Jump to content

sisyphus99

Members
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral
  1. Hi, This is related to a thread I recently necrobumped, which has gotten kind of long (thanks to me): viewtopic.php?f=56&t=33151&start=15 The question I have now is side discussion that I think deserves its own thread. TL;DR - does anyone know of a cross-compatibility list for these things since they appear to be sharing boards from Raysharp? So it seems clear that an entire class of these consumer grade DVRs are rebranded clones. Support between the respective companies behind them seems to vary, and it seems that Zmodo doesn't actively maintain the firmware for my device (SKU DVR-H9108V). I was able to dig up an image that is slightly newer than the stock, but am having trouble flashing it. I don't think it addresses my concerns anyway (web front end sends all system passwords to the ActiveX client over http when accessing the login screen, simple local packet sniffing easily retrieves them), but my main motivation is admittedly to update the firmware to reset the root password for shell access. I notice that Swann offers a newer firmware (came across it while googling the hardware version shown in system info for my machine DM-70D/79B). The screen shots of the front end shown on Swann's upgrade page are identical to my machine's, so they clearly use the same software at some level. Has anyone had any luck cross-referencing model numbers between these clones to find an alternative firmware image from another manufacturer? I hesitate to install the firmware I've found on Swann's site for DM-7xBD since that doesn't exactly match my hardware number: http://www.swann.com/s/techcenter/firmware-2600 There's also a DM-7x* listed here: http://www.swann.com/s/techcenter/firmware-1200 I suppose all these are being provided by Raysharp given the URL for the 2600 image: http://swann.com/downloads/New_FTP/Name/Public_firmware_updates/Raysharp%20Security%20Update%20Firmware/ This one in particular looks like it would match up with mine: DVR8-2550_Upgrade_Firmware(D9108BUD(dm-79BD)_SWANN_Mlang_V2.6.0.1-20130208_2938.zip The 9108 designation matches the # ZMODO uses, and the 79B part matches up. I think I'm going to just give it a go since my other attempts with the Zmodo firmware don't take (using an unmodified version of the one found here that matches my SKU http://files.zmodo.com/Firmwares/DVRs/9108V/9108V%20Firmware%206-13-11/ results in detection of the file and the sytem restarting after clicking "update", but it doesn't actually flash the thing).
  2. FWIW, that 2nd one from passwd- is "helpme". So you brute forced for a month with no luck? What word lists, etc?
  3. It looks like my zmodo falls into that category. Strangely, I had a script that simplified mounting a jffs image here in my home folder from where I was mounting that other model's image months back, and I thought I arrived at that fs type by using disktype, but it didn't identify this image as such. Anyway, I successfully mounted it and used john to quickly verify that the backup passwd- file uses "helpme" for root on this zmodo. Got john cranking w/ its default word lists for ****s and giggles on the real passwd file, but I don't expect much. I might leave it over night and throw some different word lists at it tomorrow, because I'd really like to crack the stock pw to simplify this for others. I think I'll go ahead and try flashing this sucker w/ the modifed image now. Assuming jffs is supported read/write and there's no risk there. If I brick it, oh well, been sitting here disassembled for months anyway.
  4. So I shelved this project for a while and am just getting back to it. I think I was part way there before as I had retrieved an update file and installed some utilities to extract and mount it (can't recall specifics given it was months back), but I wasn't able to find an update file for my exact model. Maybe one will be present now. There was a pretty nasty exploit that they really should be releasing an update for anyway. If you even, want to call it an exploit, the web front end was sending all the passwords in the system in plain text to that awful activeX plugin you're forced to use with IE 3 or whatever. That'd be great if you still have time, etc. Yeah, I've been interested in playing with some embedded Linux hacking and this would be a great piece of hardware for it. I'd like to take a shot at completely replacing said activeX web UI with something more modern and standard, but that would definitely be a long term project for me, having little experience with video codecs, etc., and being very rusty in C (not to mention being busy w/ the day job). It's be a super fun project to start with a fresh, up-to-date ucLinux install and attempting to piece together my own front end. Short-term, simply getting better access to the files as you mention would be great. I'll check on obtaining a proper firmware upgrade for my machine. I was expecting to have to use a uart to get a root login and use dd to write out the existing image. I did get a serial-to-usb interface for that purpose, but didn't find the pinouts. I'm pretty n00b when it comes to electronics/hardware, though. My background is in software. There are a couple more likely spots I need to probe before calling UART a wash on it. EDIT: Found the firmware image. Searching their knowledge base for my SKU turned up jack. I ended up finding a page describing the firmware update for another model: http://kb.zmodo.com/index.php?action=artikel&cat=2&id=38&artlang=en And was able to find a firmware image update for my machine (9108V) that was recently added at a parent dir I stripped from the other model's firmware URL: http://files.zmodo.com/Firmwares/DVRs/
  5. Well, I got my hands on another zmodo/Raysharp firmware upgrade (they don't seem to publish any for my DVR) and although the image only contained upgrades to their software and lacked the full OS, strings in the app bin showed includes of some uclinux libs so I thought I might stand a chance at retrieving the existing image with UART and start hacking away. If not, at least I can access the file system using telnet. Be much easier to copy videos over to a USB drive that way. Like I mentioned, the GUI makes that process really slow if you have a large set of files to retrieve.
  6. Hey, Ivor. I'm trying to get a login to my Zmodo box and stumbled across this post after hammering away at the telnet login with Hydra for quite a while. I just got through taking the board out to see if I could identify the processor and come across pinouts to trace to the UART leads and can't seem to find any info on it, but it looks like my Zmodo board is very similar to the one you show. Where did you get the TTL-to-USB adapter you're using? I have been following the advice in this guide as I am a software guy and have little experience in embedded systems: http://www.linuxconf.eu/2007/papers/Sirotkin.pdf He mentions this site, but I'm not quite certain what to look for: http://www.compsys1.com/workbench/On_top_of_the_Bench/Max233_Adapter/max233_adapter.html I suppose this will work: http://www.amazon.com/Micro-SATA-Cables-Module-Converter/dp/B006JKNWLE/ref=sr_1_1?ie=UTF8&qid=1357011585&sr=8-1&keywords=ttl+to+usb Thanks for any info. I think this board is a cool little specimen to mess around with embedded linux and maybe I can do something about the crappy web front end that requires ActiveX, but at a minimum, shell access to make backups of video vs. the crappy GUI interface will be great.
×