Popular A9 mini Wi-Fi camera & the HA challenge

exetico · May 11, 2024, 9:17am

Maybe you could share that part, so other people are able to follow the same standard. I mean, blocking the internet access. Are those devices on a separated VLAN, on a wifi SSID you created for those devices, or?

Tamadite · May 11, 2024, 7:44pm

It is important to recall that, for the most part, it is not enough to isolate the camera from the Internet just like that because it features a heartbeat function (some models?) towards a service in the Internet. See this post: Popular A9 mini Wi-Fi camera & the HA challenge - #13 by Tamadite

RiaanAspeling · May 12, 2024, 12:49pm

I have almost exactly this camera, but just with a later version of the board. My board is version J9_001_V1.2_20221222. I’ve managed to dump some startup info when connected with a USB to UART. It askes for a password if you try and send any text to it. Here’s the dump:

[bl ERR] main():629, build:20:38:52
[FD I]: mode: 0x4, freq: 48000000Hz, drv: 0

Password:PMA: mode select:e

wlan information ===================================================
firmware:
    version : R-XR_C10.08.52.64_01.80 Jul  6 2019 20:05:10-P01.46-R
    buffer  : 12
driver:
    version : XR_V02.05
====================================================================

PMA: wlan mode:a

platform information ===============================================
XRADIO Skylark SDK 1.2.0 Apr  7 2023 20:11:14

sram heap space [0x21dc18, 0x25fc00), total size 270312 Bytes
cpu  clock 240000000 Hz
HF   clock  40000000 Hz

sdk option:
    XIP           : enable
    INT LF OSC    : enable

mac address:
    efuse         : a8:f1:b2:8e:88:60
    in use        : 70:33:f6:4b:f3:05
====================================================================

bCheckEncrypt:1
StartupState:0
gpio_grp=0,gpio_bit=21
led drv init
check vol
[mthread]Create task:vbat(stack:2048),prio:3,ret:0 
XXXX task:vbat
[WRN] switch to high speed error, use DS: 25 MHz
[FS INF] mmc init
[FS INF] mount success
SD File System initialized! freespace:155MB
[mthread]Create task:sdcardth(stack:2048),prio:3,ret:0 
XXXX task:sdcardth
err cmd:use_fw_rate_policy
vif=0, rts_threshold = 3000
ssid is NULL. AP 
<wifi>lpdtim:10, lplis:10
[mthread]Create task:wifitask(stack:4096),prio:3,ret:0 
XXXX task:wifitask
[XRADIO_INTERNAL_CODEC] AMIC set volume Level-[7]
[XRADIO_INTERNAL_CODEC] AMIC set volume Gain-[39]
wifi task run
en1: CTRL-EVENT-TERMINATING 
WAR join_status:0

wlan information ===================================================
firmware:
    version : R-XR_C10.08.52.64_01.80 Jul  6 2019 20:05:10-P01.46-R
    buffer  : 12
driver:
    version : XR_V02.05
====================================================================

interface name: en1
Using interface en1 with hwaddr 70:33:f6:4b:f3:05 and ssid "AP-XRADIO"
[XRADIO_INTERNAL_CODEC] AMIC set volume Gain-[39]
[XRADIO_INTERNAL_CODEC] LINEIN set volume Level-[1]
[XRADIO_INTERNAL_CODEC] AUDIO_IN_DEV_ALL set volume Gain-[0]
[XRADIO_INTERNAL_CODEC] Route(cap): amic Enable
en1: interface state UNINITIALIZED->ENABLED
en1: AP-ENABLED 
en1: AP-DISABLED 
[net INF] msg <wlan connected>
[net INF] netif is link up
[net INF] bring up netif
[net INF] netif (IPv4) is up
[net INF] address: 192.168.238.1
[net INF] gateway: 192.168.238.1
[net INF] netmask: 255.255.255.0
WLAN CONNECTED
err cmd:use_fw_rate_policy
vif=0, rts_threshold = 3000
vif0, AP/GO mode THROTTLE=38
[net INF] msg <network up>
NETWORK UP
<L>Cmutex:0
<L>Cmutex:0x229008
<L>lwip_socket(PF_INET, UDP, 17) = SKT_0
en1: interface state ENABLED->DISABLED
[net INF] msg <wlan disconnected>
[net INF] netif is link down
WLAN DISCONNECTED
<L>Cmutex:0
<L>Cmutex:0x224f20
<L>lwip_socket(PF_INET, UDP, 17) = SKT_1
Using interface en1 with hwaddr 70:33:f6:4b:f3:05 and ssid "BATA974044VFLDJ"
---->detect gc0329 
[ERR] BUG at pm_unregister_ops:585 dev:0'O[ERR] BUG at pm_unregister_ops:590 dev:i2c0(0x200090)!
[os E] OS_MutexDelete():54, handle 0
[os E] OS_SemaphoreDelete():67, handle 0
GC0329 chip id read success 0xc0
en1: interface state DISABLED->ENABLED
en1: AP-ENABLED 
[net INF] msg <wlan connected>
[UMAC WARN] net80211_linkoutput():202, ifnet 0x214b90 not valid for tx!
[net INF] netif is link up
[net INF] netif is already up
WLAN CONNECTED
err cmd:use_fw_rate_policy
vif=0, rts_threshold = 3000
lednum:0
--drvled_flash :(0,1,5,5,1,5,5)
<RTW>WiFi ap start ok:BATA974044VFLDJ, 0, 11
wifi task exit
[mthread]vvvthread wifitask, tid:2177724 EXIT
vif0, AP/GO mode THROTTLE=38
GC0329 Init Done 
[mthread]Create task:vtask(stack:3072),prio:3,ret:0 
XXXX task:vtask
[mthread]Create task:atask(stack:3072),prio:3,ret:0 
XXXX task:atask
[mthread]Create task:thdImage(stack:2048),prio:3,ret:0 
XXXX task:thdImage
[mthread]Create task:RT_REC(stack:2048),prio:3,ret:0 
XXXX task:RT_REC
[mthread]Create task:MD_TH(stack:2048),prio:3,ret:0 
XXXX task:MD_TH
task_aenc_stream runing
[mthread]vvvthread thdImage, tid:2176020 EXIT
[mthread]Create task:p2plis(stack:10240),prio:3,ret:0 
XXXX task:p2plis
[mthread]Create task:CameraTest(stack:2048),prio:3,ret:0 
XXXX task:CameraTest
set br:-1--1
/camera_test.txt does not exist!
[mthread]vvvthread CameraTest, tid:2176196 EXIT
fileidx:7
record freespace:155MB 
e[0;32;31m ../../../../project/demo/ilnk_demo_et_1mflash/ilnk_ipc/src/record_ilnk.c RT_RECFILE_Open 265e[m
[IpcP2pStart][  82]p2p starte,bP2pStarted=[0]

