Hi,
While I was looking for Dahua and Hikvision alternatives I stumbled upon ILDVR (via some russian review site).
Here are my findings: http://sergei.nz/ildvr-inc-mh40d06/
TL;DR: hardware is fine, firmware is real crap.
I wanted to poke around the actual shell, only problem is that manufacturer is not willing to provide the telnet password (or firmware image). While there is no way to close telnet off.
I decided not to buy more of their cameras until I get access to innards of it (so I can strip out unnecessary bits and close the backdoor that they left open).
Meanwhile I wait for RS232 adaptor (so can dump the firmware and poke around), does anyone recognize the board:
http://sergei.nz/wp-content/uploads/2015/12/INC-MH40D06_SoC.jpg
http://sergei.nz/wp-content/uploads/2015/12/INC-MH40D06_lens.jpg
http://sergei.nz/wp-content/uploads/2015/12/INC-MH40D06_sensor.jpg
And what is the telnet password? (I have tried all combinations of hi35XX, sc35XX, etc).
I have tried to exploit with remote command execution without success...
While I was looking for Dahua and Hikvision alternatives I stumbled upon ILDVR (via some russian review site).
Here are my findings: http://sergei.nz/ildvr-inc-mh40d06/
TL;DR: hardware is fine, firmware is real crap.
I wanted to poke around the actual shell, only problem is that manufacturer is not willing to provide the telnet password (or firmware image). While there is no way to close telnet off.
I decided not to buy more of their cameras until I get access to innards of it (so I can strip out unnecessary bits and close the backdoor that they left open).
Meanwhile I wait for RS232 adaptor (so can dump the firmware and poke around), does anyone recognize the board:
http://sergei.nz/wp-content/uploads/2015/12/INC-MH40D06_SoC.jpg
http://sergei.nz/wp-content/uploads/2015/12/INC-MH40D06_lens.jpg
http://sergei.nz/wp-content/uploads/2015/12/INC-MH40D06_sensor.jpg
And what is the telnet password? (I have tried all combinations of hi35XX, sc35XX, etc).
I have tried to exploit with remote command execution without success...
Last edited by a moderator: