hardware hacking

For video stuff: https://www.youtube.com/watch?v=FYPhEgbiWrk

command: http://pastebin.com/k4mwgS6T


引用

#http://alexkaskasoli.com/wansview.pdf  <-- notes
#wansview IPCAM telnet firmware 51.3.0.152
#user: root
#password: 123456

#get full version of busybox
#download to desktop mipsel version
wget "http://www.busybox.net/downloads/binaries/latest/busybox-mipsel" -O busybox

#now on the camera itself connect to your desktop and get the file
#note that there is very limited space on this device,
#but you can put the binary of busybox in "/tmp"
#it's running in RAM, so will be lost on reboot of camera
cd /tmp
/system/system/bin/ftp <desktop ip>

#once you download the file, make sure it's executable and then run it
chmod 777 busybox
./busybox

#now you can use DD and NetCat in busybox to image partitions
#mtdblock6 device is the main fs # use mount to figure this out
#on camera
./busybox nc -l -p 60000 < /dev/mtdblock6

#on desktop
nc <camera IP> 60000 > system.img

#note that Netcat does not disconnect when done
#watch file and when it stops growing it's done
#in this case it's 3MB

#this image is a jffs2 file, which I can't seem to mount or extract directly
#but, you can create a partition and mount it from there
sudo modprobe mtdram total_size=32768 erase_size=256
sudo modprobe mtdblock
#modprobe mtdchar
sudo mknod /dev/mtdblock2 b 31 0
sudo dd if=system.img of=/dev/mtdblock2
mkdir mnt
sudo mount -t jffs2 /dev/mtdblock2 mnt/


#ssh server
cd /tmp
/tmp/busybox wget "http://landley.net/aboriginal/downloads/binaries/extras/dropbearmulti-mipsel" -O dropbearmulti
chmod +x dropbearmulti
ln -s dropbearmulti dropbearkey
ln -s dropbearmulti dbclient
ln -s dropbearmulti dropbear
mkdir /etc/dropbear
cd /etc/dropbear
/tmp/dropbearkey -t rsa -f dropbear_rsa_host_key
/tmp/dropbearkey -t dss -f dropbear_dss_host_key
/tmp/dropbear start
#/tmp/dropbear dropbear -i
#have fun

你可能感兴趣的:(hardware hacking)