max1910 Posted April 20, 2020 Share Posted April 20, 2020 Hello, I have bought the camera:https://www.aliexpress.com/item/4000595164959.html?spm=a2g0s.9042311.0.0.1b474c4dWZd2Gi IP Shenzhen Trolink Technology CO, LTD and after scanning the ports it has open port 23 (telnet), 80 (http) and 554 (RTSP). I have already found the login details for telnet. When I am trying to log in after the camera's IP address, it displays a page error. I have some questions: 1. How can I change the telnet password? Is there any command to do it? 2. How to set the password for RTSP protocol (554), because now without the authentication it can be intercepted. 3. Is it possible to change the password of RTSP IP camera via telenet? Quote Link to post Share on other sites
digininja Posted April 20, 2020 Share Posted April 20, 2020 Did it not come with a manual? Quote Link to post Share on other sites
max1910 Posted April 20, 2020 Author Share Posted April 20, 2020 The instructions are just how to connect to the Smart Life app on phone. After scanning ports, I discovered these functions Quote Link to post Share on other sites
digininja Posted April 20, 2020 Share Posted April 20, 2020 What do you get when you telnet in? What type of shell do you get? Quote Link to post Share on other sites
max1910 Posted April 20, 2020 Author Share Posted April 20, 2020 Logs in to root Quote Link to post Share on other sites
digininja Posted April 20, 2020 Share Posted April 20, 2020 What shell? Bash, sh, busy box. Quote Link to post Share on other sites
max1910 Posted April 20, 2020 Author Share Posted April 20, 2020 Linux localhost 3.4.43-gk #45 PREEMPT Mon Jun 17 17:06:05 CST 2019 armv6l GNU/Linux # Quote Link to post Share on other sites
digininja Posted April 20, 2020 Share Posted April 20, 2020 Looks like sh, what does ps Return? Passwords are usually changed with passwd Quote Link to post Share on other sites
max1910 Posted April 20, 2020 Author Share Posted April 20, 2020 ps command displayed processes I tried passwd and I have the message: passwd: / etc / passwd: Read-only file system passwd: can't update password file / etc / passwd Quote Link to post Share on other sites
digininja Posted April 20, 2020 Share Posted April 20, 2020 You might not be able to change things then without being able to mount the filesystem writable which you might not be able to do. Quote Link to post Share on other sites
Boosey Posted April 24, 2020 Share Posted April 24, 2020 telnet root/cxlinux when promted. RTSP (admin with no pass) rtsp://admin:@[your IP ADDRESS]:554/live/ch00_1 Quote Link to post Share on other sites
flipchart Posted May 6, 2020 Share Posted May 6, 2020 most of these cheap chinese cameras have limited functionality and are very bad in terms of security... (not saying the more expensive ones are better 🙂 ) What you can do is dumping the memory, usually the firmware is on a SOP8 Chip which you can dump via a BIOS ROM reader (https://s.click.aliexpress.com/e/_dYbO35F ). Then unpack it with binwalk and edit the password which is hardcoded in the firmware. Then simply pack it and write it back to the chip... Boot the camera and there you go! there are many cool things you can do by editing the firmware this way. Like import additional features or remove the cloud feature of the vendor... Just always keep a copy of the original firmware, in case things go south 🙂 Quote Link to post Share on other sites
hhammidd Posted November 11, 2020 Share Posted November 11, 2020 On 5/6/2020 at 1:25 PM, flipchart said: most of these cheap chinese cameras have limited functionality and are very bad in terms of security... (not saying the more expensive ones are better 🙂 ) What you can do is dumping the memory, usually the firmware is on a SOP8 Chip which you can dump via a BIOS ROM reader (https://s.click.aliexpress.com/e/_dYbO35F ). Then unpack it with binwalk and edit the password which is hardcoded in the firmware. Then simply pack it and write it back to the chip... Boot the camera and there you go! there are many cool things you can do by editing the firmware this way. Like import additional features or remove the cloud feature of the vendor... Just always keep a copy of the original firmware, in case things go south 🙂 Hi Is there any general method to get such a kind of informations from the firmware of cctv cameras? using binwalk or any others? thanks Quote Link to post Share on other sites
Shakel Posted January 13 Share Posted January 13 What was the default user and password for the camera? Quote Link to post Share on other sites
flipchart Posted February 17 Share Posted February 17 On 11/11/2020 at 7:41 PM, hhammidd said: Hi Is there any general method to get such a kind of informations from the firmware of cctv cameras? using binwalk or any others? thanks binwalk -e helps a lot, often you can simply edit the binary file, as the config is part of the last few bytes and ascii 😉 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.