Embedded Linux devices are everywhere these days, and sooner or later, you’re going to want to poke around in one of them. But how? That’s where posts like this one from [Felipe Astroza] come in. While his work is focused on the Foscam C1 security camera, the techniques and tools he outlines here will work on all sorts of gadgets that have a tiny penguin at their core.
Rather than trying to go in through the front door, [Felipe] starts his assault with the nuclear option: removing the SPI MX25L12835F flash chip from the camera’s PCB and dumping its contents with a Raspberry Pi. From there he walks through the use of different tools to determine the partition scheme of the chip and eventually extract passwords and other interesting bits of information from the various file systems within.
That alone would be worth the read, but things really get interesting once [Felipe] discovers the FirmwareUpgrade program. Since the Foscam’s software updates are encrypted, he reasons that reverse engineering this binary would uncover the key and allow for the creation of custom firmware images that can be flashed through the stock interface.
Further investigation with Ghidra and friends identifies an interesting shared library linked to the executable in question, which is then disassembled in an effort to figure out how the key is being obfuscated. We won’t ruin the surprise, but [Felipe] eventually gets what he’s after.
The worst thing about holiday decorations is that while you could leave them up all year, your neighbors probably won’t like you very much for it. Christmas lights on your house are one thing, but as far as Halloween decorations go, [MisterM]’s raven security camera is one of the few exceptions to this rule.
Nevermore will [MisterM] wonder who goes there. As soon as this raven lays its beady red LED eyes on whatever is lurking in the garden, it comes to life with a bit of head swiveling and some random sounds. The bird either goes CAW! or quotes Christopher Lee’s reading of Edgar Allen Poe’s “The Raven”.
Inside this bird’s chest cavity is a Raspberry Pi 2 and standard camera, a servo to swivel the head, and an audio amplifier and speaker. This bird is running MotionEye on top of the Raspi OS so it can run a script whenever it senses motion.
We like that [MisterM] was able to find right-sized bits of plastic to mount the servo in the neck and the horn to the head. It just goes to show that not everything needs a 3D printer, a CNC, or woodworking. Check out the scary demo after the break.
This deep dive into the Linux-powered Reolink B800 IP camera started because of a broken promise from its manufacturer. When [George Hilliard] purchased a kit that included six of the cameras and a video recorder, the website said they were capable of outputting standard RTSP video. But once he took delivery of the goods, and naturally after his return window had closed, the site was updated to say that the cameras can only function with the included recorder.
Taking that as something of challenge, [George] got to work. His first big break came when he desoldered the camera’s SPI flash chip and replaced it with a socket. That allowed him to easily take the chip out of the device for reading and flashing as he tinkered with modifying the firmware. After adding cross-compiled versions of busybox, gdb, and strace to the extracted firmware, he bundled it back up and flashed it back to the hardware.
If you think that’s the end of the story, it isn’t. In fact, it’s just the beginning. While getting root-level access to the camera’s OS would have potentially allowed for [George] to dump all the proprietary software it was running and replace it with open alternatives, he decided to take a different approach.
Instead of replacing the camera’s original software, he used his newly granted root powers to analyze it and figure out how it worked. This allowed for to sniff out some very suspect “encryption” routines built into the software, and eventually write his own server side in Rust that finally allowed him to use the cameras with his own server…albeit with a bit more work than he bargained for.
Fake security cameras are advertised as a cheap way to deter anyone who might be up to no good. This isn’t a crime and punishment blog, so we’re not really in a position to say how accurate that claim actually is, but we see enough of these things for sale that somebody out there must believe they’re worth having. Though if it were us, we’d take this tip from [Daniel Andrade] and convert our “fake” camera into a real one with the Raspberry Pi and WebRTC.
There are an untold number of makes and models of these fake cameras out there, but it seems that many of them share a fairly common design in that the enclosure they use is actually pretty useful for putting your own hardware in. They’re hollow, relatively well protected from the elements, and as most of them use a blinking LED or some other feature to make them look more authentic, they already have a functional battery compartment.
As it turns out, the one that [Daniel] picked up for $9 USD is pretty much perfect for the Raspberry Pi Zero and its camera module. He even wired the blinking LED up to the Pi’s GPIO pins so it will still look the part, though replacing it with an RGB LED and appropriate scripts to drive it would be a nice way to get some visual feedback on what the system is doing.
The software side of things is done with Balena, a suite of tools for setting up and managing Linux Internet of Things devices. They provide everything from the SD card image that runs on the Pi itself to the cloud infrastructure that pulls all the data together. [Daniel] dove a little deeper into the software stack when he created his Bitcoin traffic light last year.
For any readers who may feel a sense of déjà vu looking at this project, you aren’t going crazy. We recently saw a similar project that used an ESP8266 and a PIR sensor to add motion sensing capabilities to one of these fake cameras. Now all we need is somebody to put an Arduino in one of them, and we’ll have the Holy Trinity represented.
Hacks are often born out of unfortunate circumstances. My unfortunate circumstance was a robbery– the back door of the remodel was kicked in, and a generator was carted off. Once the police report was filed and the door screwed shut, it was time to order cameras. Oh, and record the models and serial numbers of all my tools.
We’re going to use Power over Ethernet (POE) network cameras and a ZoneMinder install. ZoneMinder has a network trigger capability, and we’ll wire some magnetic switches to our network of PXE booting Pis, using those to inform the Zoneminder server of door opening events. Beyond that, many newer cameras support the Open Network Video Interface Forum (ONVIF) protocol and can do onboard motion detection. We’ll use the same script, running on the Pi, to forward those events as well.
Many of you have pointed out that Zoneminder isn’t the only option for open source camera management. MotionEyeOS, Pikrellcam, and Shinobi are all valid options. I’m most familiar with Zoneminder, even interviewing them on FLOSS Weekly, so that’s what I’m using. Perhaps at some point we can revisit this decision, and compare the existing video surveillance systems.
[Martin’s] goal was to capture events of interest, such as a person on screen, or a car in the driveway. The data for the events would then be published to an MQTT topic, along with some metadata such as confidence level. OpenCV is generally how these pipelines start, but [Martin’s] camera wouldn’t send RTSP images over TCP the way OpenCV requires, only RTSP over UDP. To solve this, Martin captures the video stream with FFmpeg. The deep learning AI magic is handled by the darkflow library, which is itself based upon Google’s Tensorflow.
Martin tested out his recognition system with some cheap Chinese PTZ cameras, and the processing running on a remote Raspberry Pi. So far the results have been good. The system is able to recognize people, animals, and cars pulling in the driveway. His code is available on GitHub if you want to give it a spin yourself!
A home security camera can be great for peace of mind, and keeping an eye on the house while you’re away. The popular option these days is an IP-based device that is accessible over the Internet through an ethernet or wireless connection to your home router. But what if you could cut out the middle man, and instead turn your router itself into the security camera? [Fred] is here to show us how it’s done.
The hack begins by parsing the original router’s firmware. Through a simple text search, a debug page was identified which allowed telnet access to the router to be enabled. This gives access to a root shell, allowing full control over the Linux system running the show.
After backing everything up, [Fred] grabbed the source code from Netgear and recompiled the kernal with USB video and Video4Linux2 support. This allows the router to talk to a standard USB webcam. It’s then a simple matter of using opkg to install software to set up the router to record video when motion is detected.
Overall, it’s fairly straightforward, but [Fred] came up with an ingenious twist. Because the router itself is acting as the security camera, he is able to set up the camera to only arm itself when his smartphone (and thus, [Fred] himself) is not at home. This prevents the recording of footage of [Fred] moving around the house, allowing the router to only record important footage for security purposes.