Added a Wiki, please help to add pages to the wiki! -

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - admin

Pages: [1] 2 3 ... 26
Hacking & Modding / Re: H3518 / UART TxRx
« on: May 31, 2017, 01:04:49 am »

Look at the data sheet, and see what the RX / TX pins are, then follow those around the board to see if they end up anywhere accessible.

T19 / T18 according to the data sheet

Also look at this -

Help / Re: How to extract a .OV (extention) firmware file?
« on: April 17, 2017, 11:32:08 pm »
First off, you'll need to see what it is internally.

I'd start off with trying to find more info.
Common tools I would use for this are

head  filename.ov | hexdump -C
file filename.ov
strings filename.ov

OSX, Linux have those built in. Windows 10 now has bash/ Ubuntu if you enable it so will have after a bit of work. 
Otherwise a linux live ISO will be fine too.

For dev work, you really want a Mac or Linux box (I'm biased after using Windows for many years and hating it, hehe)

As an example -

Code: [Select]
head | hexdump -C
00000000  50 4b 03 04 0a 00 00 00  00 00 30 0f 91 4a 00 00  |PK........0..J..|
00000010  00 00 00 00 00 00 00 00  00 00 08 00 10 00 63 6f  ||
00000020  6e 66 69 67 73 2f 55 58  0c 00 d6 b0 f3 58 8c b0  |nfigs/UX.....X..|
00000030  f3 58 f5 01 14 00 50 4b  03 04 14 00 08 00 08 00  |.X....PK........|
00000040  56 0f 91 4a 00 00 00 00  00 00 00 00 00 00 00 00  |V..J............|
00000050  11 00 10 00 63 6f 6e 66  69 67 73 2f 2e 44 53 5f  |....configs/.DS_|
00000060  53 74 6f 72 65 55 58 0c  00 d3 b0 f3 58 d3 b0 f3  |StoreUX.....X...|
00000070  58 f5 01 14 00 ed 98 c1  6a c2 40 10 86 ff 89 39  |X.......j.@....9|
00000080  04 0a 65 8f 3d ee 13 48  b5 82 7a 5b 42 7c 82 be  |..e.=..H..z[B|..|
00000090  40 69 3d 0a 1e a4 f7 9c  7c ae 3e 9a 1b e6 b7 0a  |@i=.....|.>.....|
000000a0  31 62 4f 96 f6 ff 60 f8  20 99 99 24 97 dd 9d 00  |1bO...`. ..$....|

You'll see that my file starts with PK, so mine is a zip file (as phil katz invented zip, so zip files use his PK header, more history on that here  -

file will also tell me that though -
Code: [Select]
file Zip archive data, at least v1.0 to extract

For your OV file, you'll need to look at the header, and see if its a standard format, or its a custom format.
Its more likely to be a custom format.  Typically those will have a header with where bits are in the file, and filesize, and maybe crc's.
If you're really unlucky, its also sha1 or similar encryption on the file data.

I've written about decoding custom format files before on here, look through some of my posts on that, or on my under firmware ( )

If you post the output from  head yourovfile.ov | hexdump -C here I can take a cursory look and tell you which its likely to be.

Firmware / Re: Is there such a thing as OpenNVR firmware?
« on: April 17, 2017, 10:06:25 pm »
Not really (opennvr firmware)

What you'll need to do is get hold of the SDK for the chipset, so that you can compile a kernel and app's.
Once you have that, then you can start building firmware and flash.

Issues are that not all hardware is identical, so you will have different NAND types, flash sizes, gpio usage etc.
Not insurmountable, but you'll generally want to pick the same hardware to develop, and port to.

The SDK for the HI3615C is here -

Let me know if you have problems downloading, I can put elsewhere.

Generally speaking, you'll want to open up whatever hardware you have.  Add serial headers, and connect up serial for minimal debugging, and for more serious stuff JTAG.  Boot up the hardware, and see what it tells you.  Hopefully you'll be able to see a boot log and bootloader, and communicate with it.

Developing with just serial is viable though if the hardware isn't too locked.
i.e. hopefully the device will have an accessible bootloader, then you can flash kernels and filesystems without too many headaches.

The flash will generally contain a bootloader (don't overwrite this, otherwise you'll need to use an SPI flasher or similar to rewrite).
The bootloader will load a kernel from the flash into ram, then execute it.
The kernel will then mount a filesystem from flash, and run the OS + programs.

A BSP or SDK allows you to build a kernel and programs (BSP = board support package.  SDK = software development kit).

Thats a brief overview.

Site Announcements / DNS Updates
« on: February 21, 2017, 12:04:01 pm »
The previous DNS servers we use for the site at Peer1 appear to have gone flaky, so we've moved to using digitalocean's nameservers.

Site should be a little more stable.

Firmware / Re: To Find RX TX for Firmware Download
« on: February 10, 2017, 06:14:41 am »
Blurry photos aren't helping  ;D

What you'll need to do is lookup the datasheet for the chipset used (looks like a Hixxx device, so Hisilicon), and see what pins are the rx /tx for the chip, then trace those on the board to see if there are access points.

Looks like the bottom 5 pins are likely ones (from the IMG_1900), but you'll need to buzz out to check.

General Discussion / Re: how to open hexbin convertor hexbin.c
« on: December 01, 2016, 10:59:30 pm »
if its called hexbin.c it should be a c file.
Open with a plain text editor.

If you want to run it, you'll need to compile it first.
something like:

gcc hexbin.c -o hexbin

(on the linux box).

Windows 10 I think has some linux subpinnings now, so gcc or a similar compiler could be used.

Hacking & Modding / Re: Firmware and SSH for F-Series camera
« on: November 11, 2016, 09:08:37 am »
Use nmap to find the ip address of the camera to see what open ports there are.
Unlikely that ssh will be enabled out of the box though, or telnet.

You'll need to find an existing firmware for the box, unpack and look at the filesystem to see what the user accounts are, and see if you can work out any logins.

I've detailed work on that in the past, look through the forum for my old posts on decrypting/unpacking firmware.

You're probably on your own though, unless its a popular camera, and someone else has also done it.

The neknek page references my own blog... hehe.

General Discussion / DVR vulnerabilities
« on: March 24, 2016, 05:48:38 am »
Good writeup on common DVR vulnerability here -

Similar methods can be used on some of the newer Hi Silicon chipset ipcam's.

Site Announcements / Re: Member pruning
« on: January 20, 2016, 03:02:09 pm »
Deleted some of the advertising spam.

Site Announcements / Re: Member pruning
« on: October 31, 2015, 12:57:06 am »
Deleted some spam, as the General forum had a spate of it over the last few days.
If you see some, do tag it for moderator action!

Site Announcements / Re: Member pruning
« on: December 24, 2014, 07:36:12 pm »
Tis the season for spammers I guess.

Deleted a couple more of the buggers.

Happy Xmas everyone!

Site Announcements / Re: Member pruning
« on: June 08, 2014, 03:49:01 pm »
Did some more member pruning, as lots of spammer registrations in there.

If you haven't posted anything, or have never logged on, then your user account has been purged.
Apologies to actual users!


Site Announcements / Forum software updated
« on: March 01, 2014, 09:59:24 pm »
Updated SMF (forum software) to latest version.

Site Announcements / Member pruning
« on: May 30, 2013, 11:19:23 am »
As quite a few of the members in the forum were obvious spammer signups, I've pruned all users that haven't posted anything or haven't visited the forum.

Apologies if I've inadvertently deleted any user accounts, but please do post if you want to avoid that in future.
I wish I didn't have to do this, but you'll have to blame all the spammers  >:(

Pages: [1] 2 3 ... 26