Re-organized the forum to more cleanly delineate the development section, as the end user support side appears to have taken a life of its own!

Recent Posts

Pages: 1 ... 8 9 [10]
General Discussion / Re: ESCAM QD900 Wifi
« Last post by Dodfr on November 29, 2016, 05:20:24 pm »

I do also have QD900 and started to look inside thru root Telnet access because original firmware is crap and totally secureless including their P2P feature that work thru unecrypted UDP stream that show full login/pass in first stream.

For now I only found direct URL to get MJPEG and JPEG snapshots instead of only RTSP.
General Discussion / ESCAM QD900 Wifi
« Last post by Atilius on November 27, 2016, 03:27:20 pm »
Hello, I have this IP cam and I am really disppointed.

With new firmware it is not allowed to upload via FTP. With odler firmware I have big problem with setting. I mean during the day it seems to me that motion detection is very slow. The car passes the angle in distance 12m with speed 40km/h and snaphost is empty, no car. During the night it makes false detections every time, although I set it to low sensitivity.

Do you have similar experience? Is there any open/free firmaware for this camera? From hw side seems to me OK, but the firmware is terrible.

Thank you,

Help / Etiger ES-CAM3A on another manager system
« Last post by stickske on November 21, 2016, 01:31:44 pm »

I have an Etiger ES-CAM3A outdoor IP camera, which works very well with their own software, but would like to manage it with an open-source camera management system. I found very useful but I'am unable to establish a connection with my IP camera.

The main problem is that the initial setup must be made with an app called iSecurity+ on an IOS or Android device. This device has to connect with a wifi network emitting from the camera in order to connect the camera to my home wifi network. So there is no information at all about an IP adres and admin/password login credentials for the IP camera? And after contacting the manufacturer (see below) it seems they don't want us to know :(

However when I do the setup with the app I can access the camera in my browser with the assigned ip adres from my router but it asks for a user and password. Which are credentials I don't have.

Does someone has any idea how to make this work or if this is even possible to get working?

Tech info:
I recently bought this outdoor ip-Camera ES-CAM3A from Etiger:

As an European citizen I saw this type is not available in the U.S.A. But i guess the problem occurs with
other types as well. Such as the ES-CAM2AU

I contacted Etiger and asked them if it's possible to use other management systems.
The following was their response:

For security purposes, we do not allow third party apps to function with the compatible cameras which use our system. Also, our Developing Engineers do not give access of IP address to the camera directly. The only option available would be to use the iSecurity+ mobile app to set up your camera using your smart phone.

Firmware / Re: looking for .pkg firmware(-update) files
« Last post by mars on November 20, 2016, 09:37:30 pm »
Hi ,I have bought several ipcam from a Chinese supplier and I have 8 original Firmware(.pkg) file.
They can be detected/edited  with the Instart finder utility .(file size 6meg cant upload )
So I would like to help for your Firmware re-packager ,
So please communicate with me at (
Thank s
Hacking & Modding / Re: How to switch IRCUT on hi3516?
« Last post by strasharo on November 20, 2016, 04:48:42 am »
So how to switch the IR then? I have a camera based on hi3518 with the same script bundled in the firmware, however I'm still unable to figure out how to enable the IR leds from the shell.
General Discussion / how to open hexbin convertor hexbin.c
« Last post by erolh on November 15, 2016, 09:23:12 pm »
can please someone help me how to execute the hexbin.c file. I have win and linux.
Do i have to open it in dos ? or linux ?
What is the command to execute the hexbin.c file. Or how do i use the hexbin file.
It's a hexbin convertor from the author:Bindesh Kumar Singh

Hacking & Modding / Re: H.264 Hi3507 Hi3510 Hi3512 IPCAMERA WANSVIEW NCH-536MW
« Last post by mbirth on November 13, 2016, 07:54:09 pm »
Just for future people ending up here from Google (like me):

To dump or flash a new firmware via U-Boot, you need a TFTP server. Connect the camera via Ethernet cable and then, in the U-Boot, set the following parameters (modify to accommodate your network):
Code: [Select]
setenv ipaddr
setenv netmask
setenv serverip
ipaddr = IP address of the camera
serverip = IP address of the host running the TFTP server

The 16M memory is located at 0x34000000 until 0x34ffffff and partitioned like this:
  • 0x34000000 - 0x341fffff = boot area
  • 0x34200000 - 0x34efffff = JFFS2 root filesystem
  • 0x34f00000 - 0x34ffffff = settings
0x34000000 is the U-Boot start area
0x34100000 is the linux kernel

In those pkg files is only the root filesystem. The kernel doesn't get updated, it seems. You can cut the first 144 bytes from the pkg file to get the JFFS2 file. That can be flashed to the camera.

Now, to dump something, use the tftp command. Syntax is:

tftp address filename [length]

Without length specified, it will DOWNLOAD the filename from the TFTP server and flash that to the location. If you specify a length, it will UPLOAD the flash contents from the specified address up until length to the TFTP.

So to make a complete 16M backup, use:

tftp 0x34000000 recovery.bin 0x1000000

This will push it right onto your TFTP server in no time.

And now the important part: Never forget to erase the area before you're flashing new data to it. Reason is that flashing only changes bits to 0. If they are already 0, they're left alone even though the firmware file might have a 1 at that location. I tried to flash a new JFFS2 (tftp 0x34200000 root.jffs2) without erasing the area first (erase 0x34200000 +0xd00000) and got hundreds of error messages about a corrupted JFFS2 file system. After erasing the area and flashing again, everything was fine.
Hacking & Modding / Re: Firmware and SSH for F-Series camera
« Last post by victorfz on November 12, 2016, 02:53:23 pm »

I already know how to install SSH
But before that I need access to the linux console.
It can be accessed by hyperterminal, telnet ... to the linux console?
Hacking & Modding / Re: Firmware and SSH for F-Series camera
« Last post by admin on November 11, 2016, 09:08:37 am »
Use nmap to find the ip address of the camera to see what open ports there are.
Unlikely that ssh will be enabled out of the box though, or telnet.

You'll need to find an existing firmware for the box, unpack and look at the filesystem to see what the user accounts are, and see if you can work out any logins.

I've detailed work on that in the past, look through the forum for my old posts on decrypting/unpacking firmware.

You're probably on your own though, unless its a popular camera, and someone else has also done it.

The neknek page references my own blog... hehe.
Hacking & Modding / Re: Firmware and SSH for F-Series camera
« Last post by victorfz on November 09, 2016, 09:27:06 am »
My model is FS 613A M136
I know how I can restore it here
What I need is to connect via SSH Hyperterminal, Telnet ... Is it possible?
Thank you.
Pages: 1 ... 8 9 [10]