Good IPCameras that support OpenIPC

[grumpyITGuy]

They have literally nothing in common

The point of commonality I was alluding to that you somewhat correctly guessed is that criminals can use either platform with relative impunity. Though that wasn't meant to be construed as the only motivating factor behind their use.

My primary gripe with crypto is that the money I have to use to purchase it was earned honestly, and I was taxed quite extensively for doing so. In other words, it puts the purchasing power of my earnings at a disadvantage.

For example, the platform has become the defacto communication method for most developers at this point in time.

But why? Are they all that paranoid? Or are they that lazy? What's wrong with old fashioned discussion forums like this one?

Again, my problem with Telegram is that it's intended to be used primarily on a smartphone and the unique identifier used to create the account is said phone #. While I trust the source has been sufficiently audited to ensure it isn't leaking user's information, I detest both of those points sufficiently that I refuse to be a willing participant.

 

[forlotto]

There are a great many reasons you being old enough to know already should have some easy understanding of the success of telegram you just haven't taken the time to observe the why part think average internet user not ITGuy knows enough to be dangerous. It's fairly self-evident.

I'd argue phones have overtaken the use of the way we connect on the internet it was largely a PC thing.
Bandwidth has increased to progress beyond IRC and ICQ for real time chat modalities the introduction of video and voice and sharing of media has become easier but the laws more rigid as to what can or can't be shared so as an app developer there is that side of it copyright infringement NSFW and other illegal content is hard to guard against fully without help from the community. How does one stop someone from coming back to do it again under an a pseudonym when you have access to thousands of IP's VIA A VPN that are always changing it's not as cut and dried as it used to be.

I wouldn't talk on the internet in a tone I wouldn't use outside of the internet Rule1 I choose a path to support efforts of privacy and free speech in the events that what I say now may be contrarian tomorrow not to mention they kind of hold hands as well as security efforts that don't work as nefarious back door data collection as you alluded too. There are a great many problems stemming from I believe the start of it was the M$ antitrust case one of the fastest antitrust cases to make it through the courts.

We tend to forget things that exist or most don't know about them:

Windows 98 NSA Key.
Bios code That can allow things to be executed without your permission consent or knowledge in theory.
CPU Code That can allow things to be executed without your permission consent or knowledge in theory.
Cryptographic MITM
Deep Packet Inspection methods
Network and NICs things like BroadPWN
The GSM flag
Sim Jacking
TPM for your digital id if you've took the time to read the white paper.
Facebook Pixel which is a cross platform thingthat works with all of the big names.
heartbleed was an interesting exploit (How many others are out there like this we don't know of?)
And Many Many more things...

Just upgraded the internet B800 TPLink router was the only affordable option for Multigig over internet I can't wait until open source gets their hands on this device. The firmware is interesting having more security features than most but abhorrent in other ways like them wanting you to tie your damn phone to your router I told them in an email I'm not doing it!!! Your not having my phone my email and a password just so I can use my router. I don't want remote access to my router enabled in any way! It was like talking to the wall the tech guys you talk to don't even know the interface or a lick about network security could be such a great product really but they don't hire the proper minds like you for instance to develop something. I feel kind of naked running this crap at the edge of my network so there will be some growing pains I'll surely need to provision better and acquire more equipment as time and money affords.

Privacy should be fought hard for there are 3 methods that come to mind one simply educating folks that it is being violated ala Snowden and through talks like this, Passing common sense laws to deny domestic spying and implementing it as a law and enforcing it with the proper consequences but enforcing it mostly where their are known ops with intent of data collection and sales or sharing, finally you have the option to build software, firmware, and things that would prevent the backdoors you can't see and open source it so development in the proper direction can ensue. There are some honorable mentions like the EFF being a member, I suppose you could organize and go hold signs somewhere to raise awareness although not my style it does have an effect (just stay out of the road folks)....

I had the implicit privacy mind for quite some time doing IT work kind of taught me there are pro's and con's security depends on knowledge of for LAN/WAN/WAP/PAN there is little one can do VPN's are possible burner phones to sign up for telegram then use the desktop application.

There are a lot of unacknowledged privacy violations that are not so easy to protect against even though I'd like to believe their is privacy if all do this that and the other at the end of the day is there really? If I were to shake the magic 8 ball on that one it would come up with it is not likely. But it doesn't mean we shouldn't follow best practices either following best practices and getting people on board does improve the system.

All part of the reason I like OPENIPC though that is the nature of evolution if you want better security and better privacy it will likely be largely reliant on hackers coordinating efforts to modify things to ensure the possibility of the hidden elements of things largely unknowns to become knowns.

 

[grumpyITGuy]

There are a great many reasons you being old enough to know already should have some easy understanding of the success of telegram you just haven't taken the time to observe the why part think average internet user not ITGuy knows enough to be dangerous. It's fairly self-evident.

There's not a single day where I get out of bed and think: "how could I completely destroy my personal privacy by dipping my toes into some unknown platform". I do get it, back in the early 2000's I started out upon building a complete end-to-end chat platform that one could spin up on any windows machine out of their basement. I wasn't experienced enough at that point and had more (paying) workload to deal with, so it only exists in my memories. But I completely understand the reasons for their existence.

