Poking Around Inside Of A Linux Security Camera

This deep dive into the Linux-powered Reolink B800 IP camera started because of a broken promise from its manufacturer. When [George Hilliard] purchased a kit that included six of the cameras and a video recorder, the website said they were capable of outputting standard RTSP video. But once he took delivery of the goods, and naturally after his return window had closed, the site was updated to say that the cameras can only function with the included recorder.

Taking that as something of challenge, [George] got to work. His first big break came when he desoldered the camera’s SPI flash chip and replaced it with a socket. That allowed him to easily take the chip out of the device for reading and flashing as he tinkered with modifying the firmware. After adding cross-compiled versions of busybox, gdb, and strace to the extracted firmware, he bundled it back up and flashed it back to the hardware.

If you think that’s the end of the story, it isn’t. In fact, it’s just the beginning. While getting root-level access to the camera’s OS would have potentially allowed for [George] to dump all the proprietary software it was running and replace it with open alternatives, he decided to take a different approach.

Instead of replacing the camera’s original software, he used his newly granted root powers to analyze it and figure out how it worked. This allowed for to sniff out some very suspect “encryption” routines built into the software, and eventually write his own server side in Rust that finally allowed him to use the cameras with his own server…albeit with a bit more work than he bargained for.

Projects like these are a fantastic look at real world reverse engineering, and a reminder that sometimes achieving your ultimate goal means taking the long way around. Even if you’re not in the market for a hacked security camera, there’s no doubt that reading the thorough write-up [George] has prepared will teach you a few things. But of course, we’d expect no less from a guy who runs Linux on his business card.

Proprietary Fan Blows, Gets PWM Upgrade

Proprietary components are the bane of anyone who dares to try and repair their own hardware. Nonstandard sizes, lack of labeling or documentation, and unavailable spare parts are all par for the course. [Jason] was unlucky enough to have an older Dell computer with a broken, and proprietary, cooling fan on it and had to make some interesting modifications to replace it.

The original fan had three wires and was controlled thermostatically, meaning that a small thermistor would speed up the the fan as the temperature increased. Of course, the standard way of controlling CPU fans these days is with PWM, so he built a circuit which essentially converts the PWM signal from the motherboard into a phantom thermistor. It’s even more impressive that it was able to be done with little more than a MOSFET and a Zener diode.

Unfortunately, there was a catch. The circuit only works one way, meaning the fan speed doesn’t get reported to the motherboard and the operating system thinks the fan has failed. But [Jason] simply disabled the warning and washed his hands of that problem. If you don’t want to use a CPU fan at all, you can always just dunk your entire computer in mineral oil.

Compaq Motherboard Power Mod

cpq2atx_brd2

Some companies insist on using proprietary pieces. It can be really frustrating when there is no apparent reason other than consumer lock in. It irritates us to feel like we’re being forced to buy their pieces. This is one of the more popular reasons listed when you ask a hacker or modder what got them started. ┬áThis project takes us through making a normal power supply work with the compaq proprietary 14 pin plug found in some smaller desktop PCs.

Aside from the plug itself being different, the motherboards require a 3.3v standby voltage. A normal power supply usually only has a 5v. Though there are even simpler ways of bypassing the issue, he chose to put an inline voltage regulator. Schematics are available on the site.

[via Hacked Gadgets]