News:

Registered a URL and setup a forum as the IPCam stuff really needed its own site vs my irregular blog posts about IPCam hacking at http://www.computersolutions.cn/blog

Author Topic: Frankenstein or Barberella... What is it? 1080px HD IP Cam from ebay...  (Read 224 times)

  • No avatar
  • *
October 10, 2019, 06:20:16 pm
Hi all!

So... bits of equipment disappearing from my boat so decided to set up a webcam.

Remote location - no phone lines, no elec, poor mobile data (3G available but very slow, poss 4G?).

The item linked below from ebay arrived a couple of days ago.

The software to access it is currently YCC365 Plus running on www.ucloudcam.com

The item pairs fairly painlessly to web based service (basic functions free) and is fun to use.

The current setup works, but requires £5+ monthly for storage of video, and I don't want the ongoing fees (tight wad!). I also have the feeling I could do better than the existing firmware and have just started exploring this.

Have flashed phones and hubs before and run a linux environment at home.

Will I end up dismantling this unit? or can anyone identify the chipset/guts from the ebay listing (linked below) and the following data from ucloud description of this ipcam? What are my chances of making openipcam work on this camera?

Camera Version
(Blank)
Firmware
3.4.2.0422
Embedded Application
3.4.2.0422
Device ID:
AJWL190529101LQKHGSWPALF0N059250

Camera from ebay:
https://web.archive.org/web/20191010213756/https://www.ebay.co.uk/itm/Outdoor-Waterproof-4X-Zoom-PTZ-WiFi-1080P-HD-IP-IR-Camera-Night-Vision-WebCams/173986972384

Current Access Software:
https://play.google.com/store/apps/details?id=com.ycc365plus.aws&hl=en_US
« Last Edit: October 11, 2019, 05:50:21 am by TheDog »

  • No avatar
  • *
October 16, 2019, 11:43:18 pm
Further...