I'd argue phones have overtaken the use of the way we connect on the internet it was largely a PC thing.

Unfortunately. To grossly over-simplify, I've seen the unfortunate effects of this from some dips**t ordering the wrong camshafts for their engine because the mobile version of a vendor website (let's call it cRockAuto to protect the innocent) wasn't smart enough to show his mobile browser that the engine needed two completely different camshafts. Or that StarLink's standard consumer level hardware only allows setup via a mobile device (and that app completely sucks to an IT pro). Stupid comes in many different shapes and forms.

Back in 2012-ish I carried my relatively normal paranoid IT stance into a full-on grumpy guy "Walter". [F that mobile stuff, you whippersnappers]! If I can't use a real computer with a grown-up sized keyboard with mechanical keys to use your offering, I will go back into my cave and worship the withering remains of my Vic20.

Then I started developing my own apps for Android, and realized what information is readily available just to get a "hello world" app to run.

No joke, I will be the "it's only a PC thing or nothing" guy until they sprinkle my ashes on the beach. What you will call a "PC" can be debated, but it won't be something that has a SIM card in it.

Bandwidth has increased to progress beyond

Bandwidth has relatively nothing to do with privacy. Only the speed with which your privacy can evaporate.

So back to the main topic, thanks to a usb microscope I managed to find the uart pins on the Ingenic board that i've been chasing for several days. I've also located some SDK publications on github for the Sony IMX335 sensor that might help get better than junk resolution out of it. I'd like to think I have some intelligence to offer. But I doubt the OpenIPC devs care as much about this branch of the tech as they do the FPV quadcopter branch.

I'll probably burn half the day tomorrow trying different OpenIPC binaries for the T31 SOC in hopes of making this last hold-out be useful enough to buy more of.

 

[josh_mkeen]

If you have an Ingenic SoC based camera, you may want to use the thingino firmware instead. I switched on my Wyze V2 Cam after there were some privacy concerns raised regarding OpenIPC.

 

[forlotto]

Thanks for this I also have been made aware there are privacy concerns with OPENIPC untested or proven someone told me that it reports to certain servers. Talked about openhisilicon github being open sourced. Good to see there are security conscious folks but from what I am told it is harmless.. openhisilicon - Overview they claim the data collection is innocent though IDK... Logged traffic to 'majestic.cam' and to random aws bucket, this is confirmed another user said.
Log show Data exfiltrtated via dns too. Should block this: outgoing dns on camera
And Domains:
camware.s3.eu-north-1.amazonaws.com
majestic.cam
majestic.torturelabs.com
torturelabs.com
This is the reason I wanted OPENIPC cause many of the cheap china cameras do the same thing... "harmless data collection"



The devs had said a few things to this.
IGOR:
You are wrong about the developers. We are from different countries. Also you can suggest any improved place you think. But the font on the website and on the wiki is the same; we don’t have “small font”. There is a disclaimer written on the site, this is a standard solution and approach to information.

IGOR said it's just the streaming program you can choose between both. So it isn't anything but telemetry data for development from what I understand
mikal, [6/15/2024 10:59 AM]
Log show Data exfiltrtated via dns too. Should block this: outgoing dns on camera
And Domains:
camware.s3.eu-north-1.amazonaws.com
majestic.cam
majestic.torturelabs.com
torturelabs.com

Igor, [6/15/2024 11:05 AM]
You have the right to do whatever you want - refuse to use the firmware, refuse to use the Majestic streamer, block any traffic.
Collecting telemetry helps developers understand which devices are popular, how often problems or firmware versions change. Nothing more.
If you turn off this data, it will not be available for monitoring and analysis and, accordingly, no one will be able to help. When collecting telemetry, global problems and crashes are tracked and fixed instantly.

Igor, [6/15/2024 11:14 AM]
Thanks for your messages. I will be grateful to you if you can tell me where and what else should be written so that the paranoid people will be calm. The OpenIPC project and the most developed streamer Majestic have nothing to hide from the public.

You can now compile the firmware yourself or send a PR to generate firmware with a fully open Divinus streamer.
All Ultimate firmwares include both Majestic and Divinus streamers, so the choice is yours.

@grumpyITGuy
I was also made aware of a thingofirmware that was available for that camera possibly....

Hi, saw your post regarding firmware and helping others.

There exists thingino, a firmware which is specifically targeted towards ingenic devices.

checkout GitHub - themactep/thingino-firmware: Open-source firmware for Ingenic SoC IP cameras
Checkout the discord or telegram of thingino on the site. Very helpful community for testing, users, and development.

Fully open source, we are a young project but develop fast.

just FYI. have fun!

 

[forlotto]

IDK it seems like Igor is saying the data is collected to ensure the security of the software if something big happens they can intervene and issue an update to their code if there is some great catastrophe with the software and that it is not nefarious nor personal data collected from the individual per sey it is to spot possible issues with software in either functionality or possibly even security. So this is a pretty common practice these days.

