WinBook Security IPCam: Difference between revisions
From HacDC Wiki
(temp) |
(OK) |
||
Line 1: | Line 1: | ||
[[Useful Info]] | |||
This page documents teardown and reverse engineering project on A WinBook Security IPCam. Winbook is MicroCenter's store brand of IP Camera. | |||
==Introduction== | |||
We'd love to have some nice open source IP Cameras, who wouldn't? | |||
The Winbook IP Cam in the space uses an [https://wikidevi.com/wiki/Ralink_RT5350|RALINK RA5350] [(datasheet)|https://drive.google.com/file/d/0B8BpyTY91XfmajRYMWtscHRpbEU/edit]. The board we have includes holes for a UART serial pinout. We had success with a TTL USB serial adapter at 57600 baud. Root is available on serial with no password. The stock password is unknown at this time but can be reset to allow more comfortable remote telnet access; however, it resets every time we boot. | |||
==Filesystem== | |||
# ls / | |||
var usr tmp system sys sbin proc param mnt media lib init home etc_ro etc dev bin | |||
# ls system/ | |||
system daemon Wireless init www | |||
# ls param | |||
sysmacreset vstarparam.bin alarmlog.bin alarmlog1.bin systemindex.txt systemlog.txt login.cgi date.bin | |||
# df | |||
Filesystem 1k-blocks Used Available Use% Mounted on | |||
rootfs 3008 3008 0 100% / | |||
/dev/root 3008 3008 0 100% / | |||
/dev/mtdblock6 3072 2608 464 85% /system | |||
/dev/mtdblock7 512 260 252 51% /param | |||
/ is read only, /system and /param appear to be writeable and persist across boots. Files may be downloaded for comfortable reverse engineering via move to webroot. | |||
===Init=== | |||
# ls /system/init/ | |||
ipcam.sh | |||
# cat /system/init/ipcam.sh | |||
export LD_LIBRARY_PATH=/system/system/lib:$LD_LIBRARY_PATH | |||
export PATH=/system/system/bin:$PATH | |||
telnetd | |||
chmod a+x /system/system/bin/daemon.vstar.v13 | |||
chmod a+x /system/system/bin/encoder | |||
/system/system/bin/daemon.vstar.v13 & | |||
/system/system/bin/cmd_thread & | |||
/system/system/bin/gmail_thread & | |||
===System/System=== | |||
# ls /system/system/* | |||
/system/system/lib: | |||
/system/system/drivers: | |||
/system/system/bin: | |||
unzip1 cmd_thread upnpc-static ssmtp jpeg | |||
daemon.vstar.v13 gmail_thread encoder mailx ftp | |||
# | |||
===Webroot=== | |||
/system/www | |||
# ls | |||
===Important Configs=== | |||
/etc/passwd | |||
/etc/passwd- | |||
/etc/login.cgi |
Revision as of 00:32, 19 May 2017
This page documents teardown and reverse engineering project on A WinBook Security IPCam. Winbook is MicroCenter's store brand of IP Camera.
Introduction
We'd love to have some nice open source IP Cameras, who wouldn't?
The Winbook IP Cam in the space uses an RA5350 [(datasheet)|https://drive.google.com/file/d/0B8BpyTY91XfmajRYMWtscHRpbEU/edit]. The board we have includes holes for a UART serial pinout. We had success with a TTL USB serial adapter at 57600 baud. Root is available on serial with no password. The stock password is unknown at this time but can be reset to allow more comfortable remote telnet access; however, it resets every time we boot.
Filesystem
# ls / var usr tmp system sys sbin proc param mnt media lib init home etc_ro etc dev bin # ls system/ system daemon Wireless init www # ls param sysmacreset vstarparam.bin alarmlog.bin alarmlog1.bin systemindex.txt systemlog.txt login.cgi date.bin # df Filesystem 1k-blocks Used Available Use% Mounted on rootfs 3008 3008 0 100% / /dev/root 3008 3008 0 100% / /dev/mtdblock6 3072 2608 464 85% /system /dev/mtdblock7 512 260 252 51% /param
/ is read only, /system and /param appear to be writeable and persist across boots. Files may be downloaded for comfortable reverse engineering via move to webroot.
Init
# ls /system/init/ ipcam.sh # cat /system/init/ipcam.sh export LD_LIBRARY_PATH=/system/system/lib:$LD_LIBRARY_PATH export PATH=/system/system/bin:$PATH telnetd chmod a+x /system/system/bin/daemon.vstar.v13 chmod a+x /system/system/bin/encoder /system/system/bin/daemon.vstar.v13 & /system/system/bin/cmd_thread & /system/system/bin/gmail_thread &
System/System
# ls /system/system/* /system/system/lib: /system/system/drivers: /system/system/bin: unzip1 cmd_thread upnpc-static ssmtp jpeg daemon.vstar.v13 gmail_thread encoder mailx ftp #
Webroot
/system/www # ls
Important Configs
/etc/passwd /etc/passwd- /etc/login.cgi