Search results

GOT IT WORKING Here are instructions to get ROOT telnet connection to a Momentum cam (Home - Security Cameras for your Smartphone) 1. Download Hikvision packer/unpacker (to Linux PC): [MCR] Hikvision packer/unpacker for 5.3.x and newer firmware 2. Download original firmware...

I used rampageX/firmware-mod-kit by the way.. and it warned me that checksums would not be good: Remaining free bytes in firmware image: 2451376 Processing 1 header(s) from /root/Desktop/firmware-mod-kit-master/fmk/new-firmware.bin... Processing header at offset 5300376...sorry, this file...

yeah watching serial. I think its just the checksum of app.img. Do you know where to change that?

The problem is the checksum of app.img: Requesting system reboot System startup U-Boot 2010.06-19073 (Jun 15 2017 - 14:11:13) DRAM: 64 MiB Check Flash Memory Controller v100 ... Found SPI Nor(cs 0) ID: 0xc2 0x20 0x18 Block:64KB Chip:16MB Name:"MX25L128XX" SPI Nor total size: 16MB MMC...

This is the command inside of initrun.sh that causes the error: mount -t squashfs /dev/mtdblock5 /dav

the fact that it boots into Linux but isnt able to copy settings out is weird tho, if it was a problem with the .dav file or even app.img then it shouldnt boot at all right?

hey @alastairstevenson so I found 2 ways to upgrade the firmware -- 1. Put "ezviz.dav" on an SD card, it will try to upgrade from this file on reboot 2. Change resolv.conf to point to my DNS server, then I setup a fake webserver and served the firmware to it while pretending to be...

I ran "strings davinci" in Kali Linux on the binary and pulled the strings out of it for fun -- attached

I want to know what commands it takes for example from the "cloud server", however I have not been able to decrypt the traffic because it is all SSL.

For sure I find it very interesting too hey @alastairstevenson do you know much about "davinci"? It seems to be the brain-program of the entire camera. davinci is what is listening on all 3 of the open ports - 80, 8080, and 554 I didnt find much info about it, this might be related: TI's...

yeah I was reading about Ozvision too, its kind of funny: Check this out: - Camera is made by "Momentum" - Momentum has no employees on LinkedIn, and I wasn't able to identify anyone on the internet associated with them - Momentum has a parent company called Apollo Tech USA, also a...

Not sure, Momentum is either its own brand using Hikvision built cameras or its a shell brand for Hikvision I couldnt get it to take the firmware. I setup a DNS server and HTTPS server, then changed /etc/resolv.conf to my DNS server, so when it automatically checked for new firmware it asked my...

Nevermind, sha256sum did the trick

@alastairstevenson do you know how the checksum is calculated? In the firmware download response it includes a checksum that looks like this 6e702d6b27b61d3d1af9f5daf974e7197d88054ceb927a98c033616f7a09a309 when I do an md5sum it looks like this: 02aa9617949ee6d8fc0a00e9a7b941ef So I know...

Ok I think I figured it out Here are all the steps for the next person who might want to modify this Momentum cam firmware 1. Download MCR] Hikvision packer/unpacker for 5.3.x and newer firmware onto your Linux PC 2. Download the current firmware file 3. ./hipack -t r0 -x digicap.dav -o newfw...

I was able to edit the files inside app.img by opening on Linux with unsquashfs, now I am trying to figure out how to squash it again back to an img file and then run the tool to repack it

Interestingly the firmware is off of a "Momentum" cam, this one Axel 720P Dual-Band Wi-Fi Camera It is version 5.1.8, and you can download it here: https://prod-peq-a-firmware-uploads.s3.amazonaws.com/firmware/Hikvision/MOCAM-720-01/V5.1.8 build...

Same issue reported here by 'goprojojo' but no solution there HIKVISION tweaking - CCTV Forum

I want to cusomize the firmware to add '/bin/busybox telnetd' to initrun.sh in order to enable telnet on reboot I followed the instructions here: Hikvision FIRMWARE TOOLS - change language, extract files and create own firmware However, after I do the 'split' command, all I get is a folder...