fugutastic
n3wb
- Joined
- Jul 9, 2016
- Messages
- 2
- Reaction score
- 2
Hi everyone,
Picked up this camera a few days ago and have been playing around with it. Quite nice image quality and even the build quality is rather nice. A quick email to Mustcam support yielded no response as far as the root password was concerned so I did a little digging
The serial TX and RX are shown on the attached board image. Ground can be found all over the board. Once connected over the serial the boot log looks like this:
U-Boot 2010.06 (Jan 31 2015 - 13:46:51)
Check spi flash controller v350... Found
Spi(cs1) ID: 0xC2 0x20 0x18 0xC2 0x20 0x18
Spi(cs1): Block:64KB Chip:16MB Name:"MX25L128XX"
*** Warning - bad CRC, using default environment
In: serial
Out: serial
Err: serial
Hisilicon ETH net controler
hieth_mdiobus_driver_init 0:1
hieth_mdiobus_driver_init 0:2
MAC: 00-00-23-34-45-66
UP_PORT : phy status change : LINK=UP : DUPLEX=FULL : SPEED=100M
Hit any key to stop autoboot: 0
16384 KiB hi_sfc at 0:0 is now current device
## Booting kernel from Legacy Image at 82000000 ...
Image Name: Linux-3.0.8
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 2903188 Bytes = 2.8 MiB
Load Address: 80008000
Entry Point: 80008000
Loading Kernel Image ... OK
OK
Starting kernel ...
Uncompressing Linux... done, booting the kernel.
Linux version 3.0.8 (zg@ESNTD_ZGLUX) (gcc version 4.4.1 (Hisilicon_v100(gcc4.4-290+uclibc_0.9.32.1+eabi+linuxpthread)) ) #153 Wed Apr 8 07:09:23 CST 2015
CPU: ARM926EJ-S [41069265] revision 5 (ARMv5TEJ), cr=00053177
CPU: VIVT data cache, VIVT instruction cache
Machine: hi3518
Memory policy: ECC disabled, Data cache writeback
AXI bus clock 200000000.
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 9652
Kernel command line: mem=38M console=ttyAMA0,115200 root=/dev/mtdblock4 rootfstype=squashfs mtdparts=hi_sfc:256k(boot),128k(env),128k(conf),3584k(os),4096k(rootfs),4608k(userfs),3584k(extfs)
PID hash table entries: 256 (order: -2, 1024 bytes)
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Memory: 38MB = 38MB total
Memory: 33012k/33012k available, 5900k reserved, 0K highmem
Virtual kernel memory layout:
vector : 0xffff0000 - 0xffff1000 ( 4 kB)
fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
DMA : 0xffc00000 - 0xffe00000 ( 2 MB)
vmalloc : 0xc2800000 - 0xfe000000 ( 952 MB)
lowmem : 0xc0000000 - 0xc2600000 ( 38 MB)
modules : 0xbf000000 - 0xc0000000 ( 16 MB)
.init : 0xc0008000 - 0xc0029000 ( 132 kB)
.text : 0xc0029000 - 0xc0515000 (5040 kB)
.data : 0xc0516000 - 0xc053f640 ( 166 kB)
.bss : 0xc053f664 - 0xc055c600 ( 116 kB)
SLUB: Genslabs=13, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
NR_IRQS:32 nr_irqs:32 32
sched_clock: 32 bits at 100MHz, resolution 10ns, wraps every 42949ms
Console: colour dummy device 80x30
Calibrating delay loop... 217.08 BogoMIPS (lpj=108544)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512
CPU: Testing write buffer coherency: ok
NET: Registered protocol family 16
Serial: AMBA PL011 UART driver
uart:0: ttyAMA0 at MMIO 0x20080000 (irq = 5) is a PL011 rev2
console [ttyAMA0] enabled
uart:1: ttyAMA1 at MMIO 0x20090000 (irq = 5) is a PL011 rev2
uart:2: ttyAMA2 at MMIO 0x200a0000 (irq = 25) is a PL011 rev2
bio: create slab <bio-0> at 0
SCSI subsystem initialized
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
cfg80211: Calling CRDA to update world regulatory domain
Switching to clocksource timer1
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 2048 (order: 2, 16384 bytes)
TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 2048 bind 2048)
TCP reno registered
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
RPC: Registered named UNIX socket transport module.
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
NetWinder Floating Point Emulator V0.97 (double precision)
VFS: Disk quotas dquot_6.5.2
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
squashfs: version 4.0 (2009/01/31) Phillip Lougher
JFFS2 version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
fuse init (API version 7.16)
msgmni has been set to 64
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
io scheduler noop registered
io scheduler deadline registered (default)
io scheduler cfq registered
brd: module loaded
loop: module loaded
Spi id table Version 1.22
Spi(cs1) ID: 0xC2 0x20 0x18 0xC2 0x20 0x18
SPI FLASH start_up_mode is 3 Bytes
Spi(cs1):
Block:64KB
Chip:16MB
Name:"MX25L128XX"
spi size: 16MB
chip num: 1
7 cmdlinepart partitions found on MTD device hi_sfc
Creating 7 MTD partitions on "hi_sfc":
0x000000000000-0x000000040000 : "boot"
0x000000040000-0x000000060000 : "env"
0x000000060000-0x000000080000 : "conf"
0x000000080000-0x000000400000 : "os"
0x000000400000-0x000000800000 : "rootfs"
0x000000800000-0x000000c80000 : "userfs"
0x000000c80000-0x000001000000 : "extfs"
Special nand id table Version 1.35
Hisilicon Nand Flash Controller V301 Device Driver, Version 1.10
Nand ID: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
No NAND device found.
ESNTD Kernel NVRAM initialized
ESNDT GPIO HZ[1000] Ver 1.0 ... PTZ Cfg 0 PTZ Startpost 3276850, Speed 0
Init Power Key->>OK
PTZ Cfg Step 1600 - 3950
->>OK
esntd_hiadc_init --> OK
Fixed MDIO Bus: probed
himii: probed
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
hiusb-ehci hiusb-ehci.0: HIUSB EHCI
hiusb-ehci hiusb-ehci.0: new USB bus registered, assigned bus number 1
hiusb-ehci hiusb-ehci.0: irq 15, io mem 0x100b0000
hiusb-ehci hiusb-ehci.0: USB 0.0 started, EHCI 1.00
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
hiusb-ohci hiusb-ohci.0: HIUSB OHCI
hiusb-ohci hiusb-ohci.0: new USB bus registered, assigned bus number 2
hiusb-ohci hiusb-ohci.0: irq 16, io mem 0x100a0000
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 1 port detected
usbcore: registered new interface driver cdc_acm
cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
usbcore: registered new interface driver cdc_wdm
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
usbcore: registered new interface driver ums-alauda
usbcore: registered new interface driver ums-datafab
usbcore: registered new interface driver ums-freecom
usbcore: registered new interface driver ums-isd200
usbcore: registered new interface driver ums-jumpshot
usbcore: registered new interface driver ums-sddr09
usbcore: registered new interface driver ums-sddr55
usbcore: registered new interface driver mdc800
mdc800: v0.7.5 (30/10/2000):USB Driver for Mustek MDC800 Digital Camera
mousedev: PS/2 mouse device common for all mice
usbcore: registered new interface driver usbhid
usbhid: USB HID core driver
TCP cubic registered
Initializing XFRM netlink socket
NET: Registered protocol family 10
NET: Registered protocol family 17
NET: Registered protocol family 15
lib80211: common routines for IEEE802.11 drivers
Registering the dns_resolver key type
registered taskstats version 1
drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
▒VFS: Mounted root (squashfs filesystem) readonly on device 31:4.
Freeing init memory: 132K
usb 1-1: new high speed USB device number 2 using hiusb-ehci
mmc0: new high speed SDHC card at address 0181
mmcblk0: mmc0:0181 SD04G 3.75 GiB
mmcblk0: p1 p2 p3
||||\ ||||| ||| || |||||| ||||||
|\ \|| \||| |\ || || ||
||||\ |||\ \| |\ |\ || || ||
|| \|| \| |||\ || || ||
|| \ || \| \||\ || || ||\
||||| \||||\ || ||\ || |||||\
www.esntd.com
[RCS]: /etc_ro/init.d/S00devs
[RCS]: /etc_ro/init.d/S01udev
udevd (544): /proc/544/oom_adj is deprecated, please use /proc/544/oom_score_adj instead.
[RCS]: /etc_ro/init.d/S80network
ADDRCONF(NETDEV_UP): eth0: link is not ready
Start User Init ...!
Hisilicon Media Memory Zone Manager
PHY: himii:01 - Link is Up - 100/Full
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
hi3518_base: module license 'Proprietary' taints kernel.
Disabling lock debugging due to kernel taint
Hisilicon UMAP device driver interface: v3.00
pa:82600000, va:c2b80000
load sys.ko ...OK!
load viu.ko ...OK!
ISP Mod init!
load vpss.ko ....OK!
insmod: can't insert 'hi3518_vou.ko': No such file or directory
load venc.ko ...OK!
load group.ko ...OK!
load chnl.ko ...OK!
load h264e.ko ...OK!
load jpege.ko ...OK!
load rc.ko ...OK!
load region.ko ....OK!
load vda.ko ....OK!
hi_i2c init is ok!
Kernel: ssp initial ok!
acodec inited!
insert audio
==== Your input Sensor type is ov9712 ====
Sat Jul 9 13:49:41 UTC 2016
Current time value:
year 2016
month 7
date 9
hour 13
minute 49
second 41
weekday 6
Load wifi ...!
rtusb init rtusbSTA --->
=== pAd = c3011000, size = 860520 ===
<-- RTMPAllocTxRxRingMemory, Status=0
<-- RTMPAllocAdapterBlock, Status=0
RTMP_COM_IoctlHandle()Ad->BulkOutEpAddr=0x8
RTMP_COM_IoctlHandle()Ad->BulkOutEpAddr=0x4
RTMP_COM_IoctlHandle()Ad->BulkOutEpAddr=0x5
RTMP_COM_IoctlHandle()Ad->BulkOutEpAddr=0x6
RTMP_COM_IoctlHandle()Ad->BulkOutEpAddr=0x7
RTMP_COM_IoctlHandle()Ad->BulkOutEpAddr=0x9
NVM is EFUSE
Endpoint(8) is for In-band Command
Endpoint(4) is for WMM0 AC0
Endpoint(5) is for WMM0 AC1
Endpoint(6) is for WMM0 AC2
Endpoint(7) is for WMM0 AC3
Endpoint(9) is for WMM1 AC0
Endpoint(84) is for Data-In
Endpoint(85) is for Command Rsp
usbcore: registered new interface driver rtusbSTA
1. LDO_CTR0(6c) = a6478d, PMU_OCLEVEL 6
2. LDO_CTR0(6c) = a6478d, PMU_OCLEVEL 6
RTMP_TimerListAdd: add timer obj c3091ab4!
RTMP_TimerListAdd: add timer obj c3091acc!
RTMP_TimerListAdd: add timer obj c3091ae4!
RTMP_TimerListAdd: add timer obj c3091a9c!
RTMP_TimerListAdd: add timer obj c3091a54!
RTMP_TimerListAdd: add timer obj c3091a6c!
RTMP_TimerListAdd: add timer obj c30268ec!
RTMP_TimerListAdd: add timer obj c30131e0!
RTMP_TimerListAdd: add timer obj c30131fc!
RTMP_TimerListAdd: add timer obj c3026944!
RTMP_TimerListAdd: add timer obj c3015bb4!
RTMP_TimerListAdd: add timer obj c3015264!
RTMP_TimerListAdd: add timer obj c3015b98!
RTMP_TimerListAdd: add timer obj c3015dd8!
RTMP_TimerListAdd: add timer obj c3015bd0!
RTMP_TimerListAdd: add timer obj c3015bec!
RTMP_TimerListAdd: add timer obj c3015c08!
RTMP_TimerListAdd: add timer obj c30268bc!
RTMP_TimerListAdd: add timer obj c302692c!
RTMP_TimerListAdd: add timer obj c3015e08!
RTMP_TimerListAdd: add timer obj c3015e20!
RTMP_TimerListAdd: add timer obj c3015e38!
RTMP_TimerListAdd: add timer obj c3015e50!
cfg_mode=9
wmode_band_equal(): Band Equal!
Key1Str is Invalid key length(0) or Type(0)
Key2Str is Invalid key length(0) or Type(0)
Key3Str is Invalid key length(0) or Type(0)
Key4Str is Invalid key length(0) or Type(0)
1. Phy Mode = 14
2. Phy Mode = 14
NVM is Efuse and its size =1d[1e0-1fc]
3. Phy Mode = 14
AntCfgInit: primary/secondary ant 0/1
---> InitFrequencyCalibration
InitFrequencyCalibrationMode:Unknow mode = 3
InitFrequencyCalibration: frequency offset in the EEPROM = 111(0x6f)
<--- InitFrequencyCalibration
RTMPSetPhyMode: channel is out of range, use first channel=1
MCS Set = ff 00 00 00 01
<==== rt28xx_init, Status=0
0x1300 = 00064300
RTMPDrvOpen(1):Check if PDMA is idle!
RTMPDrvOpen(2):Check if PDMA is idle!
Hisilicon Watchdog Timer: 0.01 initialized. default_margin=60 sec (nowayout= 0, nodeamon= 0)
ESNDO_Startup ...
Auto login as root ...
Password for 'root' changed
Jul 9 13:49:43 login[796]: root login on 'ttyS000'
Welcome to HiLinux.
# killall: goahead: no process killed
Start System Server ...
gpio ioctl : Invalid argument
gpio ioctl : Invalid argument
NetIF : eth0
adding dns 192.168.1.1
adding dns 8.8.8.8
udhcpc (v1.16.1) started
deconfig
Sending discover...
Sending select for 192.168.0.82...
Lease of 192.168.0.82 obtained, lease time 86400
reconfig
deleting routers
route: SIOCDELRT: No such process
default gw
adding dns 192.168.0.1
Use Web Port 80
RT_ESNTD_WIFICFG_SET 1
AGainMin should not be less than 0x400!
AGainMin should not be less than 0x400!
AGainMin should not be less than 0x400!
AGainMin should not be less than 0x400!
AGainMin should not be less than 0x400!
[Func]:HI_MPI_AI_GetVqeAttr [Line]:2048 [Info]:AI chn 0 is not config vqe!
Get ISP Interrupt Failed with ec 0x1!
killall: ntp.sh: no process killed
Sat Jul 9 13:50:11 UTC 2016
Current time value:
year 2016
month 7
date 9
hour 13
minute 50
second 11
weekday 6
Get ISP Interrupt Failed with ec 0x1!
42558 49815.236 159430.0 7.3 1253418.0 0.0 0
Get ISP Interrupt Failed with ec 0x1!
#
Once it has booted you have a full root shell so you can go straight in and change the password and then access the camera via telnet. I ran john on the passwd file and the default root password for this camera (and possibly other Mustcam cameras) is: zg2014
EDIT: I've just noticed the root password is reset to zg2014 every time the camera boots (you can even see it happen in the boot log), so even if you change the root password it will not save. Looking into this..
EDIT 2: Edit the /esntd/teldbg.sh file to set your own password. Using passwd as above will not be saved.
Hopefully this info will help anyone else who gets one of these brand cameras to get stuck into the system and have a tinker. There doesn't seem to be any info around on these and they do seem quite capable. Hope it helps!
Picked up this camera a few days ago and have been playing around with it. Quite nice image quality and even the build quality is rather nice. A quick email to Mustcam support yielded no response as far as the root password was concerned so I did a little digging
The serial TX and RX are shown on the attached board image. Ground can be found all over the board. Once connected over the serial the boot log looks like this:
U-Boot 2010.06 (Jan 31 2015 - 13:46:51)
Check spi flash controller v350... Found
Spi(cs1) ID: 0xC2 0x20 0x18 0xC2 0x20 0x18
Spi(cs1): Block:64KB Chip:16MB Name:"MX25L128XX"
*** Warning - bad CRC, using default environment
In: serial
Out: serial
Err: serial
Hisilicon ETH net controler
hieth_mdiobus_driver_init 0:1
hieth_mdiobus_driver_init 0:2
MAC: 00-00-23-34-45-66
UP_PORT : phy status change : LINK=UP : DUPLEX=FULL : SPEED=100M
Hit any key to stop autoboot: 0
16384 KiB hi_sfc at 0:0 is now current device
## Booting kernel from Legacy Image at 82000000 ...
Image Name: Linux-3.0.8
Image Type: ARM Linux Kernel Image (uncompressed)
Data Size: 2903188 Bytes = 2.8 MiB
Load Address: 80008000
Entry Point: 80008000
Loading Kernel Image ... OK
OK
Starting kernel ...
Uncompressing Linux... done, booting the kernel.
Linux version 3.0.8 (zg@ESNTD_ZGLUX) (gcc version 4.4.1 (Hisilicon_v100(gcc4.4-290+uclibc_0.9.32.1+eabi+linuxpthread)) ) #153 Wed Apr 8 07:09:23 CST 2015
CPU: ARM926EJ-S [41069265] revision 5 (ARMv5TEJ), cr=00053177
CPU: VIVT data cache, VIVT instruction cache
Machine: hi3518
Memory policy: ECC disabled, Data cache writeback
AXI bus clock 200000000.
Built 1 zonelists in Zone order, mobility grouping on. Total pages: 9652
Kernel command line: mem=38M console=ttyAMA0,115200 root=/dev/mtdblock4 rootfstype=squashfs mtdparts=hi_sfc:256k(boot),128k(env),128k(conf),3584k(os),4096k(rootfs),4608k(userfs),3584k(extfs)
PID hash table entries: 256 (order: -2, 1024 bytes)
Dentry cache hash table entries: 8192 (order: 3, 32768 bytes)
Inode-cache hash table entries: 4096 (order: 2, 16384 bytes)
Memory: 38MB = 38MB total
Memory: 33012k/33012k available, 5900k reserved, 0K highmem
Virtual kernel memory layout:
vector : 0xffff0000 - 0xffff1000 ( 4 kB)
fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
DMA : 0xffc00000 - 0xffe00000 ( 2 MB)
vmalloc : 0xc2800000 - 0xfe000000 ( 952 MB)
lowmem : 0xc0000000 - 0xc2600000 ( 38 MB)
modules : 0xbf000000 - 0xc0000000 ( 16 MB)
.init : 0xc0008000 - 0xc0029000 ( 132 kB)
.text : 0xc0029000 - 0xc0515000 (5040 kB)
.data : 0xc0516000 - 0xc053f640 ( 166 kB)
.bss : 0xc053f664 - 0xc055c600 ( 116 kB)
SLUB: Genslabs=13, HWalign=32, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
NR_IRQS:32 nr_irqs:32 32
sched_clock: 32 bits at 100MHz, resolution 10ns, wraps every 42949ms
Console: colour dummy device 80x30
Calibrating delay loop... 217.08 BogoMIPS (lpj=108544)
pid_max: default: 32768 minimum: 301
Mount-cache hash table entries: 512
CPU: Testing write buffer coherency: ok
NET: Registered protocol family 16
Serial: AMBA PL011 UART driver
uart:0: ttyAMA0 at MMIO 0x20080000 (irq = 5) is a PL011 rev2
console [ttyAMA0] enabled
uart:1: ttyAMA1 at MMIO 0x20090000 (irq = 5) is a PL011 rev2
uart:2: ttyAMA2 at MMIO 0x200a0000 (irq = 25) is a PL011 rev2
bio: create slab <bio-0> at 0
SCSI subsystem initialized
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
cfg80211: Calling CRDA to update world regulatory domain
Switching to clocksource timer1
NET: Registered protocol family 2
IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
TCP established hash table entries: 2048 (order: 2, 16384 bytes)
TCP bind hash table entries: 2048 (order: 1, 8192 bytes)
TCP: Hash tables configured (established 2048 bind 2048)
TCP reno registered
UDP hash table entries: 256 (order: 0, 4096 bytes)
UDP-Lite hash table entries: 256 (order: 0, 4096 bytes)
NET: Registered protocol family 1
RPC: Registered named UNIX socket transport module.
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
NetWinder Floating Point Emulator V0.97 (double precision)
VFS: Disk quotas dquot_6.5.2
Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
squashfs: version 4.0 (2009/01/31) Phillip Lougher
JFFS2 version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
fuse init (API version 7.16)
msgmni has been set to 64
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253)
io scheduler noop registered
io scheduler deadline registered (default)
io scheduler cfq registered
brd: module loaded
loop: module loaded
Spi id table Version 1.22
Spi(cs1) ID: 0xC2 0x20 0x18 0xC2 0x20 0x18
SPI FLASH start_up_mode is 3 Bytes
Spi(cs1):
Block:64KB
Chip:16MB
Name:"MX25L128XX"
spi size: 16MB
chip num: 1
7 cmdlinepart partitions found on MTD device hi_sfc
Creating 7 MTD partitions on "hi_sfc":
0x000000000000-0x000000040000 : "boot"
0x000000040000-0x000000060000 : "env"
0x000000060000-0x000000080000 : "conf"
0x000000080000-0x000000400000 : "os"
0x000000400000-0x000000800000 : "rootfs"
0x000000800000-0x000000c80000 : "userfs"
0x000000c80000-0x000001000000 : "extfs"
Special nand id table Version 1.35
Hisilicon Nand Flash Controller V301 Device Driver, Version 1.10
Nand ID: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00
No NAND device found.
ESNTD Kernel NVRAM initialized
ESNDT GPIO HZ[1000] Ver 1.0 ... PTZ Cfg 0 PTZ Startpost 3276850, Speed 0
Init Power Key->>OK
PTZ Cfg Step 1600 - 3950
->>OK
esntd_hiadc_init --> OK
Fixed MDIO Bus: probed
himii: probed
ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
hiusb-ehci hiusb-ehci.0: HIUSB EHCI
hiusb-ehci hiusb-ehci.0: new USB bus registered, assigned bus number 1
hiusb-ehci hiusb-ehci.0: irq 15, io mem 0x100b0000
hiusb-ehci hiusb-ehci.0: USB 0.0 started, EHCI 1.00
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
hiusb-ohci hiusb-ohci.0: HIUSB OHCI
hiusb-ohci hiusb-ohci.0: new USB bus registered, assigned bus number 2
hiusb-ohci hiusb-ohci.0: irq 16, io mem 0x100a0000
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 1 port detected
usbcore: registered new interface driver cdc_acm
cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
usbcore: registered new interface driver cdc_wdm
Initializing USB Mass Storage driver...
usbcore: registered new interface driver usb-storage
USB Mass Storage support registered.
usbcore: registered new interface driver ums-alauda
usbcore: registered new interface driver ums-datafab
usbcore: registered new interface driver ums-freecom
usbcore: registered new interface driver ums-isd200
usbcore: registered new interface driver ums-jumpshot
usbcore: registered new interface driver ums-sddr09
usbcore: registered new interface driver ums-sddr55
usbcore: registered new interface driver mdc800
mdc800: v0.7.5 (30/10/2000):USB Driver for Mustek MDC800 Digital Camera
mousedev: PS/2 mouse device common for all mice
usbcore: registered new interface driver usbhid
usbhid: USB HID core driver
TCP cubic registered
Initializing XFRM netlink socket
NET: Registered protocol family 10
NET: Registered protocol family 17
NET: Registered protocol family 15
lib80211: common routines for IEEE802.11 drivers
Registering the dns_resolver key type
registered taskstats version 1
drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
▒VFS: Mounted root (squashfs filesystem) readonly on device 31:4.