Code: [Select]
# nmap -v -A 192.168.17.146
Starting Nmap 7.60SVN ( https://nmap.org ) at 2019-10-17 04:22 GMT
NSE: Loaded 148 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 04:22
Completed NSE at 04:22, 0.00s elapsed
Initiating NSE at 04:22
Completed NSE at 04:22, 0.00s elapsed
Initiating ARP Ping Scan at 04:22
Scanning 192.168.17.146 [1 port]
Completed ARP Ping Scan at 04:22, 0.22s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 04:22
Completed Parallel DNS resolution of 1 host. at 04:22, 0.00s elapsed
Initiating SYN Stealth Scan at 04:22
Scanning 192.168.17.146 [1000 ports]
Discovered open port 554/tcp on 192.168.17.146
Discovered open port 23/tcp on 192.168.17.146
Discovered open port 80/tcp on 192.168.17.146
Increasing send delay for 192.168.17.146 from 0 to 5 due to 58 out of 192 dropped probes since last increase.
Discovered open port 5050/tcp on 192.168.17.146
Discovered open port 7103/tcp on 192.168.17.146
Increasing send delay for 192.168.17.146 from 5 to 10 due to max_successful_tryno increase to 4
Increasing send delay for 192.168.17.146 from 10 to 20 due to max_successful_tryno increase to 5
Increasing send delay for 192.168.17.146 from 20 to 40 due to 11 out of 26 dropped probes since last increase.
Increasing send delay for 192.168.17.146 from 40 to 80 due to 11 out of 33 dropped probes since last increase.
Discovered open port 843/tcp on 192.168.17.146
Discovered open port 8001/tcp on 192.168.17.146
Completed SYN Stealth Scan at 04:23, 81.38s elapsed (1000 total ports)
Initiating Service scan at 04:23
Scanning 7 services on 192.168.17.146
Completed Service scan at 04:24, 92.91s elapsed (7 services on 1 host)
Initiating OS detection (try #1) against 192.168.17.146
Retrying OS detection (try #2) against 192.168.17.146
adjust_timeouts2: packet supposedly had rtt of -197147 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -197147 microseconds.  Ignoring time.
Retrying OS detection (try #3) against 192.168.17.146
adjust_timeouts2: packet supposedly had rtt of -173003 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -173003 microseconds.  Ignoring time.
Retrying OS detection (try #4) against 192.168.17.146
Retrying OS detection (try #5) against 192.168.17.146
adjust_timeouts2: packet supposedly had rtt of -198284 microseconds.  Ignoring time.
adjust_timeouts2: packet supposedly had rtt of -198284 microseconds.  Ignoring time.
NSE: Script scanning 192.168.17.146.
Initiating NSE at 04:25
Completed NSE at 04:25, 8.28s elapsed
Initiating NSE at 04:25
Completed NSE at 04:25, 0.21s elapsed
Nmap scan report for 192.168.17.146
Host is up (0.0033s latency).
Not shown: 993 closed ports
PORT     STATE SERVICE    VERSION
23/tcp   open  telnet     BusyBox telnetd
80/tcp   open  http       Ginatex-HTTPServer
| fingerprint-strings:
|   FourOhFourRequest:
|     HTTP/1.1 401 Unauthorized
|     Server: Ginatex-HTTPServer
|     Date: Thu Oct 17 04:23:38 2019
|     WWW-Authenticate: Basic realm="Onvif"
|     Pragma: no-cache
|     Cache-Control: no-cache
|     Content-Type: text/html
|     <?xml version="1.0" encoding="UTF-8" ?>
|     <ResponseStatus version="1.0" xmlns="http://www.ginatex.com/ver10/XMLSchema">
|     <requestURL>/nice%20ports%2C/Tri%6Eity.txt%2ebak</requestURL>
|     <statusCode>4</statusCode>
|     <statusString>Invalid Operation - Unauthorized</statusString>
|     </ResponseStatus>
|   GetRequest:
|     HTTP/1.0 302 Redirect
|     Server: Ginatex-HTTPServer
|     Date: Thu Oct 17 04:23:33 2019
|     Pragma: no-cache
|     Cache-Control: no-cache
|     Content-Type: text/html
|     Location: http://IPCamera/index.asp
