Registered a URL and setup a forum as the IPCam stuff really needed its own site vs my irregular blog posts about IPCam hacking at

Recent Posts

Pages: [1] 2 3 ... 10
Firmware / Re: [REQUEST] Firmware for IPCC-B13L 960P 1.3MP (Hi3518 + AR0130)
« Last post by G33RT on April 26, 2017, 07:17:43 pm »
I'm still busy to get this camera running again.

I found out that the IPS-HA1312L use also the same hardware Hi3518C + AR0130.

A nice guy from another forum was so friendly to provide the firmware.

I still have yet to test as my camera was flashed with a wrong firmware and got bricked.

Now I have to fine a way to flash the flash-chip with an compatible camera flash-dump and re-program my flash chip.

Hacking & Modding / Foscam Firmware ver2.x.1 - Shell access possible?
« Last post by corruption on April 24, 2017, 11:00:18 am »

i have a Foscam with Firmware ver2.x.1.139, I managed to connect a TTL-Serial-Adapter to the camera and it works fine but:

- u-boot requires a password
- no login to the linux system possible

If you need some more informations let me know.

Also i extracted the firmware with the openssl tool (Password was Wxift*v2) But i cant find a possible way to get a shell.

Any way to get shell access to the camera (with serial console connected)?

Most appreciated is one of the passwords ( u-boot or root )

Kind regards,

Firmware / Re: Is there such a thing as OpenNVR firmware?
« Last post by legolad on April 21, 2017, 09:30:28 pm »
Thanks for that. Sadly that's all beyond my skillset, though I do know some EEs who might take it on as a side project.

I was kind of hoping to find that some industrious folks had already started a replacement firmware for one or more of the generic NVRs out there.

Oh well. I guess I need to knuckle down and find an NVR with software that doesn't suck. If you have any recommendations, I'd like to hear them.

Thanks again.
Help / Re: How to extract a .OV (extention) firmware file?
« Last post by admin on April 17, 2017, 11:32:08 pm »
First off, you'll need to see what it is internally.

I'd start off with trying to find more info.
Common tools I would use for this are

head  filename.ov | hexdump -C
file filename.ov
strings filename.ov

OSX, Linux have those built in. Windows 10 now has bash/ Ubuntu if you enable it so will have after a bit of work. 
Otherwise a linux live ISO will be fine too.

For dev work, you really want a Mac or Linux box (I'm biased after using Windows for many years and hating it, hehe)

As an example -

Code: [Select]
head | hexdump -C
00000000  50 4b 03 04 0a 00 00 00  00 00 30 0f 91 4a 00 00  |PK........0..J..|
00000010  00 00 00 00 00 00 00 00  00 00 08 00 10 00 63 6f  ||
00000020  6e 66 69 67 73 2f 55 58  0c 00 d6 b0 f3 58 8c b0  |nfigs/UX.....X..|
00000030  f3 58 f5 01 14 00 50 4b  03 04 14 00 08 00 08 00  |.X....PK........|
00000040  56 0f 91 4a 00 00 00 00  00 00 00 00 00 00 00 00  |V..J............|
00000050  11 00 10 00 63 6f 6e 66  69 67 73 2f 2e 44 53 5f  |....configs/.DS_|
00000060  53 74 6f 72 65 55 58 0c  00 d3 b0 f3 58 d3 b0 f3  |StoreUX.....X...|
00000070  58 f5 01 14 00 ed 98 c1  6a c2 40 10 86 ff 89 39  |X.......j.@....9|
00000080  04 0a 65 8f 3d ee 13 48  b5 82 7a 5b 42 7c 82 be  |..e.=..H..z[B|..|
00000090  40 69 3d 0a 1e a4 f7 9c  7c ae 3e 9a 1b e6 b7 0a  |@i=.....|.>.....|
000000a0  31 62 4f 96 f6 ff 60 f8  20 99 99 24 97 dd 9d 00  |1bO...`. ..$....|

You'll see that my file starts with PK, so mine is a zip file (as phil katz invented zip, so zip files use his PK header, more history on that here  -

file will also tell me that though -
Code: [Select]
file Zip archive data, at least v1.0 to extract

For your OV file, you'll need to look at the header, and see if its a standard format, or its a custom format.
Its more likely to be a custom format.  Typically those will have a header with where bits are in the file, and filesize, and maybe crc's.
If you're really unlucky, its also sha1 or similar encryption on the file data.

I've written about decoding custom format files before on here, look through some of my posts on that, or on my under firmware ( )

If you post the output from  head yourovfile.ov | hexdump -C here I can take a cursory look and tell you which its likely to be.

