Jump to content

Change of the password of telnet and RTSP IP camera

max1910

By max1910,
in Security

 Share Followers 1

Recommended Posts

max1910

max1910

Posted
Posted

Hello,
I have  bought the camera:
https://www.aliexpress.com/item/4000595164959.html?spm=a2g0s.9042311.0.0.1b474c4dWZd2Gi IP Shenzhen Trolink Technology CO, LTD and after scanning the ports it has open port 23 (telnet), 80 (http) and 554 (RTSP). I have already found the login details for telnet. When I am trying to log in after the camera's IP address, it displays a page error.
I have some questions:
1. How can I change the telnet password? Is there any command to do it?
2. How to set the password for RTSP protocol (554), because now without the authentication it can be intercepted.
3. Is it possible to change the password of RTSP IP camera via telenet?

Link to post
Share on other sites
  • 2 weeks later...
flipchart

flipchart

Posted
Posted

most of these cheap chinese cameras have limited functionality and are very bad in terms of security... (not saying the more expensive ones are better 🙂 )

What you can do is dumping the memory, usually the firmware is on a SOP8 Chip which you can dump via a BIOS ROM reader (https://s.click.aliexpress.com/e/_dYbO35F ). Then unpack it with binwalk and edit the password which is hardcoded in the firmware. Then simply pack it and write it back to the chip... Boot the camera and there you go!

there are many cool things you can do by editing the firmware this way. Like import additional features or remove the cloud feature of the vendor...

Just always keep a copy of the original firmware, in case things go south 🙂 

Link to post
Share on other sites
  • 6 months later...
hhammidd

hhammidd

Posted
Posted
On 5/6/2020 at 1:25 PM, flipchart said:

most of these cheap chinese cameras have limited functionality and are very bad in terms of security... (not saying the more expensive ones are better 🙂 )

What you can do is dumping the memory, usually the firmware is on a SOP8 Chip which you can dump via a BIOS ROM reader (https://s.click.aliexpress.com/e/_dYbO35F ). Then unpack it with binwalk and edit the password which is hardcoded in the firmware. Then simply pack it and write it back to the chip... Boot the camera and there you go!

there are many cool things you can do by editing the firmware this way. Like import additional features or remove the cloud feature of the vendor...

Just always keep a copy of the original firmware, in case things go south 🙂 

Hi 

Is there any general method to get such a kind of informations from the firmware of cctv cameras?

using binwalk or any others?

thanks

Link to post
Share on other sites
  • 2 months later...
  • 1 month later...
flipchart

flipchart

Posted
Posted
On 11/11/2020 at 7:41 PM, hhammidd said:

Hi 

Is there any general method to get such a kind of informations from the firmware of cctv cameras?

using binwalk or any others?

thanks

binwalk -e helps a lot, often you can simply edit the binary file, as the config is part of the last few bytes and ascii 😉

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 1
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...