|     <html><head></head><body>
|     This document has moved to a new <a href="http://IPCamera/index.asp">location</a>.
|     Please update your documents to reflect the new location.
|     </body></html>
|   HTTPOptions, RTSPRequest:
|     HTTP/1.1 400 Page not found
|     Server: Ginatex-HTTPServer
|     Date: Thu Oct 17 04:23:33 2019
|     Pragma: no-cache
|     Cache-Control: no-cache
|     Content-Type: text/html
|     <html><head><title>Document Error: Page not found</title></head>
|     <body><h2>Access Error: Page not found</h2>
|_    <p>Bad request type</p></body></html>
| http-methods:
|_  Supported Methods: GET HEAD
|_http-server-header: Ginatex-HTTPServer
554/tcp  open  rtsp
| fingerprint-strings:
|   FourOhFourRequest:
|     HTTP/1.1 404 Not Found
|     Server: TAS-Tech IPCam
|     Date: Fri, 17 Oct 119 03:23:48 GMT
|     Content-Length: 9
|     Cache-Control: no-cache
|     Found
|   GetRequest:
|     HTTP/1.1 404 Not Found
|     Server: TAS-Tech IPCam
|     Date: Fri, 17 Oct 119 03:23:33 GMT
|     Content-Length: 9
|     Cache-Control: no-cache
|     Found
|   HTTPOptions:
|     HTTP/1.1 405 Method Not Allowed
|     Server: TAS-Tech IPCam
|     Date: Fri, 17 Oct 119 03:23:43 GMT
|     Content-Length: 18
|     Cache-Control: no-cache
|     Method Not Allowed
|   RTSPRequest:
|     RTSP/1.0 200 OK
|     CSeq: 0
|     Server: TAS-Tech Streaming Server V100R001
|_    Public: DESCRIBE, SET_PARAMETER, SETUP, TEARDOWN, PAUSE, PLAY
|_rtsp-methods: DESCRIBE, SET_PARAMETER, SETUP, TEARDOWN, PAUSE, PLAY
843/tcp  open  unknown
| fingerprint-strings:
|   DNSStatusRequestTCP, GenericLines, GetRequest, HTTPOptions, Help, JavaRMI, LANDesk-RC, LDAPBindReq, LPDString, NCP, RTSPRequest, TerminalServer, X11Probe, afp:
|_    <cross-domain-policy> <allow-access-from domain="*" to-ports="*" /> </cross-domain-policy>
5050/tcp open  mmcc?
7103/tcp open  tcpwrapped
8001/tcp open  rtsp
| fingerprint-strings:
|   FourOhFourRequest:
|     HTTP/1.1 404 Not Found
|     Server: TAS-Tech IPCam
|     Date: Fri, 17 Oct 119 03:23:38 GMT
|     Content-Length: 9
|     Cache-Control: no-cache
|     Found
|   GetRequest:
|     HTTP/1.1 404 Not Found
|     Server: TAS-Tech IPCam
|     Date: Fri, 17 Oct 119 03:23:33 GMT
|     Content-Length: 9
|     Cache-Control: no-cache
|     Found
|   HTTPOptions:
|     HTTP/1.1 405 Method Not Allowed
|     Server: TAS-Tech IPCam
|     Date: Fri, 17 Oct 119 03:23:43 GMT
|     Content-Length: 18
|     Cache-Control: no-cache
|     Method Not Allowed
|   RTSPRequest:
|     RTSP/1.0 200 OK
|     CSeq: 0
|     Server: TAS-Tech Streaming Server V100R001
|_    Public: DESCRIBE, SET_PARAMETER, SETUP, TEARDOWN, PAUSE, PLAY
|_rtsp-methods: DESCRIBE, SET_PARAMETER, SETUP, TEARDOWN, PAUSE, PLAY
4 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port80-TCP:V=7.60SVN%I=7%D=10/17%Time=5DA7ECC2%P=x86_64-unknown-linux-g
SF:nu%r(GetRequest,180,"HTTP/1\.0\x20302\x20Redirect\r\nServer:\x20Ginatex
SF:-HTTPServer\r\nDate:\x20Thu\x20Oct\x2017\x2004:23:33\x202019\r\nPragma:
SF:\x20no-cache\r\nCache-Control:\x20no-cache\r\nContent-Type:\x20text/htm
SF:l\r\nLocation:\x20http://IPCamera/index\.asp\r\n\r\n<html><head></head>
SF:<body>\r\n\t\tThis\x20document\x20has\x20moved\x20to\x20a\x20new\x20<a\
SF:x20href=\"http://IPCamera/index\.asp\">location</a>\.\r\n\t\tPlease\x20
SF:update\x20your\x20documents\x20to\x20reflect\x20the\x20new\x20location\
SF:.\r\n\t\t</body></html>\r\n\r\n")%r(HTTPOptions,13B,"HTTP/1\.1\x20400\x
SF:20Page\x20not\x20found\r\nServer:\x20Ginatex-HTTPServer\r\nDate:\x20Thu
SF:\x20Oct\x2017\x2004:23:33\x202019\r\nPragma:\x20no-cache\r\nCache-Contr
