I agree… super handy little “door bell” camera, if we can get it streaming when attached to home wifi.
what do you need wireshark off ? a dump while using the app? while connected to home wifi?
I agree… super handy little “door bell” camera, if we can get it streaming when attached to home wifi.
what do you need wireshark off ? a dump while using the app? while connected to home wifi?
Yes, need to understand what server sends to start a transmission.
To start a transmission, mobile APP do a POST request to the ‘/app/api/ApiServer/watching’ and then server invokes a transmission. To do this it sends some magic to the camera, and would be nice to capture this magic.
Right now, there are three channels from which the camera could be controlled.
Hey guys,
My recently bought camera from cafago ( www .cafago .com/ en/p-d12029.html) - uses the same BK7252 chip. Doing a tcpdump I saw it is going to a specific chinese site to look for updated firmware. The connection to the site is plain HTTP and it seems like that the site appart from the firmware for my camera (it looks in folder HB66) contains firmware for other models mentioned in this thread, including the A9 camera. The firmware url is http://120.77.233.10/BK7252_P2P_IPC_FW/
The firmware files seem to be in the “OTA downloader” format for RT-Thread. more details can be foud here: GitHub - RT-Thread-packages/ota_downloader: The firmware downloader which using on RT-Thread OTA component.
I did not have the time to do a binwalk on these files yet.
Finally, an nmap on my camera reveals port 23 open (but no responses when you telnet to it) and ports 10002 and 10003. But no streams available there.
Hope that info could help somehow.
Cheers,
Elias
classic nbit reply !
classic nbit reply ! PLEASE ANYONE STOP THIS TROLL!
Does anyone have a wiring diagram for STLINK interfaces? i see rx and tx points on the board and USB have only one 3 points soldered!
You joined here just to post abuse? Good one. And oh so wounding!
my board looks different than this. and I’m not sure its STlink used for Beken chips ?
i have an STLink but I’m not sure what you are trying to do? do you have alternative firmware`?
I’m wondering if the camera can be reprogrammed with the reference design.
eliminate the china firmware completely
my hardware has TMS,TDI,TDO,TCK under the camera
rt thread keeps showing on my home network. i use Wyze and blurams cams, but none of these small A9’s. I suspect someone has planted cams in my home and I want to find the cams & introduce them to the heel of my boot. I am not a programmer, I found this site by researching on line. If anybody would help me with tips on how to find the illegally placed cams in my home, and /or who placed them, i will be grateful and gladly reward anyone if i am successful in making that ‘introduction’ thanks,
J
It would be awesome just to flash spy-china-free firmware in to these and just use them with HA and other systems…
right??
as with a lot of these devices. i think they are made quite similar to the reference designs
DE-CHINA these cameras would be awesome
that is what I tried with the “reference” code I posted above. It can be flashed but the code needs some tweaking.
Great work! I have it running in my lab now.
I’ll try to setup a TCP-proxy in my workstation and to a man-in-the-middle to understand which comms are happening between the camera and the server.
I’ve dumped some info using the app and getting the stream, maybe we could work from that to get the streaming working locally using the fake_server.
Nice! Thanks a lot, will continue
guys is there a way to ssh into it using a USB cable, instead of wires with pins?
Good news, everyone, ‘Fake server’ v0 is released.
Github repo still the same: GitHub - intx82/a9-v720: A9 V720 (naxclow) camera tool
To use it, run:
python3 src/a9_naxclow.py -s
To properly work ‘fake server’, user must make DNS redirect on own (home) router domains ‘v720,naxclow,com’ and ‘p2p,v720.naxclow,com’ to own server IP
Also, on the server must be installed any MQTT broker or ‘p2p[v720.naxclow]com’ should be redirected to any public MQTT broker
After this part, fake server up the http web server and listening for camera incoming messages. The list of available cameras will be available at http://[FAKE_SRV_IP]/dev/list
(now as JSON array)
After connection camera, MJPEG video stream could be found at http://[FAKE_SRV_IP]/dev/[CAM_ID]/live
, snapshot - http://[FAKE_SRV_IP]/dev/[CAM_ID]/snapshot
I realize that adding replies to ‘waste your time blah blah’ may be a true waste of time, but express my agreement on @mb_EQNvD3CjP’s personal drive. @HeyImAlex is suggesting we substitute a $5 cam by a $40 one. He/she/it missed the point of low cost, and also confuses price with quality.
18 months ago I worked with my A9, but didn’t have enough time to use a direct connection to the AP generated by the CAM. That was the way I was trying.