Firmware / Re: Is there such a thing as OpenNVR firmware?
« Last post by admin on April 17, 2017, 10:06:25 pm »
Not really (opennvr firmware)

What you'll need to do is get hold of the SDK for the chipset, so that you can compile a kernel and app's.
Once you have that, then you can start building firmware and flash.

Issues are that not all hardware is identical, so you will have different NAND types, flash sizes, gpio usage etc.
Not insurmountable, but you'll generally want to pick the same hardware to develop, and port to.

The SDK for the HI3615C is here -

Let me know if you have problems downloading, I can put elsewhere.

Generally speaking, you'll want to open up whatever hardware you have.  Add serial headers, and connect up serial for minimal debugging, and for more serious stuff JTAG.  Boot up the hardware, and see what it tells you.  Hopefully you'll be able to see a boot log and bootloader, and communicate with it.

Developing with just serial is viable though if the hardware isn't too locked.
i.e. hopefully the device will have an accessible bootloader, then you can flash kernels and filesystems without too many headaches.

The flash will generally contain a bootloader (don't overwrite this, otherwise you'll need to use an SPI flasher or similar to rewrite).
The bootloader will load a kernel from the flash into ram, then execute it.
The kernel will then mount a filesystem from flash, and run the OS + programs.

A BSP or SDK allows you to build a kernel and programs (BSP = board support package.  SDK = software development kit).

Thats a brief overview.
Help / How to extract a .OV (extention) firmware file?
« Last post by G33RT on April 17, 2017, 12:24:07 pm »

Does someone knows how to extract a .OV (extention) firmware file?

Any help on this is welcome!
Firmware / [REQUEST] Firmware for IPCC-B13L 960P 1.3MP (Hi3518 + AR0130)
« Last post by G33RT on April 15, 2017, 02:09:15 pm »

I'm looking for the firmware of an IPCC-B13L 960P 1.3MP (Hi3518 + AR0130).
The manufacturer does not have the firmware for this camera at their support page.

The camera has two boards, one with the Hi3518 chip and one with the CCD sensor and schould be an Aptiva AR0130 CCD sensor.

The CCD board have the description: CCD_CAM_8M-142(A)
After searching I can not find anything about CCD CAM 8M-142.

At WebIF I could see Hard Ver: 7100-ar0130_960P
The firmware I had on this was: V2.0.6.1-X20-Build:20130928D

I have bricked the camera due to flashing a wrong firmware :-[

Does anybody knows if the whole firmware is located in the flash chip 25L12835F ?

Any help is welcome!
Firmware / Is there such a thing as OpenNVR firmware?
« Last post by legolad on April 10, 2017, 03:47:22 pm »
Hey folks,

I'm relatively new to this IPCam world and thanks to all of you I've managed to answer most of my questions.

I do still have a couple of questions that I'm hoping you can help with.

Question 1:
I recently picked up a few of the cheap chinese IPCams that are running this firmware:
They have an internal ID of H264 50H20L_S39.

Based on what I've read in these forums and others, I believe this means they are running the HI3516C System on a Chip. Can any of you confirm this?

Question 2:
I see that we have an open source camera firmware available. Is anyone working on an open source NVR firmware?

I'm specifically thinking that it would be great if we had firmware that supported these generic NVR boxes out of China. For example, firmware that supports the HI3535 chip would be pretty good for someone like me who just wants a a few cameras at 1080p.

For me, I'm less concerned about people viewing my cams and more concerned about opening a back door into my home network. Having an open source firmware that is known to be secure and not part of some bot army might alleviate some of the worries many people seem to have regarding the security of these generic NVRs.

And yes, I realize I can double or triple my budget and get a better NVR. I might just do that. But first I wanted to understand what the minimum viable setup looks like.

Hacking & Modding / Re: Hacking the F19821 W V2 to control an Arduino Tank Rover
« Last post by nars on April 08, 2017, 09:09:49 am »
Sorry to bump this old topic, but I'm looking at how to repack firmware as well... after research theoretically I know how to do it but I didn't try it yet... would like to ask if you ever succeed doing it? Also did you update md5 for the jffs2 image on fwupgrade.md5 file? (by looking at the firmwareupdate binary apparently it does an md5sum -c to check integrity...)

Also, if you used mtdram... after mounting the jffs2 image and applying you changes... did you then unmount it and created new image file with the updates (dd back from mtdblock...)?
Pages: [1] 2 3 ... 10