News:

I have another forum dedicate to arcade board and handheld reverse engineering over at http://forum.retrosticks.com

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - cris.alberti

Pages: [1]
1
Hacking & Modding / hacking ELP 720p cam
« on: April 07, 2017, 09:23:23 am »
Hi all!

I'd like to share with you my doubts and info about my basic approaches to ELP 720p, another cheap IP cam. Here is the link: (https://www.amazon.it/ELP-Macchina-Fotografica-Videocamere-Sorveglianza/dp/B016Q94M8O/ref=sr_1_1?ie=UTF8&qid=1491553982&sr=8-1-spons&keywords=720p&psc=1).

My goal would be entering into the shell and taking full control.

Problem is that apparently there's not any telnet or SSH service (according to nmap). And I prefer connecting remotely, without serial connection.
I've the last fw inside (firmware_General_HZXM_IPC_HI3518E_50H10L_S38_V4.02.R12.Nat.OnvifS.20160615_ALL), provided from this link (http://www.hkvstar.com/technology-news/china-ip-camera-configuration-firmware.html) and I was able to unpack it. But I think the shell/Busybox doesn't have all the app or the full app (i.e. telnetd, netcap, ...), useful for an injection approach or something like that.

I'm able to connect through the webUI: into the settings menu you can also configure NetServices like emailing, DDNS, FTP, ... The only useful browser to log in into webUI is IE11 without ActiveX control (because off the NPAPI plugin).
According to the info provided from the producer here the protocols: TCP / IP, HTTP, DHCP, DNS, DDNS, PPPoE, SMTP, NTP (HTTPS, RTP / RTSP, SIP, 802.1x, IPv6.

The cam sensor and the SoC: 1/4 "CMOS OV9712 + HI3518C (maybe a Hi3518E)

Connection: only eth (I use a powerline).

I'll show the nmap results in the next reply

Pages: [1]