Freeing init memory: 132K
usb 1-1: new high speed USB device number 2 using hiusb-ehci
mmc0: new high speed SDHC card at address 0181
mmcblk0: mmc0:0181 SD04G 3.75 GiB
mmcblk0: p1 p2 p3
||||\ ||||| ||| || |||||| ||||||
|\ \|| \||| |\ || || ||
||||\ |||\ \| |\ |\ || || ||
|| \|| \| |||\ || || ||
|| \ || \| \||\ || || ||\
||||| \||||\ || ||\ || |||||\
www.esntd.com
[RCS]: /etc_ro/init.d/S00devs
[RCS]: /etc_ro/init.d/S01udev
udevd (544): /proc/544/oom_adj is deprecated, please use /proc/544/oom_score_adj instead.
[RCS]: /etc_ro/init.d/S80network
ADDRCONF(NETDEV_UP): eth0: link is not ready
Start User Init ...!
Hisilicon Media Memory Zone Manager
PHY: himii:01 - Link is Up - 100/Full
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
hi3518_base: module license 'Proprietary' taints kernel.
Disabling lock debugging due to kernel taint
Hisilicon UMAP device driver interface: v3.00
pa:82600000, va:c2b80000
load sys.ko ...OK!
load viu.ko ...OK!
ISP Mod init!
load vpss.ko ....OK!
insmod: can't insert 'hi3518_vou.ko': No such file or directory
load venc.ko ...OK!
load group.ko ...OK!
load chnl.ko ...OK!
load h264e.ko ...OK!
load jpege.ko ...OK!
load rc.ko ...OK!
load region.ko ....OK!
load vda.ko ....OK!
hi_i2c init is ok!
Kernel: ssp initial ok!
acodec inited!
insert audio
==== Your input Sensor type is ov9712 ====
Sat Jul 9 13:49:41 UTC 2016
Current time value:
year 2016
month 7
date 9
hour 13
minute 49
second 41
weekday 6
Load wifi ...!
rtusb init rtusbSTA --->
=== pAd = c3011000, size = 860520 ===
<-- RTMPAllocTxRxRingMemory, Status=0
<-- RTMPAllocAdapterBlock, Status=0
RTMP_COM_IoctlHandle()
Ad->BulkOutEpAddr=0x8RTMP_COM_IoctlHandle()
Ad->BulkOutEpAddr=0x4RTMP_COM_IoctlHandle()
Ad->BulkOutEpAddr=0x5RTMP_COM_IoctlHandle()
Ad->BulkOutEpAddr=0x6RTMP_COM_IoctlHandle()
Ad->BulkOutEpAddr=0x7RTMP_COM_IoctlHandle()
Ad->BulkOutEpAddr=0x9NVM is EFUSE
Endpoint(8) is for In-band Command
Endpoint(4) is for WMM0 AC0
Endpoint(5) is for WMM0 AC1
Endpoint(6) is for WMM0 AC2
Endpoint(7) is for WMM0 AC3
Endpoint(9) is for WMM1 AC0
Endpoint(84) is for Data-In
Endpoint(85) is for Command Rsp
usbcore: registered new interface driver rtusbSTA
1. LDO_CTR0(6c) = a6478d, PMU_OCLEVEL 6
2. LDO_CTR0(6c) = a6478d, PMU_OCLEVEL 6
RTMP_TimerListAdd: add timer obj c3091ab4!
RTMP_TimerListAdd: add timer obj c3091acc!
RTMP_TimerListAdd: add timer obj c3091ae4!
RTMP_TimerListAdd: add timer obj c3091a9c!
RTMP_TimerListAdd: add timer obj c3091a54!
RTMP_TimerListAdd: add timer obj c3091a6c!
RTMP_TimerListAdd: add timer obj c30268ec!
RTMP_TimerListAdd: add timer obj c30131e0!
RTMP_TimerListAdd: add timer obj c30131fc!
RTMP_TimerListAdd: add timer obj c3026944!
RTMP_TimerListAdd: add timer obj c3015bb4!
RTMP_TimerListAdd: add timer obj c3015264!