 

[wittaj]

If you have an Ingenic SoC based camera, you may want to use the thingino firmware instead. I switched on my Wyze V2 Cam after there were some privacy concerns raised regarding OpenIPC.

It is why we say regardless of the firmware, don't let the camera have access to the internet...

And why there was a big discussion in this post that people were taking the wrong way that basically boiled down to that many here want cameras that perform (regardless of who makes it or the firmware) and can mitigate/minimize the spying risks of name brands rather than an opensource firmware that cannot perform for our needs.

And now if OpenIPC has privacy concerns, even more reason...

 

[forlotto]

No I talked to Igor fairly candidly he was pretty cut and dried seems to be paranoia nothing nefarious going on.
You can now compile the firmware yourself or send a PR to generate firmware with a fully open Divinus streamer.
All Ultimate firmwares include both Majestic and Divinus streamers, so the choice is yours.

As always anything IOT it is good network practice to implement isolation as best practice for your security as josh_Mkeen says.

But the whole point of OPENIPC is to give you options to potentially provide better security you can build upon this code improve it and use it as you wish.

IGOR also makes a good point he prefers to have their wiki be the one source of information for OPENIPC. Rather than answer endless questions over and over again the same thing have a solid source like wiki that can provide all of the needed info. I understand this totally you can spend much time going over the same questions over and over again. It appears many have asked these questions before and they have been answered on the wiki. And now very well by IGOR on Telegram.

 

[forlotto]

wiki/en/streamer-comparison.md at master · OpenIPC/wiki

The new OpenIPC wiki. Contribute to OpenIPC/wiki development by creating an account on GitHub.

github.com

 

[tweebs]

Stumbled across this thread/forum while googling 'openICP compatible cameras'. I admit I skimmed most of the discussion to get to the juicy/recent bits. I very much realize there are quality high performance IP camera out there but I'm not interested (reasons). I have some cheapo chinesium Amazon specials (Wyze et al) running alternative firmwares for non-critical farm ops, I trust the Chinese to spy on my chickens. However, I'd like to level up to a slightly less crappy solution for addition cams and home assistant integrations.

I looked into openIPC almost 2 years ago but also don't have time to invest in finding the good bang/buck, popular enough, "easily" hackable and available camera. BUT I can certainly contribute my findings, and maybe (cameras to avoid).

FYI, there is a tool for OpenIPC which scans a cameras firmware.bin to try to determine its SoC and sensor are compatible but I haven't investigated.

You'd think with all the cheap IPcams with vulnerable OEM firmware someone would have found method to flash/bootload intercept alternative firmware without needing UART access. Much like Wyze. Not that I mind cracking into a $40 piece of hardware. I'd just like to know if there is any point (if it's supported).

 

[grumpyITGuy]

You can now compile the firmware yourself or send a PR to generate firmware with a fully open Divinus streamer.

But will those fit on 8mb cameras?

IGOR also makes a good point he prefers to have their wiki be the one source of information for OPENIPC. Rather than answer endless questions over and over again

I haven't looked at it in the past several days, but having searched the wiki quite extensively over the past two months I can only describe it as an abhorrent mess. I've spent dozens of hours searching and reading, and this is the first I've heard of that particular alternative streaming server.

Whatever the case, I'm less paranoid about what data Majestic is phoning home with than I am concerned with having a camera with a ssh server, cron, ntp, etc. It's easy to firewall things like this off so they can only do what you expect them to.

I looked into openIPC almost 2 years ago but also don't have time to invest in finding the good bang/buck, popular enough, "easily" hackable and available camera. BUT I can certainly contribute my findings, and maybe (cameras to avoid).

To a certain extent I do have time and enjoy the challenge, but I'm finding there are very limited options for inexpensive boards and even fewer complete cameras that can produce > 4MP using the mipi drivers included with OpenIPC. Sure, it's "open source" and "you're welcome to submit a PR". But I've noticed in looking into the Thingino git that not all the SDK source code appears to be of equal quality / value. I've slept since so I've lost the specifics to entropy, but I found several mipi drivers in the Thingino repository that were capable of full resolution where the OpenIPC respository is crippled. The Sony IMX335 comes to mind. I can only assume this means the Ingenic SDK has better mipi driver examples than the SigmaStar SDK.

FYI, there is a tool for OpenIPC which scans a cameras firmware.bin to try to determine its SoC and sensor are compatible but I haven't investigated.

If you can find, care to share? I've seen nothing like this. Only the ipctool script that requires access to the shell (either running openipc or the vendor's firmware).

You'd think with all the cheap IPcams with vulnerable OEM firmware someone would have found method to flash/bootload intercept alternative firmware without needing UART access.

I've no experience with Wyze cams, but it seems the Anjvision stuff has gotten more and more locked down on flashing firmwares from within the vendor firmware, which is why having access to uboot or desoldering the nor flash is a must.

I've yet to exert much effort upon the Ingenic board. What I gleaned reading the Thingino readme wasn't terribly encouraging but I've also yet to figure out how to get the currently installed OpenIPC image to boot without segfaulting.