SF:ol:\x20no-cache\r\nContent-Type:\x20text/html\r\n\r\n<html><head><title
SF:>Document\x20Error:\x20Page\x20not\x20found</title></head>\r\n\t\t<body
SF:><h2>Access\x20Error:\x20Page\x20not\x20found</h2>\r\n\t\t<p>Bad\x20req
SF:uest\x20type</p></body></html>\r\n\r\n")%r(RTSPRequest,13B,"HTTP/1\.1\x
SF:20400\x20Page\x20not\x20found\r\nServer:\x20Ginatex-HTTPServer\r\nDate:
SF:\x20Thu\x20Oct\x2017\x2004:23:33\x202019\r\nPragma:\x20no-cache\r\nCach
SF:e-Control:\x20no-cache\r\nContent-Type:\x20text/html\r\n\r\n<html><head
SF:><title>Document\x20Error:\x20Page\x20not\x20found</title></head>\r\n\t
SF:\t<body><h2>Access\x20Error:\x20Page\x20not\x20found</h2>\r\n\t\t<p>Bad
SF:\x20request\x20type</p></body></html>\r\n\r\n")%r(FourOhFourRequest,1E5
SF:,"HTTP/1\.1\x20401\x20Unauthorized\r\nServer:\x20Ginatex-HTTPServer\r\n
SF:Date:\x20Thu\x20Oct\x2017\x2004:23:38\x202019\r\nWWW-Authenticate:\x20B
SF:asic\x20realm=\"Onvif\"\r\nPragma:\x20no-cache\r\nCache-Control:\x20no-
SF:cache\r\nContent-Type:\x20text/html\r\n\r\n<\?xml\x20version=\"1\.0\"\x
SF:20encoding=\"UTF-8\"\x20\?>\n<ResponseStatus\x20version=\"1\.0\"\x20xml
SF:ns=\"http://www\.ginatex\.com/ver10/XMLSchema\">\n<requestURL>/nice%20p
SF:orts%2C/Tri%6Eity\.txt%2ebak</requestURL>\n<statusCode>4</statusCode>\n
SF:<statusString>Invalid\x20Operation\x20-\x20Unauthorized</statusString>\
SF:n</ResponseStatus>\n\r\n");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port554-TCP:V=7.60SVN%I=7%D=10/17%Time=5DA7ECC7%P=x86_64-unknown-linux-
SF:gnu%r(GetRequest,8B,"HTTP/1\.1\x20404\x20Not\x20Found\r\nServer:\x20TAS
SF:-Tech\x20IPCam\r\nDate:\x20Fri,\x2017\x20Oct\x20119\x2003:23:33\x20GMT\
SF:r\nContent-Length:\x209\r\nCache-Control:\x20no-cache\r\n\r\nNot\x20Fou
SF:nd")%r(RTSPRequest,87,"RTSP/1\.0\x20200\x20OK\r\nCSeq:\x200\r\nServer:\
SF:x20TAS-Tech\x20Streaming\x20Server\x20V100R001\r\nPublic:\x20DESCRIBE,\
SF:x20SET_PARAMETER,\x20SETUP,\x20TEARDOWN,\x20PAUSE,\x20PLAY\r\n\r\n")%r(
SF:HTTPOptions,9E,"HTTP/1\.1\x20405\x20Method\x20Not\x20Allowed\r\nServer:
SF:\x20TAS-Tech\x20IPCam\r\nDate:\x20Fri,\x2017\x20Oct\x20119\x2003:23:43\
SF:x20GMT\r\nContent-Length:\x2018\r\nCache-Control:\x20no-cache\r\n\r\nMe
SF:thod\x20Not\x20Allowed")%r(FourOhFourRequest,8B,"HTTP/1\.1\x20404\x20No
SF:t\x20Found\r\nServer:\x20TAS-Tech\x20IPCam\r\nDate:\x20Fri,\x2017\x20Oc
SF:t\x20119\x2003:23:48\x20GMT\r\nContent-Length:\x209\r\nCache-Control:\x
SF:20no-cache\r\n\r\nNot\x20Found");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port843-TCP:V=7.60SVN%I=7%D=10/17%Time=5DA7ECC2%P=x86_64-unknown-linux-
SF:gnu%r(GenericLines,5B,"<cross-domain-policy>\x20<allow-access-from\x20d
SF:omain=\"\*\"\x20to-ports=\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(G
SF:etRequest,5B,"<cross-domain-policy>\x20<allow-access-from\x20domain=\"\
SF:*\"\x20to-ports=\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(HTTPOption
SF:s,5B,"<cross-domain-policy>\x20<allow-access-from\x20domain=\"\*\"\x20t
SF:o-ports=\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(RTSPRequest,5B,"<c
SF:ross-domain-policy>\x20<allow-access-from\x20domain=\"\*\"\x20to-ports=
SF:\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(DNSStatusRequestTCP,5B,"<c
SF:ross-domain-policy>\x20<allow-access-from\x20domain=\"\*\"\x20to-ports=
SF:\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(Help,5B,"<cross-domain-pol
SF:icy>\x20<allow-access-from\x20domain=\"\*\"\x20to-ports=\"\*\"\x20/>\x2
SF:0</cross-domain-policy>\0")%r(X11Probe,5B,"<cross-domain-policy>\x20<al
SF:low-access-from\x20domain=\"\*\"\x20to-ports=\"\*\"\x20/>\x20</cross-do