RTMP_TimerListAdd: add timer obj c3015b98!
RTMP_TimerListAdd: add timer obj c3015dd8!
RTMP_TimerListAdd: add timer obj c3015bd0!
RTMP_TimerListAdd: add timer obj c3015bec!
RTMP_TimerListAdd: add timer obj c3015c08!
RTMP_TimerListAdd: add timer obj c30268bc!
RTMP_TimerListAdd: add timer obj c302692c!
RTMP_TimerListAdd: add timer obj c3015e08!
RTMP_TimerListAdd: add timer obj c3015e20!
RTMP_TimerListAdd: add timer obj c3015e38!
RTMP_TimerListAdd: add timer obj c3015e50!
cfg_mode=9
wmode_band_equal(): Band Equal!
Key1Str is Invalid key length(0) or Type(0)
Key2Str is Invalid key length(0) or Type(0)
Key3Str is Invalid key length(0) or Type(0)
Key4Str is Invalid key length(0) or Type(0)
1. Phy Mode = 14
2. Phy Mode = 14
NVM is Efuse and its size =1d[1e0-1fc]
3. Phy Mode = 14
AntCfgInit: primary/secondary ant 0/1
---> InitFrequencyCalibration
InitFrequencyCalibrationMode:Unknow mode = 3
InitFrequencyCalibration: frequency offset in the EEPROM = 111(0x6f)
<--- InitFrequencyCalibration
RTMPSetPhyMode: channel is out of range, use first channel=1
MCS Set = ff 00 00 00 01
<==== rt28xx_init, Status=0
0x1300 = 00064300
RTMPDrvOpen(1):Check if PDMA is idle!
RTMPDrvOpen(2):Check if PDMA is idle!
Hisilicon Watchdog Timer: 0.01 initialized. default_margin=60 sec (nowayout= 0, nodeamon= 0)
ESNDO_Startup ...
Auto login as root ...
Password for 'root' changed
Jul 9 13:49:43 login[796]: root login on 'ttyS000'
Welcome to HiLinux.
# killall: goahead: no process killed
Start System Server ...
gpio ioctl : Invalid argument
gpio ioctl : Invalid argument
NetIF : eth0
adding dns 192.168.1.1
adding dns 8.8.8.8
udhcpc (v1.16.1) started
deconfig
Sending discover...
Sending select for 192.168.0.82...
Lease of 192.168.0.82 obtained, lease time 86400
reconfig
deleting routers
route: SIOCDELRT: No such process
default gw
adding dns 192.168.0.1
Use Web Port 80
RT_ESNTD_WIFICFG_SET 1
AGainMin should not be less than 0x400!
AGainMin should not be less than 0x400!
AGainMin should not be less than 0x400!
AGainMin should not be less than 0x400!
AGainMin should not be less than 0x400!
[Func]:HI_MPI_AI_GetVqeAttr [Line]:2048 [Info]:AI chn 0 is not config vqe!
Get ISP Interrupt Failed with ec 0x1!
killall: ntp.sh: no process killed
Sat Jul 9 13:50:11 UTC 2016
Current time value:
year 2016
month 7
date 9
hour 13
minute 50
second 11
weekday 6
Get ISP Interrupt Failed with ec 0x1!
42558 49815.236 159430.0 7.3 1253418.0 0.0 0
Get ISP Interrupt Failed with ec 0x1!
#
Once it has booted you have a full root shell so you can go straight in and change the password and then access the camera via telnet. I ran john on the passwd file and the default root password for this camera (and possibly other Mustcam cameras) is: zg2014
EDIT: I've just noticed the root password is reset to zg2014 every time the camera boots (you can even see it happen in the boot log), so even if you change the root password it will not save. Looking into this..
EDIT 2: Edit the /esntd/teldbg.sh file to set your own password. Using passwd as above will not be saved.
Hopefully this info will help anyone else who gets one of these brand cameras to get stuck into the system and have a tinker. There doesn't seem to be any info around on these and they do seem quite capable. Hope it helps!
Attachments
Last edited by a moderator:
