reboot the camera. From now on you can simply connect to the phone via telnet and log in as root.
From here, [Filipe] copies all of the camera’s partitions over to an NFS share using the dd command. He mentions that you can also use FTP for this if you prefer. At this point, the firmware backup is completed.
Knowing how to restore the backup is just as important as knowing how to create it. [Filipe] built a simple TFTP server and copied the firmware image to it in two chunks, each less than 5MB. The final step is to tell the camera how to find the image. First you need to use the serial port to get the camera back to the U-Boot prompt. Then you configure the camera’s IP address and the TFTP server’s IP address. Finally, you copy each partition into RAM via TFTP and then copy that into flash memory. Once all five partitions are copied, your backup is safely restored and your camera can live to be hacked another day.
There’s a number of devices out there that extend HDMI over IP. You connect a video source to the transmitter, a display to the receiver, and link the two with a CAT5/5e/6 cable. These cables are much cheaper than HDMI cables, and can run longer distances.
[Daniel] didn’t care about extending HDMI, instead he wanted a low cost HDMI input for his PC. Capture cards are a bit expensive, so he decided to reverse engineer an IP HDMI extender.
After connecting a DVD player and TV, he fired up Wireshark and started sniffing the packets. The device was using IP multicast on two ports. One of these ports had a high bitrate, and contained JPEG headers. It looked like the video stream was raw MJPEG data.
The next step was to write a listener that could sniff the packets and spit the data into a JPEG file. After dealing with some quirks, JPEG images could be saved from the remote device. Some more code was needed to have the computer initiate the streaming, and to extract audio from the second port.
In the end, video capture with the low cost device was possible. [Daniel] also provided a bonus teardown of the device in his writeup.
As many of us do, [Steaky] serves as a kind of on-call help desk for his family. His father in law recently contacted him because his pan and tilt webcam died, and he wanted to see if it could be fixed. Never turning down a challenge, [Steaky] decided to give it a shot.
He ended up having to disassemble it since the camera was completely unresponsive, and what he found inside piqued his interest. The no-name camera sported an ARM microprocessor at its core, and it seems that some of its pins were damaged due to a poorly designed case. He figured resoldering the pins would do the trick, but that wasn’t the end of his adventures.
As he dug deeper into the device, he found that the camera essentially killed itself, reading and writing data to the wrong places due to the damaged pins on the processor. After plenty of searching around, he was able to find a somewhat compatible firmware image, though not everything worked properly.
His father in law was so impressed with his work that he asked for the camera back, even though [Steaky] hadn’t fully repaired it yet. While he bid the camera goodbye, we’re pretty sure he’d be more than happy to reclaim it for a few days if any of our readers had some additional insight or resources that might help him finish the job.
Today we received the question,
“How to control a web cam via internet,
i want to use it for security reasons, always out of the house and my PC connected want to open the cam from time to time to checkout if something wrong!!”
- [Mohamed Saleh]
What a fun project we thought! And so many different ways of tackling it. Find out what we suggested to [Mohamed] after the break. Continue reading “Ask HackADay: Network Security Camera”
[Kajer] was doing some work with IP phones that use Power over Ethernet. While trying to get this to work with a network switch he decided to use PoE to power the switch itself. The best thing about this is he managed to shoehorn all of the necessary bits into the stock case. Those bits include a bridge rectifier, transistor, resistor, and a 5v power supply. Along the way he discovered he can now power the switch off of USB if he wishes.
Arduino has just released an official ethernet shield. It’s based on the same WizNet W5100 chip that was used in the tiny ethernet board we covered earlier. The W5100 handles the full IP stack and can do TCP or UDP with four simultaneous sockets. The board has a power indicator plus six LEDs to debug the connection. It works with the standard ethernet library. The reset button resets the shield and the Arduino. The SD adapter is not currently supported by the Arduino software.