DataRW_Init bufferSize=32
<L>lwip_close(0)
<L>lwip_close(0)
<L>mutex D:0x229008
<L>lwip_close(SKT_0),tcp=0
Success[0]--IlnkModP2pStart
IpcSysInit:0
[mthread]vvvthread p2plis, tid:2178548 EXIT
[os E] OS_MutexLock():65, handle 0
semaphore not initialized at line 448 in src/api/tcpip.c
<L>Cmutex:0
<L>Cmutex:0x247ac8
netconn state error at line 1132 in src/api/api_msg.c
<L>Cmutex:0
<L>Cmutex:0x247c10
<L>lwip_socket(PF_INET, UDP, 0) = SKT_0
<L>lwip_socket(PF_INET, UDP, 17) = SKT_2
<L>Cmutex:0
<L>Cmutex:0x247d50
<L>lwip_socket(PF_INET, UDP, 0) = SKT_3
network interface: en (Default)
MTU: 1500
MAC: 70 33 f6 4b f3 05 
FLAGS: UP LINK_UP ETHARP IGMP
ip address: 192.168.238.1
gw address: 192.168.238.1
net mask  : 255.255.255.0

network interface: lo
MTU: 0
MAC: 
FLAGS: UP LINK_UP
ip address: 127.0.0.1
gw address: 127.0.0.1
net mask  : 255.0.0.0

It would seem the password is at least 16 characters long.

Anyway, long story short. I would like to know how you dumped the flash as I would like to do the same.

Kio_Rio · May 12, 2024, 3:25pm

I’ll try it if it works and thank you in advance

digows · May 24, 2024, 1:09pm

WOOOOWW!!

After almost a year, this solution works pretty well!
I have a BATA984383XVUQ - I pair and got the video and audio stream via this cam-reverse project in HomeAssistant.

zeux69 · May 29, 2024, 2:50pm

Thanks for your C adaptation. I successfully connected with my A9 (DGOA). But cannot integrate with “motion”. Can you show your motion.conf or cameraX.conf file?

Jymm · June 16, 2024, 5:40am

I had misread this article believing it said the A9 was on the “approved” list:

As I don’t like APP/device dependencies (browser only), and want ZERO internet/cloud usage.

So I placed the order for 5x A9’s at $1.99/ea on 2024-06-14.
https://www.aliexpress.us/item/3256806244753061.html (shows $3.84 even for me).

If anyone cares, they are STILL available at $1.99/ea with free shipping (as of 2024-06-15) when you buy 3 items when you goto AliExpress and click on the annoying popup to shop the $0.99and up items.

So when I discovered my mistake, I came across this forum thread.
I read ever post till I got to 200, then skipped to the very end. So I don’t know where the project/challenge is at the moment.

Hopefully a new china free firmware without “calling home”???

Anyhow, a ways back I bought a “smart video doorbell” for $5
https:/ /www.aliexpress.us/item/3256805773616498.html
----new user allowed one link, remove space between forward slashes----

It used this app:
https:/ /home.naxclow.com/dynamic/dir/347b8f025830d77d7f464bdd8e1ec597/index.html/
----new user allowed one link, remove space between forward slashes----

I tried it for like 5 minutes, didn’t care that it notified you, but didn’t show you the video if you waited more than 60 seconds to respond. Removed the app, factory reset the device, and removed the battery. The little white thing is the indoor “bell” that you plug into a USB charger (no battery in it), that you pair to the camera/doorbell.

I got curious and opened it up. It does indeed have a Beken BK7252UWN48 chip in it.
mic, and IR leds, a coil wire antenna. PCB antenna, and TX and RX solder pads. (uart port?).

—new user only allowed one image - image 1, removed—

—new user only allowed one image - image 3 removed—

No app installed, NOT connected to wifi, I am able to press the doorbell button and it will ring the indoor “bell”. Using a TinySA Ultra spectrum analyzer I was able to see it transmitting at 433MHz. So MAYBE I’ll use it as a wireless doorbell with the camera removed, lol. Other than that, I really don’t care about it.

I probably have a USB2TTL adapter around here somewhere. IF anyone could use information from it, please let me know.

I’d love for someone to be able to turn the A9 into something open source amazing!!!
Copy a bin file to a uSD card, plug it in, reboot and and no more fugliness!
I can dream, can’t I? lol

Thank you all for your work into this challenge!!!