Jump to content
phandel

Is the Digital Watchdog DW VMAX-4 hackable?

Recommended Posts

Just got a Digital Watchdog DW VMAX-4 and it seems to work fairly well, although I'd love to be able to ssh in to the linux side, and noodle around. From the http response, it's running the Boa web server ... has anyone hacked it?

 

I'd love an easy & standard way to access the h.264 video programmatically - for example, if I were to write an iOS app. Is the protocol from port 9010 fairly straightforward? I ran tcpdump during a successful connection with the DW VMAX app, and haven't tried feeding those commands back yet.

 

 

Thanks,

Peter

Share this post


Link to post
Share on other sites

Never tried it - I do have a VMAX-16 sitting on the shelf that I removed from a site... used it long enough to make sure it worked, and that's about it.

Share this post


Link to post
Share on other sites

Nmap only showed ports 80 and 9010 open ... It does have a USB port; maybe I should try USB prober. Or, has anyone tried taking the drive out, mounting it, and installing some sshd like dropbear?

Share this post


Link to post
Share on other sites

Got a bit further with this: I upgraded the firmware to v1.2.0.2.1, and now a telnet port (23) is open!

 

$ telnet 192.168.1.x

Trying 192.168.1.x...

Connected to 192.168.1.x.

Escape character is '^]'.

 

avs.pravis.com login: Admin

Password:

Login incorrect

 

However, no idea what the correct username/password is ... I've been looking through the firmware update files, but haven't found any clues to a login/pass. nmap is 95% certain it's a Linksys running Linux I do see a boa signature on port 80: "Server: Boa/0.94.13".

 

Regarding the actual video:

1) Looks like there are jpeg screen shots of the cameras stored on http://192.168.1.x/mobile/img00.jpg (and img01.jpg, etc.) which are updated every few seconds.

2) But the actual video stream is a bit trickier - I see lots of "PSPROTOCOL" traffic back and forth on the wire

 

My goals are:

a) Simple video stream easily accessible from anywhere ... if #1 were a bit higher quality/faster and/or h.264, that might do it.

b) Compile a smbd, afpd, or nfsd for the device, so any of my computers can mount the internal drive, and easily see the saved video streams.

 

Has anyone else poked around on this device? Is there a better website for this?

Share this post


Link to post
Share on other sites

There seems to be 2 accounts you can telnet in with. Sadly the actual network streaming code seems to be inside a kernel module, so I'm not sure how easy it's going to be to reverse engineer that.

Share this post


Link to post
Share on other sites

Looks like there's a new firmware version available - "VMAX Firmware Original VMAX 4 v2.0.0.9, 03/12/2014" - has anyone tried it? Is telnet (with the same root password) still enabled? What's new?

 

From http://digital-watchdog.com/support-download/ ... the direct link for this firmware is http://publiclibrary.dwcc.tv/DVR/VMAX4/Software/DVR_Firmware/VMAX%204%20Old%20Hardware/Vmax4_v2.0.0.9.bin

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×