SF:main-policy>\0")%r(LPDString,5B,"<cross-domain-policy>\x20<allow-access
SF:-from\x20domain=\"\*\"\x20to-ports=\"\*\"\x20/>\x20</cross-domain-polic
SF:y>\0")%r(LDAPBindReq,5B,"<cross-domain-policy>\x20<allow-access-from\x2
SF:0domain=\"\*\"\x20to-ports=\"\*\"\x20/>\x20</cross-domain-policy>\0")%r
SF:(LANDesk-RC,5B,"<cross-domain-policy>\x20<allow-access-from\x20domain=\
SF:"\*\"\x20to-ports=\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(Terminal
SF:Server,5B,"<cross-domain-policy>\x20<allow-access-from\x20domain=\"\*\"
SF:\x20to-ports=\"\*\"\x20/>\x20</cross-domain-policy>\0")%r(NCP,5B,"<cros
SF:s-domain-policy>\x20<allow-access-from\x20domain=\"\*\"\x20to-ports=\"\
SF:*\"\x20/>\x20</cross-domain-policy>\0")%r(JavaRMI,5B,"<cross-domain-pol
SF:icy>\x20<allow-access-from\x20domain=\"\*\"\x20to-ports=\"\*\"\x20/>\x2
SF:0</cross-domain-policy>\0")%r(afp,5B,"<cross-domain-policy>\x20<allow-a
SF:ccess-from\x20domain=\"\*\"\x20to-ports=\"\*\"\x20/>\x20</cross-domain-
SF:policy>\0");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8001-TCP:V=7.60SVN%I=7%D=10/17%Time=5DA7ECC7%P=x86_64-unknown-linux
SF:-gnu%r(GetRequest,8B,"HTTP/1\.1\x20404\x20Not\x20Found\r\nServer:\x20TA
SF:S-Tech\x20IPCam\r\nDate:\x20Fri,\x2017\x20Oct\x20119\x2003:23:33\x20GMT
SF:\r\nContent-Length:\x209\r\nCache-Control:\x20no-cache\r\n\r\nNot\x20Fo
SF:und")%r(FourOhFourRequest,8B,"HTTP/1\.1\x20404\x20Not\x20Found\r\nServe
SF:r:\x20TAS-Tech\x20IPCam\r\nDate:\x20Fri,\x2017\x20Oct\x20119\x2003:23:3
SF:8\x20GMT\r\nContent-Length:\x209\r\nCache-Control:\x20no-cache\r\n\r\nN
SF:ot\x20Found")%r(HTTPOptions,9E,"HTTP/1\.1\x20405\x20Method\x20Not\x20Al
SF:lowed\r\nServer:\x20TAS-Tech\x20IPCam\r\nDate:\x20Fri,\x2017\x20Oct\x20
SF:119\x2003:23:43\x20GMT\r\nContent-Length:\x2018\r\nCache-Control:\x20no
SF:-cache\r\n\r\nMethod\x20Not\x20Allowed")%r(RTSPRequest,87,"RTSP/1\.0\x2
SF:0200\x20OK\r\nCSeq:\x200\r\nServer:\x20TAS-Tech\x20Streaming\x20Server\
SF:x20V100R001\r\nPublic:\x20DESCRIBE,\x20SET_PARAMETER,\x20SETUP,\x20TEAR
SF:DOWN,\x20PAUSE,\x20PLAY\r\n\r\n");
MAC Address: 74:EE:2A:E2:B7:42 (Unknown)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.60SVN%E=4%D=10/17%OT=23%CT=1%CU=40681%PV=Y%DS=1%DC=D%G=Y%M=74EE
OS:2A%TM=5DA7ED30%P=x86_64-unknown-linux-gnu)SEQ(SP=106%GCD=1%ISR=10D%TI=Z%
OS:CI=Z%TS=7)SEQ(SP=106%GCD=1%ISR=10D%TI=Z%CI=Z%II=I%TS=7)OPS(O1=M582ST11NW
OS:3%O2=M582ST11NW3%O3=M582NNT11NW3%O4=M582ST11NW3%O5=M582ST11NW3%O6=M582ST
OS:11)WIN(W1=369C%W2=369C%W3=369C%W4=369C%W5=369C%W6=369C)ECN(R=Y%DF=Y%T=40
OS:%W=3714%O=M582NNSNW3%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R
OS:=N)T3(R=N)T4(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W
OS:=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)
OS:T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%U
OS:N=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)

Uptime guess: 0.052 days (since Thu Oct 17 03:10:38 2019)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=262 (Good luck!)
IP ID Sequence Generation: All zeros
Service Info: Host: localhost

TRACEROUTE
HOP RTT     ADDRESS
1   3.32 ms 192.168.17.146

NSE: Script Post-scanning.
Initiating NSE at 04:25
Completed NSE at 04:25, 0.00s elapsed
Initiating NSE at 04:25
Completed NSE at 04:25, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 200.10 seconds
           Raw packets sent: 2437 (116.222KB) | Rcvd: 1533 (69.977KB)
#
#
# telnet 192.168.17.146
Trying 192.168.17.146...
Connected to 192.168.17.146.
Escape character is '^]'.

localhost login: admin
Password: XXXXX
Login incorrect

Connection closed by foreign host.
#